build system: Fix race bug in recheck target

[secnet.git] / site.c

diff --git a/site.c b/site.c
index ea85e0e223441ad754e75f311121a269066c9626..b6bae763bbe4f35807265d268fe69b2ad70c9619 100644 (file)
--- a/site.c
+++ b/site.c
@@ -711,6 +711,8 @@ static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what,
        return False;
 
     privkey_found:
+       slog(st,LOG_SIGKEYS,"using private key #%d " SIGKEYID_PR_FMT,
+            ki, SIGKEYID_PR_VAL(prompt->pubkeys_accepted[ki]));
        buf_append_uint8(&st->buffer,ki);
     }
 
@@ -1088,9 +1090,14 @@ static bool_t process_msg3_msg4(struct site *st, struct msg *m)
     if (!pubkey->check(pubkey->st,
                       m->hashstart,m->hashlen,
                       &m->sig)) {
-       slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
+       slog(st,LOG_SEC,"msg3/msg4 signature failed check!"
+            " (key #%d " SIGKEYID_PR_FMT ")",
+            ki, SIGKEYID_PR_VAL(&st->peerkeys_kex->keys[ki].id));
        return False;
     }
+    slog(st,LOG_SIGKEYS,"verified peer signature with key #%d "
+        SIGKEYID_PR_FMT, ki,
+        SIGKEYID_PR_VAL(&st->peerkeys_kex->keys[ki].id));
 
     st->remote_adv_mtu=m->remote_mtu;
 
@@ -2351,9 +2358,19 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
        cfgfatal(loc,"site","parameter must be a dictionary\n");
     
     dict=item->data.dict;
+    st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
+    st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
+                                      log_event_table,"site");
+
     st->localname=dict_read_string(dict, "local-name", True, "site", loc);
     st->remotename=dict_read_string(dict, "name", True, "site", loc);
 
+    st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
+                           "site_apply");
+    sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
+
+    /* Now slog is working */
+
     st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
 
     st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
@@ -2415,7 +2432,6 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     }
 
     st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
-    st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
     st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
 
     st->defhash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
@@ -2495,16 +2511,9 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
                 "renegotiate-time must be less than key-lifetime\n");
     }
 
-    st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
-                                      log_event_table,"site");
-
     st->resolving_count=0;
     st->allow_send_prod=0;
 
-    st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
-                           "site_apply");
-    sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
-
     /* The information we expect to see in incoming messages of type 1 */
     /* fixme: lots of unchecked overflows here, but the results are only
        corrupted packets rather than undefined behaviour */