scottk/wlan-cloud-ucentralgw
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git synced 2025-11-01 19:28:01 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

https://telecominfraproject.atlassian.net/browse/WIFI-12337

Browse Source 
Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
This commit is contained in:
stephb9959
2023-03-16 21:59:31 -07:00
parent fd1edc0a10
commit 9a16b51c28
2 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build
View File

@@ -1 +1 @@
87 89

51
src/rttys/RTTYS_server.cpp
View File

@@ -185,7 +185,7 @@ namespace OpenWifi {
Poco::Net::SocketAddress Client; Poco::Net::SocketAddress Client;
Poco::Net::StreamSocket NewSocket = pNf->socket().impl()->acceptConnection(Client); Poco::Net::StreamSocket NewSocket = pNf->socket().impl()->acceptConnection(Client);
if (NewSocket.impl()->secure()) { if (NewSocket.impl()->secure()) {
auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl()); /* auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl());
auto PeerAddress_ = SS->peerAddress().host(); auto PeerAddress_ = SS->peerAddress().host();
auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString()); auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
poco_debug(Logger(),fmt::format("Completing TLS handshake: {}", CId_)); poco_debug(Logger(),fmt::format("Completing TLS handshake: {}", CId_));
@@ -213,6 +213,7 @@ namespace OpenWifi {
AddNewSocket(NewSocket); AddNewSocket(NewSocket);
return; return;
} }
*/
AddNewSocket(NewSocket); AddNewSocket(NewSocket);
return; return;
} }
@@ -329,25 +330,41 @@ namespace OpenWifi {
} }
if (ConnectionEp->mTLS_) { if (ConnectionEp->mTLS_) {
poco_information(Logger(),fmt::format("{}: Validation of certificate in progress.", ConnectionEp->SerialNumber_)); poco_information(Logger(),fmt::format("{}: Validation of certificate in progress.", ConnectionEp->SerialNumber_));
auto SS = dynamic_cast<Poco::Net::SecureSocketImpl *>(Socket.impl()); if(Socket.secure()) {
auto CId_ = SS->getPeerHostName(); auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(Socket.impl());
// auto PeerAddress_ = SS->peerAddress().host(); if (SS != nullptr) {
// auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString()); auto PeerAddress_ = SS->peerAddress().host();
// if (SS->havePeerCertificate()) { auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
Poco::Crypto::X509Certificate PeerCert(SS->peerCertificate()); if (SS->havePeerCertificate()) {
auto CN = Poco::trim(Poco::toLower(PeerCert.commonName())); Poco::Crypto::X509Certificate PeerCert(SS->peerCertificate());
if (AP_WS_Server()->ValidateCertificate(CId_, PeerCert)) { auto CN = Poco::trim(Poco::toLower(PeerCert.commonName()));
poco_information( if (AP_WS_Server()->ValidateCertificate(CId_, PeerCert)) {
Logger(), poco_information(
fmt::format("Device mTLS {} has been validated from {}.", CN, CId_)); Logger(),
fmt::format("Device mTLS {} has been validated from {}.", CN,
CId_));
} else {
poco_warning(Logger(),
fmt::format("Device failed mTLS validation {}. Certificate fails validation.",
CId_));
return false;
}
} else {
poco_warning(
Logger(),
fmt::format("Device failed mTLS validation {} (no certificate).",
CId_));
return false;
}
} else { } else {
poco_warning(Logger(), fmt::format("Device failed mTLS validation {}. Certificate fails validation.", CId_)); poco_error(Logger(), fmt::format("{}: Cannot convert to secure stream",
ConnectionEp->SerialNumber_));
return false; return false;
} }
// } else { } else {
// poco_warning(Logger(), fmt::format("Device failed mTLS validation {} (no certificate).", CId_)); poco_error(Logger(),fmt::format("{}: Socket is not secure", ConnectionEp->SerialNumber_));
// return false; return false;
// } }
} }
ConnectionEp->Device_fd = fd; ConnectionEp->Device_fd = fd;