diff options
| author | Christian Mainka <[email protected]> | 2016-05-03 16:41:18 +0200 |
|---|---|---|
| committer | Christian Mainka <[email protected]> | 2016-05-03 16:41:18 +0200 |
| commit | 6d327f879c608908ca2c6b9b99f7fd74d498b4ef (patch) | |
| tree | 37887b96bf353db53aef93525a49706c7967de2d /src/cli/tls_server.cpp | |
| parent | e6f56a82b639776282b9f4fd6a66e426ea0910d2 (diff) | |
TLS Policy support
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
Diffstat (limited to 'src/cli/tls_server.cpp')
| -rw-r--r-- | src/cli/tls_server.cpp | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 2496f5508..7fc38cf31 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -33,7 +33,7 @@ namespace Botan_CLI { class TLS_Server final : public Command { public: - TLS_Server() : Command("tls_server cert key --port=443 --type=tcp") {} + TLS_Server() : Command("tls_server cert key --port=443 --type=tcp --policy=") {} void go() override { @@ -47,7 +47,24 @@ class TLS_Server final : public Command const bool is_tcp = (transport == "tcp"); - Botan::TLS::Policy policy; // TODO read policy from file + std::unique_ptr<Botan::TLS::Policy> policy; + const std::string policy_file = get_arg("policy"); + std::filebuf fb; + if(policy_file.size() > 0) + { + std::ifstream policy_stream(policy_file); + if(!policy_stream.good()) + { + error_output() << "Failed reading policy file\n"; + return; + } + policy.reset(new Botan::TLS::Text_Policy(policy_stream)); + } + + if(!policy) + { + policy.reset(new Botan::TLS::Policy); + } Botan::TLS::Session_Manager_In_Memory session_manager(rng()); // TODO sqlite3 @@ -112,7 +129,7 @@ class TLS_Server final : public Command std::bind(&TLS_Server::handshake_complete, this, _1), session_manager, creds, - policy, + *policy, rng(), protocol_chooser, !is_tcp); |