Commit 82ee4e19 authored by Kevin Kane's avatar Kevin Kane Committed by Nathan Heldt-Sheller

[IOT-2101] Don't automatically assert roles accessing DOXM

During OTM, the DOXM resource is accessed while the SSL lock is
held. Attempting to assert roles causes this lock to be acquired
again, and recursive locking is not supported. Therefore, don't
automatically assert roles when accessing DOXM. Since this
resource seems to only be accessed either anonymously or with an
owner PSK, this shouldn't be needed, anyway.

Change-Id: I4b04d24544a5049d3a91827753d565e118cbf9d5
Signed-off-by: default avatarKevin Kane <kkane@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19237Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: default avatarPhil Coval <philippe.coval@osg.samsung.com>
Reviewed-by: default avatarAlex Kelley <alexke@microsoft.com>
Reviewed-by: default avatarWay Vadhanasin <wayvad@microsoft.com>
Reviewed-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
parent 5e353806
......@@ -824,6 +824,7 @@ CAResult_t GetCASecureEndpointData(const CAEndpoint_t* peer, CASecureEndpoint_t*
{
OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
oc_mutex_assert_owner(g_sslContextMutex, false);
oc_mutex_lock(g_sslContextMutex);
if (NULL == g_caSslContext)
{
......
......@@ -3394,7 +3394,8 @@ OCStackResult OCDoRequest(OCDoHandle *handle,
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
/* Check whether we should assert role certificates before making this request. */
if ((endpoint.flags & CA_SECURE) &&
(strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0))
(strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0) &&
(strcmp(requestInfo.info.resourceUri, OIC_RSRC_DOXM_URI) != 0))
{
CASecureEndpoint_t sep;
CAResult_t caRes = CAGetSecureEndpointData(&endpoint, &sep);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment