diff options
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/credentials_manager.cpp | 3 | ||||
| -rw-r--r-- | src/network/credentials_manager.hpp | 3 | ||||
| -rw-r--r-- | src/network/resolver.cpp | 6 | ||||
| -rw-r--r-- | src/network/tcp_client_socket_handler.cpp | 9 | ||||
| -rw-r--r-- | src/network/tcp_socket_handler.cpp | 21 | ||||
| -rw-r--r-- | src/network/tls_policy.cpp | 2 | ||||
| -rw-r--r-- | src/network/tls_policy.hpp | 1 |
7 files changed, 29 insertions, 16 deletions
diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp index b25f442..89c694c 100644 --- a/src/network/credentials_manager.cpp +++ b/src/network/credentials_manager.cpp @@ -21,9 +21,8 @@ static const std::vector<std::string> default_cert_files = { Botan::Certificate_Store_In_Memory BasicCredentialsManager::certificate_store; bool BasicCredentialsManager::certs_loaded = false; -BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const socket_handler): +BasicCredentialsManager::BasicCredentialsManager(): Botan::Credentials_Manager(), - socket_handler(socket_handler), trusted_fingerprint{} { BasicCredentialsManager::load_certs(); diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp index 3a37bdc..210a628 100644 --- a/src/network/credentials_manager.hpp +++ b/src/network/credentials_manager.hpp @@ -25,7 +25,7 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs, class BasicCredentialsManager: public Botan::Credentials_Manager { public: - BasicCredentialsManager(const TCPSocketHandler* const socket_handler); + BasicCredentialsManager(); BasicCredentialsManager(BasicCredentialsManager&&) = delete; BasicCredentialsManager(const BasicCredentialsManager&) = delete; @@ -38,7 +38,6 @@ public: const std::string& get_trusted_fingerprint() const; private: - const TCPSocketHandler* const socket_handler; static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths); static void load_certs(); diff --git a/src/network/resolver.cpp b/src/network/resolver.cpp index ae5cecd..d9242e2 100644 --- a/src/network/resolver.cpp +++ b/src/network/resolver.cpp @@ -214,6 +214,12 @@ void Resolver::on_hostname6_resolved(dns_rr_a6 *result) this->call_getaddrinfo(buf, this->port.data(), AI_NUMERICHOST); } } + else + { + const auto error = dns_error_messages.find(status); + if (error != end(dns_error_messages)) + this->error_msg = error->second; + } } void Resolver::after_resolved() diff --git a/src/network/tcp_client_socket_handler.cpp b/src/network/tcp_client_socket_handler.cpp index dcf38f9..7d1029f 100644 --- a/src/network/tcp_client_socket_handler.cpp +++ b/src/network/tcp_client_socket_handler.cpp @@ -46,15 +46,14 @@ void TCPClientSocketHandler::init_socket(const struct addrinfo* rp) else { utils::ScopeGuard sg([result](){ freeaddrinfo(result); }); - struct addrinfo* rp; - for (rp = result; rp; rp = rp->ai_next) + for (; result; result = result->ai_next) { if ((::bind(this->socket, - reinterpret_cast<const struct sockaddr*>(rp->ai_addr), - rp->ai_addrlen)) == 0) + reinterpret_cast<const struct sockaddr*>(result->ai_addr), + result->ai_addrlen)) == 0) break; } - if (!rp) + if (!result) log_error("Failed to bind socket to ", this->bind_addr, ": ", strerror(errno)); else diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 642cf03..e05caad 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -50,7 +50,7 @@ TCPSocketHandler::TCPSocketHandler(std::shared_ptr<Poller>& poller): SocketHandler(poller, -1), use_tls(false) #ifdef BOTAN_FOUND - ,credential_manager(this) + ,credential_manager() #endif {} @@ -84,10 +84,11 @@ void TCPSocketHandler::plain_recv() if (recv_buf == nullptr) recv_buf = buf; - const ssize_t size = this->do_recv(recv_buf, buf_size); + const ssize_t ssize = this->do_recv(recv_buf, buf_size); - if (size > 0) + if (ssize > 0) { + auto size = static_cast<std::size_t>(ssize); if (buf == recv_buf) { // data needs to be placed in the in_buf string, because no buffer @@ -149,21 +150,22 @@ void TCPSocketHandler::on_send() } else { + auto size = static_cast<std::size_t>(res); // remove all the strings that were successfully sent. auto it = this->out_buf.begin(); while (it != this->out_buf.end()) { - if (static_cast<size_t>(res) >= it->size()) + if (size >= it->size()) { - res -= it->size(); + size -= it->size(); ++it; } else { // If one string has partially been sent, we use substr to // crop it - if (res > 0) - *it = it->substr(res, std::string::npos); + if (size > 0) + *it = it->substr(size, std::string::npos); break; } } @@ -332,6 +334,11 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi Botan::Usage_Type usage, const std::string& hostname, const Botan::TLS::Policy& policy) { + if (!this->policy.verify_certificate) + { + log_debug("Not verifying certificate due to domain policy "); + return; + } log_debug("Checking remote certificate for hostname ", hostname); try { diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp index b88eb88..f32557e 100644 --- a/src/network/tls_policy.cpp +++ b/src/network/tls_policy.cpp @@ -37,6 +37,8 @@ void BiboumiTLSPolicy::load(std::istream& is) // Workaround for options that are not overridden in Botan::TLS::Text_Policy if (pair.first == "require_cert_revocation_info") this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false"); + else if (pair.first == "verify_certificate") + this->verify_certificate = !(pair.second == "0" || utils::tolower(pair.second) == "false"); else this->set(pair.first, pair.second); } diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp index 29fd2b3..e915646 100644 --- a/src/network/tls_policy.hpp +++ b/src/network/tls_policy.hpp @@ -21,6 +21,7 @@ public: BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete; bool require_cert_revocation_info() const override; + bool verify_certificate{true}; protected: bool req_cert_revocation_info{true}; }; |