libfilezilla
Public Types | Public Member Functions | List of all members
tls_session_info Class Referencefinal

Information about a TLS session. More...

#include <tls_info.hpp>

Public Types

enum  algorithm_warnings_t { tlsver = 1 , cipher = 2 , mac = 4 , kex = 8 }
 

Public Member Functions

 tls_session_info (tls_session_info const &)=default
 
 tls_session_info (tls_session_info &&) noexcept=default
 
tls_session_infooperator= (tls_session_info const &)=default
 
tls_session_infooperator= (tls_session_info &&) noexcept=default
 
 tls_session_info (std::string const &host, unsigned int port, std::string const &protocol, std::string const &key_exchange, std::string const &session_cipher, std::string const &session_mac, int algorithm_warnings, std::vector< x509_certificate > &&peer_certificates, std::vector< x509_certificate > &&system_trust_chain, bool hostname_mismatch)
 
std::string const & get_host () const
 The server's hostname used to connect.
 
unsigned int get_port () const
 The server's port.
 
std::string const & get_session_cipher () const
 The symmetric algorithm used to encrypt all exchanged application data.
 
std::string const & get_session_mac () const
 The MAC used for integrity-protect and authenticate the exchanged application data.
 
std::vector< fz::x509_certificate > const & get_certificates () const
 The server's certificate chain. More...
 
std::vector< fz::x509_certificate > const & get_peer_certificates () const
 The certificate chain sent by the peer. More...
 
std::string const & get_protocol () const
 TLS version.
 
std::string const & get_key_exchange () const
 Key exchange algorithm.
 
int get_algorithm_warnings () const
 Warnings about old algorithms used, which are considered weak.
 
bool system_trust () const
 
bool mismatched_hostname () const
 True if the hostname in the SANs does not match the requested hostname.
 

Detailed Description

Information about a TLS session.

Includes information about the used ciphers and details on the certificates sent by the server.

Includes flags whether the certificate chain is trusted by the system trust store and whether the expected hostname matches.

Member Function Documentation

◆ get_certificates()

std::vector<fz::x509_certificate> const& get_certificates ( ) const
inline

The server's certificate chain.

The chain is ordered from the server's own certificate at index 0 up to the self-signed root CA.

Chain may be partial, ie. not ending at a self-signed cert.

If system_trust() is set, this is the chain to the actual trust anchor which may differ from the chain sent by the server.

If system_trust() is not set, it is chain as received from the server, after sorting.

◆ get_peer_certificates()

std::vector<fz::x509_certificate> const& get_peer_certificates ( ) const
inline

The certificate chain sent by the peer.

The chain is ordered from the server's own certificate at index 0 up to the self-signed root CA.

Chain may be partial, ie. not ending at a self-signed cert.

This is is chain as received from the server, after sorting.

See also
get_certificates()

◆ system_trust()

bool system_trust ( ) const
inline

Returns true if the server certificate is to be trusted according to the operating system's trust store.


The documentation for this class was generated from the following file: