ssld: we only will continue supporting one fingerprint method at a time

This commit is contained in:
William Pitcock 2015-12-07 01:21:26 -06:00
parent fced7b416b
commit 772c95cc7a
2 changed files with 5 additions and 7 deletions

View file

@ -389,7 +389,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
char *certfp_string; char *certfp_string;
int i; int i;
if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN) if(ctl_buf->buflen > 5 + RB_SSL_CERTFP_LEN)
return; /* bogus message..drop it.. XXX should warn here */ return; /* bogus message..drop it.. XXX should warn here */
fd = buf_to_int32(&ctl_buf->buf[1]); fd = buf_to_int32(&ctl_buf->buf[1]);

View file

@ -668,14 +668,13 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen
if(status == RB_OK) if(status == RB_OK)
{ {
int len = rb_get_ssl_certfp(F, &buf[9], certfp_method); int len = rb_get_ssl_certfp(F, &buf[5], certfp_method);
if(len) if(len)
{ {
lrb_assert(len <= RB_SSL_CERTFP_LEN); lrb_assert(len <= RB_SSL_CERTFP_LEN);
buf[0] = 'F'; buf[0] = 'F';
int32_to_buf(&buf[1], conn->id); int32_to_buf(&buf[1], conn->id);
int32_to_buf(&buf[5], certfp_method); mod_cmd_write_queue(conn->ctl, buf, 5 + len);
mod_cmd_write_queue(conn->ctl, buf, 9 + len);
} }
conn_mod_read_cb(conn->mod_fd, conn); conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn); conn_plain_read_cb(conn->plain_fd, conn);
@ -694,14 +693,13 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
if(status == RB_OK) if(status == RB_OK)
{ {
int len = rb_get_ssl_certfp(F, &buf[9], certfp_method); int len = rb_get_ssl_certfp(F, &buf[5], certfp_method);
if(len) if(len)
{ {
lrb_assert(len <= RB_SSL_CERTFP_LEN); lrb_assert(len <= RB_SSL_CERTFP_LEN);
buf[0] = 'F'; buf[0] = 'F';
int32_to_buf(&buf[1], conn->id); int32_to_buf(&buf[1], conn->id);
int32_to_buf(&buf[5], certfp_method); mod_cmd_write_queue(conn->ctl, buf, 5 + len);
mod_cmd_write_queue(conn->ctl, buf, 9 + len);
} }
conn_mod_read_cb(conn->mod_fd, conn); conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn); conn_plain_read_cb(conn->plain_fd, conn);