4 files changed, 5 insertions, 52 deletions

diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp
index f93a366..7f07cef 100644
--- a/src/network/credentials_manager.cpp
+++ b/src/network/credentials_manager.cpp
@@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
     std::rethrow_exception(exc);
 }
 
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
-                                                       const std::string& purported_hostname,
-                                                       const std::vector<Botan::X509_Certificate>& certs)
-{
-  log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname);
-  try
-    {
-      Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs);
-      log_debug("Certificate is valid");
-    }
-  catch (const std::exception& tls_exception)
-    {
-      log_warning("TLS certificate check failed: ", tls_exception.what());
-      std::exception_ptr exception_ptr{};
-      if (this->socket_handler->abort_on_invalid_cert())
-        exception_ptr = std::current_exception();
-
-      check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
-    }
-}
-#endif
-
 bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
 {
   for (const auto& path: paths)
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp
index e7c247d..aa4732a 100644
--- a/src/network/credentials_manager.hpp
+++ b/src/network/credentials_manager.hpp
@@ -31,11 +31,6 @@ public:
   BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
   BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
 
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
-  void verify_certificate_chain(const std::string& type,
-                                const std::string& purported_hostname,
-                                const std::vector<Botan::X509_Certificate>&) override final;
-#endif
   std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
                                                                          const std::string& context) override final;
   void set_trusted_fingerprint(const std::string& fingerprint);
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index 1049375..6239162 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string&
   this->policy.load(policy_directory + "policy.txt");
   this->policy.load(policy_directory + address + ".policy.txt");
   this->tls = std::make_unique<Botan::TLS::Client>(
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
       *this,
-# else
-      [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); },
-      [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); },
-      [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); },
-      [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); },
-# endif
       get_session_manager(), this->credential_manager, this->policy,
       get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version());
 }
@@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
   return true;
 }
 
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
 void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                              const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                                              const std::vector<Botan::Certificate_Store*>& trusted_roots,
@@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
       check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
     }
 }
-#endif
 
 void TCPSocketHandler::on_tls_activated()
 {
diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp
index f68698e..5cef739 100644
--- a/src/network/tcp_socket_handler.hpp
+++ b/src/network/tcp_socket_handler.hpp
@@ -25,22 +25,14 @@
 # include <botan/tls_session_manager.h>
 # include <network/tls_policy.hpp>
 
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
-#  define BOTAN_TLS_CALLBACKS_OVERRIDE override final
-# else
-#  define BOTAN_TLS_CALLBACKS_OVERRIDE
-# endif
 #endif
-
 /**
  * Does all the read/write, buffering etc. With optional tls.
  * But doesn’t do any connect() or accept() or anything else.
  */
 class TCPSocketHandler: public SocketHandler
 #ifdef BOTAN_FOUND
-# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
     ,public Botan::TLS::Callbacks
-# endif
 #endif
 {
 protected:
@@ -146,31 +138,29 @@ private:
    * Called by the tls object that some data has been decrypt. We call
    * parse_in_buffer() to handle that unencrypted data.
    */
-  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final;
   /**
    * Called by the tls object to indicate that some data has been encrypted
    * and is now ready to be sent on the socket as is.
    */
-  void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_emit_data(const Botan::byte* data, size_t size) override final;
   /**
    * Called by the tls object to indicate that a TLS alert has been
    * received. We don’t use it, we just log some message, at the moment.
    */
-  void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  void tls_alert(Botan::TLS::Alert alert) override final;
   /**
    * Called by the tls object at the end of the TLS handshake. We don't do
    * anything here appart from logging the TLS session information.
    */
-  bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE;
+  bool tls_session_established(const Botan::TLS::Session& session) override final;
 
-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
   void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                              const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                              const std::vector<Botan::Certificate_Store*>& trusted_roots,
                              Botan::Usage_Type usage,
                              const std::string& hostname,
-                             const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE;
-#endif
+                             const Botan::TLS::Policy& policy) override final;
   /**
    * Called whenever the tls session goes from inactive to active. This
    * means that the handshake has just been successfully done, and we can