kdeconnect-kde/core/backends/lan
Vladimir Panteleev b706750af8
Use device ID from client SSL certificate, not UDP packet
Consider the following scenario:

1. We send a UDP broadcast
2. We receive a reply from 192.168.0.1 with device ID "foo"
3. We connect to 192.168.0.1, and find that the device's certificate
   is actually for a different ID "bar". This could be because the
   packet did not actually originate from 192.168.0.1, or this host is
   malicious / malfunctioning.
4. We remember that device ID "foo" has certificate with common name "bar".
5. When we finally attempt to connect to the real device ID "foo", we
   reject their certificate (common name "foo"). We can now never
   successfully connect to "foo".

On some network (mis-)configurations, this completely prevents
kdeconnectd from connecting to any peers, because a reply which is
seen as originating from the local interface address will cause
kdeconnectd to immediately connect to itself and remember its own
certificate.

Address this by using the certificate display name of the peer, which
will match the real device ID.
2021-09-25 12:51:59 +00:00
..
CMakeLists.txt
compositeuploadjob.cpp
compositeuploadjob.h
landevicelink.cpp Add a verification key that's displayed when pairing 2020-11-26 11:28:49 +01:00
landevicelink.h Add a verification key that's displayed when pairing 2020-11-26 11:28:49 +01:00
lanlinkprovider.cpp Use device ID from client SSL certificate, not UDP packet 2021-09-25 12:51:59 +00:00
lanlinkprovider.h
lanpairinghandler.cpp
lanpairinghandler.h
server.cpp
server.h Convert license headers to SPDX expressions 2020-08-17 09:48:10 +00:00
socketlinereader.cpp Don't brute-force reading the socket 2020-10-02 12:52:08 +02:00
socketlinereader.h
uploadjob.cpp
uploadjob.h