gergely/taskwarrior-2.x
1
0
Fork 0
Code Issues Actions Packages Projects Releases 1 Wiki Activity

TLSClient: add hostname verifcation

Browse Source 
The CN or subjectAltNames of the TLS certification is now matched with
the hostname connected to.

taskd.trust is now a tristate value (allow all, ignore hostname,
strict) to optionally disable the new hostname verification.
This commit is contained in:
Alexander Sulfrian
2014-03-18 19:21:49 +01:00
committed by Paul Beckingham
parent fdcc04d13e
commit 7fb1487993
5 changed files with 73 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/TLSClient.h
View File

@@ -34,11 +34,13 @@
class TLSClient
{
public:
enum trust_level { strict, ignore_hostname, allow_all };
TLSClient ();
~TLSClient ();
void limit (int);
void debug (int);
void trust (bool);
void trust (const enum trust_level);
void ciphers (const std::string&);
void init (const std::string&, const std::string&, const std::string&);
void connect (const std::string&, const std::string&);
@@ -53,12 +55,14 @@ private:
std::string _cert;
std::string _key;
std::string _ciphers;
std::string _host;
std::string _port;
gnutls_certificate_credentials_t _credentials;
gnutls_session_t _session;
int _socket;
int _limit;
bool _debug;
bool _trust;
enum trust_level _trust;
};
#endif