From 5eb9570d8917737977f2fd95dc3056f4a6be4777 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marin=20Ko=C5=A1ti=C4=87?= <kosticmarin@gmail.com>
Date: Mon, 9 Oct 2023 07:28:53 +0200
Subject: [PATCH] Fix mTLS root cert store (#222)

* Add intermediate certs if any exits to RootStore

* Do not respond to Spawn command if node_id is zero
---
 .../src/distributed/server.rs                 | 22 +++++++++++--------
 crates/lunatic-distributed/src/quic/quin.rs   |  5 ++++-
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/crates/lunatic-distributed/src/distributed/server.rs b/crates/lunatic-distributed/src/distributed/server.rs
index f357d5e00..1954a0902 100644
--- a/crates/lunatic-distributed/src/distributed/server.rs
+++ b/crates/lunatic-distributed/src/distributed/server.rs
@@ -158,15 +158,19 @@ where
             match handle_spawn(ctx.clone(), spawn).await {
                 Ok(Ok(id)) => {
                     log::trace!("lunatic::distributed::server Spawned {id}");
-                    ctx.node_client
-                        .send_response(ResponseParams {
-                            node_id: NodeId(node_id),
-                            response: Response {
-                                message_id: msg_id,
-                                content: ResponseContent::Spawned(id),
-                            },
-                        })
-                        .await?;
+                    // The platform sends the spawn instructions with node_id = 0
+                    // in this case we do not respond
+                    if node_id != 0 {
+                        ctx.node_client
+                            .send_response(ResponseParams {
+                                node_id: NodeId(node_id),
+                                response: Response {
+                                    message_id: msg_id,
+                                    content: ResponseContent::Spawned(id),
+                                },
+                            })
+                            .await?;
+                    }
                 }
                 Ok(Err(client_error)) => {
                     log::trace!("lunatic::distributed::server Spawn error: {client_error:?}");
diff --git a/crates/lunatic-distributed/src/quic/quin.rs b/crates/lunatic-distributed/src/quic/quin.rs
index 9aa75179e..1fcd4019c 100644
--- a/crates/lunatic-distributed/src/quic/quin.rs
+++ b/crates/lunatic-distributed/src/quic/quin.rs
@@ -124,13 +124,16 @@ pub fn new_quic_server(
     }?;
 
     let mut cert_chain = Vec::new();
-    for cert in certs {
+    for (i, cert) in certs.iter().enumerate() {
         let mut cert = cert.as_bytes();
         let cert = rustls_pemfile::read_one(&mut cert)?.unwrap();
         let cert = match cert {
             Item::X509Certificate(cert) => Ok(rustls::Certificate(cert)),
             _ => Err(anyhow!("Not a valid certificate")),
         }?;
+        if i != 0 {
+            roots.add(&cert)?;
+        }
         cert_chain.push(cert);
     }