From 772c95cc7afdc995456ef6af6c216706b6829463 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 7 Dec 2015 01:21:26 -0600 Subject: [PATCH] ssld: we only will continue supporting one fingerprint method at a time --- src/sslproc.c | 2 +- ssld/ssld.c | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/sslproc.c b/src/sslproc.c index ff38c282..3d727666 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -389,7 +389,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) char *certfp_string; int i; - if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN) + if(ctl_buf->buflen > 5 + RB_SSL_CERTFP_LEN) return; /* bogus message..drop it.. XXX should warn here */ fd = buf_to_int32(&ctl_buf->buf[1]); diff --git a/ssld/ssld.c b/ssld/ssld.c index 37c9e060..43a41b37 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -668,14 +668,13 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen if(status == RB_OK) { - int len = rb_get_ssl_certfp(F, &buf[9], certfp_method); + int len = rb_get_ssl_certfp(F, &buf[5], certfp_method); if(len) { lrb_assert(len <= RB_SSL_CERTFP_LEN); buf[0] = 'F'; int32_to_buf(&buf[1], conn->id); - int32_to_buf(&buf[5], certfp_method); - mod_cmd_write_queue(conn->ctl, buf, 9 + len); + mod_cmd_write_queue(conn->ctl, buf, 5 + len); } conn_mod_read_cb(conn->mod_fd, conn); conn_plain_read_cb(conn->plain_fd, conn); @@ -694,14 +693,13 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data) if(status == RB_OK) { - int len = rb_get_ssl_certfp(F, &buf[9], certfp_method); + int len = rb_get_ssl_certfp(F, &buf[5], certfp_method); if(len) { lrb_assert(len <= RB_SSL_CERTFP_LEN); buf[0] = 'F'; int32_to_buf(&buf[1], conn->id); - int32_to_buf(&buf[5], certfp_method); - mod_cmd_write_queue(conn->ctl, buf, 9 + len); + mod_cmd_write_queue(conn->ctl, buf, 5 + len); } conn_mod_read_cb(conn->mod_fd, conn); conn_plain_read_cb(conn->plain_fd, conn);