aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_client.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-08-13 11:13:49 -0400
committerJack Lloyd <[email protected]>2016-08-13 11:13:49 -0400
commite29024608fca1b811aa72a7aafd930a42740b968 (patch)
tree729cadf57f8418af74c4abf9ec653f05c27d0774 /src/lib/tls/tls_client.cpp
parent7dd73a96bbea879a6d7107bf4b23a44ba527a134 (diff)
Address some issues with PR 492
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r--src/lib/tls/tls_client.cpp1
1 files changed, 0 insertions, 1 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 13dde99c4..bf7ccdf8c 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -387,7 +387,6 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
new Server_Key_Exchange(contents,
state.ciphersuite().kex_algo(),
state.ciphersuite().sig_algo(),
- policy(),
state.version())
);