diff options
| author | louiz’ <louiz@louiz.org> | 2016-12-04 22:17:37 +0100 |
|---|---|---|
| committer | louiz’ <louiz@louiz.org> | 2016-12-04 22:20:55 +0100 |
| commit | 7784c568432231c737c789b065af6b81e038c54d (patch) | |
| tree | 74ee2ecf57a203754bf4accc2d93687287252de5 /louloulibs/network/credentials_manager.cpp | |
| parent | a66c67e291327c3ae5d6005a38c8d257b4333581 (diff) | |
| download | biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.gz biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.bz2 biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.xz biboumi-7784c568432231c737c789b065af6b81e038c54d.zip | |
Update the verify_certificate_chain code to work with botan >= 1.11.34 as well
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
| -rw-r--r-- | louloulibs/network/credentials_manager.cpp | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp index ed04d24..289307b 100644 --- a/louloulibs/network/credentials_manager.cpp +++ b/louloulibs/network/credentials_manager.cpp @@ -37,6 +37,28 @@ void BasicCredentialsManager::set_trusted_fingerprint(const std::string& fingerp this->trusted_fingerprint = fingerprint; } +const std::string& BasicCredentialsManager::get_trusted_fingerprint() const +{ + return this->trusted_fingerprint; +} + +void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs, + const std::string& hostname, const std::string& trusted_fingerprint, + std::exception_ptr exc) +{ + + if (!trusted_fingerprint.empty() && !certs.empty() && + trusted_fingerprint == certs[0].fingerprint() && + certs[0].matches_dns_name(hostname)) + // We trust the certificate, based on the trusted fingerprint and + // the fact that the hostname matches + return; + + if (exc) + std::rethrow_exception(exc); +} + +#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) void BasicCredentialsManager::verify_certificate_chain(const std::string& type, const std::string& purported_hostname, const std::vector<Botan::X509_Certificate>& certs) @@ -50,17 +72,14 @@ void BasicCredentialsManager::verify_certificate_chain(const std::string& type, catch (const std::exception& tls_exception) { log_warning("TLS certificate check failed: ", tls_exception.what()); - if (!this->trusted_fingerprint.empty() && !certs.empty() && - this->trusted_fingerprint == certs[0].fingerprint() && - certs[0].matches_dns_name(purported_hostname)) - // We trust the certificate, based on the trusted fingerprint and - // the fact that the hostname matches - return; - + std::exception_ptr exception_ptr{}; if (this->socket_handler->abort_on_invalid_cert()) - throw; + exception_ptr = std::current_exception(); + + check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr); } } +#endif bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths) { |