Chg: update image tag in helm values to v3.2.0-RC1

Signed-off-by: Ivan Chvets <ivan.chvets@kinarasystems.com>

.github/workflows/ci.yml

@@ -21,7 +21,7 @@ defaults:
 
 jobs:
   docker:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral

.github/workflows/release.yml

@@ -11,7 +11,7 @@ defaults:
 
 jobs:
   helm-package:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
       HELM_REPO_USERNAME: ucentral

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owgw VERSION 4.0.0)
+project(owgw VERSION 3.2.1)
 
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)

helm/values.yaml

@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
   owgw:
     repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owgw
-    tag: v4.0.0-RC1
+    tag: v3.2.0-RC1
     pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io

src/AP_WS_Server.cpp

@@ -71,18 +71,14 @@ namespace OpenWifi {
 	bool AP_WS_Server::ValidateCertificate(const std::string &ConnectionId,
 										   const Poco::Crypto::X509Certificate &Certificate) {
 		if (IsCertOk()) {
-			// validate certificate agains trusted chain
-			for (const auto &cert : ClientCasCerts_) {
-				if (Certificate.issuedBy(cert)) {
-					return true;
-				}
-			}
-			poco_warning(
+			if (!Certificate.issuedBy(*IssuerCert_)) {
+				poco_warning(
 					Logger(),
-					fmt::format(
-						"CERTIFICATE({}): issuer mismatch. Certificate not issued by any trusted CA",
-						ConnectionId)
-					);
+					fmt::format("CERTIFICATE({}): issuer mismatch. Local='{}' Incoming='{}'",
+								ConnectionId, IssuerCert_->issuerName(), Certificate.issuerName()));
+				return false;
+			}
+			return true;
 		}
 		return false;
 	}
@@ -137,13 +133,6 @@ namespace OpenWifi {
 			Context->addChainCertificate(Issuing);
 			Context->addCertificateAuthority(Issuing);
 
-			// add certificates from clientcas to trust chain
-			ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Svr.ClientCas());
-			for (const auto &cert : ClientCasCerts_) {
-				Context->addChainCertificate(cert);
-				Context->addCertificateAuthority(cert);
-			}
-
 			Poco::Crypto::RSAKey Key("", Svr.KeyFile(), Svr.KeyFilePassword());
 			Context->usePrivateKey(Key);
 

src/AP_WS_Server.h

@@ -223,7 +223,6 @@ namespace OpenWifi {
 		mutable std::array<std::mutex,MACHashMax>		SerialNumbersMutex_;
 
 		std::unique_ptr<Poco::Crypto::X509Certificate> IssuerCert_;
-		std::vector<Poco::Crypto::X509Certificate> ClientCasCerts_;
 		std::list<std::unique_ptr<Poco::Net::HTTPServer>> WebServers_;
 		Poco::ThreadPool DeviceConnectionPool_{"ws:dev-pool", 4, 256};
 		Poco::Net::SocketReactor Reactor_;

src/CapabilitiesCache.h

@@ -111,7 +111,7 @@ namespace OpenWifi {
 				i >> cache;
 
 				for (const auto &[Type, Platform] : cache.items()) {
-					Platforms_[Type] = Poco::toLower(Platform.get<std::string>());
+					Platforms_[Type] = Poco::toLower(to_string(Platform));
 				}
 			} catch (...) {
 			}

src/framework/ConfigurationValidator.cpp

@@ -376,21 +376,18 @@ static std::string DefaultAPSchema = R"foo(
             "properties": {
                 "port-mirror": {
                     "description": "Enable mirror of traffic from multiple minotor ports to a single analysis port.",
-                    "type": "array",
-                    "items": {
-                        "type": "object",
-                        "properties": {
-                            "monitor-ports": {
-                                "description": "The list of ports that we want to mirror.",
-                                "type": "array",
-                                "items": {
-                                    "type": "string"
-                                }
-                            },
-                            "analysis-port": {
-                                "description": "The port that mirror'ed packets should be sent to.",
+                    "type": "object",
+                    "properties": {
+                        "monitor-ports": {
+                            "description": "The list of ports that we want to mirror.",
+                            "type": "array",
+                            "items": {
                                 "type": "string"
                             }
+                        },
+                        "analysis-port": {
+                            "description": "The port that mirror'ed packets should be sent to.",
+                            "type": "string"
                         }
                     }
                 },

src/framework/SubSystemServer.cpp

@@ -68,16 +68,6 @@ namespace OpenWifi {
 				Context->addCertificateAuthority(Issuing);
 			}
 
-			if (!client_cas_.empty()) {
-				// add certificates specified in clientcas
-				std::vector<Poco::Crypto::X509Certificate> Certs =
-					Poco::Net::X509Certificate::readPEM(client_cas_);
-				for (const auto &cert : Certs) {
-					Context->addChainCertificate(cert);
-					Context->addCertificateAuthority(cert);
-				}
-			}
-
 			Poco::Crypto::RSAKey Key("", key_file_, key_file_password_);
 			Context->usePrivateKey(Key);
 

src/framework/SubSystemServer.h

@@ -45,7 +45,6 @@ namespace OpenWifi {
 		[[nodiscard]] inline auto KeyFile() const { return key_file_; };
 		[[nodiscard]] inline auto CertFile() const { return cert_file_; };
 		[[nodiscard]] inline auto RootCA() const { return root_ca_; };
-		[[nodiscard]] inline auto ClientCas() const { return client_cas_; };
 		[[nodiscard]] inline auto KeyFilePassword() const { return key_file_password_; };
 		[[nodiscard]] inline auto IssuerCertFile() const { return issuer_cert_file_; };
 		[[nodiscard]] inline auto Name() const { return name_; };