summaryrefslogtreecommitdiff
path: root/louloulibs/network/credentials_manager.cpp
diff options
context:
space:
mode:
authorlouiz’ <louiz@louiz.org>2016-12-04 22:17:37 +0100
committerlouiz’ <louiz@louiz.org>2016-12-04 22:20:55 +0100
commit7784c568432231c737c789b065af6b81e038c54d (patch)
tree74ee2ecf57a203754bf4accc2d93687287252de5 /louloulibs/network/credentials_manager.cpp
parenta66c67e291327c3ae5d6005a38c8d257b4333581 (diff)
downloadbiboumi-7784c568432231c737c789b065af6b81e038c54d.tar.gz
biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.bz2
biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.xz
biboumi-7784c568432231c737c789b065af6b81e038c54d.zip
Update the verify_certificate_chain code to work with botan >= 1.11.34 as well
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
-rw-r--r--louloulibs/network/credentials_manager.cpp35
1 files changed, 27 insertions, 8 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp
index ed04d24..289307b 100644
--- a/louloulibs/network/credentials_manager.cpp
+++ b/louloulibs/network/credentials_manager.cpp
@@ -37,6 +37,28 @@ void BasicCredentialsManager::set_trusted_fingerprint(const std::string& fingerp
this->trusted_fingerprint = fingerprint;
}
+const std::string& BasicCredentialsManager::get_trusted_fingerprint() const
+{
+ return this->trusted_fingerprint;
+}
+
+void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
+ const std::string& hostname, const std::string& trusted_fingerprint,
+ std::exception_ptr exc)
+{
+
+ if (!trusted_fingerprint.empty() && !certs.empty() &&
+ trusted_fingerprint == certs[0].fingerprint() &&
+ certs[0].matches_dns_name(hostname))
+ // We trust the certificate, based on the trusted fingerprint and
+ // the fact that the hostname matches
+ return;
+
+ if (exc)
+ std::rethrow_exception(exc);
+}
+
+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
const std::string& purported_hostname,
const std::vector<Botan::X509_Certificate>& certs)
@@ -50,17 +72,14 @@ void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
catch (const std::exception& tls_exception)
{
log_warning("TLS certificate check failed: ", tls_exception.what());
- if (!this->trusted_fingerprint.empty() && !certs.empty() &&
- this->trusted_fingerprint == certs[0].fingerprint() &&
- certs[0].matches_dns_name(purported_hostname))
- // We trust the certificate, based on the trusted fingerprint and
- // the fact that the hostname matches
- return;
-
+ std::exception_ptr exception_ptr{};
if (this->socket_handler->abort_on_invalid_cert())
- throw;
+ exception_ptr = std::current_exception();
+
+ check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
}
}
+#endif
bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{