izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Temporary workaround for authenticating moonlight-embedded version

Browse Source
This commit is contained in:
loki
2020-01-12 16:56:44 +01:00
parent c5ee7fd008
commit 7de0073644
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sunshine/crypto.cpp
+11 -3
View File
@@ -21,6 +21,7 @@ void cert_chain_t::add(x509_t &&cert) {
* To circumvent this, x509_store_t instance will be created for each instance of the certificates. * To circumvent this, x509_store_t instance will be created for each instance of the certificates.
*/ */
const char *cert_chain_t::verify(x509_t::element_type *cert) { const char *cert_chain_t::verify(x509_t::element_type *cert) {
int err_code = 0;
for(auto &[_,x509_store] : _certs) { for(auto &[_,x509_store] : _certs) {
util::fail_guard([this]() { util::fail_guard([this]() {
X509_STORE_CTX_cleanup(_cert_ctx.get()); X509_STORE_CTX_cleanup(_cert_ctx.get());
@@ -30,16 +31,23 @@ const char *cert_chain_t::verify(x509_t::element_type *cert) {
X509_STORE_CTX_set_cert(_cert_ctx.get(), cert); X509_STORE_CTX_set_cert(_cert_ctx.get(), cert);
auto err = X509_verify_cert(_cert_ctx.get()); auto err = X509_verify_cert(_cert_ctx.get());
if (err == 1) { if (err == 1) {
return nullptr; return nullptr;
} }
auto err_code = X509_STORE_CTX_get_error(_cert_ctx.get());
if (err_code != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) { err_code = X509_STORE_CTX_get_error(_cert_ctx.get());
//FIXME: Checking for X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY is a temporary workaround to get mmonlight-embedded to work on the raspberry pi
if(err_code == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
return nullptr;
}
if (err_code != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && err_code != X509_V_ERR_INVALID_CA) {
return X509_verify_cert_error_string(err_code); return X509_verify_cert_error_string(err_code);
} }
} }
return X509_verify_cert_error_string(X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); return X509_verify_cert_error_string(err_code);
} }
cipher_t::cipher_t(const crypto::aes_t &key) : ctx { EVP_CIPHER_CTX_new() }, key { key }, padding { true } {} cipher_t::cipher_t(const crypto::aes_t &key) : ctx { EVP_CIPHER_CTX_new() }, key { key }, padding { true } {}
sunshine/nvhttp.cpp
+2 -1
View File
@@ -670,12 +670,13 @@ void start() {
// Ugly hack for verifying certificates, see crypto::cert_chain_t::verify() for details // Ugly hack for verifying certificates, see crypto::cert_chain_t::verify() for details
ctx->set_verify_callback([&cert_chain, add_cert](int verified, boost::asio::ssl::verify_context &ctx) { ctx->set_verify_callback([&cert_chain, add_cert](int verified, boost::asio::ssl::verify_context &ctx) {
util::fail_guard([&]() { auto fg = util::fail_guard([&]() {
char subject_name[256]; char subject_name[256];
auto x509 = ctx.native_handle(); auto x509 = ctx.native_handle();
X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(x509)), subject_name, sizeof(subject_name)); X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(x509)), subject_name, sizeof(subject_name));
BOOST_LOG(info) << subject_name << " -- "sv << (verified ? "verfied"sv : "denied"sv); BOOST_LOG(info) << subject_name << " -- "sv << (verified ? "verfied"sv : "denied"sv);
}); });