summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2003-09-11 20:32:15 +0000
committerNick Mathewson <nickm@torproject.org>2003-09-11 20:32:15 +0000
commit36a308643464890ca6cc2e33222bc66b696d8c37 (patch)
tree9da6c8b30ab73f4aa784750e6cc6cad519eb4fc8 /src
parent0761bc7b83e4eeaa02ee45807cc691cb753c43a2 (diff)
downloadtor-36a308643464890ca6cc2e33222bc66b696d8c37.tar.gz
tor-36a308643464890ca6cc2e33222bc66b696d8c37.zip
Add router_get_by_pk function; use in connection_tls_finish_handshake.
svn:r441
Diffstat (limited to 'src')
-rw-r--r--src/or/connection.c9
-rw-r--r--src/or/or.h1
-rw-r--r--src/or/routers.c18
3 files changed, 26 insertions, 2 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index 825409de12..403d261d55 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -315,10 +315,14 @@ static int connection_tls_finish_handshake(connection_t *conn) {
log_fn(LOG_INFO,"Other side has a cert but it's bad. Closing.");
return -1;
}
- router = look up which router I just connected to. /* XXX */
+ router = router_get_by_pk(pk);
+ if (!router) {
+ log_fn(LOG_INFO,"Unrecognized public key from peer. Closing.");
+ crypto_free_pk_env(pk);
+ }
conn->bandwidth = router->bandwidth;
conn->addr = router->addr, conn->port = router->or_port;
- conn->pkey = crypto_pk_dup_key(router->pkey);
+ conn->pkey = pk;
if(conn->address)
free(conn->address);
conn->address = strdup(router->address);
@@ -326,6 +330,7 @@ static int connection_tls_finish_handshake(connection_t *conn) {
conn->bandwidth = DEFAULT_BANDWIDTH_OP;
}
} else { /* I'm a client */
+ /* XXX Clients should also verify certificates. */
conn->bandwidth = DEFAULT_BANDWIDTH_OP;
circuit_n_conn_open(conn); /* send the pending create */
}
diff --git a/src/or/or.h b/src/or/or.h
index 0363cdff71..e9db9e8ad4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -758,6 +758,7 @@ int learn_my_address(struct sockaddr_in *me);
void router_retry_connections(void);
routerinfo_t *router_pick_directory_server(void);
routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port);
+routerinfo_t *router_get_by_pk(crypto_pk_env_t *pk);
void router_get_directory(directory_t **pdirectory);
int router_is_me(uint32_t addr, uint16_t port);
void router_forget_router(uint32_t addr, uint16_t port);
diff --git a/src/or/routers.c b/src/or/routers.c
index 5d6492a51b..a1b8289b67 100644
--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -111,6 +111,24 @@ routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port) {
return NULL;
}
+routerinfo_t *router_get_by_pk(crypto_pk_env_t *pk)
+{
+ int i;
+ routerinfo_t *router;
+
+ assert(directory);
+
+ for(i=0;i<directory->n_routers;i++) {
+ router = directory->routers[i];
+ /* XXX Should this really be a separate link key? */
+ if (0 == crypto_pk_cmp_keys(router->pkey, pk))
+ return router;
+ }
+
+ return NULL;
+}
+
+
void router_get_directory(directory_t **pdirectory) {
*pdirectory = directory;
}