On 7/20/23, Undescribed Horrific Abuse, One Victim & Survivor of Many <[email protected]> wrote: > one of the curiosities is whether he server's certificate verification > in [akash] is as broken as the client's > > dunno! there's a file adjacent to client.go called router.go that > looks like it might do most of the http server setup work
I found some server cert code at https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2fd83c1d9776b/gateway/rest/middleware.go#L68L88 . The function starts like this: > if r.TLS == nil || len(r.TLS.PeerCertificates) == 0 { > http.Error(w, "", http.StatusUnauthorized) > return > } > > // at this point client certificate has been validated > // so only thing left to do is get account id stored in > the CommonName > owner, err := > sdk.AccAddressFromBech32(r.TLS.PeerCertificates[0].Subject.CommonName) > if err != nil { > http.Error(w, err.Error(), > http.StatusUnauthorized) > return > } It's strange it says "at this point client certificate has been validated" without doing anything to the client certificate. [desktop interruption, mysterious]
