summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-12-01 08:47:13 +0000
committerNick Mathewson <nickm@torproject.org>2007-12-01 08:47:13 +0000
commit4a6d969139df04d2c5ee82c485fff88b9e990967 (patch)
tree90861b9d058f1f9ec18631af2bd537ce5fe006c6 /src
parentd8ad247dfdea0705de2990af68026cdf6da22430 (diff)
downloadtor-4a6d969139df04d2c5ee82c485fff88b9e990967.tar.gz
tor-4a6d969139df04d2c5ee82c485fff88b9e990967.zip
r15094@tombo: nickm | 2007-12-01 03:46:07 -0500
server-side code (for when v2 negotiation occurred) to check for renegotiation and adjust client ID info accordingly. server-side of new TLS code is now implemented, but needs testing and debugging. svn:r12624
Diffstat (limited to 'src')
-rw-r--r--src/or/connection_or.c40
1 files changed, 35 insertions, 5 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 40f18584c5..2f194cd600 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -19,6 +19,9 @@ static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
static int connection_or_send_versions(or_connection_t *conn);
static int connection_init_or_handshake_state(or_connection_t *conn,
int started_here);
+static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
+ int started_here,
+ char *digest_rcvd_out);
/**************************************************************/
@@ -573,6 +576,21 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
return 0;
}
+/*DOCDOC*/
+static void
+connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
+{
+ or_connection_t *conn = _conn;
+ char id_digest[DIGEST_LEN];
+
+ if (connection_or_check_valid_tls_handshake(conn,
+ !tor_tls_is_server(tls),
+ id_digest) < 0)
+ return;
+ connection_or_init_conn_from_address(conn, conn->_base.addr,
+ conn->_base.port, id_digest, 0);
+}
+
/** Move forward with the tls handshake. If it finishes, hand
* <b>conn</b> to connection_tls_finish_handshake().
*
@@ -594,11 +612,18 @@ connection_tls_continue_handshake(or_connection_t *conn)
tor_tls_err_to_string(result));
return -1;
case TOR_TLS_DONE:
- if (!tor_tls_is_server(conn->tls) &&
- !tor_tls_used_v1_handshake(conn->tls) &&
- conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
- conn->_base.state = OR_CONN_STATE_TLS_RENEGOTIATING;
- goto again;
+ if (tor_tls_used_v1_handshake(conn->tls)) {
+ if (!tor_tls_is_server(conn->tls)) {
+ if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
+ conn->_base.state = OR_CONN_STATE_TLS_RENEGOTIATING;
+ goto again;
+ }
+ } else {
+ /* improved handshake, but not a client. */
+ tor_tls_set_renegotiate_callback(conn->tls,
+ connection_or_tls_renegotiated_cb,
+ conn);
+ }
}
return connection_tls_finish_handshake(conn);
case TOR_TLS_WANTWRITE:
@@ -812,6 +837,11 @@ connection_tls_finish_handshake(or_connection_t *conn)
}
return connection_or_set_state_open(conn);
} else {
+ if (started_here) {
+ if (connection_or_check_valid_tls_handshake(conn, started_here,
+ digest_rcvd) < 0)
+ return -1;
+ }
conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
if (connection_init_or_handshake_state(conn, started_here) < 0)
return -1;