func listenConnect(myID protocol.DeviceID, m *model.Model, tlsCfg *tls.Config) { var conns = make(chan *tls.Conn) // Listen for _, addr := range cfg.Options().ListenAddress { go listenTLS(conns, addr, tlsCfg) } // Connect go dialTLS(m, conns, tlsCfg) next: for conn := range conns { certs := conn.ConnectionState().PeerCertificates if cl := len(certs); cl != 1 { l.Infof("Got peer certificate list of length %d != 1 from %s; protocol error", cl, conn.RemoteAddr()) conn.Close() continue } remoteCert := certs[0] remoteID := protocol.NewDeviceID(remoteCert.Raw) if remoteID == myID { l.Infof("Connected to myself (%s) - should not happen", remoteID) conn.Close() continue } if m.ConnectedTo(remoteID) { l.Infof("Connected to already connected device (%s)", remoteID) conn.Close() continue } for deviceID, deviceCfg := range cfg.Devices() { if deviceID == remoteID { // Verify the name on the certificate. By default we set it to // "syncthing" when generating, but the user may have replaced // the certificate and used another name. certName := deviceCfg.CertName if certName == "" { certName = tlsDefaultCommonName } err := remoteCert.VerifyHostname(certName) if err != nil { // Incorrect certificate name is something the user most // likely wants to know about, since it's an advanced // config. Warn instead of Info. l.Warnf("Bad certificate from %s (%v): %v", remoteID, conn.RemoteAddr(), err) conn.Close() continue next } // If rate limiting is set, we wrap the connection in a // limiter. wr := io.Writer(conn) if writeRateLimit != nil { wr = &limitedWriter{conn, writeRateLimit} } rd := io.Reader(conn) if readRateLimit != nil { rd = &limitedReader{conn, readRateLimit} } name := fmt.Sprintf("%s-%s", conn.LocalAddr(), conn.RemoteAddr()) protoConn := protocol.NewConnection(remoteID, rd, wr, m, name, deviceCfg.Compression) l.Infof("Established secure connection to %s at %s", remoteID, name) if debugNet { l.Debugf("cipher suite %04X", conn.ConnectionState().CipherSuite) } events.Default.Log(events.DeviceConnected, map[string]string{ "id": remoteID.String(), "addr": conn.RemoteAddr().String(), }) m.AddConnection(conn, protoConn) continue next } } if !cfg.IgnoredDevice(remoteID) { events.Default.Log(events.DeviceRejected, map[string]string{ "device": remoteID.String(), "address": conn.RemoteAddr().String(), }) l.Infof("Connection from %s with unknown device ID %s", conn.RemoteAddr(), remoteID) } else { l.Infof("Connection from %s with ignored device ID %s", conn.RemoteAddr(), remoteID) } conn.Close() } }