summaryrefslogtreecommitdiffstats
path: root/src/mbedTLS++/BlockingSslClientSocket.h
diff options
context:
space:
mode:
authorpeterbell10 <peterbell10@live.co.uk>2017-08-30 16:00:06 +0200
committerTiger Wang <ziwei.tiger@outlook.com>2017-08-30 16:00:06 +0200
commit84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 (patch)
treeaa1648c2ba260b8576673677435481d371eec7b0 /src/mbedTLS++/BlockingSslClientSocket.h
parentUpdate core plugins to latest version (#3951) (diff)
downloadcuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.gz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.bz2
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.lz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.xz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.zst
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.zip
Diffstat (limited to '')
-rw-r--r--src/mbedTLS++/BlockingSslClientSocket.h (renamed from src/PolarSSL++/BlockingSslClientSocket.h)23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/PolarSSL++/BlockingSslClientSocket.h b/src/mbedTLS++/BlockingSslClientSocket.h
index 651d750e6..24ee32680 100644
--- a/src/PolarSSL++/BlockingSslClientSocket.h
+++ b/src/mbedTLS++/BlockingSslClientSocket.h
@@ -1,4 +1,4 @@
-
+
// BlockingSslClientSocket.h
// Declares the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
@@ -45,12 +45,15 @@ public:
Note that this also frees the internal SSL context, so all the certificates etc. are lost. */
void Disconnect(void);
- /** Sets the root certificates that are to be trusted. Forces the connection to use strict cert
- verification. Needs to be used before calling Connect().
- a_ExpectedPeerName is the name that we expect to receive in the SSL peer's cert; verification will fail if
- the presented name is different (possible MITM).
- Returns true on success, false on failure. Sets internal error text on failure. */
- bool SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName);
+ /** Sets the Expected peer name.
+ Needs to be used before calling Connect().
+ \param a_ExpectedPeerName Name that we expect to receive in the SSL peer's cert; verification will fail if
+ the presented name is different (possible MITM). */
+ void SetExpectedPeerName(AString a_ExpectedPeerName);
+
+ /** Set the config to be used by the SSL context.
+ Config must not be modified after calling connect. */
+ void SetSslConfig(std::shared_ptr<const cSslConfig> a_Config);
/** Returns the text of the last error that has occurred in this instance. */
const AString & GetLastErrorText(void) const { return m_LastErrorText; }
@@ -68,10 +71,10 @@ protected:
/** The object used to signal state changes in the socket (the cause of the blocking). */
cEvent m_Event;
- /** The trusted CA root cert store, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
- cX509CertPtr m_CACerts;
+ /** The configuration to be used by the SSL context. Set by SetSslConfig(). */
+ std::shared_ptr<const cSslConfig> m_Config;
- /** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
+ /** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetExpectedPeerName(). */
AString m_ExpectedPeerName;
/** The hostname to which the socket is connecting (stored for error reporting). */