New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V0.6 short invites #1571
Merged
Merged
V0.6 short invites #1571
Changes from 1 commit
Commits
Show all changes
48 commits
Select commit
Hold shift + click to select a range
720d5ea
Implement libretroshare short invites support
G10h4ck bde6235
Fix windows compilation
G10h4ck dac7643
Merge pull request #1565 from G10h4ck/short_invites_v2
csoler 56e591f
added a flag in peerState specific to short invites, and several chec…
csoler 4eb6b0b
fixed uninitialized memory read for variable mRsEventsHandle
csoler 8fddb55
fixed stupid bug that crashed the code in a different place
csoler 3a799ba
added optional display of short invites in places with certificates
csoler 4bd5aaa
added parsing of short invites in connect friend wizard (not working …
csoler fb52f67
fixed up addign friend from short invite
csoler 76cf64f
fixed compilation
csoler a7141cb
removed unused startWizard and loadCert code in HomePage
csoler 6294aef
removed unused intro page from ConnectFriendWizard
csoler 0c510a5
removed unused RsId and Fof pages from ConnectFriendWizard
csoler c0436b7
removed unused Email page from ConnectFriendWizard
csoler a55e824
removed unused FriendRequest page from ConnectFriendWizard
csoler a04079d
removed unused Cert page from ConnectFriendWizard
csoler 1f56ef3
removed unused Cert page from ConnectFriendWizard
csoler 38434f2
removed unused Cert page from ConnectFriendWizard
csoler 57a5485
fixed adding friend with short invite
csoler 805f753
fixed parsing of short invite
csoler 6114d97
removed CIRCLES-related dead code from friendlist
csoler e132ce7
attempt to add SSL-only friends in FriendList - does not work yet
csoler 9312d0c
converted short invites to compact PGP format for increased robustness
csoler a52451b
moved SSL part of friend list into a separate function
csoler daec6b3
arranged to show PGP id for friends from short invite. Name not avail…
csoler 6419b03
merged upstream/master
csoler dd90314
fixed missing type conversion
csoler c8064e1
fixed missing parameter in jsonapi declaration
csoler 3a58aa4
add special profile item for not yet validated peer from short invite
csoler bbf92bd
fixed remanent bug due causing the deletion of rsEvent
csoler b0c7f8f
fixed display of non validated nodes without fingerprint
csoler a20ec1a
fixed exchange of PGP keys in binary format and update of PGP signatu…
csoler bea6769
removed unused code from p3gossipdiscovery
csoler b4fe1d4
started documenting p3GossipDiscovery
csoler 32b4312
improved security checks in authssl by verifying that the supplied PG…
csoler 44d6cb7
finished documentation/review of discovery
csoler 654d760
fixed comments from review of PR
csoler 4fabf3d
renamed skip_signature_validation into more appropriate skip_pgp_sign…
csoler ed864f9
removed some debug info about PGP signature validation, and added the…
csoler 6919711
restricted check for matching PGP ids to short invites only, since ot…
csoler 9c7edff
fixed bug caused by shadowing a variable
csoler 19ced52
fixed bug caused by wrong reading of disc flag
csoler 9b78447
used RsInfo instead of std::cerr in authssl.cc
csoler cdeee01
removed dependency of FriendDialog on RsAutoUpdatePage which is not n…
csoler 282d2d3
added missing notifications when adding friends
csoler a04d56e
fixed wrong default value for showUnconnected nodes
csoler d055887
removed some dead code
csoler 24781a7
removed unused mOthersList from PeerMgr
csoler File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -534,7 +534,7 @@ bool AuthSSLimpl::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) | |
uint32_t diagnostic ; | ||
|
||
/* standard authentication */ | ||
if (!AuthX509WithGPG(x509,diagnostic)) | ||
if (!AuthX509WithGPG(x509,true,diagnostic)) | ||
{ | ||
std::cerr << "Validate Own certificate ERROR: diagnostic = " << diagnostic << std::endl; | ||
return false; | ||
|
@@ -970,7 +970,7 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/) | |
} | ||
|
||
|
||
bool AuthSSLimpl::AuthX509WithGPG(X509 *x509, uint32_t& diagnostic) | ||
bool AuthSSLimpl::AuthX509WithGPG(X509 *x509,bool verbose, uint32_t& diagnostic) | ||
{ | ||
RsPgpId issuer = RsX509Cert::getCertIssuer(*x509); | ||
RsPeerDetails pd; | ||
|
@@ -1127,11 +1127,12 @@ bool AuthSSLimpl::AuthX509WithGPG(X509 *x509, uint32_t& diagnostic) | |
goto err; | ||
} | ||
|
||
RsInfo() << __PRETTY_FUNCTION__ << " Verified: " << sigtypestring | ||
<< " signature of certificate sslId: " | ||
<< RsX509Cert::getCertSslId(*x509) | ||
<< ", Version " << std::hex << certificate_version << std::dec | ||
<< " using PGP key " << pd.fpr << " " << pd.name << std::endl; | ||
if(verbose) | ||
std::cerr<< " Verified: " << sigtypestring | ||
<< " signature of certificate sslId: " | ||
<< RsX509Cert::getCertSslId(*x509) | ||
<< ", Version " << std::hex << certificate_version << std::dec | ||
<< " using PGP key " << pd.fpr << " " << pd.name << std::endl; | ||
} | ||
|
||
EVP_MD_CTX_destroy(ctx); | ||
|
@@ -1196,8 +1197,17 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx) | |
|
||
RsPeerId sslId = RsX509Cert::getCertSslId(*x509Cert); | ||
std::string sslCn = RsX509Cert::getCertIssuerString(*x509Cert); | ||
|
||
RsPgpId pgpId(sslCn); | ||
|
||
if(sslCn.length() == 40) | ||
{ | ||
RsPgpFingerprint pgpFpr(sslCn); // we also accept fingerprint format, so that in the future we can switch to fingerprints without backward compatibility issues | ||
|
||
if(!pgpFpr.isNull()) | ||
pgpId = PGPHandler::pgpIdFromFingerprint(pgpFpr); // in the future, we drop PGP ids and keep the fingerprint all along | ||
} | ||
|
||
RsPeerDetails det; | ||
if(!rsPeers->getPeerDetails(sslId,det)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This extra check deny connection to a new location of a PGP friend, IMHO we should remove it |
||
{ | ||
|
@@ -1249,7 +1259,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx) | |
} | ||
|
||
uint32_t auth_diagnostic; | ||
if(!isSslOnlyFriend && !AuthX509WithGPG(x509Cert, auth_diagnostic)) | ||
if(!isSslOnlyFriend && !AuthX509WithGPG(x509Cert,true, auth_diagnostic)) | ||
{ | ||
std::string errMsg = "Certificate was rejected because PGP " | ||
"signature verification failed with diagnostic: " | ||
|
@@ -1334,7 +1344,7 @@ bool AuthSSLimpl::parseX509DetailsFromFile( | |
} | ||
|
||
uint32_t diagnostic = 0; | ||
if(!AuthX509WithGPG(x509, diagnostic)) | ||
if(!AuthX509WithGPG(x509,false, diagnostic)) | ||
{ | ||
RsErr() << __PRETTY_FUNCTION__ << " AuthX509WithGPG failed with " | ||
<< "diagnostic: " << diagnostic << std::endl; | ||
|
@@ -1748,7 +1758,7 @@ bool AuthSSLimpl::loadList(std::list<RsItem*>& load) | |
X509 *peer = loadX509FromPEM(kit->value); | ||
/* authenticate it */ | ||
uint32_t diagnos ; | ||
if (AuthX509WithGPG(peer,diagnos)) | ||
if (AuthX509WithGPG(peer,false,diagnos)) | ||
{ | ||
LocalStoreCert(peer); | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please keep
RsInfo() << __PRETTY_FUNCTION__
instead ofstd::cerr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, here I removed it because it prints too much. We don't need the time nor the function name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you don'T want the function name just keep
RsInfo()
at least it will print well on all platforms, plainstd::cXXX
doesn't work on Android so I had to do a dirty trick to be able to get those messages too, but it doesn'T wok always, while if you use the thins defined inutil/rsdebug.h
it works well on all platforms