aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_policy.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_policy.h')
-rw-r--r--src/tls/tls_policy.h63
1 files changed, 63 insertions, 0 deletions
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
new file mode 100644
index 000000000..461164d2f
--- /dev/null
+++ b/src/tls/tls_policy.h
@@ -0,0 +1,63 @@
+/*
+* Policies
+* (C) 2004-2006 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#ifndef BOTAN_TLS_POLICY_H__
+#define BOTAN_TLS_POLICY_H__
+
+#include <botan/tls_magic.h>
+#include <botan/x509cert.h>
+#include <botan/dl_group.h>
+#include <vector>
+
+namespace Botan {
+
+/**
+* TLS Policy Base Class
+* Inherit and overload as desired to suite local policy concerns
+*/
+class BOTAN_DLL TLS_Policy
+ {
+ public:
+ std::vector<u16bit> ciphersuites() const;
+ virtual std::vector<byte> compression() const;
+
+ virtual u16bit choose_suite(const std::vector<u16bit>& client_suites,
+ bool rsa_ok,
+ bool dsa_ok) const;
+
+ virtual byte choose_compression(const std::vector<byte>& client) const;
+
+ virtual bool allow_static_rsa() const { return true; }
+ virtual bool allow_edh_rsa() const { return true; }
+ virtual bool allow_edh_dsa() const { return true; }
+ virtual bool require_client_auth() const { return false; }
+
+ virtual DL_Group dh_group() const;
+ virtual size_t rsa_export_keysize() const { return 512; }
+
+ /*
+ * @return the minimum version that we will negotiate
+ */
+ virtual Version_Code min_version() const { return SSL_V3; }
+
+ /*
+ * @return the version we would prefer to negotiate
+ */
+ virtual Version_Code pref_version() const { return TLS_V11; }
+
+ virtual bool check_cert(const std::vector<X509_Certificate>& cert_chain) const = 0;
+
+ virtual ~TLS_Policy() {}
+ private:
+ virtual std::vector<u16bit> suite_list(bool use_rsa,
+ bool use_edh_rsa,
+ bool use_edh_dsa) const;
+ };
+
+}
+
+#endif