lib/net: Present client certificate when connecting to server

2021-11-01 04:50:07 +02:00 · 2021-11-01 04:50:07 +02:00 · 4d73ed9fdd
parent 92ba6f61e6
commit 4d73ed9fdd
2 changed files with 7 additions and 2 deletions
--- a/doc/newsfragments/client-send-certificate.feature
+++ b/doc/newsfragments/client-send-certificate.feature
@ -0,0 +1 @@
+Barrier client now sends certificate that the server can verify.
--- a/src/lib/net/SecureSocket.cpp
+++ b/src/lib/net/SecureSocket.cpp
@ -462,9 +462,13 @@ SecureSocket::secureAccept(int socket)
 int
 SecureSocket::secureConnect(int socket)
 {
-    createSSL();
+    if (!load_certificates(barrier::DataDirectories::ssl_certificate_path())) {
+        LOG((CLOG_ERR "could not load client certificates"));
+        // FIXME: this is fatal error, but we current don't disconnect because whole logic in this
+        // function needs to be cleaned up
+    }

-    load_certificates(barrier::DataDirectories::ssl_certificate_path());
+    createSSL();

    // attach the socket descriptor
    SSL_set_fd(m_ssl->m_ssl, socket);
				`@ -0,0 +1 @@`
				`Barrier client now sends certificate that the server can verify.`