diff options
| author | lloyd <[email protected]> | 2012-11-13 19:25:35 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-11-13 19:25:35 +0000 |
| commit | cf8f87c832273ea2d70ed00be7130e36884e370c (patch) | |
| tree | 7d8a9f493c74882a83c35b1993e8992ca221412a /src/tls | |
| parent | 58461a900aea49e5230b7b748fc481114d31904a (diff) | |
Change Credentials_Manager::trusted_certificate_authorities to return
a list of Certificate_Stores instead of a list of actual certs,
allowing for instance the ability to reference a DB cert store without
actually pulling all the certs into memory.
Add Certificate_Store::all_subjects which returns the DNs of all
contained certificates.
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/msg_cert_req.cpp | 13 | ||||
| -rw-r--r-- | src/tls/tls_messages.h | 2 | ||||
| -rw-r--r-- | src/tls/tls_seq_numbers.h | 1 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 12 |
4 files changed, 17 insertions, 11 deletions
diff --git a/src/tls/msg_cert_req.cpp b/src/tls/msg_cert_req.cpp index 4104025cf..23d59c6d4 100644 --- a/src/tls/msg_cert_req.cpp +++ b/src/tls/msg_cert_req.cpp @@ -54,16 +54,11 @@ byte cert_type_name_to_code(const std::string& name) Certificate_Req::Certificate_Req(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, - const std::vector<X509_Certificate>& ca_certs, - Protocol_Version version) + const std::vector<X509_DN>& ca_certs, + Protocol_Version version) : + m_names(ca_certs), + m_cert_key_types({ "RSA", "DSA", "ECDSA" }) { - for(size_t i = 0; i != ca_certs.size(); ++i) - m_names.push_back(ca_certs[i].subject_dn()); - - m_cert_key_types.push_back("RSA"); - m_cert_key_types.push_back("DSA"); - m_cert_key_types.push_back("ECDSA"); - if(version.supports_negotiable_signature_algorithms()) { std::vector<std::string> hashes = policy.allowed_signature_hashes(); diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 52ff52c12..557677c4a 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -356,7 +356,7 @@ class Certificate_Req : public Handshake_Message Certificate_Req(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, - const std::vector<X509_Certificate>& allowed_cas, + const std::vector<X509_DN>& allowed_cas, Protocol_Version version); Certificate_Req(const std::vector<byte>& buf, diff --git a/src/tls/tls_seq_numbers.h b/src/tls/tls_seq_numbers.h index 4a8a0fab8..87edf3130 100644 --- a/src/tls/tls_seq_numbers.h +++ b/src/tls/tls_seq_numbers.h @@ -8,6 +8,7 @@ #ifndef BOTAN_TLS_SEQ_NUMBERS_H__ #define BOTAN_TLS_SEQ_NUMBERS_H__ +#include <botan/types.h> #include <stdexcept> namespace Botan { diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index b91dfc9aa..380d3d5b1 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -534,9 +534,19 @@ void Server::process_handshake_msg(const Handshake_State* active_state, ); } - std::vector<X509_Certificate> client_auth_CAs = + auto trusted_CAs = m_creds.trusted_certificate_authorities("tls-server", sni_hostname); + std::vector<X509_DN> client_auth_CAs; + + for(auto store : trusted_CAs) + { + auto subjects = store->all_subjects(); + client_auth_CAs.insert(client_auth_CAs.end(), + subjects.begin(), + subjects.end()); + } + if(!client_auth_CAs.empty() && state.ciphersuite().sig_algo() != "") { state.cert_req( |