mirror/Sunshine
1
0
Fork 0
mirror of https://github.com/LizardByte/Sunshine.git synced 2024-11-16 23:10:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix client auth error with some embedded clients

Browse Source
This commit is contained in:
Cameron Gutman 2021-07-17 19:34:08 -05:00
parent 5ff5942258
commit a1f63da057
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sunshine/crypto.cpp
View File

@ -52,9 +52,13 @@ const char *cert_chain_t::verify(x509_t::element_type *cert) {
X509_STORE_CTX_cleanup(_cert_ctx.get()); X509_STORE_CTX_cleanup(_cert_ctx.get());
}); });
X509_STORE_CTX_init(_cert_ctx.get(), x509_store.get(), nullptr, nullptr); X509_STORE_CTX_init(_cert_ctx.get(), x509_store.get(), cert, nullptr);
X509_STORE_CTX_set_verify_cb(_cert_ctx.get(), openssl_verify_cb); X509_STORE_CTX_set_verify_cb(_cert_ctx.get(), openssl_verify_cb);
X509_STORE_CTX_set_cert(_cert_ctx.get(), cert);
// We don't care to validate the entire chain for the purposes of client auth.
// Some versions of clients forked from Moonlight Embedded produce client certs
// that OpenSSL doesn't detect as self-signed due to some X509v3 extensions.
X509_STORE_CTX_set_flags(_cert_ctx.get(), X509_V_FLAG_PARTIAL_CHAIN);
auto err = X509_verify_cert(_cert_ctx.get()); auto err = X509_verify_cert(_cert_ctx.get());