diff options
author | Florent Le Coz <louiz@louiz.org> | 2015-12-30 21:34:11 +0100 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2016-01-04 13:47:27 +0100 |
commit | 1f8333f23f060750673d0b7c573f2e2d12142adf (patch) | |
tree | c6c92608402af2c5d89f39547bbeb4b9f76acd16 /louloulibs/network/credentials_manager.cpp | |
parent | a38b17692e0297cbd5d719f059bd0a1b6ef39fe4 (diff) | |
download | biboumi-1f8333f23f060750673d0b7c573f2e2d12142adf.tar.gz biboumi-1f8333f23f060750673d0b7c573f2e2d12142adf.tar.bz2 biboumi-1f8333f23f060750673d0b7c573f2e2d12142adf.tar.xz biboumi-1f8333f23f060750673d0b7c573f2e2d12142adf.zip |
Support a trusted SHA1 fingerprint to be configured for each IRC server
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
-rw-r--r-- | louloulibs/network/credentials_manager.cpp | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp index 57100ee..f92aef8 100644 --- a/louloulibs/network/credentials_manager.cpp +++ b/louloulibs/network/credentials_manager.cpp @@ -26,11 +26,17 @@ bool Basic_Credentials_Manager::certs_loaded = false; Basic_Credentials_Manager::Basic_Credentials_Manager(const TCPSocketHandler* const socket_handler): Botan::Credentials_Manager(), - socket_handler(socket_handler) + socket_handler(socket_handler), + trusted_fingerprint{} { this->load_certs(); } +void Basic_Credentials_Manager::set_trusted_fingerprint(const std::string& fingerprint) +{ + this->trusted_fingerprint = fingerprint; +} + void Basic_Credentials_Manager::verify_certificate_chain(const std::string& type, const std::string& purported_hostname, const std::vector<Botan::X509_Certificate>& certs) @@ -44,6 +50,13 @@ void Basic_Credentials_Manager::verify_certificate_chain(const std::string& type catch (const std::exception& tls_exception) { log_warning("TLS certificate check failed: " << tls_exception.what()); + if (!this->trusted_fingerprint.empty() && !certs.empty() && + this->trusted_fingerprint == certs[0].fingerprint() && + certs[0].matches_dns_name(purported_hostname)) + // We trust the certificate, based on the trusted fingerprint and + // the fact that the hostname matches + return; + if (this->socket_handler->abort_on_invalid_cert()) throw; } |