aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-24 05:42:20 -0400
committerJack Lloyd <[email protected]>2018-03-24 05:42:20 -0400
commit04729be983f3090595f92c2d4752081487ea7c4d (patch)
tree3b20d85a3fbaf0d520b78839ad64b328fc9dc162 /src
parent8cbcc468ee8a1767f091b7aa73ab3a3b08bde253 (diff)
Add some options to tls_client cli to control trusted CAs
Diffstat (limited to 'src')
-rw-r--r--src/cli/credentials.h24
-rw-r--r--src/cli/tls_client.cpp19
2 files changed, 28 insertions, 15 deletions
diff --git a/src/cli/credentials.h b/src/cli/credentials.h
index 3b46c239c..da21dd842 100644
--- a/src/cli/credentials.h
+++ b/src/cli/credentials.h
@@ -29,9 +29,24 @@ inline bool value_exists(const std::vector<std::string>& vec,
class Basic_Credentials_Manager : public Botan::Credentials_Manager
{
public:
- Basic_Credentials_Manager()
+ Basic_Credentials_Manager(bool use_system_store,
+ const std::string& ca_paths)
{
- load_certstores();
+ std::vector<std::string> paths;
+
+ if(ca_paths.empty() == false)
+ paths.push_back(ca_paths);
+
+ if(use_system_store)
+ {
+ paths.push_back("/etc/ssl/certs");
+ paths.push_back("/usr/share/ca-certificates");
+ }
+
+ if(paths.empty() == false)
+ {
+ load_certstores(paths);
+ }
}
Basic_Credentials_Manager(Botan::RandomNumberGenerator& rng,
@@ -59,13 +74,10 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager
m_creds.push_back(cert);
}
- void load_certstores()
+ void load_certstores(const std::vector<std::string>& paths)
{
try
{
- // TODO: make path configurable
- const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" };
-
for(auto const& path : paths)
{
std::shared_ptr<Botan::Certificate_Store> cs(new Botan::Certificate_Store_In_Memory(path));
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index f3fe0c266..55be7e671 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -37,6 +37,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
TLS_Client()
: Command("tls_client host --port=443 --print-certs --policy= "
"--tls1.0 --tls1.1 --tls1.2 "
+ "--skip-system-cert-store --trusted-cas= "
"--session-db= --session-db-pass= --next-protocols= --type=tcp")
{
init_sockets();
@@ -64,6 +65,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
std::unique_ptr<Botan::TLS::Session_Manager> session_mgr;
const std::string sessions_db = get_arg("session-db");
+ const std::string host = get_arg("host");
+ const uint16_t port = get_arg_sz("port");
+ const std::string transport = get_arg("type");
+ const std::string next_protos = get_arg("next-protocols");
+ std::string policy_file = get_arg("policy");
+ const bool use_system_cert_store = flag_set("skip-system-cert-store") == false;
+ const std::string trusted_CAs = get_arg("trusted-cas");
if(!sessions_db.empty())
{
@@ -80,8 +88,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng()));
}
- std::string policy_file = get_arg("policy");
-
std::unique_ptr<Botan::TLS::Policy> policy;
if(policy_file.size() > 0)
@@ -100,13 +106,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
policy.reset(new Botan::TLS::Policy);
}
- Basic_Credentials_Manager creds;
-
- const std::string host = get_arg("host");
- const uint16_t port = get_arg_sz("port");
- const std::string transport = get_arg("type");
- const std::string next_protos = get_arg("next-protocols");
-
if(transport != "tcp" && transport != "udp")
{
throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS");
@@ -140,6 +139,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
hostname = host;
}
+ Basic_Credentials_Manager creds(use_system_cert_store, trusted_CAs);
+
Botan::TLS::Client client(*this, *session_mgr, creds, *policy, rng(),
Botan::TLS::Server_Information(hostname, port),
version, protocols_to_offer);