Skip to content
Snippets Groups Projects
Commit 32ed68b3 authored by Guillaume Roguez's avatar Guillaume Roguez
Browse files

certstore: fix public dht call acceptance


Fix regression found in commit
[33447cc6: certstore: re-factor peer certificate authorization routine]

An unknown dht call is not accepted even if the configuration flags
"dhtPublicInCall" is true.

Now, accept the gnutls certificate error "INVALID + SIGNER_NOT_FOUND"
when this flags is true.

Change-Id: I90575ab82296d3d29140a7394ae178c196aa98c4
Reviewed-by: default avatarAndreas Traczyk <andreas.traczyk@savoirfairelinux.com>
Reviewed-by: default avatarAdrien Béraud <adrien.beraud@savoirfairelinux.com>
parent 0fc27e2b
No related branches found
No related tags found
No related merge requests found
...@@ -511,7 +511,8 @@ TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic) ...@@ -511,7 +511,8 @@ TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic)
// Match by certificate chain // Match by certificate chain
updateKnownCerts(); updateKnownCerts();
auto ret = allowed_.verify(crt); auto ret = allowed_.verify(crt);
if (not ret) { // Unknown issuer (only that) are accepted if allowPublic is true
if (not ret and !(allowPublic and ret.result == (GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND))) {
RING_WARN("%s", ret.toString().c_str()); RING_WARN("%s", ret.toString().c_str());
return false; return false;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment