From dca3f3c1a8af92cfa9f6d0426bd983b3ee5e8b7f Mon Sep 17 00:00:00 2001
From: Arvid Norberg <arvid@libtorrent.org>
Date: Mon, 20 Jan 2014 01:01:03 +0000
Subject: [PATCH] improve SSL error reporting and fix torrent_info::ssl_cert()
 bug

---
 include/libtorrent/error_code.hpp |  4 +++-
 src/error_code.cpp                |  2 +-
 src/torrent.cpp                   |  8 +++++++-
 src/torrent_info.cpp              |  8 ++++++++
 test/setup_transfer.cpp           |  1 -
 test/test_ssl.cpp                 | 18 ++++++++++++------
 6 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/include/libtorrent/error_code.hpp b/include/libtorrent/error_code.hpp
index 79ae96ec8..6cafa8b16 100644
--- a/include/libtorrent/error_code.hpp
+++ b/include/libtorrent/error_code.hpp
@@ -326,7 +326,9 @@ namespace libtorrent
 			// The peer tried to connect to a torrent with a certificate
 			// for a different torrent.
 			invalid_ssl_cert,
-
+			// the torrent is not an SSL torrent, and the operation requires
+			// an SSL torrent
+			not_an_ssl_torrent,
 
 
 			// The NAT-PMP router responded with an unsupported protocol version
diff --git a/src/error_code.cpp b/src/error_code.cpp
index 68ab0220f..fe8d941b3 100644
--- a/src/error_code.cpp
+++ b/src/error_code.cpp
@@ -170,7 +170,7 @@ namespace libtorrent
 			"invalid dont-have message",
 			"SSL connection required",
 			"invalid SSL certificate",
-			"",
+			"not an SSL torrent",
 			"",
 			"",
 			"",
diff --git a/src/torrent.cpp b/src/torrent.cpp
index 4c5470e36..ba84e45f1 100644
--- a/src/torrent.cpp
+++ b/src/torrent.cpp
@@ -4335,7 +4335,13 @@ namespace libtorrent
 		, std::string const& dh_params
 		, std::string const& passphrase)
 	{
-		if (!m_ssl_ctx) return;
+		if (!m_ssl_ctx)
+		{
+			if (alerts().should_post<torrent_error_alert>())
+				alerts().post_alert(torrent_error_alert(get_handle()
+					, error_code(errors::not_an_ssl_torrent)));
+			return;
+		}
 
 		using boost::asio::ssl::context;
 		error_code ec;
diff --git a/src/torrent_info.cpp b/src/torrent_info.cpp
index 392cf8fa9..098031b34 100644
--- a/src/torrent_info.cpp
+++ b/src/torrent_info.cpp
@@ -919,6 +919,14 @@ namespace libtorrent
 
 	std::string torrent_info::ssl_cert() const
 	{
+		// this is parsed lazily
+		if (m_info_dict.type() == lazy_entry::none_t)
+		{
+			error_code ec;
+			lazy_bdecode(m_info_section.get(), m_info_section.get()
+				+ m_info_section_size, m_info_dict, ec);
+			if (ec) return "";
+		}
 		if (m_info_dict.type() != lazy_entry::dict_t) return "";
 		return m_info_dict.dict_find_string_value("ssl-cert");
 	}
diff --git a/test/setup_transfer.cpp b/test/setup_transfer.cpp
index fd58dfe7e..4674a128c 100644
--- a/test/setup_transfer.cpp
+++ b/test/setup_transfer.cpp
@@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
 #include "libtorrent/socket_io.hpp" // print_endpoint
 #include "libtorrent/socket_type.hpp"
 #include "libtorrent/instantiate_connection.hpp"
-#include "setup_transfer.hpp"
 
 #ifdef TORRENT_USE_OPENSSL
 #include <boost/asio/ssl/stream.hpp>
diff --git a/test/test_ssl.cpp b/test/test_ssl.cpp
index fad36af75..5d2d7cec2 100644
--- a/test/test_ssl.cpp
+++ b/test/test_ssl.cpp
@@ -142,7 +142,7 @@ void test_ssl(int test_idx, bool use_utp)
 	file.close();
 
 	add_torrent_params addp;
-	addp.save_path = ".";
+	addp.save_path = "tmp1_ssl";
 	addp.flags &= ~add_torrent_params::flag_paused;
 	addp.flags &= ~add_torrent_params::flag_auto_managed;
 
@@ -339,6 +339,7 @@ bool try_connect(session& ses1, int port
 
 	if (flags & (valid_certificate | invalid_certificate))
 	{
+		fprintf(stderr, "set_password_callback\n");
 		ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec);
 		if (ec)
 		{
@@ -347,6 +348,7 @@ bool try_connect(session& ses1, int port
 			TEST_CHECK(!ec);
 			return false;
 		}
+		fprintf(stderr, "use_certificate_file \"%s\"\n", certificate.c_str());
 		ctx.use_certificate_file(certificate, context::pem, ec);
 		if (ec)
 		{
@@ -355,6 +357,7 @@ bool try_connect(session& ses1, int port
 			TEST_CHECK(!ec);
 			return false;
 		}
+		fprintf(stderr, "use_private_key_file \"%s\"\n", private_key.c_str());
 		ctx.use_private_key_file(private_key, context::pem, ec);
 		if (ec)
 		{
@@ -363,6 +366,7 @@ bool try_connect(session& ses1, int port
 			TEST_CHECK(!ec);
 			return false;
 		}
+		fprintf(stderr, "use_tmp_dh_file \"%s\"\n", dh_params.c_str());
 		ctx.use_tmp_dh_file(dh_params, ec);
 		if (ec)
 		{
@@ -375,7 +379,7 @@ bool try_connect(session& ses1, int port
 
 	boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx);
 
-	fprintf(stderr, "connecting\n");
+	fprintf(stderr, "connecting 127.0.0.1:%d\n", port);
 	ssl_sock.lowest_layer().connect(tcp::endpoint(
 		address_v4::from_string("127.0.0.1"), port), ec);
 	print_alerts(ses1, "ses1", true, true, true, &on_alert);
@@ -493,8 +497,10 @@ void test_malicious_peer()
 		, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
 	file.close();
 
+	TEST_CHECK(!t->ssl_cert().empty());
+
 	add_torrent_params addp;
-	addp.save_path = ".";
+	addp.save_path = "tmp3_ssl";
 	addp.flags &= ~add_torrent_params::flag_paused;
 	addp.flags &= ~add_torrent_params::flag_auto_managed;
 	addp.ti = t;
@@ -502,9 +508,9 @@ void test_malicious_peer()
 	torrent_handle tor1 = ses1.add_torrent(addp, ec);
 
 	tor1.set_ssl_certificate(
-		combine_path("ssl", "peer_certificate.pem")
-		, combine_path("ssl", "peer_private_key.pem")
-		, combine_path("ssl", "dhparams.pem")
+		combine_path("..", combine_path("ssl", "peer_certificate.pem"))
+		, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
+		, combine_path("..", combine_path("ssl", "dhparams.pem"))
 		, "test");
 
 	wait_for_listen(ses1, "ses1");