From ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?louiz=E2=80=99?= Date: Thu, 20 Jul 2017 21:22:58 +0200 Subject: Drop support for botan < 2.0 fix #3274 --- CHANGELOG.rst | 2 ++ INSTALL.rst | 2 +- cmake/Modules/FindBOTAN.cmake | 5 ++--- src/network/credentials_manager.cpp | 23 ----------------------- src/network/credentials_manager.hpp | 5 ----- src/network/tcp_socket_handler.cpp | 9 --------- src/network/tcp_socket_handler.hpp | 20 +++++--------------- src/utils/sha1.cpp | 6 ------ 8 files changed, 10 insertions(+), 62 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e2e985e..3f66f55 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,8 @@ Version 6.0 - Add a global option to make all channels persistent. - Status code='332' is sent with the unavailable presences when biboumi is being shutdown or the connection to the IRC server is cut unexpectedly. + - Support for botan version 1.11.x has been dropped, only version 2.x is + supported. Version 5.0 - 2017-05-24 ======================== diff --git a/INSTALL.rst b/INSTALL.rst index 5bb0ca8..3cf55a2 100644 --- a/INSTALL.rst +++ b/INSTALL.rst @@ -47,7 +47,7 @@ udns_ (optional, but recommended) performances when connecting to a big number of IRC servers at the same time. -libbotan_ 1.11 or 2.0 (optional) +libbotan_ 2.x (optional) Provides TLS support. Without it, IRC connections are all made in plain-text mode. diff --git a/cmake/Modules/FindBOTAN.cmake b/cmake/Modules/FindBOTAN.cmake index 9eb76c4..3f223e2 100644 --- a/cmake/Modules/FindBOTAN.cmake +++ b/cmake/Modules/FindBOTAN.cmake @@ -19,15 +19,14 @@ include(FindPkgConfig) if(NOT BOTAN_FOUND) pkg_check_modules(BOTAN botan-2) - pkg_check_modules(BOTAN botan-1.11) endif() if(NOT BOTAN_FOUND) find_path(BOTAN_INCLUDE_DIRS NAMES botan/botan.h - PATH_SUFFIXES botan-2 botan-1.11 + PATH_SUFFIXES botan-2 DOC "The botan include directory") - find_library(BOTAN_LIBRARIES NAMES botan botan-2 botan-1.11 + find_library(BOTAN_LIBRARIES NAMES botan botan-2 DOC "The botan library") # Use some standard module to handle the QUIETLY and REQUIRED arguments, and diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp index f93a366..7f07cef 100644 --- a/src/network/credentials_manager.cpp +++ b/src/network/credentials_manager.cpp @@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector& certs, std::rethrow_exception(exc); } -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) -void BasicCredentialsManager::verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector& certs) -{ - log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname); - try - { - Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs); - log_debug("Certificate is valid"); - } - catch (const std::exception& tls_exception) - { - log_warning("TLS certificate check failed: ", tls_exception.what()); - std::exception_ptr exception_ptr{}; - if (this->socket_handler->abort_on_invalid_cert()) - exception_ptr = std::current_exception(); - - check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr); - } -} -#endif - bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector& paths) { for (const auto& path: paths) diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp index e7c247d..aa4732a 100644 --- a/src/network/credentials_manager.hpp +++ b/src/network/credentials_manager.hpp @@ -31,11 +31,6 @@ public: BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete; BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete; -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) - void verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector&) override final; -#endif std::vector trusted_certificate_authorities(const std::string& type, const std::string& context) override final; void set_trusted_fingerprint(const std::string& fingerprint); diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 1049375..6239162 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string& this->policy.load(policy_directory + "policy.txt"); this->policy.load(policy_directory + address + ".policy.txt"); this->tls = std::make_unique( -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) *this, -# else - [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); }, - [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); }, - [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); }, - [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); }, -# endif get_session_manager(), this->credential_manager, this->policy, get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version()); } @@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio return true; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) void TCPSocketHandler::tls_verify_cert_chain(const std::vector& cert_chain, const std::vector>& ocsp_responses, const std::vector& trusted_roots, @@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vectorcredential_manager.get_trusted_fingerprint(), exception_ptr); } } -#endif void TCPSocketHandler::on_tls_activated() { diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp index f68698e..5cef739 100644 --- a/src/network/tcp_socket_handler.hpp +++ b/src/network/tcp_socket_handler.hpp @@ -25,22 +25,14 @@ # include # include -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) -# define BOTAN_TLS_CALLBACKS_OVERRIDE override final -# else -# define BOTAN_TLS_CALLBACKS_OVERRIDE -# endif #endif - /** * Does all the read/write, buffering etc. With optional tls. * But doesn’t do any connect() or accept() or anything else. */ class TCPSocketHandler: public SocketHandler #ifdef BOTAN_FOUND -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) ,public Botan::TLS::Callbacks -# endif #endif { protected: @@ -146,31 +138,29 @@ private: * Called by the tls object that some data has been decrypt. We call * parse_in_buffer() to handle that unencrypted data. */ - void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final; /** * Called by the tls object to indicate that some data has been encrypted * and is now ready to be sent on the socket as is. */ - void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_emit_data(const Botan::byte* data, size_t size) override final; /** * Called by the tls object to indicate that a TLS alert has been * received. We don’t use it, we just log some message, at the moment. */ - void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_alert(Botan::TLS::Alert alert) override final; /** * Called by the tls object at the end of the TLS handshake. We don't do * anything here appart from logging the TLS session information. */ - bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE; + bool tls_session_established(const Botan::TLS::Session& session) override final; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) void tls_verify_cert_chain(const std::vector& cert_chain, const std::vector>& ocsp_responses, const std::vector& trusted_roots, Botan::Usage_Type usage, const std::string& hostname, - const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE; -#endif + const Botan::TLS::Policy& policy) override final; /** * Called whenever the tls session goes from inactive to active. This * means that the handshake has just been successfully done, and we can diff --git a/src/utils/sha1.cpp b/src/utils/sha1.cpp index 2e6efc2..1a0d185 100644 --- a/src/utils/sha1.cpp +++ b/src/utils/sha1.cpp @@ -18,13 +18,7 @@ std::string sha1(const std::string& input) { #ifdef BOTAN_FOUND -# if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) - auto sha1 = Botan::HashFunction::create("SHA-1"); - if (!sha1) - throw Botan::Algorithm_Not_Found("SHA-1"); -# else auto sha1 = Botan::HashFunction::create_or_throw("SHA-1"); -# endif sha1->update(input); return Botan::hex_encode(sha1->final(), false); #endif -- cgit v1.2.3