From fc62f07a089daf698953e6e4197668fbf8aebef9 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 3 Sep 2017 23:50:18 -0700
Subject: validate the security context

---
 include/zot.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index 343bc8ad8..56bd7d212 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -4621,6 +4621,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
 	// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
 	// verification.
 
+	// needs a nonce!!!!
 	if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
 		logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
 		$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
-- 
cgit v1.2.3