generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 08:31:43 +02:00
Code Issues Projects Releases Wiki Activity

#2895, #2935: support OCSP stapling

Browse Source
This commit is contained in:
Günter Obiltschnig
2021-06-23 08:36:38 +02:00
parent d28d2b7a80
commit 3ca91a8fe1
5 changed files with 188 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
NetSSL_OpenSSL/include/Poco/Net/Context.h
View File

@@ -159,6 +159,10 @@ public:
/// Specifies whether the builtin CA certificates from OpenSSL are used.
/// Defaults to false.
bool ocspStaplingVerification;
/// Specifies whether Client should verify OCSP Response
/// Defaults to false.
std::string cipherList;
/// Specifies the supported ciphers in OpenSSL notation.
/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
@@ -402,6 +406,10 @@ public:
/// preferences. When called, the SSL/TLS server will choose following its own
/// preferences.
bool ocspStaplingResponseVerificationEnabled() const;
/// Returns true if automatic OCSP response
/// reception and verification is enabled for client connections
void setInvalidCertificateHandler(InvalidCertificateHandlerPtr pInvalidCertificageHandler);
/// Sets a Context-specific InvalidCertificateHandler.
///
@@ -430,6 +438,7 @@ private:
VerificationMode _mode;
SSL_CTX* _pSSLContext;
bool _extendedCertificateVerification;
bool _ocspStaplingResponseVerification;
InvalidCertificateHandlerPtr _pInvalidCertificateHandler;
};
@@ -472,6 +481,12 @@ inline bool Context::extendedCertificateVerificationEnabled() const
}
inline bool Context::ocspStaplingResponseVerificationEnabled() const
{
return _ocspStaplingResponseVerification;
}
inline Context::InvalidCertificateHandlerPtr Context::getInvalidCertificateHandler() const
{
return _pInvalidCertificateHandler;

5
NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
View File

@@ -272,6 +272,11 @@ protected:
/// The request is delegated to the PrivatekeyPassword event. This method returns the
/// length of the password.
static int verifyOCSPResponseCallback(SSL* pSSL, void* arg);
/// The return value of this method defines how errors in
/// verification are handled. Return 0 to terminate the handshake,
/// or 1 to continue despite the error.
static Poco::Util::AbstractConfiguration& appConfig();
/// Returns the application configuration.
///