Move TLS cert verification callback from Credentials_Manager to TLS::Callbacks

It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
author: Jack Lloyd <[email protected]> 2016-11-21 20:13:15 -0500
committer: Jack Lloyd <[email protected]> 2016-11-23 08:31:07 -0500
commit: 33e855853886193867b32da847b8b77f7bc102ee (patch)
tree: ed8d4d93f247832f7768b5fe1e92cde7109e4352 /src/lib/tls/tls_client.cpp
parent: 987fcef3f93fe06500b81da2706b358cff85d53a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 183886c66..99b4ac731 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -391,7 +391,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
 
       try
          {
-         m_creds.verify_certificate_chain("tls-client", m_info.hostname(), server_certs);
+         auto trusted_CAs = m_creds.trusted_certificate_authorities("tls-client", m_info.hostname());
+
+         callbacks().tls_verify_cert_chain(server_certs,
+                                           trusted_CAs,
+                                           Usage_Type::TLS_SERVER_AUTH,
+                                           m_info.hostname());
          }
       catch(std::exception& e)
          {
author	Jack Lloyd <[email protected]>	2016-11-21 20:13:15 -0500
committer	Jack Lloyd <[email protected]>	2016-11-23 08:31:07 -0500
commit	33e855853886193867b32da847b8b77f7bc102ee (patch)
tree	ed8d4d93f247832f7768b5fe1e92cde7109e4352 /src/lib/tls/tls_client.cpp
parent	987fcef3f93fe06500b81da2706b358cff85d53a (diff)