From 954570486f6d468e9e88415d728965daae62094b Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 10 Nov 2004 20:14:37 +0000 Subject: Resolve a FIXME: use identity comparison, not nickname comparison, to choose circuit ID types. This is important because our view of "the nickname of the router on the other side of this connection" is skewed, and depends on whether we think the other rotuer is verified--and there's no way to know whether another router thinks you are verified. For backward compatibility, we notice when the other router chooses the same circuit ID type as us (because it's running an old version), and switch our type to be polite. svn:r2797 --- src/or/connection_or.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/or/connection_or.c') diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 98dc8803bc..1b419e5570 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -339,7 +339,7 @@ connection_tls_finish_handshake(connection_t *conn) { conn->state = OR_CONN_STATE_OPEN; connection_watch_events(conn, POLLIN); log_fn(LOG_DEBUG,"tls handshake done. verifying."); - if (! tor_tls_peer_has_cert(conn->tls)) { /* It's an OP. */ + if (! tor_tls_peer_has_cert(conn->tls)) { /* It's an old OP. */ if (server_mode(options)) { /* I'm an OR; good. */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; return 0; @@ -348,7 +348,7 @@ connection_tls_finish_handshake(connection_t *conn) { return -1; } } - /* Okay; the other side is an OR. */ + /* Okay; the other side is an OR or a post-0.0.8 OP (with a cert). */ if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, MAX_NICKNAME_LEN)) { log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.", conn->address, conn->port); @@ -366,6 +366,12 @@ connection_tls_finish_handshake(connection_t *conn) { crypto_pk_get_digest(identity_rcvd, digest_rcvd); crypto_free_pk_env(identity_rcvd); + if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) { + conn->circ_id_type = CIRC_ID_TYPE_LOWER; + } else { + conn->circ_id_type = CIRC_ID_TYPE_HIGHER; + } + router = router_get_by_nickname(nickname); if(router && /* we know this nickname */ router->is_verified && /* make sure it's the right guy */ @@ -394,6 +400,7 @@ connection_tls_finish_handshake(connection_t *conn) { if (!server_mode(options)) { /* If I'm an OP... */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; } + directory_set_dirty(); circuit_n_conn_done(conn, 1); /* send the pending creates, if any. */ /* Note the success */ -- cgit v1.2.3-54-g00ecf