From 7de00736442148433deb42249ba512de4650a30a Mon Sep 17 00:00:00 2001
From: loki <loki@fakeemail.com>
Date: Sun, 12 Jan 2020 16:56:44 +0100
Subject: [PATCH] Temporary workaround for authenticating moonlight-embedded
 version

---
 sunshine/crypto.cpp | 16 ++++++++++++----
 sunshine/nvhttp.cpp |  3 ++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/sunshine/crypto.cpp b/sunshine/crypto.cpp
index 8f928ec7..94a35a51 100644
--- a/sunshine/crypto.cpp
+++ b/sunshine/crypto.cpp
@@ -21,6 +21,7 @@ void cert_chain_t::add(x509_t &&cert) {
  * To circumvent this, x509_store_t instance will be created for each instance of the certificates.
  */
 const char *cert_chain_t::verify(x509_t::element_type *cert) {
+  int err_code = 0;
   for(auto &[_,x509_store] : _certs) {
     util::fail_guard([this]() {
       X509_STORE_CTX_cleanup(_cert_ctx.get());
@@ -30,16 +31,23 @@ const char *cert_chain_t::verify(x509_t::element_type *cert) {
     X509_STORE_CTX_set_cert(_cert_ctx.get(), cert);
 
     auto err = X509_verify_cert(_cert_ctx.get());
+
     if (err == 1) {
       return nullptr;
     }
-    auto err_code = X509_STORE_CTX_get_error(_cert_ctx.get());
-    if (err_code != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
+
+    err_code = X509_STORE_CTX_get_error(_cert_ctx.get());
+
+    //FIXME: Checking for X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY is a temporary workaround to get mmonlight-embedded to work on the raspberry pi
+    if(err_code == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
+      return nullptr;
+    }
+    if (err_code != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && err_code != X509_V_ERR_INVALID_CA) {
       return X509_verify_cert_error_string(err_code);
     }
   }
 
-  return X509_verify_cert_error_string(X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+  return X509_verify_cert_error_string(err_code);
 }
 
 cipher_t::cipher_t(const crypto::aes_t &key) : ctx { EVP_CIPHER_CTX_new() }, key { key }, padding { true } {}
@@ -265,4 +273,4 @@ bool verify256(const x509_t &x509, const std::string_view &data, const std::stri
 void md_ctx_destroy(EVP_MD_CTX *ctx) {
   EVP_MD_CTX_destroy(ctx);
 }
-}
\ No newline at end of file
+}
diff --git a/sunshine/nvhttp.cpp b/sunshine/nvhttp.cpp
index 18c5e4ec..c1de1ac8 100644
--- a/sunshine/nvhttp.cpp
+++ b/sunshine/nvhttp.cpp
@@ -670,12 +670,13 @@ void start() {
 
   // Ugly hack for verifying certificates, see crypto::cert_chain_t::verify() for details
   ctx->set_verify_callback([&cert_chain, add_cert](int verified, boost::asio::ssl::verify_context &ctx) {
-    util::fail_guard([&]() {
+    auto fg = util::fail_guard([&]() {
       char subject_name[256];
 
       auto x509 = ctx.native_handle();
       X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(x509)), subject_name, sizeof(subject_name));
 
+
       BOOST_LOG(info) << subject_name << " -- "sv << (verified ? "verfied"sv : "denied"sv);
     });