Skip to content
Snippets Groups Projects
Commit c631a832 authored by Adrien Béraud's avatar Adrien Béraud
Browse files

Revert "ConnectionManager: allow self-signed certificate" and generate ca

This reverts commit 62b657d7.

Change-Id: I1789883b516f96f6c5ffc664da6f940c3dcd3e61
parent 89933c1d
Branches
No related tags found
No related merge requests found
...@@ -1503,11 +1503,11 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert ...@@ -1503,11 +1503,11 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert
top_issuer = top_issuer->issuer; top_issuer = top_issuer->issuer;
// Device certificate can't be self-signed // Device certificate can't be self-signed
/* if (top_issuer == crt) { if (top_issuer == crt) {
if (logger) if (logger)
logger->warn("Found invalid (self-signed) peer device: {}", crt->getLongId()); logger->warn("Found invalid (self-signed) peer device: {}", crt->getLongId());
return false; return false;
} */ }
// Check peer certificate chain // Check peer certificate chain
// Trust store with top issuer as the only CA // Trust store with top issuer as the only CA
...@@ -1526,14 +1526,12 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert ...@@ -1526,14 +1526,12 @@ ConnectionManager::Impl::foundPeerDevice(const std::shared_ptr<dht::crypto::Cert
return false; return false;
} }
if (auto issuer = crt->issuer) { account_id = crt->issuer->getId();
account_id = issuer->getId();
if (logger) if (logger)
logger->warn("Found peer device: {} account:{} CA:{}", logger->warn("Found peer device: {} account:{} CA:{}",
crt->getLongId(), crt->getLongId(),
account_id, account_id,
top_issuer->getId()); top_issuer->getId());
}
return true; return true;
} }
......
...@@ -59,8 +59,6 @@ public: ...@@ -59,8 +59,6 @@ public:
std::unique_ptr<ConnectionHandler> alice; std::unique_ptr<ConnectionHandler> alice;
std::unique_ptr<ConnectionHandler> bob; std::unique_ptr<ConnectionHandler> bob;
//std::string aliceId;
//std::string bobId;
//Create a lock to be used in the test units //Create a lock to be used in the test units
std::mutex mtx; std::mutex mtx;
...@@ -133,7 +131,8 @@ CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(ConnectionManagerTest, ConnectionManagerTe ...@@ -133,7 +131,8 @@ CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(ConnectionManagerTest, ConnectionManagerTe
std::unique_ptr<ConnectionHandler> std::unique_ptr<ConnectionHandler>
ConnectionManagerTest::setupHandler(const std::string& name) { ConnectionManagerTest::setupHandler(const std::string& name) {
auto h = std::make_unique<ConnectionHandler>(); auto h = std::make_unique<ConnectionHandler>();
h->id = dht::crypto::generateIdentity(name); auto ca = dht::crypto::generateIdentity("ca");
h->id = dht::crypto::generateIdentity(name, ca);
h->logger = logger; h->logger = logger;
h->certStore = std::make_shared<tls::CertificateStore>(name, h->logger); h->certStore = std::make_shared<tls::CertificateStore>(name, h->logger);
h->ioContext = std::make_shared<asio::io_context>(); h->ioContext = std::make_shared<asio::io_context>();
...@@ -188,6 +187,11 @@ void ...@@ -188,6 +187,11 @@ void
ConnectionManagerTest::setUp() ConnectionManagerTest::setUp()
{ {
logger = dht::log::getStdLogger(); logger = dht::log::getStdLogger();
logger->debug("Using PJSIP version {} for {}", pj_get_version(), PJ_OS_NAME);
logger->debug("Using GnuTLS version {}", gnutls_check_version(nullptr));
logger->debug("Using OpenDHT version {}", dht::version());
ioContext = std::make_shared<asio::io_context>(); ioContext = std::make_shared<asio::io_context>();
ioContextRunner = std::thread([context = ioContext]() { ioContextRunner = std::thread([context = ioContext]() {
try { try {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment