summaryrefslogtreecommitdiff
path: root/louloulibs/network/tcp_socket_handler.cpp
diff options
context:
space:
mode:
authorlouiz’ <louiz@louiz.org>2016-12-04 22:17:37 +0100
committerlouiz’ <louiz@louiz.org>2017-03-21 11:36:10 +0100
commitcb79fc1b3d492af60404b5be1c0cb1c8c8065801 (patch)
treee981910899572b8393d37a8e4a0467fc23634473 /louloulibs/network/tcp_socket_handler.cpp
parent395297e488cee2d19eb75f5a42102f1f5daa3a40 (diff)
downloadbiboumi-cb79fc1b3d492af60404b5be1c0cb1c8c8065801.tar.gz
biboumi-cb79fc1b3d492af60404b5be1c0cb1c8c8065801.tar.bz2
biboumi-cb79fc1b3d492af60404b5be1c0cb1c8c8065801.tar.xz
biboumi-cb79fc1b3d492af60404b5be1c0cb1c8c8065801.zip
Update the verify_certificate_chain code to work with botan >= 1.11.34 as well
ref #3245
Diffstat (limited to 'louloulibs/network/tcp_socket_handler.cpp')
-rw-r--r--louloulibs/network/tcp_socket_handler.cpp25
1 files changed, 25 insertions, 0 deletions
diff --git a/louloulibs/network/tcp_socket_handler.cpp b/louloulibs/network/tcp_socket_handler.cpp
index d509a63..d9ec226 100644
--- a/louloulibs/network/tcp_socket_handler.cpp
+++ b/louloulibs/network/tcp_socket_handler.cpp
@@ -509,6 +509,31 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
return true;
}
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
+void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
+ const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
+ const std::vector<Botan::Certificate_Store*>& trusted_roots,
+ Botan::Usage_Type usage, const std::string& hostname,
+ const Botan::TLS::Policy& policy)
+{
+ log_debug("Checking remote certificate for hostname ", hostname);
+ try
+ {
+ Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
+ log_debug("Certificate is valid");
+ }
+ catch (const std::exception& tls_exception)
+ {
+ log_warning("TLS certificate check failed: ", tls_exception.what());
+ std::exception_ptr exception_ptr{};
+ if (this->abort_on_invalid_cert())
+ exception_ptr = std::current_exception();
+
+ check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
+ }
+}
+#endif
+
void TCPSocketHandler::on_tls_activated()
{
this->send_data({});