 |
libfilezilla
|
|
libfilezilla
|
Information about a TLS session. More...
#include <tls_info.hpp>
Public Types | |
| enum | algorithm_warnings_t { tlsver = 1 , cipher = 2 , mac = 4 , kex = 8 } |
Public Member Functions | |
| tls_session_info (tls_session_info const &)=default | |
| tls_session_info (tls_session_info &&) noexcept=default | |
| tls_session_info & | operator= (tls_session_info const &)=default |
| tls_session_info & | operator= (tls_session_info &&) noexcept=default |
| tls_session_info (std::string const &host, unsigned int port, std::string const &protocol, std::string const &key_exchange, std::string const &session_cipher, std::string const &session_mac, int algorithm_warnings, std::vector< x509_certificate > &&peer_certificates, std::vector< x509_certificate > &&system_trust_chain, bool hostname_mismatch) | |
| std::string const & | get_host () const |
| The server's hostname used to connect. | |
| unsigned int | get_port () const |
| The server's port. | |
| std::string const & | get_session_cipher () const |
| The symmetric algorithm used to encrypt all exchanged application data. | |
| std::string const & | get_session_mac () const |
| The MAC used for integrity-protect and authenticate the exchanged application data. | |
| std::vector< fz::x509_certificate > const & | get_certificates () const |
| The server's certificate chain. More... | |
| std::vector< fz::x509_certificate > const & | get_peer_certificates () const |
| The certificate chain sent by the peer. More... | |
| std::string const & | get_protocol () const |
| TLS version. | |
| std::string const & | get_key_exchange () const |
| Key exchange algorithm. | |
| int | get_algorithm_warnings () const |
| Warnings about old algorithms used, which are considered weak. | |
| bool | system_trust () const |
| bool | mismatched_hostname () const |
| True if the hostname in the SANs does not match the requested hostname. | |
Information about a TLS session.
Includes information about the used ciphers and details on the certificates sent by the server.
Includes flags whether the certificate chain is trusted by the system trust store and whether the expected hostname matches.
|
inline |
The server's certificate chain.
The chain is ordered from the server's own certificate at index 0 up to the self-signed root CA.
Chain may be partial, ie. not ending at a self-signed cert.
If system_trust() is set, this is the chain to the actual trust anchor which may differ from the chain sent by the server.
If system_trust() is not set, it is chain as received from the server, after sorting.
|
inline |
The certificate chain sent by the peer.
The chain is ordered from the server's own certificate at index 0 up to the self-signed root CA.
Chain may be partial, ie. not ending at a self-signed cert.
This is is chain as received from the server, after sorting.
|
inline |
Returns true if the server certificate is to be trusted according to the operating system's trust store.
1.9.1