summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlouiz’ <louiz@louiz.org>2017-07-20 21:22:58 +0200
committerlouiz’ <louiz@louiz.org>2017-07-20 21:22:58 +0200
commitffb402f0adb9f808c7b8bc9616e71f7b3f8931ac (patch)
tree074862e68c2c0d055d87a1be99947171c839bae6
parentf0f3d3d4e2fb7c02a5b2ad517632ec5071fefb45 (diff)
downloadbiboumi-ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac.tar.gz
biboumi-ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac.tar.bz2
biboumi-ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac.tar.xz
biboumi-ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac.zip
Drop support for botan < 2.0
fix #3274
-rw-r--r--CHANGELOG.rst2
-rw-r--r--INSTALL.rst2
-rw-r--r--cmake/Modules/FindBOTAN.cmake5
-rw-r--r--src/network/credentials_manager.cpp23
-rw-r--r--src/network/credentials_manager.hpp5
-rw-r--r--src/network/tcp_socket_handler.cpp9
-rw-r--r--src/network/tcp_socket_handler.hpp20
-rw-r--r--src/utils/sha1.cpp6
8 files changed, 10 insertions, 62 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e2e985e..3f66f55 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -11,6 +11,8 @@ Version 6.0
- Add a global option to make all channels persistent.
- Status code='332' is sent with the unavailable presences when biboumi is
being shutdown or the connection to the IRC server is cut unexpectedly.
+ - Support for botan version 1.11.x has been dropped, only version 2.x is
+ supported.
Version 5.0 - 2017-05-24
========================
diff --git a/INSTALL.rst b/INSTALL.rst
index 5bb0ca8..3cf55a2 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -47,7 +47,7 @@ udns_ (optional, but recommended)
performances when connecting to a big number of IRC servers at the same
time.
-libbotan_ 1.11 or 2.0 (optional)
+libbotan_ 2.x (optional)
Provides TLS support. Without it, IRC connections are all made in
plain-text mode.
diff --git a/cmake/Modules/FindBOTAN.cmake b/cmake/Modules/FindBOTAN.cmake
index 9eb76c4..3f223e2 100644
--- a/cmake/Modules/FindBOTAN.cmake
+++ b/cmake/Modules/FindBOTAN.cmake
@@ -19,15 +19,14 @@ include(FindPkgConfig)
if(NOT BOTAN_FOUND)
pkg_check_modules(BOTAN botan-2)
- pkg_check_modules(BOTAN botan-1.11)
endif()
if(NOT BOTAN_FOUND)
find_path(BOTAN_INCLUDE_DIRS NAMES botan/botan.h
- PATH_SUFFIXES botan-2 botan-1.11
+ PATH_SUFFIXES botan-2
DOC "The botan include directory")
- find_library(BOTAN_LIBRARIES NAMES botan botan-2 botan-1.11
+ find_library(BOTAN_LIBRARIES NAMES botan botan-2
DOC "The botan library")
# Use some standard module to handle the QUIETLY and REQUIRED arguments, and
diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp
index f93a366..7f07cef 100644
--- a/src/network/credentials_manager.cpp
+++ b/src/network/credentials_manager.cpp
@@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
std::rethrow_exception(exc);
}
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<Botan::X509_Certificate>& certs)
-{
- log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname);
- try
- {
- Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs);
- log_debug("Certificate is valid");
- }
- catch (const std::exception& tls_exception)
- {
- log_warning("TLS certificate check failed: ", tls_exception.what());
- std::exception_ptr exception_ptr{};
- if (this->socket_handler->abort_on_invalid_cert())
- exception_ptr = std::current_exception();
-
- check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
- }
-}
-#endif
-
bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{
for (const auto& path: paths)
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp
index e7c247d..aa4732a 100644
--- a/src/network/credentials_manager.hpp
+++ b/src/network/credentials_manager.hpp
@@ -31,11 +31,6 @@ public:
BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
- void verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<Botan::X509_Certificate>&) override final;
-#endif
std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
const std::string& context) override final;
void set_trusted_fingerprint(const std::string& fingerprint);
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index 1049375..6239162 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string&
this->policy.load(policy_directory + "policy.txt");
this->policy.load(policy_directory + address + ".policy.txt");
this->tls = std::make_unique<Botan::TLS::Client>(
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
*this,
-# else
- [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); },
- [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); },
- [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); },
- [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); },
-# endif
get_session_manager(), this->credential_manager, this->policy,
get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version());
}
@@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
return true;
}
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
const std::vector<Botan::Certificate_Store*>& trusted_roots,
@@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
}
}
-#endif
void TCPSocketHandler::on_tls_activated()
{
diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp
index f68698e..5cef739 100644
--- a/src/network/tcp_socket_handler.hpp
+++ b/src/network/tcp_socket_handler.hpp
@@ -25,22 +25,14 @@
# include <botan/tls_session_manager.h>
# include <network/tls_policy.hpp>
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
-# define BOTAN_TLS_CALLBACKS_OVERRIDE override final
-# else
-# define BOTAN_TLS_CALLBACKS_OVERRIDE
-# endif
#endif
-
/**
* Does all the read/write, buffering etc. With optional tls.
* But doesn’t do any connect() or accept() or anything else.
*/
class TCPSocketHandler: public SocketHandler
#ifdef BOTAN_FOUND
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
,public Botan::TLS::Callbacks
-# endif
#endif
{
protected:
@@ -146,31 +138,29 @@ private:
* Called by the tls object that some data has been decrypt. We call
* parse_in_buffer() to handle that unencrypted data.
*/
- void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+ void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final;
/**
* Called by the tls object to indicate that some data has been encrypted
* and is now ready to be sent on the socket as is.
*/
- void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+ void tls_emit_data(const Botan::byte* data, size_t size) override final;
/**
* Called by the tls object to indicate that a TLS alert has been
* received. We don’t use it, we just log some message, at the moment.
*/
- void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE;
+ void tls_alert(Botan::TLS::Alert alert) override final;
/**
* Called by the tls object at the end of the TLS handshake. We don't do
* anything here appart from logging the TLS session information.
*/
- bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE;
+ bool tls_session_established(const Botan::TLS::Session& session) override final;
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
const std::vector<Botan::Certificate_Store*>& trusted_roots,
Botan::Usage_Type usage,
const std::string& hostname,
- const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE;
-#endif
+ const Botan::TLS::Policy& policy) override final;
/**
* Called whenever the tls session goes from inactive to active. This
* means that the handshake has just been successfully done, and we can
diff --git a/src/utils/sha1.cpp b/src/utils/sha1.cpp
index 2e6efc2..1a0d185 100644
--- a/src/utils/sha1.cpp
+++ b/src/utils/sha1.cpp
@@ -18,13 +18,7 @@
std::string sha1(const std::string& input)
{
#ifdef BOTAN_FOUND
-# if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
- auto sha1 = Botan::HashFunction::create("SHA-1");
- if (!sha1)
- throw Botan::Algorithm_Not_Found("SHA-1");
-# else
auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
-# endif
sha1->update(input);
return Botan::hex_encode(sha1->final(), false);
#endif