From e88552123c4c3c4164fb909b798b3d6147d2de9d Mon Sep 17 00:00:00 2001 From: Erik Boasson Date: Wed, 8 Apr 2020 11:42:53 +0200 Subject: [PATCH] Peers may have a secure announcer without using security There exist implementations that advertise security-related built-endpoints regardless of whether the participant has security configured. Therefore, the test whether security is enabled for the participant cannot simply be the presence of such an endpoint, because the absence of an IDENTITY_TOKEN in the data is then considered an error. This commit simply changes the check to requiring the presence of the endpoint and the presence of the IDENTITY_TOKEN. Signed-off-by: Erik Boasson --- src/core/ddsi/src/q_ddsi_discovery.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/core/ddsi/src/q_ddsi_discovery.c b/src/core/ddsi/src/q_ddsi_discovery.c index f8ee6eb..98db5b0 100644 --- a/src/core/ddsi/src/q_ddsi_discovery.c +++ b/src/core/ddsi/src/q_ddsi_discovery.c @@ -638,16 +638,12 @@ static int handle_SPDP_alive (const struct receiver_state *rst, seqno_t seq, dds } } - const bool is_secure = (datap->builtin_endpoint_set & NN_DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER) != 0; + const bool is_secure = ((datap->builtin_endpoint_set & NN_DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER) != 0 && + (datap->present & PP_IDENTITY_TOKEN)); /* Make sure we don't create any security builtin endpoint when it's considered unsecure. */ if (!is_secure) builtin_endpoint_set &= NN_BES_MASK_NON_SECURITY; GVLOGDISC ("SPDP ST0 "PGUIDFMT" bes %x%s NEW", PGUID (datap->participant_guid), builtin_endpoint_set, is_secure ? " (secure)" : ""); - if (is_secure && !(datap->present & PP_IDENTITY_TOKEN)) - { - GVLOGDISC (" identity token missing\n"); - return 0; - } if (datap->present & PP_PARTICIPANT_LEASE_DURATION) {