certstore: fix public dht call acceptance

Fix regression found in commit [33447cc6: certstore: re-factor peer certificate authorization routine] An unknown dht call is not accepted even if the configuration flags "dhtPublicInCall" is true. Now, accept the gnutls certificate error "INVALID + SIGNER_NOT_FOUND" when this flags is true. Change-Id: I90575ab82296d3d29140a7394ae178c196aa98c4 Reviewed-by: Andreas Traczyk <andreas.traczyk@savoirfairelinux.com> Reviewed-by: Adrien Béraud <adrien.beraud@savoirfairelinux.com>

certstore: fix public dht call acceptance
32ed68b3 · Guillaume Roguez · 0fc27e2b · 32ed68b3
Commit 32ed68b3 authored 8 years ago by Guillaume Roguez
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -511,7 +511,8 @@ TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic)
    // Match by certificate chain
    updateKnownCerts();
    auto ret = allowed_.verify(crt);
-    if (not ret) {
+    // Unknown issuer (only that) are accepted if allowPublic is true
+    if (not ret and !(allowPublic and ret.result == (GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND))) {
        RING_WARN("%s", ret.toString().c_str());
        return false;
    }