Add TLS::Policy::minimum_signature_strength

Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
author: Jack Lloyd <[email protected]> 2016-11-25 12:01:10 -0500
committer: Jack Lloyd <[email protected]> 2016-11-25 12:01:10 -0500
commit: f4f6726262d1096974d191de3f3220b6e1a41c06 (patch)
tree: 42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/lib/tls/tls_callbacks.cpp
parent: e30d8d0fad3f9316ef31170ecec9d291288289f5 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp
index f43890e20..e95b1c0f7 100644
--- a/src/lib/tls/tls_callbacks.cpp
+++ b/src/lib/tls/tls_callbacks.cpp
@@ -6,6 +6,7 @@
 */
 
 #include <botan/tls_callbacks.h>
+#include <botan/tls_policy.h>
 #include <botan/x509path.h>
 #include <botan/ocsp.h>
 #include <botan/certstor.h>
@@ -28,12 +29,13 @@ void TLS::Callbacks::tls_verify_cert_chain(
    const std::vector<X509_Certificate>& cert_chain,
    const std::vector<Certificate_Store*>& trusted_roots,
    Usage_Type usage,
-   const std::string& hostname)
+   const std::string& hostname,
+   const TLS::Policy& policy)
    {
    if(cert_chain.empty())
       throw Invalid_Argument("Certificate chain was empty");
 
-   Path_Validation_Restrictions restrictions;
+   Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength());
 
    Path_Validation_Result result =
       x509_path_validate(cert_chain,
author	Jack Lloyd <[email protected]>	2016-11-25 12:01:10 -0500
committer	Jack Lloyd <[email protected]>	2016-11-25 12:01:10 -0500
commit	f4f6726262d1096974d191de3f3220b6e1a41c06 (patch)
tree	42f151ce4156b16da00ecc62fa3b8024a2d82368 /src/lib/tls/tls_callbacks.cpp
parent	e30d8d0fad3f9316ef31170ecec9d291288289f5 (diff)