forked from premiere/premiere-libtorrent
improve SSL error reporting and fix torrent_info::ssl_cert() bug
This commit is contained in:
Arvid Norberg
parent
8ab1d8b686
commit
dca3f3c1a8
|
|
@ -326,7 +326,9 @@ namespace libtorrent
|
||||||
// The peer tried to connect to a torrent with a certificate
|
// The peer tried to connect to a torrent with a certificate
|
||||||
// for a different torrent.
|
// for a different torrent.
|
||||||
invalid_ssl_cert,
|
invalid_ssl_cert,
|
||||||
|
// the torrent is not an SSL torrent, and the operation requires
|
||||||
|
// an SSL torrent
|
||||||
|
not_an_ssl_torrent,
|
||||||
|
|
||||||
|
|
||||||
// The NAT-PMP router responded with an unsupported protocol version
|
// The NAT-PMP router responded with an unsupported protocol version
|
||||||
|
|
|
||||||
|
|
@ -170,7 +170,7 @@ namespace libtorrent
|
||||||
"invalid dont-have message",
|
"invalid dont-have message",
|
||||||
"SSL connection required",
|
"SSL connection required",
|
||||||
"invalid SSL certificate",
|
"invalid SSL certificate",
|
||||||
"",
|
"not an SSL torrent",
|
||||||
"",
|
"",
|
||||||
"",
|
"",
|
||||||
"",
|
"",
|
||||||
|
|
|
||||||
|
|
@ -4335,7 +4335,13 @@ namespace libtorrent
|
||||||
, std::string const& dh_params
|
, std::string const& dh_params
|
||||||
, std::string const& passphrase)
|
, std::string const& passphrase)
|
||||||
{
|
{
|
||||||
if (!m_ssl_ctx) return;
|
if (!m_ssl_ctx)
|
||||||
|
{
|
||||||
|
if (alerts().should_post<torrent_error_alert>())
|
||||||
|
alerts().post_alert(torrent_error_alert(get_handle()
|
||||||
|
, error_code(errors::not_an_ssl_torrent)));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
using boost::asio::ssl::context;
|
using boost::asio::ssl::context;
|
||||||
error_code ec;
|
error_code ec;
|
||||||
|
|
|
||||||
|
|
@ -919,6 +919,14 @@ namespace libtorrent
|
||||||
|
|
||||||
std::string torrent_info::ssl_cert() const
|
std::string torrent_info::ssl_cert() const
|
||||||
{
|
{
|
||||||
|
// this is parsed lazily
|
||||||
|
if (m_info_dict.type() == lazy_entry::none_t)
|
||||||
|
{
|
||||||
|
error_code ec;
|
||||||
|
lazy_bdecode(m_info_section.get(), m_info_section.get()
|
||||||
|
+ m_info_section_size, m_info_dict, ec);
|
||||||
|
if (ec) return "";
|
||||||
|
}
|
||||||
if (m_info_dict.type() != lazy_entry::dict_t) return "";
|
if (m_info_dict.type() != lazy_entry::dict_t) return "";
|
||||||
return m_info_dict.dict_find_string_value("ssl-cert");
|
return m_info_dict.dict_find_string_value("ssl-cert");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
|
||||||
#include "libtorrent/socket_io.hpp" // print_endpoint
|
#include "libtorrent/socket_io.hpp" // print_endpoint
|
||||||
#include "libtorrent/socket_type.hpp"
|
#include "libtorrent/socket_type.hpp"
|
||||||
#include "libtorrent/instantiate_connection.hpp"
|
#include "libtorrent/instantiate_connection.hpp"
|
||||||
#include "setup_transfer.hpp"
|
|
||||||
|
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
#ifdef TORRENT_USE_OPENSSL
|
||||||
#include <boost/asio/ssl/stream.hpp>
|
#include <boost/asio/ssl/stream.hpp>
|
||||||
|
|
|
||||||
|
|
@ -142,7 +142,7 @@ void test_ssl(int test_idx, bool use_utp)
|
||||||
file.close();
|
file.close();
|
||||||
|
|
||||||
add_torrent_params addp;
|
add_torrent_params addp;
|
||||||
addp.save_path = ".";
|
addp.save_path = "tmp1_ssl";
|
||||||
addp.flags &= ~add_torrent_params::flag_paused;
|
addp.flags &= ~add_torrent_params::flag_paused;
|
||||||
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
||||||
|
|
||||||
|
|
@ -339,6 +339,7 @@ bool try_connect(session& ses1, int port
|
||||||
|
|
||||||
if (flags & (valid_certificate | invalid_certificate))
|
if (flags & (valid_certificate | invalid_certificate))
|
||||||
{
|
{
|
||||||
|
fprintf(stderr, "set_password_callback\n");
|
||||||
ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec);
|
ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec);
|
||||||
if (ec)
|
if (ec)
|
||||||
{
|
{
|
||||||
|
|
@ -347,6 +348,7 @@ bool try_connect(session& ses1, int port
|
||||||
TEST_CHECK(!ec);
|
TEST_CHECK(!ec);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
fprintf(stderr, "use_certificate_file \"%s\"\n", certificate.c_str());
|
||||||
ctx.use_certificate_file(certificate, context::pem, ec);
|
ctx.use_certificate_file(certificate, context::pem, ec);
|
||||||
if (ec)
|
if (ec)
|
||||||
{
|
{
|
||||||
|
|
@ -355,6 +357,7 @@ bool try_connect(session& ses1, int port
|
||||||
TEST_CHECK(!ec);
|
TEST_CHECK(!ec);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
fprintf(stderr, "use_private_key_file \"%s\"\n", private_key.c_str());
|
||||||
ctx.use_private_key_file(private_key, context::pem, ec);
|
ctx.use_private_key_file(private_key, context::pem, ec);
|
||||||
if (ec)
|
if (ec)
|
||||||
{
|
{
|
||||||
|
|
@ -363,6 +366,7 @@ bool try_connect(session& ses1, int port
|
||||||
TEST_CHECK(!ec);
|
TEST_CHECK(!ec);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
fprintf(stderr, "use_tmp_dh_file \"%s\"\n", dh_params.c_str());
|
||||||
ctx.use_tmp_dh_file(dh_params, ec);
|
ctx.use_tmp_dh_file(dh_params, ec);
|
||||||
if (ec)
|
if (ec)
|
||||||
{
|
{
|
||||||
|
|
@ -375,7 +379,7 @@ bool try_connect(session& ses1, int port
|
||||||
|
|
||||||
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx);
|
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx);
|
||||||
|
|
||||||
fprintf(stderr, "connecting\n");
|
fprintf(stderr, "connecting 127.0.0.1:%d\n", port);
|
||||||
ssl_sock.lowest_layer().connect(tcp::endpoint(
|
ssl_sock.lowest_layer().connect(tcp::endpoint(
|
||||||
address_v4::from_string("127.0.0.1"), port), ec);
|
address_v4::from_string("127.0.0.1"), port), ec);
|
||||||
print_alerts(ses1, "ses1", true, true, true, &on_alert);
|
print_alerts(ses1, "ses1", true, true, true, &on_alert);
|
||||||
|
|
@ -493,8 +497,10 @@ void test_malicious_peer()
|
||||||
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
|
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
|
||||||
file.close();
|
file.close();
|
||||||
|
|
||||||
|
TEST_CHECK(!t->ssl_cert().empty());
|
||||||
|
|
||||||
add_torrent_params addp;
|
add_torrent_params addp;
|
||||||
addp.save_path = ".";
|
addp.save_path = "tmp3_ssl";
|
||||||
addp.flags &= ~add_torrent_params::flag_paused;
|
addp.flags &= ~add_torrent_params::flag_paused;
|
||||||
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
addp.flags &= ~add_torrent_params::flag_auto_managed;
|
||||||
addp.ti = t;
|
addp.ti = t;
|
||||||
|
|
@ -502,9 +508,9 @@ void test_malicious_peer()
|
||||||
torrent_handle tor1 = ses1.add_torrent(addp, ec);
|
torrent_handle tor1 = ses1.add_torrent(addp, ec);
|
||||||
|
|
||||||
tor1.set_ssl_certificate(
|
tor1.set_ssl_certificate(
|
||||||
combine_path("ssl", "peer_certificate.pem")
|
combine_path("..", combine_path("ssl", "peer_certificate.pem"))
|
||||||
, combine_path("ssl", "peer_private_key.pem")
|
, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
|
||||||
, combine_path("ssl", "dhparams.pem")
|
, combine_path("..", combine_path("ssl", "dhparams.pem"))
|
||||||
, "test");
|
, "test");
|
||||||
|
|
||||||
wait_for_listen(ses1, "ses1");
|
wait_for_listen(ses1, "ses1");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue