Commit 4916d7c6 authored by Romain DEP.'s avatar Romain DEP.

add 'verify_certificate' as possible configuration token for policy files

 This lets the user configure a per-domain certificate validation policy
parent 458ea53d
Pipeline #1417 passed with stages
in 13 minutes and 27 seconds
......@@ -332,6 +332,11 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
Botan::Usage_Type usage, const std::string& hostname,
const Botan::TLS::Policy& policy)
{
if (!this->policy.verify_certificate_info())
{
log_debug("Not verifying certificate due to domain policy ");
return;
}
log_debug("Checking remote certificate for hostname ", hostname);
try
{
......
......@@ -37,6 +37,8 @@ void BiboumiTLSPolicy::load(std::istream& is)
// Workaround for options that are not overridden in Botan::TLS::Text_Policy
if (pair.first == "require_cert_revocation_info")
this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false");
else if (pair.first == "verify_certificate")
this->verify_certificate = !(pair.second == "0" || utils::tolower(pair.second) == "false");
else
this->set(pair.first, pair.second);
}
......@@ -47,4 +49,9 @@ bool BiboumiTLSPolicy::require_cert_revocation_info() const
return this->req_cert_revocation_info;
}
bool BiboumiTLSPolicy::verify_certificate_info() const
{
return this->verify_certificate;
}
#endif
......@@ -21,8 +21,10 @@ public:
BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete;
bool require_cert_revocation_info() const override;
bool verify_certificate_info() const;
protected:
bool req_cert_revocation_info{true};
bool verify_certificate{true};
};
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment