aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/tls_client.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-25 12:01:10 -0500
committerJack Lloyd <[email protected]>2016-11-25 12:01:10 -0500
commitf4f6726262d1096974d191de3f3220b6e1a41c06 (patch)
tree42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/cli/tls_client.cpp
parente30d8d0fad3f9316ef31170ecec9d291288289f5 (diff)
Add TLS::Policy::minimum_signature_strength
Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
Diffstat (limited to 'src/cli/tls_client.cpp')
-rw-r--r--src/cli/tls_client.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 6fbb59e6f..8e21e21e5 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -255,12 +255,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
const std::vector<Botan::X509_Certificate>& cert_chain,
const std::vector<Botan::Certificate_Store*>& trusted_roots,
Botan::Usage_Type usage,
- const std::string& hostname) override
+ const std::string& hostname,
+ const Botan::TLS::Policy& policy) override
{
if(cert_chain.empty())
throw std::invalid_argument("Certificate chain was empty");
- Botan::Path_Validation_Restrictions restrictions(true, 80);
+ Botan::Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength());
auto ocsp_timeout = std::chrono::milliseconds(300);