From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id E91781FF16E
	for <inbox@lore.proxmox.com>; Mon, 14 Apr 2025 15:00:09 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id D0445332B2;
	Mon, 14 Apr 2025 15:00:08 +0200 (CEST)
From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Mon, 14 Apr 2025 14:59:34 +0200
Message-Id: <20250414125934.476413-1-m.sandoval@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.097 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH backup] http_client: remember accepted
 fingerprints
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

Calling the proxmox-backup-client against a server with self-signed
certificates without having specified a fingerprint will result in
potentially multiple prompts to accept the fingerprint:

```
connected to 10.10.10.136:8007
fingerprint: b9:eb:33:0b:88:e8:e4:1a:c8:d1:f9:5a:08:84:04:9a:92:17:3f:5e:06:ae:e1:6b:91:36:24:38:0f:71:e1:5c
Are you sure you want to continue connecting? (y/n): y
fingerprint: b9:eb:33:0b:88:e8:e4:1a:c8:d1:f9:5a:08:84:04:9a:92:17:3f:5e:06:ae:e1:6b:91:36:24:38:0f:71:e1:5c
Are you sure you want to continue connecting? (y/n): y
```

We avoid this by setting the expected fingerprint to the fingerprint
returned by verify_callback.

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
 pbs-client/src/http_client.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pbs-client/src/http_client.rs b/pbs-client/src/http_client.rs
index c95def07b..05cf8c530 100644
--- a/pbs-client/src/http_client.rs
+++ b/pbs-client/src/http_client.rs
@@ -404,12 +404,13 @@ impl HttpClient {
             let fingerprint_cache = options.fingerprint_cache;
             let prefix = options.prefix.clone();
             let trust_openssl_valid = Arc::new(Mutex::new(true));
+            let expected_fingerprint = Arc::new(Mutex::new(expected_fingerprint));
             ssl_connector_builder.set_verify_callback(
                 openssl::ssl::SslVerifyMode::PEER,
                 move |valid, ctx| match Self::verify_callback(
                     valid,
                     ctx,
-                    expected_fingerprint.as_ref(),
+                    Arc::clone(&expected_fingerprint),
                     interactive,
                     Arc::clone(&trust_openssl_valid),
                 ) {
@@ -422,6 +423,7 @@ impl HttpClient {
                                 error!("{}", err);
                             }
                         }
+                        *expected_fingerprint.lock().unwrap() = Some(fingerprint.clone());
                         *verified_fingerprint.lock().unwrap() = Some(fingerprint);
                         true
                     }
@@ -634,7 +636,7 @@ impl HttpClient {
     fn verify_callback(
         openssl_valid: bool,
         ctx: &mut X509StoreContextRef,
-        expected_fingerprint: Option<&String>,
+        expected_fingerprint: Arc<Mutex<Option<String>>>,
         interactive: bool,
         trust_openssl: Arc<Mutex<bool>>,
     ) -> Result<Option<String>, Error> {
@@ -669,7 +671,7 @@ impl HttpClient {
             .collect::<Vec<&str>>()
             .join(":");
 
-        if let Some(expected_fingerprint) = expected_fingerprint {
+        if let Some(expected_fingerprint) = expected_fingerprint.lock().unwrap().as_ref() {
             let expected_fingerprint = expected_fingerprint.to_lowercase();
             if expected_fingerprint == fp_string {
                 return Ok(Some(fp_string));
-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel