[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r9521: Backport fix for bug 382. (in tor/branches/tor-0_1_1-patches: . src/or)
Author: nickm
Date: 2007-02-08 02:23:50 -0500 (Thu, 08 Feb 2007)
New Revision: 9521
Modified:
tor/branches/tor-0_1_1-patches/
tor/branches/tor-0_1_1-patches/ChangeLog
tor/branches/tor-0_1_1-patches/src/or/connection_or.c
Log:
r11282@catbus: nickm | 2007-01-23 14:55:25 -0500
Backport fix for bug 382.
Property changes on: tor/branches/tor-0_1_1-patches
___________________________________________________________________
svk:merge ticket from /tor/011 [r11282] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/branches/tor-0_1_1-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_1-patches/ChangeLog 2007-02-08 05:38:17 UTC (rev 9520)
+++ tor/branches/tor-0_1_1-patches/ChangeLog 2007-02-08 07:23:50 UTC (rev 9521)
@@ -4,6 +4,8 @@
from enough authorities. This delays the first download slightly under
pathological circumstances, but can prevent us from downloading a bunch
of descriptors we don't need.
+ - Do not log IPs with TLS failures for incoming TLS connections. (Fixes
+ bug 382.)
Changes in version 0.1.1.26 - 2006-12-14
Modified: tor/branches/tor-0_1_1-patches/src/or/connection_or.c
===================================================================
--- tor/branches/tor-0_1_1-patches/src/or/connection_or.c 2007-02-08 05:38:17 UTC (rev 9520)
+++ tor/branches/tor-0_1_1-patches/src/or/connection_or.c 2007-02-08 07:23:50 UTC (rev 9521)
@@ -582,11 +582,13 @@
char nickname[MAX_NICKNAME_LEN+1];
or_options_t *options = get_options();
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
+ const char *safe_address = connection_or_nonopen_was_started_here(conn) ?
+ conn->address : safe_str(conn->address);
check_no_tls_errors();
if (! tor_tls_peer_has_cert(conn->tls)) {
log_info(LD_PROTOCOL,"Peer (%s:%d) didn't send a cert! Closing.",
- conn->address, conn->port);
+ safe_address, conn->port);
return -1;
}
check_no_tls_errors();
@@ -594,17 +596,17 @@
sizeof(nickname))) {
log_fn(severity,LD_PROTOCOL,"Other side (%s:%d) has a cert without a "
"valid nickname. Closing.",
- conn->address, conn->port);
+ safe_address, conn->port);
return -1;
}
check_no_tls_errors();
log_debug(LD_OR, "Other side (%s:%d) claims to be router '%s'",
- conn->address, conn->port, nickname);
+ safe_address, conn->port, nickname);
if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
log_fn(severity,LD_OR,"Other side, which claims to be router '%s' (%s:%d),"
" has a cert but it's invalid. Closing.",
- nickname, conn->address, conn->port);
+ nickname, safe_address, conn->port);
return -1;
}
check_no_tls_errors();
@@ -625,7 +627,7 @@
log_fn(severity, LD_OR,
"Identity key not as expected for router claiming to be "
"'%s' (%s:%d)",
- nickname, conn->address, conn->port);
+ nickname, safe_address, conn->port);
return -1;
}