allow setting a verify_callback in TLS::Context

This will allow customizing the tls_verify_cert_chain callback for TLS::Stream. TLS::Context is now a class and its members are protected.
author: Hannes Rantzsch <[email protected]> 2019-06-03 11:18:47 +0200
committer: Hannes Rantzsch <[email protected]> 2019-06-03 16:45:08 +0200
commit: 960b87f42baf300e6d597029e9143d3356cc514e (patch)
tree: d599da52700d6ebe12ad6ce8bba6d448220e8867 /src/lib/tls
parent: aed46aad14b793ca04309d053dc55bb77411c089 (diff)
1 files changed, 61 insertions, 7 deletions
diff --git a/src/lib/tls/asio/asio_context.h b/src/lib/tls/asio/asio_context.h
index 7de88ebce..fe949d29b 100644
--- a/src/lib/tls/asio/asio_context.h
+++ b/src/lib/tls/asio/asio_context.h
@@ -14,7 +14,10 @@
 #include <boost/version.hpp>
 #if BOOST_VERSION >= 106600
 
+#include <functional>
+
 #include <botan/credentials_manager.h>
+#include <botan/ocsp.h>
 #include <botan/rng.h>
 #include <botan/tls_policy.h>
 #include <botan/tls_server_info.h>
@@ -23,15 +26,66 @@
 namespace Botan {
 namespace TLS {
 
-struct Context
+/**
+ * A helper class to initialize and configure Botan::TLS::Stream
+ */
+class Context
    {
-   Credentials_Manager*   credentialsManager;
-   RandomNumberGenerator* randomNumberGenerator;
-   Session_Manager*       sessionManager;
-   Policy*                policy;
-   Server_Information     serverInfo;
-   };
+   public:
+      using Verify_Callback = std::function<
+                              void(const std::vector<X509_Certificate>&,
+                                   const std::vector<std::shared_ptr<const OCSP::Response>>&,
+                                   const std::vector<Certificate_Store*>&,
+                                   Usage_Type,
+                                   const std::string&,
+                                   const TLS::Policy&)>;
+
+      Context(Credentials_Manager*   credentialsManager,
+              RandomNumberGenerator* randomNumberGenerator,
+              Session_Manager*       sessionManager,
+              Policy*                policy,
+              Server_Information     serverInfo = Server_Information()) :
+         credentialsManager(credentialsManager),
+         randomNumberGenerator(randomNumberGenerator),
+         sessionManager(sessionManager),
+         policy(policy),
+         serverInfo(serverInfo)
+         {}
+
+      Context(const Context& other) = delete;
+      Context& operator=(const Context& other) = delete;
+      Context(Context&& other) = default;
+      Context& operator=(Context&& other) = default;
+
+      /**
+       * @brief Override the tls_verify_cert_chain callback
+       *
+       * This changes the verify_callback in the stream's TLS::Context, and hence the tls_verify_cert_chain callback
+       * used in the handshake.
+       * Using this function is equivalent to setting the callback via @see Botan::TLS::Stream::set_verify_callback
+       */
+      void set_verify_callback(Verify_Callback callback)
+         {
+         verifyCallback = std::move(callback);
+         }
 
+      bool has_verify_callback() const
+         {
+         return static_cast<bool>(verifyCallback);
+         }
+
+   protected:
+      template <class S, class C> friend class Stream;
+
+      Credentials_Manager*   credentialsManager;
+      RandomNumberGenerator* randomNumberGenerator;
+      Session_Manager*       sessionManager;
+      Policy*                policy;
+
+      Server_Information     serverInfo;
+      Verify_Callback        verifyCallback;
+
+   };
 }  // namespace TLS
 }  // namespace Botan
author	Hannes Rantzsch <[email protected]>	2019-06-03 11:18:47 +0200
committer	Hannes Rantzsch <[email protected]>	2019-06-03 16:45:08 +0200
commit	960b87f42baf300e6d597029e9143d3356cc514e (patch)
tree	d599da52700d6ebe12ad6ce8bba6d448220e8867 /src/lib/tls
parent	aed46aad14b793ca04309d053dc55bb77411c089 (diff)