Revert "ConnectionManager: allow self-signed certificate" and generate ca
This reverts commit 62b657d75b4830326f1d0cd99d838ba6a40bacb3.
Change-Id: I1789883b516f96f6c5ffc664da6f940c3dcd3e61
diff --git a/src/connectionmanager.cpp b/src/connectionmanager.cpp
index 70d48e4..7243f53 100644
--- a/src/connectionmanager.cpp
+++ b/src/connectionmanager.cpp
@@ -1503,11 +1503,11 @@
top_issuer = top_issuer->issuer;
// Device certificate can't be self-signed
- /* if (top_issuer == crt) {
+ if (top_issuer == crt) {
if (logger)
logger->warn("Found invalid (self-signed) peer device: {}", crt->getLongId());
return false;
- } */
+ }
// Check peer certificate chain
// Trust store with top issuer as the only CA
@@ -1526,14 +1526,12 @@
return false;
}
- if (auto issuer = crt->issuer) {
- account_id = issuer->getId();
- if (logger)
- logger->warn("Found peer device: {} account:{} CA:{}",
- crt->getLongId(),
- account_id,
- top_issuer->getId());
- }
+ account_id = crt->issuer->getId();
+ if (logger)
+ logger->warn("Found peer device: {} account:{} CA:{}",
+ crt->getLongId(),
+ account_id,
+ top_issuer->getId());
return true;
}
diff --git a/tests/connectionManager.cpp b/tests/connectionManager.cpp
index a4e3759..01cd91a 100644
--- a/tests/connectionManager.cpp
+++ b/tests/connectionManager.cpp
@@ -59,8 +59,6 @@
std::unique_ptr<ConnectionHandler> alice;
std::unique_ptr<ConnectionHandler> bob;
- //std::string aliceId;
- //std::string bobId;
//Create a lock to be used in the test units
std::mutex mtx;
@@ -133,7 +131,8 @@
std::unique_ptr<ConnectionHandler>
ConnectionManagerTest::setupHandler(const std::string& name) {
auto h = std::make_unique<ConnectionHandler>();
- h->id = dht::crypto::generateIdentity(name);
+ auto ca = dht::crypto::generateIdentity("ca");
+ h->id = dht::crypto::generateIdentity(name, ca);
h->logger = logger;
h->certStore = std::make_shared<tls::CertificateStore>(name, h->logger);
h->ioContext = std::make_shared<asio::io_context>();
@@ -188,6 +187,11 @@
ConnectionManagerTest::setUp()
{
logger = dht::log::getStdLogger();
+
+ logger->debug("Using PJSIP version {} for {}", pj_get_version(), PJ_OS_NAME);
+ logger->debug("Using GnuTLS version {}", gnutls_check_version(nullptr));
+ logger->debug("Using OpenDHT version {}", dht::version());
+
ioContext = std::make_shared<asio::io_context>();
ioContextRunner = std::thread([context = ioContext]() {
try {