improve SSL error reporting and fix torrent_info::ssl_cert() bug
This commit is contained in:
parent
8ab1d8b686
commit
dca3f3c1a8
|
@ -326,7 +326,9 @@ namespace libtorrent
|
|||
// The peer tried to connect to a torrent with a certificate
|
||||
// for a different torrent.
|
||||
invalid_ssl_cert,
|
||||
|
||||
// the torrent is not an SSL torrent, and the operation requires
|
||||
// an SSL torrent
|
||||
not_an_ssl_torrent,
|
||||
|
||||
|
||||
// The NAT-PMP router responded with an unsupported protocol version
|
||||
|
|
|
@ -170,7 +170,7 @@ namespace libtorrent
|
|||
"invalid dont-have message",
|
||||
"SSL connection required",
|
||||
"invalid SSL certificate",
|
||||
"",
|
||||
"not an SSL torrent",
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
|
|
|
@ -4335,7 +4335,13 @@ namespace libtorrent
|
|||
, std::string const& dh_params
|
||||
, std::string const& passphrase)
|
||||
{
|
||||
if (!m_ssl_ctx) return;
|
||||
if (!m_ssl_ctx)
|
||||
{
|
||||
if (alerts().should_post<torrent_error_alert>())
|
||||
alerts().post_alert(torrent_error_alert(get_handle()
|
||||
, error_code(errors::not_an_ssl_torrent)));
|
||||
return;
|
||||
}
|
||||
|
||||
using boost::asio::ssl::context;
|
||||
error_code ec;
|
||||
|
|
|
@ -919,6 +919,14 @@ namespace libtorrent
|
|||
|
||||
std::string torrent_info::ssl_cert() const
|
||||
{
|
||||
// this is parsed lazily
|
||||
if (m_info_dict.type() == lazy_entry::none_t)
|
||||
{
|
||||
error_code ec;
|
||||
lazy_bdecode(m_info_section.get(), m_info_section.get()
|
||||
+ m_info_section_size, m_info_dict, ec);
|
||||
if (ec) return "";
|
||||
}
|
||||
if (m_info_dict.type() != lazy_entry::dict_t) return "";
|
||||
return m_info_dict.dict_find_string_value("ssl-cert");
|
||||
}
|
||||
|
|
|
@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
|
|||
#include "libtorrent/socket_io.hpp" // print_endpoint
|
||||
#include "libtorrent/socket_type.hpp"
|
||||
#include "libtorrent/instantiate_connection.hpp"
|
||||
#include "setup_transfer.hpp"
|
||||
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
#include <boost/asio/ssl/stream.hpp>
|
||||
|
|
|
@ -142,7 +142,7 @@ void test_ssl(int test_idx, bool use_utp)
|
|||
file.close();
|
||||
|
||||
add_torrent_params addp;
|
||||
addp.save_path = ".";
|
||||
addp.save_path = "tmp1_ssl";
|
||||
addp.flags &= ~add_torrent_params::flag_paused;
|
||||
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
||||
|
||||
|
@ -339,6 +339,7 @@ bool try_connect(session& ses1, int port
|
|||
|
||||
if (flags & (valid_certificate | invalid_certificate))
|
||||
{
|
||||
fprintf(stderr, "set_password_callback\n");
|
||||
ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec);
|
||||
if (ec)
|
||||
{
|
||||
|
@ -347,6 +348,7 @@ bool try_connect(session& ses1, int port
|
|||
TEST_CHECK(!ec);
|
||||
return false;
|
||||
}
|
||||
fprintf(stderr, "use_certificate_file \"%s\"\n", certificate.c_str());
|
||||
ctx.use_certificate_file(certificate, context::pem, ec);
|
||||
if (ec)
|
||||
{
|
||||
|
@ -355,6 +357,7 @@ bool try_connect(session& ses1, int port
|
|||
TEST_CHECK(!ec);
|
||||
return false;
|
||||
}
|
||||
fprintf(stderr, "use_private_key_file \"%s\"\n", private_key.c_str());
|
||||
ctx.use_private_key_file(private_key, context::pem, ec);
|
||||
if (ec)
|
||||
{
|
||||
|
@ -363,6 +366,7 @@ bool try_connect(session& ses1, int port
|
|||
TEST_CHECK(!ec);
|
||||
return false;
|
||||
}
|
||||
fprintf(stderr, "use_tmp_dh_file \"%s\"\n", dh_params.c_str());
|
||||
ctx.use_tmp_dh_file(dh_params, ec);
|
||||
if (ec)
|
||||
{
|
||||
|
@ -375,7 +379,7 @@ bool try_connect(session& ses1, int port
|
|||
|
||||
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx);
|
||||
|
||||
fprintf(stderr, "connecting\n");
|
||||
fprintf(stderr, "connecting 127.0.0.1:%d\n", port);
|
||||
ssl_sock.lowest_layer().connect(tcp::endpoint(
|
||||
address_v4::from_string("127.0.0.1"), port), ec);
|
||||
print_alerts(ses1, "ses1", true, true, true, &on_alert);
|
||||
|
@ -493,8 +497,10 @@ void test_malicious_peer()
|
|||
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
|
||||
file.close();
|
||||
|
||||
TEST_CHECK(!t->ssl_cert().empty());
|
||||
|
||||
add_torrent_params addp;
|
||||
addp.save_path = ".";
|
||||
addp.save_path = "tmp3_ssl";
|
||||
addp.flags &= ~add_torrent_params::flag_paused;
|
||||
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
||||
addp.ti = t;
|
||||
|
@ -502,9 +508,9 @@ void test_malicious_peer()
|
|||
torrent_handle tor1 = ses1.add_torrent(addp, ec);
|
||||
|
||||
tor1.set_ssl_certificate(
|
||||
combine_path("ssl", "peer_certificate.pem")
|
||||
, combine_path("ssl", "peer_private_key.pem")
|
||||
, combine_path("ssl", "dhparams.pem")
|
||||
combine_path("..", combine_path("ssl", "peer_certificate.pem"))
|
||||
, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
|
||||
, combine_path("..", combine_path("ssl", "dhparams.pem"))
|
||||
, "test");
|
||||
|
||||
wait_for_listen(ses1, "ses1");
|
||||
|
|
Loading…
Reference in New Issue