Warn if client CA not boxine CA

toniebox-reverse-engineering · Oct 2, 2024 · c4fce1f · c4fce1f
1 parent b71cf5b
commit c4fce1f
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/src/settings.c b/src/settings.c
@@ -1597,6 +1597,26 @@ error_t settings_try_load_certs_id(uint8_t settingsId)
     load_cert("internal.client.crt", "core.client_cert.file.crt", "core.client_cert.data.crt", settingsId);
     load_cert("internal.client.key", "core.client_cert.file.key", "core.client_cert.data.key", settingsId);
 
+    const char *client_ca_crt = settings_get_string("internal.client.ca");
+
+    size_t boxine_ca_length = 2008;
+    size_t ca_length = osStrlen(client_ca_crt);
+    if (ca_length > 0)
+    {
+        if (ca_length != boxine_ca_length)
+        {
+            TRACE_WARNING("Client CA length mismatch %" PRIuSIZE " expected %" PRIuSIZE "\r\n", ca_length, boxine_ca_length);
+        }
+        else
+        {
+            if (osStrstr(client_ca_crt, "MC0JveGluZSBHbW") == NULL   // Boxine GmbH
+                || osStrstr(client_ca_crt, "DAlCb3hpbmUgQ") == NULL) // Boxine
+            {
+                TRACE_WARNING("Client CA does not match Boxine\r\n");
+            }
+        }
+    }
+
     const char *server_crt = settings_get_string("internal.server.crt");
     const char *server_ca_crt = settings_get_string("internal.server.ca");