Add TLS::Policy::minimum_signature_strength

Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
author: Jack Lloyd <[email protected]> 2016-11-25 12:01:10 -0500
committer: Jack Lloyd <[email protected]> 2016-11-25 12:01:10 -0500
commit: f4f6726262d1096974d191de3f3220b6e1a41c06 (patch)
tree: 42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/cli
parent: e30d8d0fad3f9316ef31170ecec9d291288289f5 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 6fbb59e6f..8e21e21e5 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -255,12 +255,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
          const std::vector<Botan::X509_Certificate>& cert_chain,
          const std::vector<Botan::Certificate_Store*>& trusted_roots,
          Botan::Usage_Type usage,
-         const std::string& hostname) override
+         const std::string& hostname,
+         const Botan::TLS::Policy& policy) override
          {
          if(cert_chain.empty())
             throw std::invalid_argument("Certificate chain was empty");
 
-         Botan::Path_Validation_Restrictions restrictions(true, 80);
+         Botan::Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength());
 
          auto ocsp_timeout = std::chrono::milliseconds(300);
author	Jack Lloyd <[email protected]>	2016-11-25 12:01:10 -0500
committer	Jack Lloyd <[email protected]>	2016-11-25 12:01:10 -0500
commit	f4f6726262d1096974d191de3f3220b6e1a41c06 (patch)
tree	42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/cli
parent	e30d8d0fad3f9316ef31170ecec9d291288289f5 (diff)