ResiLien/nebula
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't use a global ca pool (#426)

Browse Source
This commit is contained in:
Nathan Brown
2021-03-29 12:10:19 -05:00
committed by GitHub
parent 4603b5b2dd
commit 883e09a392
6 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
handshake_ix.go
View File

@ -96,7 +96,7 @@ func ixHandshakeStage1(f *Interface, addr *udpAddr, packet []byte, h *Header) {
return
}
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert)
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert, f.caPool)
if err != nil {
f.l.WithError(err).WithField("udpAddr", addr).
WithField("handshake", m{"stage": 1, "style": "ix_psk0"}).WithField("cert", remoteCert).
@ -318,7 +318,7 @@ func ixHandshakeStage2(f *Interface, addr *udpAddr, hostinfo *HostInfo, packet [
return true
}
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert)
remoteCert, err := RecombineCertAndValidate(ci.H, hs.Details.Cert, f.caPool)
if err != nil {
f.l.WithError(err).WithField("vpnIp", IntIp(hostinfo.hostId)).WithField("udpAddr", addr).
WithField("cert", remoteCert).WithField("handshake", m{"stage": 2, "style": "ix_psk0"}).