From 2c5a245427fea2e87e0ddba4ae189d19ea785fef Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 16 Jan 2021 18:37:32 +0100 Subject: fix #6699: trust peers if master_pub is in trust set, do not require base URL to match --- src/backend/taler-merchant-httpd_exchanges.c | 19 +++++++++++++++++-- src/backend/taler-merchant-httpd_post-orders-ID-pay.c | 3 ++- 2 files changed, 19 insertions(+), 3 deletions(-) (limited to 'src/backend') diff --git a/src/backend/taler-merchant-httpd_exchanges.c b/src/backend/taler-merchant-httpd_exchanges.c index 2c8995ee..35f51e27 100644 --- a/src/backend/taler-merchant-httpd_exchanges.c +++ b/src/backend/taler-merchant-httpd_exchanges.c @@ -828,7 +828,8 @@ keys_mgmt_cb (void *cls, struct GNUNET_TIME_Absolute expire; struct GNUNET_TIME_Relative delay; - if (NULL == keys) + if ( (MHD_HTTP_OK != hr->http_status) || + (NULL == keys) ) { fail_and_retry (exchange, hr, @@ -846,8 +847,22 @@ keys_mgmt_cb (void *cls, exchange->trusted = false; } if (! exchange->trusted) + { exchange->master_pub = keys->master_pub; - + for (struct Exchange *e = exchange_head; + NULL != e; + e = e->next) + { + if (e == exchange) + continue; + if (! e->trusted) + continue; + if (0 == + GNUNET_memcmp (&e->master_pub, + &exchange->master_pub)) + exchange->trusted = true; /* same exchange, different URL => trust applies */ + } + } if (0 != (TALER_EXCHANGE_VC_NEWER & compat)) { /* Warn user exactly once about need to upgrade */ diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c index bc45902a..d4c47822 100644 --- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c +++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c @@ -760,7 +760,8 @@ process_pay_with_exchange (void *cls, (json_int_t) TALER_EC_MERCHANT_GENERIC_EXCHANGE_TIMEOUT)); return; } - if (NULL == exchange_handle) + if ( (MHD_HTTP_OK != hr->http_status) || + (NULL == exchange_handle) ) { GNUNET_break_op (0); resume_pay_with_response ( -- cgit v1.2.3