Commit ffb402f0 authored by louiz’'s avatar louiz’

Drop support for botan < 2.0

fix #3274
parent f0f3d3d4
Pipeline #831 passed with stages
in 15 minutes and 22 seconds
......@@ -11,6 +11,8 @@ Version 6.0
- Add a global option to make all channels persistent.
- Status code='332' is sent with the unavailable presences when biboumi is
being shutdown or the connection to the IRC server is cut unexpectedly.
- Support for botan version 1.11.x has been dropped, only version 2.x is
supported.
Version 5.0 - 2017-05-24
========================
......
......@@ -47,7 +47,7 @@ udns_ (optional, but recommended)
performances when connecting to a big number of IRC servers at the same
time.
libbotan_ 1.11 or 2.0 (optional)
libbotan_ 2.x (optional)
Provides TLS support. Without it, IRC connections are all made in
plain-text mode.
......
......@@ -19,15 +19,14 @@ include(FindPkgConfig)
if(NOT BOTAN_FOUND)
pkg_check_modules(BOTAN botan-2)
pkg_check_modules(BOTAN botan-1.11)
endif()
if(NOT BOTAN_FOUND)
find_path(BOTAN_INCLUDE_DIRS NAMES botan/botan.h
PATH_SUFFIXES botan-2 botan-1.11
PATH_SUFFIXES botan-2
DOC "The botan include directory")
find_library(BOTAN_LIBRARIES NAMES botan botan-2 botan-1.11
find_library(BOTAN_LIBRARIES NAMES botan botan-2
DOC "The botan library")
# Use some standard module to handle the QUIETLY and REQUIRED arguments, and
......
......@@ -54,29 +54,6 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
std::rethrow_exception(exc);
}
#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
const std::string& purported_hostname,
const std::vector<Botan::X509_Certificate>& certs)
{
log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname);
try
{
Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs);
log_debug("Certificate is valid");
}
catch (const std::exception& tls_exception)
{
log_warning("TLS certificate check failed: ", tls_exception.what());
std::exception_ptr exception_ptr{};
if (this->socket_handler->abort_on_invalid_cert())
exception_ptr = std::current_exception();
check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
}
}
#endif
bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{
for (const auto& path: paths)
......
......@@ -31,11 +31,6 @@ public:
BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
void verify_certificate_chain(const std::string& type,
const std::string& purported_hostname,
const std::vector<Botan::X509_Certificate>&) override final;
#endif
std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
const std::string& context) override final;
void set_trusted_fingerprint(const std::string& fingerprint);
......
......@@ -237,14 +237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string&
this->policy.load(policy_directory + "policy.txt");
this->policy.load(policy_directory + address + ".policy.txt");
this->tls = std::make_unique<Botan::TLS::Client>(
# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
*this,
# else
[this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); },
[this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); },
[this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); },
[this](const Botan::TLS::Session& session) { return this->tls_session_established(session); },
# endif
get_session_manager(), this->credential_manager, this->policy,
get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version());
}
......@@ -327,7 +320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
return true;
}
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
const std::vector<Botan::Certificate_Store*>& trusted_roots,
......@@ -350,7 +342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
}
}
#endif
void TCPSocketHandler::on_tls_activated()
{
......
......@@ -25,22 +25,14 @@
# include <botan/tls_session_manager.h>
# include <network/tls_policy.hpp>
# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
# define BOTAN_TLS_CALLBACKS_OVERRIDE override final
# else
# define BOTAN_TLS_CALLBACKS_OVERRIDE
# endif
#endif
/**
* Does all the read/write, buffering etc. With optional tls.
* But doesn’t do any connect() or accept() or anything else.
*/
class TCPSocketHandler: public SocketHandler
#ifdef BOTAN_FOUND
# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
,public Botan::TLS::Callbacks
# endif
#endif
{
protected:
......@@ -146,31 +138,29 @@ private:
* Called by the tls object that some data has been decrypt. We call
* parse_in_buffer() to handle that unencrypted data.
*/
void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final;
/**
* Called by the tls object to indicate that some data has been encrypted
* and is now ready to be sent on the socket as is.
*/
void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
void tls_emit_data(const Botan::byte* data, size_t size) override final;
/**
* Called by the tls object to indicate that a TLS alert has been
* received. We don’t use it, we just log some message, at the moment.
*/
void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE;
void tls_alert(Botan::TLS::Alert alert) override final;
/**
* Called by the tls object at the end of the TLS handshake. We don't do
* anything here appart from logging the TLS session information.
*/
bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE;
bool tls_session_established(const Botan::TLS::Session& session) override final;
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
const std::vector<Botan::Certificate_Store*>& trusted_roots,
Botan::Usage_Type usage,
const std::string& hostname,
const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE;
#endif
const Botan::TLS::Policy& policy) override final;
/**
* Called whenever the tls session goes from inactive to active. This
* means that the handshake has just been successfully done, and we can
......
......@@ -18,13 +18,7 @@
std::string sha1(const std::string& input)
{
#ifdef BOTAN_FOUND
# if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
auto sha1 = Botan::HashFunction::create("SHA-1");
if (!sha1)
throw Botan::Algorithm_Not_Found("SHA-1");
# else
auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
# endif
sha1->update(input);
return Botan::hex_encode(sha1->final(), false);
#endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment