Check the certificate name when reconnecting to an instance

refs #10963
2025-04-08 17:05:25 +02:00 · 2016-01-19 16:24:12 +01:00 · 2016-01-19 16:24:12 +01:00 · b227dc77bf
commit b227dc77bf
parent badeea7604
3 changed files with 11 additions and 9 deletions
--- a/lib/base/tlsstream.cpp
+++ b/lib/base/tlsstream.cpp
@ -85,7 +85,7 @@ TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, Connecti

 TlsStream::~TlsStream(void)
 {
-	Close();
+	CloseInternal(true);
 }

 int TlsStream::ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx)
@ -321,10 +321,6 @@ void TlsStream::Shutdown(void)
 */
 void TlsStream::Close(void)
 {
-<<<<<<< HEAD
-	if (!m_Eof) {
-		m_Eof = true;
-=======
 	CloseInternal(false);
 }

@ -336,15 +332,13 @@ void TlsStream::CloseInternal(bool inDestructor)
 	m_Eof = true;

 	if (!inDestructor)
->>>>>>> 2dc385e... Fix memory/thread leak in the HttpServerConnection class
 		SignalDataAvailable();

-	Stream::Close();
-
 	SocketEvents::Unregister();

-	boost::mutex::scoped_lock lock(m_Mutex);
+	Stream::Close();

+	boost::mutex::scoped_lock lock(m_Mutex);

 	if (!m_SSL)
 		return;
--- a/lib/base/tlsstream.hpp
+++ b/lib/base/tlsstream.hpp
@ -99,6 +99,8 @@ private:

 	static int ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx);
 	static void NullCertificateDeleter(X509 *certificate);
+
+	void CloseInternal(bool inDestructor);
 };

 }
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@ -321,6 +321,12 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 			return;
 		}

+		if (!hostname.IsEmpty() && identity != hostname) {
+			Log(LogInformation, "ApiListener")
+			    << "Unexpected certificate common name while connecting to endpoint '" << hostname << "': got '" << identity << "'";
+			return;
+		}
+
 		verify_ok = tlsStream->IsVerifyOK();

 		Log(LogInformation, "ApiListener")