diff options
author | Florent Le Coz <louiz@louiz.org> | 2015-11-03 16:56:38 +0100 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2015-11-05 02:17:19 +0100 |
commit | e8386bd14e9783f0bef39bdf577545522e33e719 (patch) | |
tree | 6466025811c0dfdd085e96da2e40b7eee8741323 /louloulibs/network/credentials_manager.cpp | |
parent | 06db9b366a83121e0c914e527a367f90ec71940a (diff) | |
download | biboumi-e8386bd14e9783f0bef39bdf577545522e33e719.tar.gz biboumi-e8386bd14e9783f0bef39bdf577545522e33e719.tar.bz2 biboumi-e8386bd14e9783f0bef39bdf577545522e33e719.tar.xz biboumi-e8386bd14e9783f0bef39bdf577545522e33e719.zip |
Provide an adhoc option to let user pass the cert verif for some IRC servers
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
-rw-r--r-- | louloulibs/network/credentials_manager.cpp | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp index 7c13319..b9a9af8 100644 --- a/louloulibs/network/credentials_manager.cpp +++ b/louloulibs/network/credentials_manager.cpp @@ -1,25 +1,48 @@ #include "louloulibs.h" #ifdef BOTAN_FOUND +#include <network/tcp_socket_handler.hpp> #include <network/credentials_manager.hpp> #include <logger/logger.hpp> #include <botan/tls_exceptn.h> -Basic_Credentials_Manager::Basic_Credentials_Manager(): - Botan::Credentials_Manager() +#ifdef USE_DATABASE +# include <database/database.hpp> +#endif + +Botan::Certificate_Store_In_Memory Basic_Credentials_Manager::certificate_store; +bool Basic_Credentials_Manager::certs_loaded = false; + +Basic_Credentials_Manager::Basic_Credentials_Manager(const TCPSocketHandler* const socket_handler): + Botan::Credentials_Manager(), + socket_handler(socket_handler) { this->load_certs(); } + void Basic_Credentials_Manager::verify_certificate_chain(const std::string& type, const std::string& purported_hostname, const std::vector<Botan::X509_Certificate>& certs) { log_debug("Checking remote certificate (" << type << ") for hostname " << purported_hostname); - Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs); - log_debug("Certificate is valid"); + try + { + Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs); + log_debug("Certificate is valid"); + } + catch (const std::exception& tls_exception) + { + log_warning("TLS certificate check failed: " << tls_exception.what()); + if (this->socket_handler->abort_on_invalid_cert()) + throw; + } } + void Basic_Credentials_Manager::load_certs() { + // Only load the certificates the first time + if (Basic_Credentials_Manager::certs_loaded) + return; const std::vector<std::string> paths = {"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}; for (const auto& path: paths) { @@ -27,10 +50,12 @@ void Basic_Credentials_Manager::load_certs() while (!bundle.end_of_data() && bundle.check_available(27)) { const Botan::X509_Certificate cert(bundle); - this->certificate_store.add_certificate(cert); + Basic_Credentials_Manager::certificate_store.add_certificate(cert); } } + Basic_Credentials_Manager::certs_loaded = true; } + std::vector<Botan::Certificate_Store*> Basic_Credentials_Manager::trusted_certificate_authorities(const std::string&, const std::string&) { return {&this->certificate_store}; |