Update the verify_certificate_chain code to work with botan >= 1.11.34 as well

ref #3245

1 files changed, 15 insertions, 0 deletions

diff --git a/louloulibs/network/credentials_manager.hpp b/louloulibs/network/credentials_manager.hpp
index 7557372..29ee024 100644
--- a/louloulibs/network/credentials_manager.hpp
+++ b/louloulibs/network/credentials_manager.hpp
@@ -9,6 +9,18 @@
 
 class TCPSocketHandler;
 
+/**
+ * If the given cert isn’t valid, based on the given hostname
+ * and fingerprint, then throws the exception if it’s non-empty.
+ *
+ * Must be called after the standard (from Botan) way of
+ * checking the certificate, if we want to also accept certificates based
+ * on a trusted fingerprint.
+ */
+void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
+                           const std::string& hostname, const std::string& trusted_fingerprint,
+                           std::exception_ptr exc);
+
 class BasicCredentialsManager: public Botan::Credentials_Manager
 {
 public:
@@ -19,12 +31,15 @@ public:
   BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
   BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
 
+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
   void verify_certificate_chain(const std::string& type,
                                 const std::string& purported_hostname,
                                 const std::vector<Botan::X509_Certificate>&) override final;
+#endif
   std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
                                                                          const std::string& context) override final;
   void set_trusted_fingerprint(const std::string& fingerprint);
+  const std::string& get_trusted_fingerprint() const;
 
 private:
   const TCPSocketHandler* const socket_handler;