From 82ee4e19c4f34d0d787ca6968f06e8203cd46215 Mon Sep 17 00:00:00 2001
From: Kevin Kane <kkane@microsoft.com>
Date: Mon, 24 Apr 2017 14:11:17 -0700
Subject: [PATCH] [IOT-2101] Don't automatically assert roles accessing DOXM

During OTM, the DOXM resource is accessed while the SSL lock is
held. Attempting to assert roles causes this lock to be acquired
again, and recursive locking is not supported. Therefore, don't
automatically assert roles when accessing DOXM. Since this
resource seems to only be accessed either anonymously or with an
owner PSK, this shouldn't be needed, anyway.

Change-Id: I4b04d24544a5049d3a91827753d565e118cbf9d5
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19237
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Phil Coval <philippe.coval@osg.samsung.com>
Reviewed-by: Alex Kelley <alexke@microsoft.com>
Reviewed-by: Way Vadhanasin <wayvad@microsoft.com>
Reviewed-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
---
 resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c | 1 +
 resource/csdk/stack/src/ocstack.c                                | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
index 4a93e4b..b82e21f 100644
--- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
+++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
@@ -824,6 +824,7 @@ CAResult_t GetCASecureEndpointData(const CAEndpoint_t* peer, CASecureEndpoint_t*
 {
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
 
+    oc_mutex_assert_owner(g_sslContextMutex, false);
     oc_mutex_lock(g_sslContextMutex);
     if (NULL == g_caSslContext)
     {
diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c
index 67ff3be..0495a81 100644
--- a/resource/csdk/stack/src/ocstack.c
+++ b/resource/csdk/stack/src/ocstack.c
@@ -3394,7 +3394,8 @@ OCStackResult OCDoRequest(OCDoHandle *handle,
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
     /* Check whether we should assert role certificates before making this request. */
     if ((endpoint.flags & CA_SECURE) && 
-        (strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0))
+        (strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0) &&
+        (strcmp(requestInfo.info.resourceUri, OIC_RSRC_DOXM_URI) != 0))
     {
         CASecureEndpoint_t sep;
         CAResult_t caRes = CAGetSecureEndpointData(&endpoint, &sep);
-- 
2.7.4