From ec846006bb7502b82f281da46c1cfa402f88408d Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Tue, 5 Aug 2025 10:24:33 -0400 Subject: [PATCH 1/4] Add entire trust chain for rtty use Signed-off-by: Carsten Schafer --- src/rttys/RTTYS_server.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/rttys/RTTYS_server.cpp b/src/rttys/RTTYS_server.cpp index e71d34b0..7b877ab9 100644 --- a/src/rttys/RTTYS_server.cpp +++ b/src/rttys/RTTYS_server.cpp @@ -93,7 +93,11 @@ namespace OpenWifi { DeviceSecureContext->addCertificateAuthority(Root); DeviceSecureContext->addChainCertificate(Issuing); DeviceSecureContext->addCertificateAuthority(Issuing); - DeviceSecureContext->addCertificateAuthority(Root); + ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(cas); + for (const auto &cert : ClientCasCerts_) { + DeviceSecureContext->addChainCertificate(cert); + DeviceSecureContext->addCertificateAuthority(cert); + } DeviceSecureContext->enableSessionCache(true); DeviceSecureContext->setSessionCacheSize(0); DeviceSecureContext->setSessionTimeout(120); @@ -1117,4 +1121,4 @@ namespace OpenWifi { RTTYS_EndPoint::~RTTYS_EndPoint() { } -} // namespace OpenWifi \ No newline at end of file +} // namespace OpenWifi From d329151f6c30c8dc95dbbd5024f9062d89833c0b Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Tue, 5 Aug 2025 10:46:45 -0400 Subject: [PATCH 2/4] Fix typo Signed-off-by: Carsten Schafer --- src/rttys/RTTYS_server.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rttys/RTTYS_server.cpp b/src/rttys/RTTYS_server.cpp index 7b877ab9..85dcf3b9 100644 --- a/src/rttys/RTTYS_server.cpp +++ b/src/rttys/RTTYS_server.cpp @@ -14,6 +14,7 @@ #include "nlohmann/json.hpp" #include "Poco/NObserver.h" +#include #include "Poco/Net/SocketNotification.h" #include "Poco/Net/NetException.h" #include "Poco/Net/WebSocketImpl.h" @@ -93,7 +94,7 @@ namespace OpenWifi { DeviceSecureContext->addCertificateAuthority(Root); DeviceSecureContext->addChainCertificate(Issuing); DeviceSecureContext->addCertificateAuthority(Issuing); - ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(cas); + ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Cas); for (const auto &cert : ClientCasCerts_) { DeviceSecureContext->addChainCertificate(cert); DeviceSecureContext->addCertificateAuthority(cert); From 33068fca9ef288004512d8ce7576d435b7f68376 Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Tue, 5 Aug 2025 11:15:51 -0400 Subject: [PATCH 3/4] Declare the variable Signed-off-by: Carsten Schafer --- src/rttys/RTTYS_server.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/rttys/RTTYS_server.cpp b/src/rttys/RTTYS_server.cpp index 85dcf3b9..0b12166a 100644 --- a/src/rttys/RTTYS_server.cpp +++ b/src/rttys/RTTYS_server.cpp @@ -87,6 +87,7 @@ namespace OpenWifi { Poco::Crypto::X509Certificate Cert(CertFileName); Poco::Crypto::X509Certificate Root(RootCaFileName); Poco::Crypto::X509Certificate Issuing(IssuerFileName); + std::vector ClientCasCerts; Poco::Crypto::RSAKey Key("", KeyFileName, KeyPassword); DeviceSecureContext->useCertificate(Cert); @@ -94,8 +95,8 @@ namespace OpenWifi { DeviceSecureContext->addCertificateAuthority(Root); DeviceSecureContext->addChainCertificate(Issuing); DeviceSecureContext->addCertificateAuthority(Issuing); - ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Cas); - for (const auto &cert : ClientCasCerts_) { + ClientCasCerts = Poco::Net::X509Certificate::readPEM(Cas); + for (const auto &cert : ClientCasCerts) { DeviceSecureContext->addChainCertificate(cert); DeviceSecureContext->addCertificateAuthority(cert); } From a9130eeb7500200905e434c985b3e240d3354e78 Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Wed, 6 Aug 2025 09:13:04 -0400 Subject: [PATCH 4/4] Read from proper client cas file Signed-off-by: Carsten Schafer --- src/AP_WS_Server.cpp | 2 +- src/rttys/RTTYS_server.cpp | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/AP_WS_Server.cpp b/src/AP_WS_Server.cpp index 169a3c12..e37511b8 100644 --- a/src/AP_WS_Server.cpp +++ b/src/AP_WS_Server.cpp @@ -795,4 +795,4 @@ namespace OpenWifi { return false; } -} // namespace OpenWifi \ No newline at end of file +} // namespace OpenWifi diff --git a/src/rttys/RTTYS_server.cpp b/src/rttys/RTTYS_server.cpp index 0b12166a..31f89ba5 100644 --- a/src/rttys/RTTYS_server.cpp +++ b/src/rttys/RTTYS_server.cpp @@ -72,6 +72,7 @@ namespace OpenWifi { const auto &RootCas = MicroServiceConfigPath("ucentral.websocket.host.0.rootca", ""); const auto &Cas = MicroServiceConfigPath("ucentral.websocket.host.0.cas", ""); + const auto &ClientCasFile = MicroServiceConfigPath("ucentral.websocket.host.0.clientcas", ""); Poco::Net::Context::Params P; @@ -95,7 +96,7 @@ namespace OpenWifi { DeviceSecureContext->addCertificateAuthority(Root); DeviceSecureContext->addChainCertificate(Issuing); DeviceSecureContext->addCertificateAuthority(Issuing); - ClientCasCerts = Poco::Net::X509Certificate::readPEM(Cas); + ClientCasCerts = Poco::Net::X509Certificate::readPEM(ClientCasFile); for (const auto &cert : ClientCasCerts) { DeviceSecureContext->addChainCertificate(cert); DeviceSecureContext->addCertificateAuthority(cert);