diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index 5d56b3843..a5f56800f 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -311,7 +311,7 @@ bool AuthSSLimpl::active() { return init; } int AuthSSLimpl::InitAuth( const char* cert_file, const char* priv_key_file, const char* passwd, - std::string /*alternative_location_name*/ ) + std::string locationName ) { /* single call here si don't need to invoke mutex yet */ static int initLib = 0; @@ -520,6 +520,8 @@ int AuthSSLimpl::InitAuth( else std::cerr << std::endl; + mOwnLocationName = locationName; + init = 1; return 1; } @@ -575,7 +577,7 @@ const RsPeerId& AuthSSLimpl::OwnId() } std::string AuthSSLimpl::getOwnLocation() -{ return RsX509Cert::getCertLocation(*mOwnCert); } +{ return mOwnLocationName; } std::string AuthSSLimpl::SaveOwnCertificateToString() { return saveX509ToPEM(mOwnCert); } diff --git a/libretroshare/src/pqi/authssl.h b/libretroshare/src/pqi/authssl.h index 1501eff3f..618d9f7b6 100644 --- a/libretroshare/src/pqi/authssl.h +++ b/libretroshare/src/pqi/authssl.h @@ -98,7 +98,7 @@ public: virtual bool active() = 0; virtual int InitAuth( const char* srvr_cert, const char* priv_key, const char* passwd, - std::string alternative_location_name ) = 0; + std::string locationName ) = 0; virtual bool CloseAuth() = 0; /*********** Overloaded Functions from p3AuthMgr **********/ @@ -198,7 +198,7 @@ public: bool active() override; int InitAuth( const char *srvr_cert, const char *priv_key, - const char *passwd, std::string alternative_location_name ) + const char *passwd, std::string locationName ) override; bool CloseAuth() override; @@ -278,6 +278,14 @@ private: RsPeerId mOwnId; X509* mOwnCert; + /** + * If the location name is included in SSL certificate it becomes a public + * information, because anyone able to open an SSL connection to the host is + * able to read it. To avoid that location name is now stored separately and + * and not included in the SSL certificate. + */ + std::string mOwnLocationName; + RsMutex sslMtx; /* protects all below */ EVP_PKEY* mOwnPrivateKey;