|
@@ -569,29 +569,33 @@ connection_or_check_valid_handshake(or_connection_t *conn, char *digest_rcvd)
|
|
|
char nickname[MAX_NICKNAME_LEN+1];
|
|
|
or_options_t *options = get_options();
|
|
|
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
|
|
|
+ int started_here = connection_or_nonopen_was_started_here(conn);
|
|
|
+ const char *safe_address =
|
|
|
+ started_here ? conn->_base.address : safe_str(conn->_base.address);
|
|
|
+ const char *peer_type = started_here ? "Router" : "Client or router";
|
|
|
|
|
|
check_no_tls_errors();
|
|
|
if (! tor_tls_peer_has_cert(conn->tls)) {
|
|
|
- log_info(LD_PROTOCOL,"Peer (%s:%d) didn't send a cert! Closing.",
|
|
|
- conn->_base.address, conn->_base.port);
|
|
|
+ log_info(LD_PROTOCOL,"%s (%s:%d) didn't send a cert! Closing.",
|
|
|
+ peer_type, safe_address, conn->_base.port);
|
|
|
return -1;
|
|
|
}
|
|
|
check_no_tls_errors();
|
|
|
if (tor_tls_get_peer_cert_nickname(severity, conn->tls, nickname,
|
|
|
sizeof(nickname))) {
|
|
|
- log_fn(severity,LD_PROTOCOL,"Other side (%s:%d) has a cert without a "
|
|
|
+ log_fn(severity,LD_PROTOCOL,"%s (%s:%d) has a cert without a "
|
|
|
"valid nickname. Closing.",
|
|
|
- conn->_base.address, conn->_base.port);
|
|
|
+ peer_type, safe_address, conn->_base.port);
|
|
|
return -1;
|
|
|
}
|
|
|
check_no_tls_errors();
|
|
|
- log_debug(LD_OR, "Other side (%s:%d) claims to be router '%s'",
|
|
|
- conn->_base.address, conn->_base.port, nickname);
|
|
|
+ log_debug(LD_OR, "%s (%s:%d) claims to be router '%s'",
|
|
|
+ peer_type, safe_address, conn->_base.port, nickname);
|
|
|
|
|
|
if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
|
|
|
- log_fn(severity,LD_OR,"Other side, which claims to be router '%s' (%s:%d),"
|
|
|
+ log_fn(severity,LD_OR,"%s which claims to be router '%s' (%s:%d),"
|
|
|
" has a cert but it's invalid. Closing.",
|
|
|
- nickname, conn->_base.address, conn->_base.port);
|
|
|
+ peer_type, nickname, safe_address, conn->_base.port);
|
|
|
return -1;
|
|
|
}
|
|
|
check_no_tls_errors();
|
|
@@ -610,13 +614,13 @@ connection_or_check_valid_handshake(or_connection_t *conn, char *digest_rcvd)
|
|
|
router->is_named && /* make sure it's the right guy */
|
|
|
memcmp(digest_rcvd, router->cache_info.identity_digest,DIGEST_LEN) !=0) {
|
|
|
log_fn(severity, LD_OR,
|
|
|
- "Identity key not as expected for router claiming to be "
|
|
|
+ "Identity key not as expected for peer claiming to be "
|
|
|
"'%s' (%s:%d)",
|
|
|
- nickname, conn->_base.address, conn->_base.port);
|
|
|
+ nickname, safe_address, conn->_base.port);
|
|
|
return -1;
|
|
|
}
|
|
|
|
|
|
- if (connection_or_nonopen_was_started_here(conn)) {
|
|
|
+ if (started_here) {
|
|
|
int as_advertised = 1;
|
|
|
if (memcmp(digest_rcvd, conn->identity_digest, DIGEST_LEN)) {
|
|
|
/* I was aiming for a particular digest. I didn't get it! */
|
|
@@ -656,7 +660,7 @@ connection_or_check_valid_handshake(or_connection_t *conn, char *digest_rcvd)
|
|
|
* then initialize conn from the information in router.
|
|
|
*
|
|
|
* If all is successful, call circuit_n_conn_done() to handle events
|
|
|
- * that have been pending on the tls handshake completion. Also set the
|
|
|
+ * that have been pending on the <tls handshake completion. Also set the
|
|
|
* directory to be dirty (only matters if I'm an authdirserver).
|
|
|
*/
|
|
|
static int
|