Botan  2.1.0
Crypto and TLS for C++11
tls_callbacks.cpp
Go to the documentation of this file.
1 /*
2 * TLS Callbacks
3 * (C) 2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tls_callbacks.h>
9 #include <botan/tls_policy.h>
10 #include <botan/x509path.h>
11 #include <botan/ocsp.h>
12 #include <botan/certstor.h>
13 
14 namespace Botan {
15 
17  {
18  // default is no op
19  }
20 
21 std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>&)
22  {
23  return "";
24  }
25 
27  const std::vector<X509_Certificate>& cert_chain,
28  const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_responses,
29  const std::vector<Certificate_Store*>& trusted_roots,
30  Usage_Type usage,
31  const std::string& hostname,
32  const TLS::Policy& policy)
33  {
34  if(cert_chain.empty())
35  throw Invalid_Argument("Certificate chain was empty");
36 
39 
40  Path_Validation_Result result =
41  x509_path_validate(cert_chain,
42  restrictions,
43  trusted_roots,
44  (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),
45  usage,
46  std::chrono::system_clock::now(),
47  tls_verify_cert_chain_ocsp_timeout(),
48  ocsp_responses);
49 
50  if(!result.successful_validation())
51  throw Exception("Certificate validation failure: " + result.result_string());
52  }
53 
54 }
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:163
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy)
Definition: alg_id.cpp:13
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Definition: x509path.cpp:562
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:158
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
Usage_Type
Definition: x509cert.h:24