From 7abb8d8ce7cbca3356f1b7741cfc50e40c376adf Mon Sep 17 00:00:00 2001 From: kasemir Date: Thu, 10 Aug 2023 14:17:38 -0400 Subject: [PATCH] PVA server: If client requests tls but only support tcp, return tcp --- .../src/main/java/org/epics/pva/server/PVAServer.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/core/pva/src/main/java/org/epics/pva/server/PVAServer.java b/core/pva/src/main/java/org/epics/pva/server/PVAServer.java index 6702a8ee3f..cd10f3bedf 100644 --- a/core/pva/src/main/java/org/epics/pva/server/PVAServer.java +++ b/core/pva/src/main/java/org/epics/pva/server/PVAServer.java @@ -16,6 +16,7 @@ import java.util.function.Consumer; import java.util.logging.Level; +import org.epics.pva.PVASettings; import org.epics.pva.data.PVAStructure; /** PVA Server @@ -169,15 +170,20 @@ ServerPV getPV(final int sid) * @param cid Client's channel ID * @param name PV Name * @param client Client's UDP reply address - * @param tls Does client support tls? + * @param tls_requested Does client support tls? * @param tcp_connection Optional TCP connection for search received via TCP, else null * @return */ boolean handleSearchRequest(final int seq, final int cid, final String name, final InetSocketAddress client, - final boolean tls, + final boolean tls_requested, final ServerTCPHandler tcp_connection) { + // Both client and server must support TLS + final boolean tls = tls_requested && !PVASettings.EPICS_PVAS_TLS_KEYCHAIN.isBlank(); + if (tls_requested && !tls) + logger.log(Level.WARNING, "PVA Client " + client + " searches for '" + name + "' with TLS, but EPICS_PVAS_TLS_KEYCHAIN is not configured"); + final Consumer send_search_reply = server_address -> { // If received via TCP, reply via same connection.