-
- Downloads
certstore: re-factor peer certificate authorization routine
* cleanup CertStore to remove unused features
* ensure that at least one certificate in the chain is allowed
if public calls are disabled and that no certificate in the chain
is banned, additionally to the chain match.
This prevent allowing any certificate signed by the CA of a contact,
while still supporting authorization through a CA (with
setCertificateStatus).
* use dht::crypto::TrustList when relevant (requires OpenDHT bump)
* rebuild trust list when appropriate as GnuTLS' trust list
doesn't allow "unbanning". This fix issues when banning then allowing
a certificate during the same session
Change-Id: I8ea28f3a673eebf2174e8fab3a413c20630b28ca
Reviewed-by: 
Nicolas Jäger <nicolas.jager@savoirfairelinux.com>
Showing
- src/client/configurationmanager.cpp 2 additions, 7 deletionssrc/client/configurationmanager.cpp
- src/ringdht/ringaccount.cpp 26 additions, 42 deletionssrc/ringdht/ringaccount.cpp
- src/ringdht/ringaccount.h 1 addition, 2 deletionssrc/ringdht/ringaccount.h
- src/security/certstore.cpp 70 additions, 199 deletionssrc/security/certstore.cpp
- src/security/certstore.h 24 additions, 31 deletionssrc/security/certstore.h
- src/security/tlsvalidator.cpp 2 additions, 3 deletionssrc/security/tlsvalidator.cpp
Loading
Please register or sign in to comment