improve SSL error reporting and fix torrent_info::ssl_cert() bug

This commit is contained in:
Arvid Norberg 2014-01-20 01:01:03 +00:00
parent 8ab1d8b686
commit dca3f3c1a8
6 changed files with 31 additions and 10 deletions

View File

@ -326,7 +326,9 @@ namespace libtorrent
// The peer tried to connect to a torrent with a certificate // The peer tried to connect to a torrent with a certificate
// for a different torrent. // for a different torrent.
invalid_ssl_cert, invalid_ssl_cert,
// the torrent is not an SSL torrent, and the operation requires
// an SSL torrent
not_an_ssl_torrent,
// The NAT-PMP router responded with an unsupported protocol version // The NAT-PMP router responded with an unsupported protocol version

View File

@ -170,7 +170,7 @@ namespace libtorrent
"invalid dont-have message", "invalid dont-have message",
"SSL connection required", "SSL connection required",
"invalid SSL certificate", "invalid SSL certificate",
"", "not an SSL torrent",
"", "",
"", "",
"", "",

View File

@ -4335,7 +4335,13 @@ namespace libtorrent
, std::string const& dh_params , std::string const& dh_params
, std::string const& passphrase) , std::string const& passphrase)
{ {
if (!m_ssl_ctx) return; if (!m_ssl_ctx)
{
if (alerts().should_post<torrent_error_alert>())
alerts().post_alert(torrent_error_alert(get_handle()
, error_code(errors::not_an_ssl_torrent)));
return;
}
using boost::asio::ssl::context; using boost::asio::ssl::context;
error_code ec; error_code ec;

View File

@ -919,6 +919,14 @@ namespace libtorrent
std::string torrent_info::ssl_cert() const std::string torrent_info::ssl_cert() const
{ {
// this is parsed lazily
if (m_info_dict.type() == lazy_entry::none_t)
{
error_code ec;
lazy_bdecode(m_info_section.get(), m_info_section.get()
+ m_info_section_size, m_info_dict, ec);
if (ec) return "";
}
if (m_info_dict.type() != lazy_entry::dict_t) return ""; if (m_info_dict.type() != lazy_entry::dict_t) return "";
return m_info_dict.dict_find_string_value("ssl-cert"); return m_info_dict.dict_find_string_value("ssl-cert");
} }

View File

@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
#include "libtorrent/socket_io.hpp" // print_endpoint #include "libtorrent/socket_io.hpp" // print_endpoint
#include "libtorrent/socket_type.hpp" #include "libtorrent/socket_type.hpp"
#include "libtorrent/instantiate_connection.hpp" #include "libtorrent/instantiate_connection.hpp"
#include "setup_transfer.hpp"
#ifdef TORRENT_USE_OPENSSL #ifdef TORRENT_USE_OPENSSL
#include <boost/asio/ssl/stream.hpp> #include <boost/asio/ssl/stream.hpp>

View File

@ -142,7 +142,7 @@ void test_ssl(int test_idx, bool use_utp)
file.close(); file.close();
add_torrent_params addp; add_torrent_params addp;
addp.save_path = "."; addp.save_path = "tmp1_ssl";
addp.flags &= ~add_torrent_params::flag_paused; addp.flags &= ~add_torrent_params::flag_paused;
addp.flags &= ~add_torrent_params::flag_auto_managed; addp.flags &= ~add_torrent_params::flag_auto_managed;
@ -339,6 +339,7 @@ bool try_connect(session& ses1, int port
if (flags & (valid_certificate | invalid_certificate)) if (flags & (valid_certificate | invalid_certificate))
{ {
fprintf(stderr, "set_password_callback\n");
ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec); ctx.set_password_callback(boost::bind(&password_callback, _1, _2, "test"), ec);
if (ec) if (ec)
{ {
@ -347,6 +348,7 @@ bool try_connect(session& ses1, int port
TEST_CHECK(!ec); TEST_CHECK(!ec);
return false; return false;
} }
fprintf(stderr, "use_certificate_file \"%s\"\n", certificate.c_str());
ctx.use_certificate_file(certificate, context::pem, ec); ctx.use_certificate_file(certificate, context::pem, ec);
if (ec) if (ec)
{ {
@ -355,6 +357,7 @@ bool try_connect(session& ses1, int port
TEST_CHECK(!ec); TEST_CHECK(!ec);
return false; return false;
} }
fprintf(stderr, "use_private_key_file \"%s\"\n", private_key.c_str());
ctx.use_private_key_file(private_key, context::pem, ec); ctx.use_private_key_file(private_key, context::pem, ec);
if (ec) if (ec)
{ {
@ -363,6 +366,7 @@ bool try_connect(session& ses1, int port
TEST_CHECK(!ec); TEST_CHECK(!ec);
return false; return false;
} }
fprintf(stderr, "use_tmp_dh_file \"%s\"\n", dh_params.c_str());
ctx.use_tmp_dh_file(dh_params, ec); ctx.use_tmp_dh_file(dh_params, ec);
if (ec) if (ec)
{ {
@ -375,7 +379,7 @@ bool try_connect(session& ses1, int port
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx); boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_sock(ios, ctx);
fprintf(stderr, "connecting\n"); fprintf(stderr, "connecting 127.0.0.1:%d\n", port);
ssl_sock.lowest_layer().connect(tcp::endpoint( ssl_sock.lowest_layer().connect(tcp::endpoint(
address_v4::from_string("127.0.0.1"), port), ec); address_v4::from_string("127.0.0.1"), port), ec);
print_alerts(ses1, "ses1", true, true, true, &on_alert); print_alerts(ses1, "ses1", true, true, true, &on_alert);
@ -493,8 +497,10 @@ void test_malicious_peer()
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem"))); , 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
file.close(); file.close();
TEST_CHECK(!t->ssl_cert().empty());
add_torrent_params addp; add_torrent_params addp;
addp.save_path = "."; addp.save_path = "tmp3_ssl";
addp.flags &= ~add_torrent_params::flag_paused; addp.flags &= ~add_torrent_params::flag_paused;
addp.flags &= ~add_torrent_params::flag_auto_managed; addp.flags &= ~add_torrent_params::flag_auto_managed;
addp.ti = t; addp.ti = t;
@ -502,9 +508,9 @@ void test_malicious_peer()
torrent_handle tor1 = ses1.add_torrent(addp, ec); torrent_handle tor1 = ses1.add_torrent(addp, ec);
tor1.set_ssl_certificate( tor1.set_ssl_certificate(
combine_path("ssl", "peer_certificate.pem") combine_path("..", combine_path("ssl", "peer_certificate.pem"))
, combine_path("ssl", "peer_private_key.pem") , combine_path("..", combine_path("ssl", "peer_private_key.pem"))
, combine_path("ssl", "dhparams.pem") , combine_path("..", combine_path("ssl", "dhparams.pem"))
, "test"); , "test");
wait_for_listen(ses1, "ses1"); wait_for_listen(ses1, "ses1");