8 files changed, 10 insertions, 62 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e2e985e..3f66f55 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -11,6 +11,8 @@ Version 6.0
  - Add a global option to make all channels persistent.
  - Status code='332' is sent with the unavailable presences when biboumi is
    being shutdown or the connection to the IRC server is cut unexpectedly.
+ - Support for botan version 1.11.x has been dropped, only version 2.x is
+   supported.
 
 Version 5.0 - 2017-05-24
 ========================
diff --git a/INSTALL.rst b/INSTALL.rst
index 5bb0ca8..3cf55a2 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -47,7 +47,7 @@ udns_ (optional, but recommended)
  performances when connecting to a big number of IRC servers at the same
  time.
 
-libbotan_ 1.11 or 2.0 (optional)
+libbotan_ 2.x (optional)
  Provides TLS support. Without it, IRC connections are all made in
  plain-text mode.
 
diff --git a/cmake/Modules/FindBOTAN.cmake b/cmake/Modules/FindBOTAN.cmake
index 9eb76c4..3f223e2 100644
--- a/cmake/Modules/FindBOTAN.cmake
+++ b/cmake/Modules/FindBOTAN.cmake
@@ -19,15 +19,14 @@ include(FindPkgConfig)
 
 if(NOT BOTAN_FOUND)
   pkg_check_modules(BOTAN botan-2)
-  pkg_check_modules(BOTAN botan-1.11)
 endif()
 
 if(NOT BOTAN_FOUND)
   find_path(BOTAN_INCLUDE_DIRS NAMES botan/botan.h
-      PATH_SUFFIXES botan-2 botan-1.11
+      PATH_SUFFIXES botan-2
       DOC "The botan include directory")
 
-  find_library(BOTAN_LIBRARIES NAMES botan botan-2 botan-1.11
+  find_library(BOTAN_LIBRARIES NAMES botan botan-2
       DOC "The botan library")
 
   # Use some standard module to handle the QUIETLY and REQUIRED arguments, and
diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp
index f93a366..7f07cef 100644
--- a/src/network/credentials_manager.cpp
+++ b/src/network/credentials_manager.cpp
@@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
     std::rethrow_exception(exc);
 }
 
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
-                                                       const std::string& purported_hostname,
-                                                       const std::vector<Botan::X509_Certificate>& certs)
-{
-  log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname);
-  try
-    {
-      Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs);
-      log_debug("Certificate is valid");
-    }
-  catch (const std::exception& tls_exception)
-    {
-      log_warning("TLS certificate check failed: ", tls_exception.what());
-      std::exception_ptr exception_ptr{};
-      if (this->socket_handler->abort_on_invalid_cert())
-        exception_ptr = std::current_exception();
-
-      check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
-    }
-}
-#endif
-
 bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
 {
   for (const auto& path: paths)
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp
index e7c247d..aa4732a 100644
--- a/src/network/credentials_manager.hpp
+++ b/src/network/credentials_manager.hpp
@@ -31,11 +31,6 @@ public:
   BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
   BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
 
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-  void verify_certificate_chain(const std::string& type,
-                                const std::string& purported_hostname,
-                                const std::vector<Botan::X509_Certificate>&) override final;
-#endif
   std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
                                                                          const std::string& context) override final;
   void set_trusted_fingerprint(const std::string& fingerprint);
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index 1049375..6239162 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string&
   this->policy.load(policy_directory + "policy.txt");
   this->policy.load(policy_directory + address + ".policy.txt");
   this->tls = std::make_unique<Botan::TLS::Client>(
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
       *this,
-# else
-      [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); },
-      [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); },
-      [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); },
-      [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); },
-# endif
       get_session_manager(), this->credential_manager, this->policy,
       get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version());
 }
@@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
   return true;
 }
 
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
 void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                              const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                                              const std::vector<Botan::Certificate_Store*>& trusted_roots,
@@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
       check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
     }
 }
-#endif
 
 void TCPSocketHandler::on_tls_activated()
 {
diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp
index f68698e..5cef739 100644
--- a/src/network/tcp_socket_handler.hpp
+++ b/src/network/tcp_socket_handler.hpp
@@ -25,22 +25,14 @@
 # include <botan/tls_session_manager.h>
 # include <network/tls_policy.hpp>
 
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
-#  define BOTAN_TLS_CALLBACKS_OVERRIDE override final
-# else
-#  define BOTAN_TLS_CALLBACKS_OVERRIDE
-# endif
 #endif
-
 /**
  * Does all the read/write, buffering etc. With optional tls.
  * But doesn’t do any connect() or accept() or anything else.
  */
 class TCPSocketHandler: public SocketHandler
 #ifdef BOTAN_FOUND
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
     ,public Botan::TLS::Callbacks
-# endif
 #endif
 {
 protected:
@@ -146,31 +138,29 @@ private:
    * Called by the tls object that some data has been decrypt. We call
    * parse_in_buffer() to handle that unencrypted data.
    */
-  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final;
   /**
    * Called by the tls object to indicate that some data has been encrypted
    * and is now ready to be sent on the socket as is.
    */
-  void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_emit_data(const Botan::byte* data, size_t size) override final;
   /**
    * Called by the tls object to indicate that a TLS alert has been
    * received. We don’t use it, we just log some message, at the moment.
    */
-  void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_alert(Botan::TLS::Alert alert) override final;
   /**
    * Called by the tls object at the end of the TLS handshake. We don't do
    * anything here appart from logging the TLS session information.
    */
-  bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  bool tls_session_established(const Botan::TLS::Session& session) override final;
 
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
   void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                              const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                              const std::vector<Botan::Certificate_Store*>& trusted_roots,
                              Botan::Usage_Type usage,
                              const std::string& hostname,
-                             const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE;
-#endif
+                             const Botan::TLS::Policy& policy) override final;
   /**
    * Called whenever the tls session goes from inactive to active. This
    * means that the handshake has just been successfully done, and we can
diff --git a/src/utils/sha1.cpp b/src/utils/sha1.cpp
index 2e6efc2..1a0d185 100644
--- a/src/utils/sha1.cpp
+++ b/src/utils/sha1.cpp
@@ -18,13 +18,7 @@
 std::string sha1(const std::string& input)
 {
 #ifdef BOTAN_FOUND
-# if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-  auto sha1 = Botan::HashFunction::create("SHA-1");
-  if (!sha1)
-    throw Botan::Algorithm_Not_Found("SHA-1");
-# else
   auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
-# endif
   sha1->update(input);
   return Botan::hex_encode(sha1->final(), false);
 #endif