From f4f6726262d1096974d191de3f3220b6e1a41c06 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Fri, 25 Nov 2016 12:01:10 -0500
Subject: Add TLS::Policy::minimum_signature_strength

Changes TLS callback API for cert verify to accept Policy&

Sets default signature strength to 110 to force RSA ~2048.
---
 src/cli/tls_client.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/cli/tls_client.cpp')

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 6fbb59e6f..8e21e21e5 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -255,12 +255,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
          const std::vector<Botan::X509_Certificate>& cert_chain,
          const std::vector<Botan::Certificate_Store*>& trusted_roots,
          Botan::Usage_Type usage,
-         const std::string& hostname) override
+         const std::string& hostname,
+         const Botan::TLS::Policy& policy) override
          {
          if(cert_chain.empty())
             throw std::invalid_argument("Certificate chain was empty");
 
-         Botan::Path_Validation_Restrictions restrictions(true, 80);
+         Botan::Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength());
 
          auto ocsp_timeout = std::chrono::milliseconds(300);
 
-- 
cgit v1.2.3