diff options
author | Jonas Smedegaard <dr@jones.dk> | 2017-05-21 11:36:51 +0200 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2017-05-21 11:36:51 +0200 |
commit | b635a2d52df53ab2cfc7dd248aaef7c90cc7ecc7 (patch) | |
tree | 662c8b590d710fd594b11bd6f8feefe0d1cfa101 /louloulibs/network/tcp_socket_handler.cpp | |
parent | ef0b63d85cde3904d6d4175d56bf905fa6ece23f (diff) | |
parent | de62b6456bebd130f98ce6192cd63ff42e654fac (diff) | |
download | biboumi-b635a2d52df53ab2cfc7dd248aaef7c90cc7ecc7.tar.gz biboumi-b635a2d52df53ab2cfc7dd248aaef7c90cc7ecc7.tar.bz2 biboumi-b635a2d52df53ab2cfc7dd248aaef7c90cc7ecc7.tar.xz biboumi-b635a2d52df53ab2cfc7dd248aaef7c90cc7ecc7.zip |
Merge tag 'upstream/4.3'
Upstream version 4.3
# gpg: Signature made Sun May 21 11:36:48 2017 CEST
# gpg: using RSA key 2C7C3146C1A00121
# gpg: Good signature from "Jonas Smedegaard <dr@jones.dk>"
# gpg: aka "Jonas Smedegaard <jonas@homebase.dk>"
# gpg: aka "Jonas Smedegaard <js@debian.org>"
# gpg: aka "[jpeg image of size 4165]"
Diffstat (limited to 'louloulibs/network/tcp_socket_handler.cpp')
-rw-r--r-- | louloulibs/network/tcp_socket_handler.cpp | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/louloulibs/network/tcp_socket_handler.cpp b/louloulibs/network/tcp_socket_handler.cpp index 1dddde5..d9ec226 100644 --- a/louloulibs/network/tcp_socket_handler.cpp +++ b/louloulibs/network/tcp_socket_handler.cpp @@ -419,10 +419,14 @@ void TCPSocketHandler::start_tls() { Botan::TLS::Server_Information server_info(this->address, "irc", std::stoul(this->port)); this->tls = std::make_unique<Botan::TLS::Client>( - std::bind(&TCPSocketHandler::tls_output_fn, this, ph::_1, ph::_2), - std::bind(&TCPSocketHandler::tls_data_cb, this, ph::_1, ph::_2), - std::bind(&TCPSocketHandler::tls_alert_cb, this, ph::_1, ph::_2, ph::_3), - std::bind(&TCPSocketHandler::tls_handshake_cb, this, ph::_1), +# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) + *this, +# else + [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); }, + [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); }, + [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); }, + [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); }, +# endif session_manager, this->credential_manager, policy, rng, server_info, Botan::TLS::Protocol_Version::latest_tls_version()); } @@ -475,7 +479,7 @@ void TCPSocketHandler::tls_send(std::string&& data) std::make_move_iterator(data.end())); } -void TCPSocketHandler::tls_data_cb(const Botan::byte* data, size_t size) +void TCPSocketHandler::tls_record_received(uint64_t, const Botan::byte *data, size_t size) { this->in_buf += std::string(reinterpret_cast<const char*>(data), size); @@ -483,17 +487,17 @@ void TCPSocketHandler::tls_data_cb(const Botan::byte* data, size_t size) this->parse_in_buffer(size); } -void TCPSocketHandler::tls_output_fn(const Botan::byte* data, size_t size) +void TCPSocketHandler::tls_emit_data(const Botan::byte *data, size_t size) { this->raw_send(std::string(reinterpret_cast<const char*>(data), size)); } -void TCPSocketHandler::tls_alert_cb(Botan::TLS::Alert alert, const Botan::byte*, size_t) +void TCPSocketHandler::tls_alert(Botan::TLS::Alert alert) { log_debug("tls_alert: ", alert.type_string()); } -bool TCPSocketHandler::tls_handshake_cb(const Botan::TLS::Session& session) +bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& session) { log_debug("Handshake with ", session.server_info().hostname(), " complete.", " Version: ", session.version().to_string(), @@ -505,6 +509,31 @@ bool TCPSocketHandler::tls_handshake_cb(const Botan::TLS::Session& session) return true; } +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) +void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain, + const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses, + const std::vector<Botan::Certificate_Store*>& trusted_roots, + Botan::Usage_Type usage, const std::string& hostname, + const Botan::TLS::Policy& policy) +{ + log_debug("Checking remote certificate for hostname ", hostname); + try + { + Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy); + log_debug("Certificate is valid"); + } + catch (const std::exception& tls_exception) + { + log_warning("TLS certificate check failed: ", tls_exception.what()); + std::exception_ptr exception_ptr{}; + if (this->abort_on_invalid_cert()) + exception_ptr = std::current_exception(); + + check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr); + } +} +#endif + void TCPSocketHandler::on_tls_activated() { this->send_data({}); |