rayelliott
/
barrier
mirror of https://github.com/debauchee/barrier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint()

This commit is contained in:
Povilas Kanapickas 2021-11-01 04:50:10 +02:00
parent 8bc280e0dd
commit 133e447fb6
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/lib/net/SecureSocket.cpp
View File

@ -497,7 +497,7 @@ SecureSocket::secureConnect(int socket)
retry = 0; retry = 0;
// No error, set ready, process and return ok // No error, set ready, process and return ok
m_secureReady = true; m_secureReady = true;
if (verifyCertFingerprint()) { if (verify_cert_fingerprint(barrier::DataDirectories::trusted_servers_ssl_fingerprints_path())) {
LOG((CLOG_INFO "connected to secure socket")); LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) { if (!showCertificate()) {
disconnect(); disconnect();
@ -655,8 +655,7 @@ SecureSocket::disconnect()
sendEvent(getEvents()->forIStream().inputShutdown()); sendEvent(getEvents()->forIStream().inputShutdown());
} }
bool bool SecureSocket::verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path)
SecureSocket::verifyCertFingerprint()
{ {
// calculate received certificate fingerprint // calculate received certificate fingerprint
barrier::FingerprintData fingerprint_sha1, fingerprint_sha256; barrier::FingerprintData fingerprint_sha1, fingerprint_sha256;
@ -676,8 +675,6 @@ SecureSocket::verifyCertFingerprint()
barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(), barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(),
barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str())); barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str()));
auto fingerprint_db_path = barrier::DataDirectories::trusted_servers_ssl_fingerprints_path();
// Provide debug hint as to what file is being used to verify fingerprint trust // Provide debug hint as to what file is being used to verify fingerprint trust
LOG((CLOG_NOTE "fingerprint_db_path: %s", fingerprint_db_path.u8string().c_str())); LOG((CLOG_NOTE "fingerprint_db_path: %s", fingerprint_db_path.u8string().c_str()));

2
src/lib/net/SecureSocket.h
View File

@ -69,7 +69,7 @@ private:
void showError(const std::string& reason); void showError(const std::string& reason);
std::string getError(); std::string getError();
void disconnect(); void disconnect();
bool verifyCertFingerprint(); bool verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path);
MultiplexerJobStatus serviceConnect(ISocketMultiplexerJob*, bool, bool, bool); MultiplexerJobStatus serviceConnect(ISocketMultiplexerJob*, bool, bool, bool);
MultiplexerJobStatus serviceAccept(ISocketMultiplexerJob*, bool, bool, bool); MultiplexerJobStatus serviceAccept(ISocketMultiplexerJob*, bool, bool, bool);