diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-05-03 16:14:18 +0200 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-05-03 17:16:46 +0200 |
commit | d46f9d3f4e006d3bca9b99fac25169b17e7ac803 (patch) | |
tree | 4dbe7bbc59ba99441115ebaa7f2475774b0856ce /client/red_peer.h | |
parent | c16b1a924b161d8031193fc375be8e2773f8d0c1 (diff) | |
download | spice-d46f9d3f4e006d3bca9b99fac25169b17e7ac803.tar.gz spice-d46f9d3f4e006d3bca9b99fac25169b17e7ac803.tar.xz spice-d46f9d3f4e006d3bca9b99fac25169b17e7ac803.zip |
client: make use of ssl_verify.c
Fixed since v1:
- don't include C code, rather use the common lib
- add missing spice_openssl_verify_free() call
- keep the extra-parsing of subject for error reporting
Diffstat (limited to 'client/red_peer.h')
-rw-r--r-- | client/red_peer.h | 23 |
1 files changed, 5 insertions, 18 deletions
diff --git a/client/red_peer.h b/client/red_peer.h index a4310e6f..7e3428bd 100644 --- a/client/red_peer.h +++ b/client/red_peer.h @@ -27,6 +27,8 @@ #include "threads.h" #include "platform_utils.h" #include "marshaller.h" +#include "debug.h" +#include "ssl_verify.h" class RedPeer: protected EventSources::Socket { public: @@ -41,24 +43,18 @@ public: class HostAuthOptions { public: - enum Type { - HOST_AUTH_OP_PUBKEY = 1, - HOST_AUTH_OP_NAME = (1 << 1), - HOST_AUTH_OP_SUBJECT = (1 << 2), - }; - typedef std::vector<uint8_t> PublicKey; typedef std::pair<std::string, std::string> CertFieldValuePair; typedef std::list<CertFieldValuePair> CertFieldValueList; - HostAuthOptions() : type_flags(0) {} + HostAuthOptions() : type_flags(SPICE_SSL_VERIFY_OP_NONE) {} public: - int type_flags; + SPICE_SSL_VERIFY_OP type_flags; PublicKey host_pubkey; - CertFieldValueList host_subject; + std::string host_subject; std::string CA_file; }; @@ -124,15 +120,6 @@ public: protected: virtual void on_event() {} virtual int get_socket() { return _peer;} - - static bool x509_cert_host_name_compare(const char *cert_name, int cert_name_size, - const char *host_name); - - static bool verify_pubkey(X509* cert, const HostAuthOptions::PublicKey& key); - static bool verify_host_name(X509* cert, const char* host_name); - static bool verify_subject(X509* cert, const HostAuthOptions::CertFieldValueList& subject); - - static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx); void cleanup(); private: |