From d887baa064318fdb350fb6c3f7b8e2104a644fcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?louiz=E2=80=99?= <louiz@louiz.org>
Date: Sat, 28 Apr 2018 13:55:35 +0200
Subject: Fix a crash when botan policy does not allow any available
 ciphersuite

---
 src/network/tcp_client_socket_handler.cpp | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/network')

diff --git a/src/network/tcp_client_socket_handler.cpp b/src/network/tcp_client_socket_handler.cpp
index aac13d0..9dda73d 100644
--- a/src/network/tcp_client_socket_handler.cpp
+++ b/src/network/tcp_client_socket_handler.cpp
@@ -146,15 +146,22 @@ void TCPClientSocketHandler::connect(const std::string& address, const std::stri
           || errno == EISCONN)
         {
           log_info("Connection success.");
+#ifdef BOTAN_FOUND
+          if (this->use_tls)
+            try {
+                this->start_tls(this->address, this->port);
+              } catch (const Botan::Exception& e)
+              {
+                this->on_connection_failed("TLS error: "s + e.what());
+                this->close();
+                return ;
+              }
+#endif
           TimedEventsManager::instance().cancel("connection_timeout" +
                                                 std::to_string(this->socket));
           this->poller->add_socket_handler(this);
           this->connected = true;
           this->connecting = false;
-#ifdef BOTAN_FOUND
-          if (this->use_tls)
-            this->start_tls(this->address, this->port);
-#endif
           this->connection_date = std::chrono::system_clock::now();
 
           // Get our local TCP port and store it
-- 
cgit v1.2.3


From 85288fd0b31027e7948180e0e057242e13f15da4 Mon Sep 17 00:00:00 2001
From: Romain DEP <rom1dep@gmail.com>
Date: Sat, 21 Jul 2018 20:27:49 +0200
Subject: add 'verify_certificate' as possible configuration token for policy
 files  This lets the user configure a per-domain certificate validation
 policy

---
 src/network/tcp_socket_handler.cpp | 5 +++++
 src/network/tls_policy.cpp         | 7 +++++++
 src/network/tls_policy.hpp         | 2 ++
 3 files changed, 14 insertions(+)

(limited to 'src/network')

diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index 642cf03..c6e173d 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -332,6 +332,11 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
                                              Botan::Usage_Type usage, const std::string& hostname,
                                              const Botan::TLS::Policy& policy)
 {
+  if (!this->policy.verify_certificate_info())
+    {
+      log_debug("Not verifying certificate due to domain policy ");
+      return;
+    }
   log_debug("Checking remote certificate for hostname ", hostname);
   try
     {
diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp
index b88eb88..8aa8b72 100644
--- a/src/network/tls_policy.cpp
+++ b/src/network/tls_policy.cpp
@@ -37,6 +37,8 @@ void BiboumiTLSPolicy::load(std::istream& is)
       // Workaround for options that are not overridden in Botan::TLS::Text_Policy
       if (pair.first == "require_cert_revocation_info")
         this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false");
+      else if (pair.first == "verify_certificate")
+        this->verify_certificate = !(pair.second == "0" || utils::tolower(pair.second) == "false");
       else
         this->set(pair.first, pair.second);
     }
@@ -47,4 +49,9 @@ bool BiboumiTLSPolicy::require_cert_revocation_info() const
   return this->req_cert_revocation_info;
 }
 
+bool BiboumiTLSPolicy::verify_certificate_info() const
+{
+  return this->verify_certificate;
+}
+
 #endif
diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp
index 29fd2b3..a0790a3 100644
--- a/src/network/tls_policy.hpp
+++ b/src/network/tls_policy.hpp
@@ -21,8 +21,10 @@ public:
   BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete;
 
   bool require_cert_revocation_info() const override;
+  bool verify_certificate_info() const;
 protected:
   bool req_cert_revocation_info{true};
+  bool verify_certificate{true};
 };
 
 #endif
-- 
cgit v1.2.3


From 709fa0e5e984789113d8e4d795e52839d0cf5f87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?louiz=E2=80=99?= <louiz@louiz.org>
Date: Sun, 22 Jul 2018 14:40:59 +0200
Subject: Remove a useless getter

---
 src/network/tcp_socket_handler.cpp | 2 +-
 src/network/tls_policy.cpp         | 5 -----
 src/network/tls_policy.hpp         | 3 +--
 3 files changed, 2 insertions(+), 8 deletions(-)

(limited to 'src/network')

diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index c6e173d..29c5d6a 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -332,7 +332,7 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
                                              Botan::Usage_Type usage, const std::string& hostname,
                                              const Botan::TLS::Policy& policy)
 {
-  if (!this->policy.verify_certificate_info())
+  if (!this->policy.verify_certificate)
     {
       log_debug("Not verifying certificate due to domain policy ");
       return;
diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp
index 8aa8b72..f32557e 100644
--- a/src/network/tls_policy.cpp
+++ b/src/network/tls_policy.cpp
@@ -49,9 +49,4 @@ bool BiboumiTLSPolicy::require_cert_revocation_info() const
   return this->req_cert_revocation_info;
 }
 
-bool BiboumiTLSPolicy::verify_certificate_info() const
-{
-  return this->verify_certificate;
-}
-
 #endif
diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp
index a0790a3..e915646 100644
--- a/src/network/tls_policy.hpp
+++ b/src/network/tls_policy.hpp
@@ -21,10 +21,9 @@ public:
   BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete;
 
   bool require_cert_revocation_info() const override;
-  bool verify_certificate_info() const;
+  bool verify_certificate{true};
 protected:
   bool req_cert_revocation_info{true};
-  bool verify_certificate{true};
 };
 
 #endif
-- 
cgit v1.2.3


From b1564e4ddc3e54ad78788a6f5643056d03a41678 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?louiz=E2=80=99?= <louiz@louiz.org>
Date: Thu, 23 Aug 2018 20:31:31 +0200
Subject: Fix a bunch of int to unsigned int conversion warnings

---
 src/network/credentials_manager.cpp |  3 +--
 src/network/credentials_manager.hpp |  3 +--
 src/network/tcp_socket_handler.cpp  | 16 +++++++++-------
 3 files changed, 11 insertions(+), 11 deletions(-)

(limited to 'src/network')

diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp
index b25f442..89c694c 100644
--- a/src/network/credentials_manager.cpp
+++ b/src/network/credentials_manager.cpp
@@ -21,9 +21,8 @@ static const std::vector<std::string> default_cert_files = {
 Botan::Certificate_Store_In_Memory BasicCredentialsManager::certificate_store;
 bool BasicCredentialsManager::certs_loaded = false;
 
-BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const socket_handler):
+BasicCredentialsManager::BasicCredentialsManager():
     Botan::Credentials_Manager(),
-    socket_handler(socket_handler),
     trusted_fingerprint{}
 {
   BasicCredentialsManager::load_certs();
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp
index 3a37bdc..210a628 100644
--- a/src/network/credentials_manager.hpp
+++ b/src/network/credentials_manager.hpp
@@ -25,7 +25,7 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
 class BasicCredentialsManager: public Botan::Credentials_Manager
 {
 public:
-  BasicCredentialsManager(const TCPSocketHandler* const socket_handler);
+  BasicCredentialsManager();
 
   BasicCredentialsManager(BasicCredentialsManager&&) = delete;
   BasicCredentialsManager(const BasicCredentialsManager&) = delete;
@@ -38,7 +38,6 @@ public:
   const std::string& get_trusted_fingerprint() const;
 
 private:
-  const TCPSocketHandler* const socket_handler;
 
   static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths);
   static void load_certs();
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp
index 29c5d6a..e05caad 100644
--- a/src/network/tcp_socket_handler.cpp
+++ b/src/network/tcp_socket_handler.cpp
@@ -50,7 +50,7 @@ TCPSocketHandler::TCPSocketHandler(std::shared_ptr<Poller>& poller):
   SocketHandler(poller, -1),
   use_tls(false)
 #ifdef BOTAN_FOUND
-  ,credential_manager(this)
+  ,credential_manager()
 #endif
 {}
 
@@ -84,10 +84,11 @@ void TCPSocketHandler::plain_recv()
   if (recv_buf == nullptr)
     recv_buf = buf;
 
-  const ssize_t size = this->do_recv(recv_buf, buf_size);
+  const ssize_t ssize = this->do_recv(recv_buf, buf_size);
 
-  if (size > 0)
+  if (ssize > 0)
     {
+      auto size = static_cast<std::size_t>(ssize);
       if (buf == recv_buf)
         {
           // data needs to be placed in the in_buf string, because no buffer
@@ -149,21 +150,22 @@ void TCPSocketHandler::on_send()
     }
   else
     {
+      auto size = static_cast<std::size_t>(res);
       // remove all the strings that were successfully sent.
       auto it = this->out_buf.begin();
       while (it != this->out_buf.end())
         {
-          if (static_cast<size_t>(res) >= it->size())
+          if (size >= it->size())
             {
-              res -= it->size();
+              size -= it->size();
               ++it;
             }
           else
             {
               // If one string has partially been sent, we use substr to
               // crop it
-              if (res > 0)
-                *it = it->substr(res, std::string::npos);
+              if (size > 0)
+                *it = it->substr(size, std::string::npos);
               break;
             }
         }
-- 
cgit v1.2.3