[PD1] small changes

2024-04-23 11:12:18 +01:00 · 2024-04-23 11:12:18 +01:00 · 2cafc3163c
commit 2cafc3163c
parent 568b6e6739
10 changed files with 160 additions and 71 deletions
--- a/Projs/PD1/internal/utils/cryptoUtils/cryptoUtils.go
+++ b/Projs/PD1/internal/utils/cryptoUtils/cryptoUtils.go
@ -10,7 +10,6 @@ import (
 	"encoding/binary"
 	"errors"

-	//"errors"
 	"log"
 	"os"

@ -94,9 +93,25 @@ func (k *KeyStore) GetServerTLSConfig() *tls.Config {
 		caCertPool.AddCert(caCert)
 	}
 	tlsConfig.ClientCAs = caCertPool
-    //FIX: SERVER ACCEPTS CONNECTIONS WITH UNMATCHING OR 
-    // NO CERTIFICATE, NEEDS TO BE CHANGED SOMEHOW
-	tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
+	tlsConfig.ClientAuth = tls.RequestClientCert
+	tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
+		// Verify the peer's certificate
+		opts := x509.VerifyOptions{
+			Roots: caCertPool,
+		}
+		for _, certBytes := range rawCerts {
+			cert, err := x509.ParseCertificate(certBytes)
+			if err != nil {
+				return err
+			}
+			// Check if the certificate is signed by the specified CA
+			_, err = cert.Verify(opts)
+			if err != nil {
+				return errors.New("certificate not signed by trusted CA")
+			}
+		}
+		return nil
+	}
 	return tlsConfig
 }