diff options
author | Jack Lloyd <[email protected]> | 2016-11-25 12:01:10 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-25 12:01:10 -0500 |
commit | f4f6726262d1096974d191de3f3220b6e1a41c06 (patch) | |
tree | 42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/cli/tls_client.cpp | |
parent | e30d8d0fad3f9316ef31170ecec9d291288289f5 (diff) |
Add TLS::Policy::minimum_signature_strength
Changes TLS callback API for cert verify to accept Policy&
Sets default signature strength to 110 to force RSA ~2048.
Diffstat (limited to 'src/cli/tls_client.cpp')
-rw-r--r-- | src/cli/tls_client.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 6fbb59e6f..8e21e21e5 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -255,12 +255,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks const std::vector<Botan::X509_Certificate>& cert_chain, const std::vector<Botan::Certificate_Store*>& trusted_roots, Botan::Usage_Type usage, - const std::string& hostname) override + const std::string& hostname, + const Botan::TLS::Policy& policy) override { if(cert_chain.empty()) throw std::invalid_argument("Certificate chain was empty"); - Botan::Path_Validation_Restrictions restrictions(true, 80); + Botan::Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength()); auto ocsp_timeout = std::chrono::milliseconds(300); |