From 4d73ed9fddedba63b91935799c6f7ae22d9ea989 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Mon, 1 Nov 2021 04:50:07 +0200 Subject: [PATCH] lib/net: Present client certificate when connecting to server --- doc/newsfragments/client-send-certificate.feature | 1 + src/lib/net/SecureSocket.cpp | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 doc/newsfragments/client-send-certificate.feature diff --git a/doc/newsfragments/client-send-certificate.feature b/doc/newsfragments/client-send-certificate.feature new file mode 100644 index 00000000..b5584290 --- /dev/null +++ b/doc/newsfragments/client-send-certificate.feature @@ -0,0 +1 @@ +Barrier client now sends certificate that the server can verify. diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp index 093dcb98..1004bb39 100644 --- a/src/lib/net/SecureSocket.cpp +++ b/src/lib/net/SecureSocket.cpp @@ -462,9 +462,13 @@ SecureSocket::secureAccept(int socket) int SecureSocket::secureConnect(int socket) { - createSSL(); + if (!load_certificates(barrier::DataDirectories::ssl_certificate_path())) { + LOG((CLOG_ERR "could not load client certificates")); + // FIXME: this is fatal error, but we current don't disconnect because whole logic in this + // function needs to be cleaned up + } - load_certificates(barrier::DataDirectories::ssl_certificate_path()); + createSSL(); // attach the socket descriptor SSL_set_fd(m_ssl->m_ssl, socket);