diff options
author | louiz’ <louiz@louiz.org> | 2018-09-03 22:26:57 +0200 |
---|---|---|
committer | louiz’ <louiz@louiz.org> | 2018-09-03 22:26:57 +0200 |
commit | 193302b0de20df6adc090eaeaa84cfd286be724a (patch) | |
tree | b9e0e0f75b5cd74911a42a7fcd0f1477971391ff /src/network | |
parent | 56651cb5c29cc50ddf3c62c37167fa0b9389bfde (diff) | |
parent | 28acbed948e1c281f9de6132164e42d0ed20c32f (diff) | |
download | biboumi-193302b0de20df6adc090eaeaa84cfd286be724a.tar.gz biboumi-193302b0de20df6adc090eaeaa84cfd286be724a.tar.bz2 biboumi-193302b0de20df6adc090eaeaa84cfd286be724a.tar.xz biboumi-193302b0de20df6adc090eaeaa84cfd286be724a.zip |
Merge branch 'master' into debian
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/credentials_manager.cpp | 3 | ||||
-rw-r--r-- | src/network/credentials_manager.hpp | 3 | ||||
-rw-r--r-- | src/network/tcp_client_socket_handler.cpp | 15 | ||||
-rw-r--r-- | src/network/tcp_socket_handler.cpp | 21 | ||||
-rw-r--r-- | src/network/tls_policy.cpp | 2 | ||||
-rw-r--r-- | src/network/tls_policy.hpp | 1 |
6 files changed, 30 insertions, 15 deletions
diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp index b25f442..89c694c 100644 --- a/src/network/credentials_manager.cpp +++ b/src/network/credentials_manager.cpp @@ -21,9 +21,8 @@ static const std::vector<std::string> default_cert_files = { Botan::Certificate_Store_In_Memory BasicCredentialsManager::certificate_store; bool BasicCredentialsManager::certs_loaded = false; -BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const socket_handler): +BasicCredentialsManager::BasicCredentialsManager(): Botan::Credentials_Manager(), - socket_handler(socket_handler), trusted_fingerprint{} { BasicCredentialsManager::load_certs(); diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp index 3a37bdc..210a628 100644 --- a/src/network/credentials_manager.hpp +++ b/src/network/credentials_manager.hpp @@ -25,7 +25,7 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs, class BasicCredentialsManager: public Botan::Credentials_Manager { public: - BasicCredentialsManager(const TCPSocketHandler* const socket_handler); + BasicCredentialsManager(); BasicCredentialsManager(BasicCredentialsManager&&) = delete; BasicCredentialsManager(const BasicCredentialsManager&) = delete; @@ -38,7 +38,6 @@ public: const std::string& get_trusted_fingerprint() const; private: - const TCPSocketHandler* const socket_handler; static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths); static void load_certs(); diff --git a/src/network/tcp_client_socket_handler.cpp b/src/network/tcp_client_socket_handler.cpp index aac13d0..9dda73d 100644 --- a/src/network/tcp_client_socket_handler.cpp +++ b/src/network/tcp_client_socket_handler.cpp @@ -146,15 +146,22 @@ void TCPClientSocketHandler::connect(const std::string& address, const std::stri || errno == EISCONN) { log_info("Connection success."); +#ifdef BOTAN_FOUND + if (this->use_tls) + try { + this->start_tls(this->address, this->port); + } catch (const Botan::Exception& e) + { + this->on_connection_failed("TLS error: "s + e.what()); + this->close(); + return ; + } +#endif TimedEventsManager::instance().cancel("connection_timeout" + std::to_string(this->socket)); this->poller->add_socket_handler(this); this->connected = true; this->connecting = false; -#ifdef BOTAN_FOUND - if (this->use_tls) - this->start_tls(this->address, this->port); -#endif this->connection_date = std::chrono::system_clock::now(); // Get our local TCP port and store it diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 642cf03..e05caad 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -50,7 +50,7 @@ TCPSocketHandler::TCPSocketHandler(std::shared_ptr<Poller>& poller): SocketHandler(poller, -1), use_tls(false) #ifdef BOTAN_FOUND - ,credential_manager(this) + ,credential_manager() #endif {} @@ -84,10 +84,11 @@ void TCPSocketHandler::plain_recv() if (recv_buf == nullptr) recv_buf = buf; - const ssize_t size = this->do_recv(recv_buf, buf_size); + const ssize_t ssize = this->do_recv(recv_buf, buf_size); - if (size > 0) + if (ssize > 0) { + auto size = static_cast<std::size_t>(ssize); if (buf == recv_buf) { // data needs to be placed in the in_buf string, because no buffer @@ -149,21 +150,22 @@ void TCPSocketHandler::on_send() } else { + auto size = static_cast<std::size_t>(res); // remove all the strings that were successfully sent. auto it = this->out_buf.begin(); while (it != this->out_buf.end()) { - if (static_cast<size_t>(res) >= it->size()) + if (size >= it->size()) { - res -= it->size(); + size -= it->size(); ++it; } else { // If one string has partially been sent, we use substr to // crop it - if (res > 0) - *it = it->substr(res, std::string::npos); + if (size > 0) + *it = it->substr(size, std::string::npos); break; } } @@ -332,6 +334,11 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi Botan::Usage_Type usage, const std::string& hostname, const Botan::TLS::Policy& policy) { + if (!this->policy.verify_certificate) + { + log_debug("Not verifying certificate due to domain policy "); + return; + } log_debug("Checking remote certificate for hostname ", hostname); try { diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp index b88eb88..f32557e 100644 --- a/src/network/tls_policy.cpp +++ b/src/network/tls_policy.cpp @@ -37,6 +37,8 @@ void BiboumiTLSPolicy::load(std::istream& is) // Workaround for options that are not overridden in Botan::TLS::Text_Policy if (pair.first == "require_cert_revocation_info") this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false"); + else if (pair.first == "verify_certificate") + this->verify_certificate = !(pair.second == "0" || utils::tolower(pair.second) == "false"); else this->set(pair.first, pair.second); } diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp index 29fd2b3..e915646 100644 --- a/src/network/tls_policy.hpp +++ b/src/network/tls_policy.hpp @@ -21,6 +21,7 @@ public: BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete; bool require_cert_revocation_info() const override; + bool verify_certificate{true}; protected: bool req_cert_revocation_info{true}; }; |