diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-11 10:03:14 +0000 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:58 +0200 |
| commit | 67c55d5869d5473e5139614637f31ea37746181d (patch) | |
| tree | acc2ace032eca6eaac1110d323d6f809bb8eb364 /src/irmd/oap/io.c | |
| parent | f5b15630d20acc893e3000f248f03185763f24b0 (diff) | |
| download | ouroboros-67c55d5869d5473e5139614637f31ea37746181d.tar.gz ouroboros-67c55d5869d5473e5139614637f31ea37746181d.zip | |
irmd: Specify peer authentication contract
OAP accepted requests and responses without a certificate even when
the peer was expected to authenticate. An on-path attacker could
strip the certificate and signature from a flow allocation response
and substitute its own key exchange, silently downgrading the
handshake to unauthenticated.
Add an auth=required|optional policy to enc.conf, enforced per role: a
client config requires the server to present a valid certificate, a
server config requires the same from the client. Default is required
for client side (https), optional server side. The client side default
can be changed via OAP_CLIENT_AUTH_DEFAULT for testing.
Replace the bare 'none' keyword with encryption=none, which disables
encryption only: the digest and the authentication policy are kept, so
authenticated but unencrypted flows can be configured. Configs using
bare 'none' are now rejected.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/oap/io.c')
| -rw-r--r-- | src/irmd/oap/io.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c index c2c91b91..24d33e60 100644 --- a/src/irmd/oap/io.c +++ b/src/irmd/oap/io.c @@ -103,8 +103,6 @@ int load_kex_config(const char * name, assert(name != NULL); assert(cfg != NULL); - memset(cfg, 0, sizeof(*cfg)); - /* Load encryption config */ if (!file_exists(path)) log_dbg("No encryption %s for %s.", path, name); |
