diff options
author | louiz’ <louiz@louiz.org> | 2016-12-04 22:17:37 +0100 |
---|---|---|
committer | louiz’ <louiz@louiz.org> | 2016-12-04 22:20:55 +0100 |
commit | 7784c568432231c737c789b065af6b81e038c54d (patch) | |
tree | 74ee2ecf57a203754bf4accc2d93687287252de5 /louloulibs/network/credentials_manager.hpp | |
parent | a66c67e291327c3ae5d6005a38c8d257b4333581 (diff) | |
download | biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.gz biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.bz2 biboumi-7784c568432231c737c789b065af6b81e038c54d.tar.xz biboumi-7784c568432231c737c789b065af6b81e038c54d.zip |
Update the verify_certificate_chain code to work with botan >= 1.11.34 as well
Diffstat (limited to 'louloulibs/network/credentials_manager.hpp')
-rw-r--r-- | louloulibs/network/credentials_manager.hpp | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/louloulibs/network/credentials_manager.hpp b/louloulibs/network/credentials_manager.hpp index 7557372..29ee024 100644 --- a/louloulibs/network/credentials_manager.hpp +++ b/louloulibs/network/credentials_manager.hpp @@ -9,6 +9,18 @@ class TCPSocketHandler; +/** + * If the given cert isn’t valid, based on the given hostname + * and fingerprint, then throws the exception if it’s non-empty. + * + * Must be called after the standard (from Botan) way of + * checking the certificate, if we want to also accept certificates based + * on a trusted fingerprint. + */ +void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs, + const std::string& hostname, const std::string& trusted_fingerprint, + std::exception_ptr exc); + class BasicCredentialsManager: public Botan::Credentials_Manager { public: @@ -19,12 +31,15 @@ public: BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete; BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete; +#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) void verify_certificate_chain(const std::string& type, const std::string& purported_hostname, const std::vector<Botan::X509_Certificate>&) override final; +#endif std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type, const std::string& context) override final; void set_trusted_fingerprint(const std::string& fingerprint); + const std::string& get_trusted_fingerprint() const; private: const TCPSocketHandler* const socket_handler; |