From 9ee17c62aba097b3b682d1ec217c31fdf8f2dedb Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 29 Nov 2013 22:50:03 +0000 Subject: First pass at automatic OCSP checks --- src/cert/x509/x509path.h | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/cert/x509/x509path.h') diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h index c935daa77..2c3268529 100644 --- a/src/cert/x509/x509path.h +++ b/src/cert/x509/x509path.h @@ -25,10 +25,12 @@ class BOTAN_DLL Path_Validation_Restrictions * @param require_rev if true, revocation information is required * @param minimum_key_strength is the minimum strength (in terms of * operations, eg 80 means 2^80) of a signature. Signatures - * weaker than this are rejected. + * weaker than this are rejected. If more than 80, SHA-1 + * signatures are also rejected. */ Path_Validation_Restrictions(bool require_rev = false, - size_t minimum_key_strength = 80); + size_t minimum_key_strength = 80, + bool ocsp_all_intermediates = false); /** * @param require_rev if true, revocation information is required @@ -41,14 +43,19 @@ class BOTAN_DLL Path_Validation_Restrictions */ Path_Validation_Restrictions(bool require_rev, size_t minimum_key_strength, + bool ocsp_all_intermediates, const std::set& trusted_hashes) : m_require_revocation_information(require_rev), + m_ocsp_all_intermediates(ocsp_all_intermediates), m_trusted_hashes(trusted_hashes), m_minimum_key_strength(minimum_key_strength) {} bool require_revocation_information() const { return m_require_revocation_information; } + bool ocsp_all_intermediates() const + { return m_ocsp_all_intermediates; } + const std::set& trusted_hashes() const { return m_trusted_hashes; } @@ -57,6 +64,7 @@ class BOTAN_DLL Path_Validation_Restrictions private: bool m_require_revocation_information; + bool m_ocsp_all_intermediates; std::set m_trusted_hashes; size_t m_minimum_key_strength; }; @@ -86,7 +94,7 @@ class BOTAN_DLL Path_Validation_Result /** * @return true iff the validation was succesful */ - bool successful_validation() const { return status() == VERIFIED; } + bool successful_validation() const; /** * @return validation result code -- cgit v1.2.3