mirror of
https://github.com/LizardByte/Sunshine.git
synced 2025-01-04 02:39:56 +00:00
fix(security): ensure unpairing takes effect without restart (#2365)
This commit is contained in:
parent
3c13027a61
commit
b7aa8119f1
@ -17,6 +17,10 @@ namespace crypto {
|
||||
X509_STORE_add_cert(x509_store.get(), cert.get());
|
||||
_certs.emplace_back(std::make_pair(std::move(cert), std::move(x509_store)));
|
||||
}
|
||||
void
|
||||
cert_chain_t::clear() {
|
||||
_certs.clear();
|
||||
}
|
||||
|
||||
static int
|
||||
openssl_verify_cb(int ok, X509_STORE_CTX *ctx) {
|
||||
|
@ -73,6 +73,9 @@ namespace crypto {
|
||||
void
|
||||
add(x509_t &&cert);
|
||||
|
||||
void
|
||||
clear();
|
||||
|
||||
const char *
|
||||
verify(x509_t::element_type *cert);
|
||||
|
||||
|
@ -42,6 +42,8 @@ namespace nvhttp {
|
||||
namespace fs = std::filesystem;
|
||||
namespace pt = boost::property_tree;
|
||||
|
||||
crypto::cert_chain_t cert_chain;
|
||||
|
||||
class SunshineHttpsServer: public SimpleWeb::Server<SimpleWeb::HTTPS> {
|
||||
public:
|
||||
SunshineHttpsServer(const std::string &certification_file, const std::string &private_key_file):
|
||||
@ -1017,7 +1019,6 @@ namespace nvhttp {
|
||||
conf_intern.pkey = file_handler::read_file(config::nvhttp.pkey.c_str());
|
||||
conf_intern.servercert = file_handler::read_file(config::nvhttp.cert.c_str());
|
||||
|
||||
crypto::cert_chain_t cert_chain;
|
||||
for (auto &[_, client] : map_id_client) {
|
||||
for (auto &cert : client.certs) {
|
||||
cert_chain.add(crypto::x509(cert));
|
||||
@ -1026,15 +1027,15 @@ namespace nvhttp {
|
||||
|
||||
auto add_cert = std::make_shared<safe::queue_t<crypto::x509_t>>(30);
|
||||
|
||||
// /resume doesn't always get the parameter "localAudioPlayMode"
|
||||
// /launch will store it in host_audio
|
||||
// resume doesn't always get the parameter "localAudioPlayMode"
|
||||
// launch will store it in host_audio
|
||||
bool host_audio {};
|
||||
|
||||
https_server_t https_server { config::nvhttp.cert, config::nvhttp.pkey };
|
||||
http_server_t http_server;
|
||||
|
||||
// Verify certificates after establishing connection
|
||||
https_server.verify = [&cert_chain, add_cert](SSL *ssl) {
|
||||
https_server.verify = [add_cert](SSL *ssl) {
|
||||
crypto::x509_t x509 { SSL_get_peer_certificate(ssl) };
|
||||
if (!x509) {
|
||||
BOOST_LOG(info) << "unknown -- denied"sv;
|
||||
@ -1148,6 +1149,7 @@ namespace nvhttp {
|
||||
void
|
||||
erase_all_clients() {
|
||||
map_id_client.clear();
|
||||
cert_chain.clear();
|
||||
save_state();
|
||||
}
|
||||
} // namespace nvhttp
|
||||
|
Loading…
Reference in New Issue
Block a user