xfnw
/
solanum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ssld: we only will continue supporting one fingerprint method at a time

This commit is contained in:
William Pitcock 2015-12-07 01:21:26 -06:00
parent fced7b416b
commit 772c95cc7a
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/sslproc.c
View File

@ -389,7 +389,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
char *certfp_string;
int i;
if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN)
if(ctl_buf->buflen > 5 + RB_SSL_CERTFP_LEN)
return; /* bogus message..drop it.. XXX should warn here */
fd = buf_to_int32(&ctl_buf->buf[1]);

10
ssld/ssld.c
View File

@ -668,14 +668,13 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen
if(status == RB_OK)
{
int len = rb_get_ssl_certfp(F, &buf[9], certfp_method);
int len = rb_get_ssl_certfp(F, &buf[5], certfp_method);
if(len)
{
lrb_assert(len <= RB_SSL_CERTFP_LEN);
buf[0] = 'F';
int32_to_buf(&buf[1], conn->id);
int32_to_buf(&buf[5], certfp_method);
mod_cmd_write_queue(conn->ctl, buf, 9 + len);
mod_cmd_write_queue(conn->ctl, buf, 5 + len);
}
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
@ -694,14 +693,13 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
if(status == RB_OK)
{
int len = rb_get_ssl_certfp(F, &buf[9], certfp_method);
int len = rb_get_ssl_certfp(F, &buf[5], certfp_method);
if(len)
{
lrb_assert(len <= RB_SSL_CERTFP_LEN);
buf[0] = 'F';
int32_to_buf(&buf[1], conn->id);
int32_to_buf(&buf[5], certfp_method);
mod_cmd_write_queue(conn->ctl, buf, 9 + len);
mod_cmd_write_queue(conn->ctl, buf, 5 + len);
}
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);