diff options
-rw-r--r-- | src/network/tcp_socket_handler.cpp | 5 | ||||
-rw-r--r-- | src/network/tls_policy.cpp | 7 | ||||
-rw-r--r-- | src/network/tls_policy.hpp | 2 |
3 files changed, 14 insertions, 0 deletions
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 642cf03..c6e173d 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -332,6 +332,11 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi Botan::Usage_Type usage, const std::string& hostname, const Botan::TLS::Policy& policy) { + if (!this->policy.verify_certificate_info()) + { + log_debug("Not verifying certificate due to domain policy "); + return; + } log_debug("Checking remote certificate for hostname ", hostname); try { diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp index b88eb88..8aa8b72 100644 --- a/src/network/tls_policy.cpp +++ b/src/network/tls_policy.cpp @@ -37,6 +37,8 @@ void BiboumiTLSPolicy::load(std::istream& is) // Workaround for options that are not overridden in Botan::TLS::Text_Policy if (pair.first == "require_cert_revocation_info") this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false"); + else if (pair.first == "verify_certificate") + this->verify_certificate = !(pair.second == "0" || utils::tolower(pair.second) == "false"); else this->set(pair.first, pair.second); } @@ -47,4 +49,9 @@ bool BiboumiTLSPolicy::require_cert_revocation_info() const return this->req_cert_revocation_info; } +bool BiboumiTLSPolicy::verify_certificate_info() const +{ + return this->verify_certificate; +} + #endif diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp index 29fd2b3..a0790a3 100644 --- a/src/network/tls_policy.hpp +++ b/src/network/tls_policy.hpp @@ -21,8 +21,10 @@ public: BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete; bool require_cert_revocation_info() const override; + bool verify_certificate_info() const; protected: bool req_cert_revocation_info{true}; + bool verify_certificate{true}; }; #endif |