https://telecominfraproject.atlassian.net/browse/WIFI-12337

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
2025-11-01 19:28:01 +00:00 · 2023-03-16 21:59:31 -07:00
parent fd1edc0a10
commit 9a16b51c28
2 changed files with 35 additions and 18 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-87
+89
--- a/src/rttys/RTTYS_server.cpp
+++ b/src/rttys/RTTYS_server.cpp
@@ -185,7 +185,7 @@ namespace OpenWifi {
 			Poco::Net::SocketAddress Client;
 			Poco::Net::StreamSocket NewSocket = pNf->socket().impl()->acceptConnection(Client);
 			if (NewSocket.impl()->secure()) {
-				auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl());
+/*				auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl());
 				auto PeerAddress_ = SS->peerAddress().host();
 				auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
 				poco_debug(Logger(),fmt::format("Completing TLS handshake: {}", CId_));
@@ -213,6 +213,7 @@ namespace OpenWifi {
 					AddNewSocket(NewSocket);
 					return;
 				}
+				*/
 				AddNewSocket(NewSocket);
 				return;
 			}
@@ -329,25 +330,41 @@ namespace OpenWifi {
 			}
 			if (ConnectionEp->mTLS_) {
 				poco_information(Logger(),fmt::format("{}: Validation of certificate in progress.", ConnectionEp->SerialNumber_));
-				auto SS = dynamic_cast<Poco::Net::SecureSocketImpl *>(Socket.impl());
-				auto CId_ = SS->getPeerHostName();
-//				auto PeerAddress_ = SS->peerAddress().host();
-//				auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
-//				if (SS->havePeerCertificate()) {
+				if(Socket.secure()) {
+					auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(Socket.impl());
+					if (SS != nullptr) {
+						auto PeerAddress_ = SS->peerAddress().host();
+						auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
+						if (SS->havePeerCertificate()) {
 							Poco::Crypto::X509Certificate PeerCert(SS->peerCertificate());
 							auto CN = Poco::trim(Poco::toLower(PeerCert.commonName()));
 							if (AP_WS_Server()->ValidateCertificate(CId_, PeerCert)) {
 								poco_information(
 									Logger(),
-							fmt::format("Device mTLS {} has been validated from {}.", CN, CId_));
+									fmt::format("Device mTLS {} has been validated from {}.", CN,
+												CId_));
 							} else {
-						poco_warning(Logger(), fmt::format("Device failed mTLS validation {}. Certificate fails validation.", CId_));
+								poco_warning(Logger(),
+											 fmt::format("Device failed mTLS validation {}. Certificate fails validation.",
+														 CId_));
+								return false;
+							}
+						} else {
+							poco_warning(
+								Logger(),
+								fmt::format("Device failed mTLS validation {} (no certificate).",
+											CId_));
+							return false;
+						}
+					} else {
+						poco_error(Logger(), fmt::format("{}: Cannot convert to secure stream",
+														 ConnectionEp->SerialNumber_));
+						return false;
+					}
+				} else {
+					poco_error(Logger(),fmt::format("{}: Socket is not secure", ConnectionEp->SerialNumber_));
 					return false;
 				}
-//				} else {
-//					poco_warning(Logger(), fmt::format("Device failed mTLS validation {} (no certificate).", CId_));
-//					return false;
-//				}
 			}

 			ConnectionEp->Device_fd = fd;