~singpolyma/biboumi

ffb402f0adb9f808c7b8bc9616e71f7b3f8931ac — louiz’ 4 years ago f0f3d3d
Drop support for botan < 2.0

fix #3274
M CHANGELOG.rst => CHANGELOG.rst +2 -0
@@ 11,6 11,8 @@ Version 6.0
 - Add a global option to make all channels persistent.
 - Status code='332' is sent with the unavailable presences when biboumi is
   being shutdown or the connection to the IRC server is cut unexpectedly.
 - Support for botan version 1.11.x has been dropped, only version 2.x is
   supported.

Version 5.0 - 2017-05-24
========================

M INSTALL.rst => INSTALL.rst +1 -1
@@ 47,7 47,7 @@ udns_ (optional, but recommended)
 performances when connecting to a big number of IRC servers at the same
 time.

libbotan_ 1.11 or 2.0 (optional)
libbotan_ 2.x (optional)
 Provides TLS support. Without it, IRC connections are all made in
 plain-text mode.


M cmake/Modules/FindBOTAN.cmake => cmake/Modules/FindBOTAN.cmake +2 -3
@@ 19,15 19,14 @@ include(FindPkgConfig)

if(NOT BOTAN_FOUND)
  pkg_check_modules(BOTAN botan-2)
  pkg_check_modules(BOTAN botan-1.11)
endif()

if(NOT BOTAN_FOUND)
  find_path(BOTAN_INCLUDE_DIRS NAMES botan/botan.h
      PATH_SUFFIXES botan-2 botan-1.11
      PATH_SUFFIXES botan-2
      DOC "The botan include directory")

  find_library(BOTAN_LIBRARIES NAMES botan botan-2 botan-1.11
  find_library(BOTAN_LIBRARIES NAMES botan botan-2
      DOC "The botan library")

  # Use some standard module to handle the QUIETLY and REQUIRED arguments, and

M src/network/credentials_manager.cpp => src/network/credentials_manager.cpp +0 -23
@@ 54,29 54,6 @@ void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
    std::rethrow_exception(exc);
}

#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
                                                       const std::string& purported_hostname,
                                                       const std::vector<Botan::X509_Certificate>& certs)
{
  log_debug("Checking remote certificate (", type, ") for hostname ", purported_hostname);
  try
    {
      Botan::Credentials_Manager::verify_certificate_chain(type, purported_hostname, certs);
      log_debug("Certificate is valid");
    }
  catch (const std::exception& tls_exception)
    {
      log_warning("TLS certificate check failed: ", tls_exception.what());
      std::exception_ptr exception_ptr{};
      if (this->socket_handler->abort_on_invalid_cert())
        exception_ptr = std::current_exception();

      check_tls_certificate(certs, purported_hostname, this->trusted_fingerprint, exception_ptr);
    }
}
#endif

bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{
  for (const auto& path: paths)

M src/network/credentials_manager.hpp => src/network/credentials_manager.hpp +0 -5
@@ 31,11 31,6 @@ public:
  BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
  BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;

#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
  void verify_certificate_chain(const std::string& type,
                                const std::string& purported_hostname,
                                const std::vector<Botan::X509_Certificate>&) override final;
#endif
  std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
                                                                         const std::string& context) override final;
  void set_trusted_fingerprint(const std::string& fingerprint);

M src/network/tcp_socket_handler.cpp => src/network/tcp_socket_handler.cpp +0 -9
@@ 237,14 237,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string& 
  this->policy.load(policy_directory + "policy.txt");
  this->policy.load(policy_directory + address + ".policy.txt");
  this->tls = std::make_unique<Botan::TLS::Client>(
# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
      *this,
# else
      [this](const Botan::byte* data, size_t size) { this->tls_emit_data(data, size); },
      [this](const Botan::byte* data, size_t size) { this->tls_record_received(0, data, size); },
      [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); },
      [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); },
# endif
      get_session_manager(), this->credential_manager, this->policy,
      get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version());
}


@@ 327,7 320,6 @@ bool TCPSocketHandler::tls_session_established(const Botan::TLS::Session& sessio
  return true;
}

#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                             const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                                             const std::vector<Botan::Certificate_Store*>& trusted_roots,


@@ 350,7 342,6 @@ void TCPSocketHandler::tls_verify_cert_chain(const std::vector<Botan::X509_Certi
      check_tls_certificate(cert_chain, hostname, this->credential_manager.get_trusted_fingerprint(), exception_ptr);
    }
}
#endif

void TCPSocketHandler::on_tls_activated()
{

M src/network/tcp_socket_handler.hpp => src/network/tcp_socket_handler.hpp +5 -15
@@ 25,22 25,14 @@
# include <botan/tls_session_manager.h>
# include <network/tls_policy.hpp>

# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
#  define BOTAN_TLS_CALLBACKS_OVERRIDE override final
# else
#  define BOTAN_TLS_CALLBACKS_OVERRIDE
# endif
#endif

/**
 * Does all the read/write, buffering etc. With optional tls.
 * But doesn’t do any connect() or accept() or anything else.
 */
class TCPSocketHandler: public SocketHandler
#ifdef BOTAN_FOUND
# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32)
    ,public Botan::TLS::Callbacks
# endif
#endif
{
protected:


@@ 146,31 138,29 @@ private:
   * Called by the tls object that some data has been decrypt. We call
   * parse_in_buffer() to handle that unencrypted data.
   */
  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
  void tls_record_received(uint64_t rec_no, const Botan::byte* data, size_t size) override final;
  /**
   * Called by the tls object to indicate that some data has been encrypted
   * and is now ready to be sent on the socket as is.
   */
  void tls_emit_data(const Botan::byte* data, size_t size) BOTAN_TLS_CALLBACKS_OVERRIDE;
  void tls_emit_data(const Botan::byte* data, size_t size) override final;
  /**
   * Called by the tls object to indicate that a TLS alert has been
   * received. We don’t use it, we just log some message, at the moment.
   */
  void tls_alert(Botan::TLS::Alert alert) BOTAN_TLS_CALLBACKS_OVERRIDE;
  void tls_alert(Botan::TLS::Alert alert) override final;
  /**
   * Called by the tls object at the end of the TLS handshake. We don't do
   * anything here appart from logging the TLS session information.
   */
  bool tls_session_established(const Botan::TLS::Session& session) BOTAN_TLS_CALLBACKS_OVERRIDE;
  bool tls_session_established(const Botan::TLS::Session& session) override final;

#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34)
  void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                             const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
                             const std::vector<Botan::Certificate_Store*>& trusted_roots,
                             Botan::Usage_Type usage,
                             const std::string& hostname,
                             const Botan::TLS::Policy& policy) BOTAN_TLS_CALLBACKS_OVERRIDE;
#endif
                             const Botan::TLS::Policy& policy) override final;
  /**
   * Called whenever the tls session goes from inactive to active. This
   * means that the handshake has just been successfully done, and we can

M src/utils/sha1.cpp => src/utils/sha1.cpp +0 -6
@@ 18,13 18,7 @@
std::string sha1(const std::string& input)
{
#ifdef BOTAN_FOUND
# if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
  auto sha1 = Botan::HashFunction::create("SHA-1");
  if (!sha1)
    throw Botan::Algorithm_Not_Found("SHA-1");
# else
  auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
# endif
  sha1->update(input);
  return Botan::hex_encode(sha1->final(), false);
#endif