FIX(server): Validate the correct certifiacte from a clients chain

While validating a clients certifiacte, the last certifiacte in the clients chain was used. The last certifiacte is the certifiacte of the CA. Since in this place, the clients own certifiacte should be validated, the first certifiacte in the chain needs to be used instead. Fixes mumble-voip#3523 (partially)
EP-u-NW · Jun 20, 2021 · cda34be · cda34be
1 parent 31d0e8e
commit cda34be
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
@@ -1511,7 +1511,7 @@ void Server::encrypted() {
 
 	QList< QSslCertificate > certs = uSource->peerCertificateChain();
 	if (!certs.isEmpty()) {
-		const QSslCertificate &cert = certs.last();
+		const QSslCertificate &cert = certs.first();
 		uSource->qslEmail           = cert.subjectAlternativeNames().values(QSsl::EmailEntry);
 		uSource->qsHash             = QString::fromLatin1(cert.digest(QCryptographicHash::Sha1).toHex());
 		if (!uSource->qslEmail.isEmpty() && uSource->bVerified) {