Infinite connecting to untrusted user when only trusted users are allowed

Bug #246080 reported by Big Muscle
2
Affects Status Importance Assigned to Milestone
AirDC++
Confirmed
Low
Unassigned
DC++
Confirmed
Low
Unassigned

Bug Description

When I uncheck option "Allow TLS connections to clients without trusted certificate" and connect to some untrusted client, it will get to infinite loop of Connecting, Timeout, Connecting, Timeout etc...

I think it should display any message in such case, for example "Connection with untrusted client not allowed", disconnect the connection and don't try to reconnect again.

Tags: core
Revision history for this message
Jacek Sieka (arnetheduck) wrote :

There - now it acts the same as if the user was passive...

Changed in dcplusplus:
importance: Undecided → Low
status: New → Fix Committed
Revision history for this message
Big Muscle (bigmuscle) wrote :

I don't know whether the fix is correct. Because when you try to connect to untrusted user, SSL_accept/SSL_connect will return with error, so SocketException will be thrown later and it will be caugth in ConnectionManager::accept/xxxConnect, so UserConnectionListener::Connected will be never processed.

I have seen there's some possibility to check whether certificates were verified correctly when SSL_accept/SSL_connect returns with error, so it could be possible solution.

Big Muscle (bigmuscle)
Changed in dcplusplus:
status: Fix Committed → In Progress
Revision history for this message
Fredrik Ullner (ullner) wrote :

Could someone re-verify that this behaviour is still observed? I can't seem to reproduce it here...

Revision history for this message
eMTee (realprogger) wrote :

I can still see the same behaviour as BM initially described. r3368.

Revision history for this message
Fredrik Ullner (ullner) wrote :

Moving to Confirmed since I'm not sure anyone is actually working on it...

Changed in dcplusplus:
status: In Progress → Confirmed
Fredrik Ullner (ullner)
tags: added: core
maksis (maksis)
Changed in airdcpp:
status: New → Confirmed
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.