lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint()
This commit is contained in:
parent
8bc280e0dd
commit
133e447fb6
|
@ -497,7 +497,7 @@ SecureSocket::secureConnect(int socket)
|
|||
retry = 0;
|
||||
// No error, set ready, process and return ok
|
||||
m_secureReady = true;
|
||||
if (verifyCertFingerprint()) {
|
||||
if (verify_cert_fingerprint(barrier::DataDirectories::trusted_servers_ssl_fingerprints_path())) {
|
||||
LOG((CLOG_INFO "connected to secure socket"));
|
||||
if (!showCertificate()) {
|
||||
disconnect();
|
||||
|
@ -655,8 +655,7 @@ SecureSocket::disconnect()
|
|||
sendEvent(getEvents()->forIStream().inputShutdown());
|
||||
}
|
||||
|
||||
bool
|
||||
SecureSocket::verifyCertFingerprint()
|
||||
bool SecureSocket::verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path)
|
||||
{
|
||||
// calculate received certificate fingerprint
|
||||
barrier::FingerprintData fingerprint_sha1, fingerprint_sha256;
|
||||
|
@ -676,8 +675,6 @@ SecureSocket::verifyCertFingerprint()
|
|||
barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(),
|
||||
barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str()));
|
||||
|
||||
auto fingerprint_db_path = barrier::DataDirectories::trusted_servers_ssl_fingerprints_path();
|
||||
|
||||
// Provide debug hint as to what file is being used to verify fingerprint trust
|
||||
LOG((CLOG_NOTE "fingerprint_db_path: %s", fingerprint_db_path.u8string().c_str()));
|
||||
|
||||
|
|
|
@ -69,7 +69,7 @@ private:
|
|||
void showError(const std::string& reason);
|
||||
std::string getError();
|
||||
void disconnect();
|
||||
bool verifyCertFingerprint();
|
||||
bool verify_cert_fingerprint(const barrier::fs::path& fingerprint_db_path);
|
||||
|
||||
MultiplexerJobStatus serviceConnect(ISocketMultiplexerJob*, bool, bool, bool);
|
||||
MultiplexerJobStatus serviceAccept(ISocketMultiplexerJob*, bool, bool, bool);
|
||||
|
|
Loading…
Reference in New Issue