blob: 48ff9185ea0a08d8a728734cd6c1fb79b8477fc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
/*
* Policies
* (C) 2004-2006 Jack Lloyd
*
* Released under the terms of the Botan license
*/
#ifndef BOTAN_TLS_POLICY_H__
#define BOTAN_TLS_POLICY_H__
#include <botan/tls_magic.h>
#include <botan/x509cert.h>
#include <botan/dl_group.h>
#include <vector>
namespace Botan {
/**
* TLS Policy Base Class
* Inherit and overload as desired to suite local policy concerns
*/
class BOTAN_DLL TLS_Policy
{
public:
std::vector<u16bit> ciphersuites(bool have_srp) const;
virtual std::vector<byte> compression() const;
virtual u16bit choose_suite(const std::vector<u16bit>& client_suites,
bool rsa_ok,
bool dsa_ok,
bool srp_ok) const;
virtual byte choose_compression(const std::vector<byte>& client) const;
virtual bool allow_static_rsa() const { return true; }
virtual bool allow_edh_rsa() const { return true; }
virtual bool allow_edh_dsa() const { return true; }
virtual bool allow_srp() const { return true; }
virtual bool require_client_auth() const { return false; }
virtual bool require_secure_renegotiation() const { return true; }
virtual DL_Group dh_group() const;
virtual size_t rsa_export_keysize() const { return 512; }
/*
* @return the minimum version that we will negotiate
*/
virtual Version_Code min_version() const { return SSL_V3; }
/*
* @return the version we would prefer to negotiate
*/
virtual Version_Code pref_version() const { return TLS_V11; }
virtual bool check_cert(const std::vector<X509_Certificate>& cert_chain) const = 0;
virtual ~TLS_Policy() {}
private:
virtual std::vector<u16bit> suite_list(bool use_rsa,
bool use_edh_rsa,
bool use_edh_dsa,
bool use_srp) const;
};
}
#endif
|