proxy/tripe-mitm.c: Don't try to interpret the keys.

The plan to attack the cryptography never really materialized.  This
program's understanding of the crypto is now seriously out of date and
would need a major overhaul.  Instead, just check that the arguments are
vaguely right and get on with shovelling packets about.

diff --git a/proxy/tripe-mitm.8.in b/proxy/tripe-mitm.8.in
index 40390bd..cab0fb2 100644 (file)
--- a/proxy/tripe-mitm.8.in
+++ b/proxy/tripe-mitm.8.in
@@ -97,6 +97,7 @@ on
 The
 .I name
 identifies the public key which that peer uses to authenticate itself.
+(Currently this is checked, but not used for anything.)
 Both
 .I local-port
 and

diff --git a/proxy/tripe-mitm.c b/proxy/tripe-mitm.c
index 7473953..bd57306 100644 (file)
--- a/proxy/tripe-mitm.c
+++ b/proxy/tripe-mitm.c
@@ -72,7 +72,6 @@
 
 typedef struct peer {
   sel_file sf;
-  dh_pub kpub;
   const char *name;
   struct filter *f;
 } peer;
@@ -117,26 +116,20 @@ static void dopacket(int fd, unsigned mode, void *vv)
 
 static void addpeer(unsigned ac, char **av)
 {
-  key_packstruct kps[DH_PUBFETCHSZ];
-  key_packdef *kp;
   struct hostent *h;
   struct sockaddr_in sin;
   int len = PKBUFSZ;
   peer *p;
   int fd;
-  int e;
 
   if (ac != 4)
     die(1, "syntax: peer:NAME:PORT:ADDR:PORT");
   if (npeer >= 2)
     die(1, "enough peers already");
+  if (!key_bytag(&keys, av[0]))
+    die(1, "no key named `%s'", av[0]);
   p = &peers[npeer++];
   p->name = xstrdup(av[0]);
-  kp = key_fetchinit(dh_pubfetch, kps, &p->kpub);
-  e = key_fetchbyname(kp, &keys, av[0]);
-  key_fetchdone(kp);
-  if (e)
-    die(1, "key_fetch `%s': %s", av[0], key_strerror(e));
   if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
     die(1, "socket: %s", strerror(errno));
   fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);