aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Macgirvin <mike@macgirvin.com>2010-10-11 04:01:24 -0700
committerMike Macgirvin <mike@macgirvin.com>2010-10-11 04:01:24 -0700
commit6b67d00fce5daaa26afa738beb06a91a4b10ccac (patch)
treecf13fc54bf085163c58b692f1e5fe6ccdcb02d6d
parenteafd225bdd84eae667aa933c62c32d279be2e990 (diff)
downloadvolse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.tar.gz
volse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.tar.bz2
volse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.zip
if pubkey is encrypted, it will also be packaged for safe transport
-rw-r--r--mod/dfrn_confirm.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 77f436374..dd50e82a0 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -89,10 +89,6 @@ function dfrn_confirm_post(&$a) {
// or later) then we encrypt the personal public key we send them using AES-256-CBC and a
// random key which is encrypted with their site public key.
- // Note: We can send any of these things as binary blobs because they are being POST'ed.
- // Any protocol conversations (notify, poll) which perform GET require bin2hex of all the
- // binary stuff.
-
$src_aes_key = random_string();
$result = '';
@@ -292,10 +288,18 @@ function dfrn_confirm_post(&$a) {
$public_key = $_POST['public_key'];
$dfrn_id = hex2bin($_POST['dfrn_id']);
$source_url = hex2bin($_POST['source_url']);
- $aes_key = hex2bin($_POST['aes_key']);
+ $aes_key = $_POST['aes_key'];
$duplex = $_POST['duplex'];
$version_id = $_POST['dfrn_version'];
+
+ // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
+
+ if(x($aes_key)) {
+ $aes_key = hex2bin($aes_key);
+ $public_key = hex2bin($public_key);
+ }
+
// Find our user's account
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",