On 7/20/23, Undescribed Horrific Abuse, One Victim & Survivor of Many <gmkarl@gmail.com> wrote:
one of the curiosities is whether he server's certificate verification in [akash] is as broken as the client's
dunno! there's a file adjacent to client.go called router.go that looks like it might do most of the http server setup work
I found some server cert code at https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2f... . The function starts like this:
if r.TLS == nil || len(r.TLS.PeerCertificates) == 0 { http.Error(w, "", http.StatusUnauthorized) return }
// at this point client certificate has been validated // so only thing left to do is get account id stored in the CommonName owner, err := sdk.AccAddressFromBech32(r.TLS.PeerCertificates[0].Subject.CommonName) if err != nil { http.Error(w, err.Error(), http.StatusUnauthorized) return }
It's strange it says "at this point client certificate has been validated" without doing anything to the client certificate. [desktop interruption, mysterious]