Hiding SRP users or not is policy. Not sure what the default should be for this

author: lloyd <[email protected]> 2012-01-25 00:36:50 +0000
committer: lloyd <[email protected]> 2012-01-25 00:36:50 +0000
commit: f4874a59ade430938992b00ad5f8939f38003d93 (patch)
tree: 157f5bad006731c8384f109e40132d0f0fba2bb5 /src/tls/tls_policy.h
parent: 5d0a39d62ce08b68eaffd6914fcba5bc1a943926 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 72ce8df9e..3a926949a 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -84,13 +84,21 @@ class BOTAN_DLL Policy
       */
       virtual DL_Group dh_group() const { return DL_Group("modp/ietf/1536"); }
 
-      /*
+      /**
+      * If this function returns false, unknown SRP identifiers will be rejected
+      * with an unknown_psk_identifier alert. Otherwise, a false identifier value
+      * will be used, causing the login to fail without revealing that the username
+      * does not exist on this system.
+      */
+      virtual bool hide_unknown_srp_users() const { return false; }
+
+      /**
       * @return the minimum version that we are willing to negotiate
       */
       virtual Protocol_Version min_version() const
          { return Protocol_Version::SSL_V3; }
 
-      /*
+      /**
       * @return the version we would prefer to negotiate
       */
       virtual Protocol_Version pref_version() const
author	lloyd <[email protected]>	2012-01-25 00:36:50 +0000
committer	lloyd <[email protected]>	2012-01-25 00:36:50 +0000
commit	f4874a59ade430938992b00ad5f8939f38003d93 (patch)
tree	157f5bad006731c8384f109e40132d0f0fba2bb5 /src/tls/tls_policy.h
parent	5d0a39d62ce08b68eaffd6914fcba5bc1a943926 (diff)