fix(security): ensure unpairing takes effect without restart (#2365)

src/nvhttp.cpp

@@ -42,6 +42,8 @@ namespace nvhttp {
   namespace fs = std::filesystem;
   namespace pt = boost::property_tree;
 
+  crypto::cert_chain_t cert_chain;
+
   class SunshineHttpsServer: public SimpleWeb::Server<SimpleWeb::HTTPS> {
   public:
     SunshineHttpsServer(const std::string &certification_file, const std::string &private_key_file):
@@ -1017,7 +1019,6 @@ namespace nvhttp {
     conf_intern.pkey = file_handler::read_file(config::nvhttp.pkey.c_str());
     conf_intern.servercert = file_handler::read_file(config::nvhttp.cert.c_str());
 
-    crypto::cert_chain_t cert_chain;
     for (auto &[_, client] : map_id_client) {
       for (auto &cert : client.certs) {
         cert_chain.add(crypto::x509(cert));
@@ -1026,15 +1027,15 @@ namespace nvhttp {
 
     auto add_cert = std::make_shared<safe::queue_t<crypto::x509_t>>(30);
 
-    // /resume doesn't always get the parameter "localAudioPlayMode"
-    // /launch will store it in host_audio
+    // resume doesn't always get the parameter "localAudioPlayMode"
+    // launch will store it in host_audio
     bool host_audio {};
 
     https_server_t https_server { config::nvhttp.cert, config::nvhttp.pkey };
     http_server_t http_server;
 
     // Verify certificates after establishing connection
-    https_server.verify = [&cert_chain, add_cert](SSL *ssl) {
+    https_server.verify = [add_cert](SSL *ssl) {
       crypto::x509_t x509 { SSL_get_peer_certificate(ssl) };
       if (!x509) {
         BOOST_LOG(info) << "unknown -- denied"sv;
@@ -1148,6 +1149,7 @@ namespace nvhttp {
   void
   erase_all_clients() {
     map_id_client.clear();
+    cert_chain.clear();
     save_state();
   }
 }  // namespace nvhttp