From 133e447fb67d558d52309da80bfa1b0d10e6173b Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Mon, 1 Nov 2021 04:50:10 +0200 Subject: [PATCH] lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint() --- src/lib/net/SecureSocket.cpp | 7 ++----- src/lib/net/SecureSocket.h | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp index 1004bb39..640740d1 100644 --- a/src/lib/net/SecureSocket.cpp +++ b/src/lib/net/SecureSocket.cpp @@ -497,7 +497,7 @@ SecureSocket::secureConnect(int socket) retry = 0; // No error, set ready, process and return ok m_secureReady = true; - if (verifyCertFingerprint()) { + if (verify_cert_fingerprint(barrier::DataDirectories::trusted_servers_ssl_fingerprints_path())) { LOG((CLOG_INFO "connected to secure socket")); if (!showCertificate()) { disconnect(); @@ -655,8 +655,7 @@ SecureSocket::disconnect() sendEvent(getEvents()->forIStream().inputShutdown()); } -bool -SecureSocket::verifyCertFingerprint() +bool SecureSocket::verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path) { // calculate received certificate fingerprint barrier::FingerprintData fingerprint_sha1, fingerprint_sha256; @@ -676,8 +675,6 @@ SecureSocket::verifyCertFingerprint() barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(), barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str())); - auto fingerprint_db_path = barrier::DataDirectories::trusted_servers_ssl_fingerprints_path(); - // Provide debug hint as to what file is being used to verify fingerprint trust LOG((CLOG_NOTE "fingerprint_db_path: %s", fingerprint_db_path.u8string().c_str())); diff --git a/src/lib/net/SecureSocket.h b/src/lib/net/SecureSocket.h index 6e355008..2e11097b 100644 --- a/src/lib/net/SecureSocket.h +++ b/src/lib/net/SecureSocket.h @@ -69,7 +69,7 @@ private: void showError(const std::string& reason); std::string getError(); void disconnect(); - bool verifyCertFingerprint(); + bool verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path); MultiplexerJobStatus serviceConnect(ISocketMultiplexerJob*, bool, bool, bool); MultiplexerJobStatus serviceAccept(ISocketMultiplexerJob*, bool, bool, bool);