Skip to content

feat: no server trust for CHALLENGE_RESPONSE public keys#23

Merged
cococry merged 1 commit into
mainfrom
client-auth-full
Jul 4, 2026
Merged

feat: no server trust for CHALLENGE_RESPONSE public keys#23
cococry merged 1 commit into
mainfrom
client-auth-full

Conversation

@cococry

@cococry cococry commented Jul 4, 2026

Copy link
Copy Markdown
Owner

Summary

The server now handles CHALLENGE_RESPONSE correctly. It does not trust the provided public key from the client anymore. This finishes up the client authentication process with one important caveat: Newly joining devices (new device IDs for an already registered auth ID) are currently rejected. In the future, the protocol needs to support signed authorization keys from an existing device to accept newly joined devices.

Testing

Describe how you tested this change.

  • scripts/check.sh passes locally
  • CI passes for this pull request

@cococry cococry merged commit 5cdcae9 into main Jul 4, 2026
4 of 5 checks passed
@cococry cococry deleted the client-auth-full branch July 4, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant