Botan
2.1.0
Crypto and TLS for C++11
|
#include <tls_callbacks.h>
Public Member Functions | |
virtual void | tls_alert (Alert alert)=0 |
virtual void | tls_emit_data (const uint8_t data[], size_t size)=0 |
virtual void | tls_inspect_handshake_msg (const Handshake_Message &message) |
virtual void | tls_log_debug (const char *what) |
virtual void | tls_log_debug_bin (const char *descr, const uint8_t val[], size_t val_len) |
virtual void | tls_log_error (const char *err) |
virtual void | tls_record_received (uint64_t seq_no, const uint8_t data[], size_t size)=0 |
virtual std::string | tls_server_choose_app_protocol (const std::vector< std::string > &client_protos) |
virtual void | tls_session_activated () |
virtual bool | tls_session_established (const Session &session)=0 |
virtual void | tls_verify_cert_chain (const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy) |
virtual std::chrono::milliseconds | tls_verify_cert_chain_ocsp_timeout () const |
virtual | ~Callbacks ()=default |
Encapsulates the callbacks that a TLS channel will make which are due to channel specific operations.
Definition at line 35 of file tls_callbacks.h.
|
virtualdefault |
|
pure virtual |
Mandatory callback: alert received Called when an alert is received from the peer If fatal, the connection is closing. If not fatal, the connection may still be closing (depending on the error and the peer).
alert | the source of the alert |
Implemented in Botan::TLS::Compat_Callbacks.
|
pure virtual |
Mandatory callback: output function The channel will call this with data which needs to be sent to the peer (eg, over a socket or some other form of IPC). The array will be overwritten when the function returns so a copy must be made if the data cannot be sent immediately.
data | the vector of data to send |
size | the number of bytes to send |
Implemented in Botan::TLS::Compat_Callbacks.
|
virtual |
Optional callback: inspect handshake message Throw an exception to abort the handshake. Default simply ignores the message.
message | the handshake message |
Reimplemented in Botan::TLS::Compat_Callbacks.
Definition at line 16 of file tls_callbacks.cpp.
Referenced by Botan::TLS::Handshake_State::note_message().
|
inlinevirtual |
Optional callback: debug logging. (not currently called)
what | Some hopefully informative string |
Definition at line 178 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
inlinevirtual |
Optional callback: debug logging taking a buffer. (not currently called)
descr | What this buffer is |
val | the bytes |
val_len | length of val |
Definition at line 189 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
inlinevirtual |
Optional callback: error logging. (not currently called)
err | An error message related to this connection. |
Definition at line 169 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
pure virtual |
Mandatory callback: process application data Called when application data record is received from the peer. Again the array is overwritten immediately after the function returns.
seq_no | the underlying TLS/DTLS record sequence number |
data | the vector containing the received record |
size | the length of the received record, in bytes |
Implemented in Botan::TLS::Compat_Callbacks.
|
virtual |
Optional callback for server: choose ALPN protocol ALPN (RFC 7301) works by the client sending a list of application protocols it is willing to negotiate. The server then selects which protocol to use, which is not necessarily even on the list that the client sent.
client_protos | the vector of protocols the client is willing to negotiate |
Reimplemented in Botan::TLS::Compat_Callbacks.
Definition at line 21 of file tls_callbacks.cpp.
|
inlinevirtual |
Optional callback: session activated Called when a session is active and can be written to
Definition at line 92 of file tls_callbacks.h.
Referenced by Botan::TLS::Channel::activate_session().
|
pure virtual |
Mandatory callback: session established Called when a session is established. Throw an exception to abort the connection.
session | the session descriptor |
Implemented in Botan::TLS::Compat_Callbacks.
|
virtual |
Optional callback with default impl: verify cert chain
Default implementation performs a standard PKIX validation and initiates network OCSP request for end-entity cert. Override to provide different behavior.
Check the certificate chain is valid up to a trusted root, and optionally (if hostname != "") that the hostname given is consistent with the leaf certificate.
This function should throw an exception derived from std::exception with an informative what() result if the certificate chain cannot be verified.
cert_chain | specifies a certificate chain leading to a trusted root CA certificate. |
ocsp_responses | the server may have provided some |
trusted_roots | the list of trusted certificates |
usage | what this cert chain is being used for Usage_Type::TLS_SERVER_AUTH for server chains, Usage_Type::TLS_CLIENT_AUTH for client chains, Usage_Type::UNSPECIFIED for other uses |
hostname | when authenticating a server, this is the hostname the client requested (eg via SNI). When authenticating a client, this is the server name the client is authenticating to. Empty in other cases or if no hostname was used. |
policy | the TLS policy associated with the session being authenticated using the certificate chain |
Definition at line 26 of file tls_callbacks.cpp.
References Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::require_cert_revocation_info(), Botan::TLS_SERVER_AUTH, and Botan::x509_path_validate().
|
inlinevirtual |
Called by default tls_verify_cert_chain
to get the timeout to use for OCSP requests. Return 0 to disable online OCSP checks.
Definition at line 136 of file tls_callbacks.h.