The credentials manager interface seems a much better place for cert

checking, allowed client auth CAs, etc than the policy class. With this change, most users won't ever need to modify the default policy which is likely a good thing. Remove copy and paste of the credentials manager implemenation in the examples.
author: lloyd <[email protected]> 2012-01-23 23:36:19 +0000
committer: lloyd <[email protected]> 2012-01-23 23:36:19 +0000
commit: f34cc48100c672824aa70869adfb59669055d173 (patch)
tree: 6cbcd0d984b1a38b8024cf3b0642edc2a0498368 /src/tls/tls_client.cpp
parent: e3dc1e69f53f93e03411f258e976d2befcf45f91 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 835e8d4bd..215ff6972 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -251,9 +251,15 @@ void Client::process_handshake_msg(Handshake_Type type,
          throw TLS_Exception(HANDSHAKE_FAILURE,
                              "Client: No certificates sent by server");
 
-      if(!policy.check_cert(peer_certs))
-         throw TLS_Exception(BAD_CERTIFICATE,
-                             "Client: Server certificate is not valid");
+      try
+         {
+         creds.verify_certificate_chain(peer_certs,
+                                        state->client_hello->sni_hostname());
+         }
+      catch(std::exception& e)
+         {
+         throw TLS_Exception(BAD_CERTIFICATE, e.what());
+         }
 
       std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
author	lloyd <[email protected]>	2012-01-23 23:36:19 +0000
committer	lloyd <[email protected]>	2012-01-23 23:36:19 +0000
commit	f34cc48100c672824aa70869adfb59669055d173 (patch)
tree	6cbcd0d984b1a38b8024cf3b0642edc2a0498368 /src/tls/tls_client.cpp
parent	e3dc1e69f53f93e03411f258e976d2befcf45f91 (diff)