summaryrefslogtreecommitdiffhomepage
path: root/control/controlhttp/server.go
diff options
context:
space:
mode:
Diffstat (limited to 'control/controlhttp/server.go')
-rw-r--r--control/controlhttp/server.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/control/controlhttp/server.go b/control/controlhttp/server.go
index 92bd9ec9b..a446a0ebc 100644
--- a/control/controlhttp/server.go
+++ b/control/controlhttp/server.go
@@ -44,6 +44,18 @@ func AcceptHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request, pri
return nil, fmt.Errorf("decoding base64 handshake header: %v", err)
}
+ if wantPub := r.Header.Get(serverPubHeaderName); wantPub != "" {
+ // If the client declared the public key they expect to speak to,
+ // check it.
+ // TODO: replace the 'private' parameter with a func/interface
+ // that looks up the private key as a function of the public key
+ // to see if we have a currently in-rotation key that's valid.
+ if private.Public().String() != wantPub {
+ http.Error(w, "requested server key unavailable", http.StatusServiceUnavailable)
+ return nil, errors.New("client requested unavailble server key")
+ }
+ }
+
hijacker, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "make request over HTTP/1", http.StatusBadRequest)
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.