mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-15 10:52:30 +00:00
b79ead9c84
* Replicate poco into base/poco/ * De-register poco submodule * Build poco from ClickHouse * Exclude poco from stylecheck * Exclude poco from whitespace check * Exclude poco from typo check * Remove x bit from sources/headers (the style check complained) * Exclude poco from duplicate include check * Fix fasttest * Remove contrib/poco-cmake/* * Simplify poco build descriptions * Remove poco stuff not used by ClickHouse * Glob poco sources * Exclude poco from clang-tidy
81 lines
2.8 KiB
C++
81 lines
2.8 KiB
C++
//
|
|
// InvalidCertificateHandler.h
|
|
//
|
|
// Library: NetSSL_OpenSSL
|
|
// Package: SSLCore
|
|
// Module: InvalidCertificateHandler
|
|
//
|
|
// Definition of the InvalidCertificateHandler class.
|
|
//
|
|
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
|
|
// and Contributors.
|
|
//
|
|
// SPDX-License-Identifier: BSL-1.0
|
|
//
|
|
|
|
|
|
#ifndef NetSSL_InvalidCertificateHandler_INCLUDED
|
|
#define NetSSL_InvalidCertificateHandler_INCLUDED
|
|
|
|
|
|
#include "Poco/Net/NetSSL.h"
|
|
#include "Poco/Net/VerificationErrorArgs.h"
|
|
|
|
|
|
namespace Poco {
|
|
namespace Net {
|
|
|
|
|
|
class NetSSL_API InvalidCertificateHandler
|
|
/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
|
|
/// to inspect and accept/reject the certificate.
|
|
/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
|
|
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
|
|
/// and the name of your handler class is MyGuiHandler):
|
|
///
|
|
/// #include "Poco/Net/CertificateHandlerFactory.h"
|
|
/// ...
|
|
/// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler)
|
|
///
|
|
/// One can either set the handler directly in the startup code of the main method of ones application by calling
|
|
///
|
|
/// SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext)
|
|
///
|
|
/// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry
|
|
/// under the path openSSL.invalidCertificateHandler:
|
|
///
|
|
/// <invalidCertificateHandler>
|
|
/// <name>MyGuiHandler<name>
|
|
/// <options>
|
|
/// [...] // Put optional config params for the handler here
|
|
/// </options>
|
|
/// </invalidCertificateHandler>
|
|
///
|
|
/// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
|
|
{
|
|
public:
|
|
InvalidCertificateHandler(bool handleErrorsOnServerSide);
|
|
/// Creates the InvalidCertificateHandler.
|
|
///
|
|
/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
|
|
/// Automatically registers at one of the SSLManager::VerificationError events.
|
|
|
|
virtual ~InvalidCertificateHandler();
|
|
/// Destroys the InvalidCertificateHandler.
|
|
|
|
virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0;
|
|
/// Receives the questionable certificate in parameter errorCert. If one wants to accept the
|
|
/// certificate, call errorCert.setIgnoreError(true).
|
|
|
|
protected:
|
|
bool _handleErrorsOnServerSide;
|
|
/// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong)
|
|
/// or the client (a server certificate is wrong)
|
|
};
|
|
|
|
|
|
} } // namespace Poco::Net
|
|
|
|
|
|
#endif // NetSSL_InvalidCertificateHandler_INCLUDED
|