# # # patch "cert.cc" # from [eb7ef42d28821a382223da9e1b85eb68a56f80ef] # to [cb7908e8a4541cc16c257758255cf64654329462] # # patch "cert.hh" # from [5b7ab6dff38e0ba62f74f87fc621357a7703a0ae] # to [6b2244b0e1ba48291fcf7bf5f12c91c5e32fde2f] # # patch "netsync.cc" # from [88fe6c72f8411301a0915993f602b32fa9d0a675] # to [ef4d67b3bd4a47082dbcd13376b353b35eecb8b9] # ============================================================ --- cert.cc eb7ef42d28821a382223da9e1b85eb68a56f80ef +++ cert.cc cb7908e8a4541cc16c257758255cf64654329462 @@ -46,7 +46,7 @@ read_cert(database & db, string const & static bool read_cert(database & db, string const & in, cert & t, - read_cert_version ver) + read_cert_version ver, key_name & keyname) { size_t pos = 0; id hash = id(extract_substring(in, pos, @@ -77,16 +77,17 @@ read_cert(database & db, string const & { case read_cert_v6: { + keyname = key_name(key, origin::network); bool found = false; std::vector all_keys; db.get_key_ids(all_keys); for (std::vector::const_iterator i = all_keys.begin(); i != all_keys.end(); ++i) { - key_name keyname; + key_name i_keyname; rsa_pub_key pub; - db.get_pubkey(*i, keyname, pub); - if (keyname() == key) + db.get_pubkey(*i, i_keyname, pub); + if (i_keyname() == key) { if(db.check_signature(*i, signable, tmp.sig) == cert_ok) { @@ -111,7 +112,6 @@ read_cert(database & db, string const & I(false); } - key_name keyname; rsa_pub_key junk; db.get_pubkey(tmp.key, keyname, junk); @@ -124,20 +124,23 @@ read_cert(database & db, string const & return true; } -bool cert::read_cert_v6(database & db, std::string const & s, cert & c) +bool cert::read_cert_v6(database & db, std::string const & s, cert & c, + key_name & keyname) { - return ::read_cert(db, s, c, ::read_cert_v6); + return ::read_cert(db, s, c, ::read_cert_v6, keyname); } bool cert::read_cert(database & db, std::string const & s, cert & c) { - return ::read_cert(db, s, c, read_cert_current); + key_name keyname; + return ::read_cert(db, s, c, read_cert_current, keyname); } cert::cert(database & db, std::string const & s, origin::type m) : origin_aware(m) { - ::read_cert(db, s, *this, read_cert_current); + key_name keyname; + ::read_cert(db, s, *this, read_cert_current, keyname); } void ============================================================ --- cert.hh 5b7ab6dff38e0ba62f74f87fc621357a7703a0ae +++ cert.hh 6b2244b0e1ba48291fcf7bf5f12c91c5e32fde2f @@ -41,7 +41,8 @@ struct cert : public origin_aware // These understand the netsync serialization. static bool read_cert(database & db, std::string const & s, cert & c); - static bool read_cert_v6(database & db, std::string const & s, cert & c); + static bool read_cert_v6(database & db, std::string const & s, cert & c, + key_name & keyname); cert(database & db, std::string const & s, origin::type m); revision_id ident; ============================================================ --- netsync.cc 88fe6c72f8411301a0915993f602b32fa9d0a675 +++ netsync.cc ef4d67b3bd4a47082dbcd13376b353b35eecb8b9 @@ -2386,13 +2386,14 @@ session::process_data_cmd(netcmd_item_ty { cert c; bool matched; + key_name keyname; if (version >= 7) { matched = cert::read_cert(project.db, dat, c); } else { - matched = cert::read_cert_v6(project.db, dat, c); + matched = cert::read_cert_v6(project.db, dat, c, keyname); } if (matched) @@ -2407,6 +2408,13 @@ session::process_data_cmd(netcmd_item_ty if (project.db.put_revision_cert(c)) written_certs.push_back(c); } + else + { + W(F("dropping incoming cert which was signed by a key we don't have\n" + "you probably need to obtain this key from a more recent netsync peer\n" + "the name of the key involved is '%s', but note that there are multiple\n" + "keys with this name and we don't know which one it is") % keyname); + } } break;