Swiftdiff options
| author | dreijer <dreijer@echobit.net> | 2012-03-22 14:17:38 (GMT) |
|---|---|---|
| committer | dreijer <dreijer@echobit.net> | 2012-03-22 15:56:31 (GMT) |
| commit | 5f9e12d9d197195a859ad523a39fdb752f2c4cff (patch) | |
| tree | 827b31bc062cfef1432eb4b984760ec48d9e32b0 /Swiften/TLS/Schannel/SchannelContext.h | |
| parent | 2fa37f2976b933ca0bcf5f85dd1615805776d67d (diff) | |
| download | swift-contrib-dreijer/schannel.zip swift-contrib-dreijer/schannel.tar.bz2 | |
Manual certificate verification.dreijer/schannel
Added two additional TLS errors related to revocation.
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
Diffstat (limited to 'Swiften/TLS/Schannel/SchannelContext.h')
| -rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 7726c41..70b0694 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -19,70 +19,72 @@ #include <security.h> #include <schnlsp.h> #include <boost/noncopyable.hpp> namespace Swift { class SchannelContext : public TLSContext, boost::noncopyable { public: typedef boost::shared_ptr<SchannelContext> sp_t; public: SchannelContext(); ~SchannelContext(); // // TLSContext // virtual void connect(); virtual bool setClientCertificate(CertificateWithKey::ref cert); virtual void handleDataFromNetwork(const SafeByteArray& data); virtual void handleDataFromApplication(const SafeByteArray& data); virtual Certificate::ref getPeerCertificate() const; virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const; virtual ByteArray getFinishMessage() const; private: void determineStreamSizes(); void continueHandshake(const SafeByteArray& data); void indicateError(); + void handleCertError(SECURITY_STATUS status) ; void sendDataOnNetwork(const void* pData, size_t dataSize); void forwardDataToApplication(const void* pData, size_t dataSize); void decryptAndProcessData(const SafeByteArray& data); void encryptAndSendData(const SafeByteArray& data); void appendNewData(const SafeByteArray& data); + SECURITY_STATUS validateServerCertificate(); private: enum SchannelState { Start, Connecting, Connected, Error }; SchannelState m_state; - CertificateVerificationError m_verificationError; + boost::optional<CertificateVerificationError> m_verificationError; ULONG m_secContext; ScopedCredHandle m_credHandle; ScopedCtxtHandle m_ctxtHandle; DWORD m_ctxtFlags; SecPkgContext_StreamSizes m_streamSizes; std::vector<char> m_receivedData; HCERTSTORE m_my_cert_store; std::string m_cert_store_name; std::string m_cert_name; }; } |