From 133e447fb67d558d52309da80bfa1b0d10e6173b Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Mon, 1 Nov 2021 04:50:10 +0200
Subject: [PATCH] lib/net: Don't hardcode fingerprint DB path in
 verify_cert_fingerprint()

---
 src/lib/net/SecureSocket.cpp | 7 ++-----
 src/lib/net/SecureSocket.h   | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp
index 1004bb39..640740d1 100644
--- a/src/lib/net/SecureSocket.cpp
+++ b/src/lib/net/SecureSocket.cpp
@@ -497,7 +497,7 @@ SecureSocket::secureConnect(int socket)
     retry = 0;
     // No error, set ready, process and return ok
     m_secureReady = true;
-    if (verifyCertFingerprint()) {
+    if (verify_cert_fingerprint(barrier::DataDirectories::trusted_servers_ssl_fingerprints_path())) {
         LOG((CLOG_INFO "connected to secure socket"));
         if (!showCertificate()) {
             disconnect();
@@ -655,8 +655,7 @@ SecureSocket::disconnect()
     sendEvent(getEvents()->forIStream().inputShutdown());
 }
 
-bool
-SecureSocket::verifyCertFingerprint()
+bool SecureSocket::verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path)
 {
     // calculate received certificate fingerprint
     barrier::FingerprintData fingerprint_sha1, fingerprint_sha256;
@@ -676,8 +675,6 @@ SecureSocket::verifyCertFingerprint()
          barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(),
          barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str()));
 
-    auto fingerprint_db_path = barrier::DataDirectories::trusted_servers_ssl_fingerprints_path();
-
     // Provide debug hint as to what file is being used to verify fingerprint trust
     LOG((CLOG_NOTE "fingerprint_db_path: %s", fingerprint_db_path.u8string().c_str()));
 
diff --git a/src/lib/net/SecureSocket.h b/src/lib/net/SecureSocket.h
index 6e355008..2e11097b 100644
--- a/src/lib/net/SecureSocket.h
+++ b/src/lib/net/SecureSocket.h
@@ -69,7 +69,7 @@ private:
     void                showError(const std::string& reason);
     std::string getError();
     void                disconnect();
-    bool                verifyCertFingerprint();
+    bool verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path);
 
     MultiplexerJobStatus serviceConnect(ISocketMultiplexerJob*, bool, bool, bool);
     MultiplexerJobStatus serviceAccept(ISocketMultiplexerJob*, bool, bool, bool);