From ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?louiz=E2=80=99?= Date: Thu, 20 Jul 2017 21:22:58 +0200 Subject: Drop support for botan < 2.0 fix #3274 --- src/network/credentials_manager.cpp | 23 ----------------------- src/network/credentials_manager.hpp | 5 ----- src/network/tcp_socket_handler.cpp | 9 --------- src/network/tcp_socket_handler.hpp | 20 +++++--------------- 4 files changed, 5 insertions(+), 52 deletions(-) (limited to 'src/network') diff --git a/src/network/credentials_manager.cpp b/src/network/credentials_manager.cpp index f93a366..7f07cef 100644 --- a/src/network/credentials_manager.cpp +++ b/src/network/credentials_manager.cpp @@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector& certs, std::rethrow_exception(exc); } -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) -void BasicCredentialsManager::verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector& certs) -{ - log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname); - try - { - Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs); - log_debug("Certificate is valid"); - } - catch (const std::exception& tls_exception) - { - log_warning("TLS certificate check failed: ", tls_exception.what()); - std::exception_ptr exception_ptr{}; - if (this->socket_handler->abort_on_invalid_cert()) - exception_ptr = std::current_exception(); - - check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr); - } -} -#endif - bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector& paths) { for (const auto& path: paths) diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp index e7c247d..aa4732a 100644 --- a/src/network/credentials_manager.hpp +++ b/src/network/credentials_manager.hpp @@ -31,11 +31,6 @@ public: BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete; BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete; -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) - void verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector&) override final; -#endif std::vector trusted_certificate_authorities(const std::string& type, const std::string& context) override final; void set_trusted_fingerprint(const std::string& fingerprint); diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 1049375..6239162 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string& this->policy.load(policy_directory + "policy.txt"); this->policy.load(policy_directory + address + ".policy.txt"); this->tls = std::make_unique( -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) *this, -# else - [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); }, - [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); }, - [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); }, - [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); }, -# endif get_session_manager(), this->credential_manager, this->policy, get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version()); } @@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio return true; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) void TCPSocketHandler::tls_verify_cert_chain(const std::vector& cert_chain, const std::vector>& ocsp_responses, const std::vector& trusted_roots, @@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vectorcredential_manager.get_trusted_fingerprint(), exception_ptr); } } -#endif void TCPSocketHandler::on_tls_activated() { diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp index f68698e..5cef739 100644 --- a/src/network/tcp_socket_handler.hpp +++ b/src/network/tcp_socket_handler.hpp @@ -25,22 +25,14 @@ # include # include -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) -# define BOTAN_TLS_CALLBACKS_OVERRIDE override final -# else -# define BOTAN_TLS_CALLBACKS_OVERRIDE -# endif #endif - /** * Does all the read/write, buffering etc. With optional tls. * But doesn’t do any connect() or accept() or anything else. */ class TCPSocketHandler: public SocketHandler #ifdef BOTAN_FOUND -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) ,public Botan::TLS::Callbacks -# endif #endif { protected: @@ -146,31 +138,29 @@ private: * Called by the tls object that some data has been decrypt. We call * parse_in_buffer() to handle that unencrypted data. */ - void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final; /** * Called by the tls object to indicate that some data has been encrypted * and is now ready to be sent on the socket as is. */ - void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_emit_data(const Botan::byte* data, size_t size) override final; /** * Called by the tls object to indicate that a TLS alert has been * received. We don’t use it, we just log some message, at the moment. */ - void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE; + void tls_alert(Botan::TLS::Alert alert) override final; /** * Called by the tls object at the end of the TLS handshake. We don't do * anything here appart from logging the TLS session information. */ - bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE; + bool tls_session_established(const Botan::TLS::Session& session) override final; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) void tls_verify_cert_chain(const std::vector& cert_chain, const std::vector>& ocsp_responses, const std::vector& trusted_roots, Botan::Usage_Type usage, const std::string& hostname, - const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE; -#endif + const Botan::TLS::Policy& policy) override final; /** * Called whenever the tls session goes from inactive to active. This * means that the handshake has just been successfully done, and we can -- cgit v1.2.3