Add args for botan FFI cert verification for hostname and time

author: Jack Lloyd <[email protected]> 2018-08-16 19:07:24 -0400
committer: Jack Lloyd <[email protected]> 2018-08-16 19:07:24 -0400
commit: 5d15cbbad729cde83f35ca4e73c3afd62f0e5f7c (patch)
tree: a5f01f545f848e809e4b39ba7f03f507ab244f0f /src/lib
parent: abac219d8a0a48b7d03221cbd9c3f84127acaa01 (diff)
2 files changed, 16 insertions, 4 deletions
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index a680a0c19..19e04ce4d 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -1420,7 +1420,9 @@ BOTAN_PUBLIC_API(2,8) int botan_x509_cert_verify(
    const botan_x509_cert_t* trusted,
    size_t trusted_len,
    const char* trusted_path,
-   size_t required_strength);
+   size_t required_strength,
+   const char* hostname,
+   uint64_t reference_time);
 
 /**
 * Returns a pointer to a static character string explaining the status code,
diff --git a/src/lib/ffi/ffi_cert.cpp b/src/lib/ffi/ffi_cert.cpp
index 1e832765c..723bea862 100644
--- a/src/lib/ffi/ffi_cert.cpp
+++ b/src/lib/ffi/ffi_cert.cpp
@@ -261,14 +261,21 @@ int botan_x509_cert_verify(int* result_code,
                            const botan_x509_cert_t* trusted,
                            size_t trusted_len,
                            const char* trusted_path,
-                           size_t required_strength)
+                           size_t required_strength,
+                           const char* hostname_cstr,
+                           uint64_t reference_time)
    {
    if(required_strength == 0)
       required_strength = 110;
 
    return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
-      std::vector<Botan::X509_Certificate> end_certs;
+      const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
+      const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;
+      const auto validation_time = reference_time == 0 ?
+         std::chrono::system_clock::now() :
+         std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));
 
+      std::vector<Botan::X509_Certificate> end_certs;
       end_certs.push_back(safe_get(cert));
       for(size_t i = 0; i != intermediates_len; ++i)
          end_certs.push_back(safe_get(intermediates[i]));
@@ -297,7 +304,10 @@ int botan_x509_cert_verify(int* result_code,
 
       auto validation_result = Botan::x509_path_validate(end_certs,
                                                          restrictions,
-                                                         trusted_roots);
+                                                         trusted_roots,
+                                                         hostname,
+                                                         usage,
+                                                         validation_time);
 
       if(result_code)
          *result_code = static_cast<int>(validation_result.result());
author	Jack Lloyd <[email protected]>	2018-08-16 19:07:24 -0400
committer	Jack Lloyd <[email protected]>	2018-08-16 19:07:24 -0400
commit	5d15cbbad729cde83f35ca4e73c3afd62f0e5f7c (patch)
tree	a5f01f545f848e809e4b39ba7f03f507ab244f0f /src/lib
parent	abac219d8a0a48b7d03221cbd9c3f84127acaa01 (diff)