[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13408: Implement a better means for testing for renegotiation. (in tor/trunk: . src/common)
Author: nickm
Date: 2008-02-06 15:00:47 -0500 (Wed, 06 Feb 2008)
New Revision: 13408
Modified:
tor/trunk/
tor/trunk/src/common/tortls.c
Log:
r17953@catbus: nickm | 2008-02-06 15:00:44 -0500
Implement a better means for testing for renegotiation.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r17953] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2008-02-06 19:34:32 UTC (rev 13407)
+++ tor/trunk/src/common/tortls.c 2008-02-06 20:00:47 UTC (rev 13408)
@@ -75,7 +75,6 @@
} state : 3; /**< The current SSL state, depending on which operations have
* completed successfully. */
unsigned int isServer:1; /**< True iff this is a server-side connection */
- unsigned int hadCert:1; /**< Docdoc */
unsigned int wasV2Handshake:1; /**< DOCDOC */
size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
* time. */
@@ -115,11 +114,11 @@
/** Helper: given a SSL* pointer, return the tor_tls_t object using that
* pointer. */
static INLINE tor_tls_t *
-tor_tls_get_by_ssl(SSL *ssl)
+tor_tls_get_by_ssl(const SSL *ssl)
{
tor_tls_t search, *result;
memset(&search, 0, sizeof(search));
- search.ssl = ssl;
+ search.ssl = (SSL*)ssl;
result = HT_FIND(tlsmap, &tlsmap_root, &search);
return result;
}
@@ -786,12 +785,12 @@
r = SSL_read(tls->ssl, cp, len);
if (r > 0) {
#ifdef V2_HANDSHAKE_SERVER
- if (!tls->hadCert && tls->ssl->session && tls->ssl->session->peer) {
- tls->hadCert = 1;
+ if (SSL_num_renegotiations(tls->ssl)) {
/* New certificate! */
- log_info(LD_NET, "Got a TLS renegotiation.");
+ log_notice(LD_NET, "Got a TLS renegotiation from %p", tls);
if (tls->negotiated_callback)
tls->negotiated_callback(tls, tls->callback_arg);
+ SSL_clear_num_renegotiations(tls->ssl);
}
#endif
return r;
@@ -866,7 +865,6 @@
}
if (r == TOR_TLS_DONE) {
tls->state = TOR_TLS_ST_OPEN;
- tls->hadCert = tor_tls_peer_has_cert(tls) ? 1 : 0;
if (tls->isServer) {
SSL_set_info_callback(tls->ssl, NULL);
SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
@@ -895,7 +893,7 @@
if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0)))
tls->wasV2Handshake = 0;
else {
- log_notice(LD_NET, "I think I got a v2 handshake!");
+ log_notice(LD_NET, "I think I got a v2 handshake on %p!", tls);
tls->wasV2Handshake = 1;
}
if (cert)