octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2025-01-22 22:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Verify negotiated protocol bep/1.0

Browse Source
This commit is contained in:
Jakob Borg 2015-03-05 15:58:16 +01:00
parent 0455a948a9
commit 4745431cda
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/syncthing/connections.go
View File

@ -41,7 +41,14 @@ func listenConnect(myID protocol.DeviceID, m *model.Model, tlsCfg *tls.Config) {
next: next:
for conn := range conns { for conn := range conns {
certs := conn.ConnectionState().PeerCertificates cs := conn.ConnectionState()
if !cs.NegotiatedProtocolIsMutual || cs.NegotiatedProtocol != bepProtocolName {
l.Infof("Peer %s did not negotiate bep/1.0", conn.RemoteAddr())
conn.Close()
continue
}
certs := cs.PeerCertificates
if cl := len(certs); cl != 1 { if cl := len(certs); cl != 1 {
l.Infof("Got peer certificate list of length %d != 1 from %s; protocol error", cl, conn.RemoteAddr()) l.Infof("Got peer certificate list of length %d != 1 from %s; protocol error", cl, conn.RemoteAddr())
conn.Close() conn.Close()

4
cmd/syncthing/main.go
View File

@ -72,6 +72,8 @@ const (
exitUpgrading = 4 exitUpgrading = 4
) )
const bepProtocolName = "bep/1.0"
var l = logger.DefaultLogger var l = logger.DefaultLogger
func init() { func init() {
@ -461,7 +463,7 @@ func syncthingMain() {
tlsCfg := &tls.Config{ tlsCfg := &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
NextProtos: []string{"bep/1.0"}, NextProtos: []string{bepProtocolName},
ClientAuth: tls.RequestClientCert, ClientAuth: tls.RequestClientCert,
SessionTicketsDisabled: true, SessionTicketsDisabled: true,
InsecureSkipVerify: true, InsecureSkipVerify: true,