doxygen/tls__callbacks_8cpp_source.html

/*

* TLS Callbacks

* (C) 2016 Jack Lloyd

*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity

*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH

*     2023 René Meusel - Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/tls_callbacks.h>


#include <botan/dh.h>

#include <botan/dl_group.h>

#include <botan/ecdh.h>

#include <botan/ocsp.h>

#include <botan/pk_algs.h>

#include <botan/tls_algos.h>

#include <botan/tls_exceptn.h>

#include <botan/tls_policy.h>

#include <botan/x509path.h>

#include <botan/internal/ct_utils.h>

#include <botan/internal/stl_util.h>


#if defined(BOTAN_HAS_CURVE_25519)

   #include <botan/curve25519.h>

#endif


#if defined(BOTAN_HAS_X448)

   #include <botan/x448.h>

#endif


#if defined(BOTAN_HAS_KYBER)

   #include <botan/kyber.h>

#endif


#if defined(BOTAN_HAS_FRODOKEM)

   #include <botan/frodokem.h>

#endif


#if defined(BOTAN_HAS_TLS_13_PQC)

   #include <botan/internal/hybrid_public_key.h>

#endif


namespace Botan {


void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) {

   // default is no op

}


std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector<std::string>& /*unused*/) {

   return "";

}


std::string TLS::Callbacks::tls_peer_network_identity() {

   return "";

}


std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() {

   return std::chrono::system_clock::now();

}


void TLS::Callbacks::tls_modify_extensions(Extensions& /*unused*/,

                                           Connection_Side /*unused*/,

                                           Handshake_Type /*unused*/) {}


void TLS::Callbacks::tls_examine_extensions(const Extensions& /*unused*/,

                                            Connection_Side /*unused*/,

                                            Handshake_Type /*unused*/) {}


bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) {

   // RFC 5077 3.3

   //    The ticket_lifetime_hint field contains a hint from the server about

   //    how long the ticket should be stored. A value of zero is reserved to

   //    indicate that the lifetime of the ticket is unspecified.

   //

   // RFC 8446 4.6.1

   //    [A ticket_lifetime] of zero indicates that the ticket should be discarded

   //    immediately.

   //

   // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime

   // hint of zero.

   return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13();

}


void TLS::Callbacks::tls_verify_cert_chain(const std::vector<X509_Certificate>& cert_chain,

                                           const std::vector<std::optional<OCSP::Response>>& ocsp_responses,

                                           const std::vector<Certificate_Store*>& trusted_roots,

                                           Usage_Type usage,

                                           std::string_view hostname,

                                           const TLS::Policy& policy) {

   if(cert_chain.empty()) {

      throw Invalid_Argument("Certificate chain was empty");

   }


   Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),

                                             policy.minimum_signature_strength());


   Path_Validation_Result result = x509_path_validate(cert_chain,

                                                      restrictions,

                                                      trusted_roots,

                                                      (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),

                                                      usage,

                                                      tls_current_timestamp(),

                                                      tls_verify_cert_chain_ocsp_timeout(),

                                                      ocsp_responses);


   if(!result.successful_validation()) {

      throw TLS_Exception(Alert::BadCertificate, "Certificate validation failure: " + result.result_string());

   }

}


void TLS::Callbacks::tls_verify_raw_public_key(const Public_Key& raw_public_key,

                                               Usage_Type usage,

                                               std::string_view hostname,

                                               const TLS::Policy& policy) {

   BOTAN_UNUSED(raw_public_key, usage, hostname, policy);

   // There is no good default implementation for authenticating raw public key.

   // Applications that wish to use them for authentication, must override this.

   throw TLS_Exception(Alert::CertificateUnknown, "Application did not provide a means to validate the raw public key");

}


std::optional<OCSP::Response> TLS::Callbacks::tls_parse_ocsp_response(const std::vector<uint8_t>& raw_response) {

   try {

      return OCSP::Response(raw_response);

   } catch(const Decoding_Error&) {

      // ignore parsing errors and just ignore the broken OCSP response

      return std::nullopt;

   }

}


std::vector<std::vector<uint8_t>> TLS::Callbacks::tls_provide_cert_chain_status(

   const std::vector<X509_Certificate>& chain, const Certificate_Status_Request& csr) {

   std::vector<std::vector<uint8_t>> result(chain.size());

   if(!chain.empty()) {

      result[0] = tls_provide_cert_status(chain, csr);

   }

   return result;

}


std::vector<uint8_t> TLS::Callbacks::tls_sign_message(const Private_Key& key,

                                                      RandomNumberGenerator& rng,

                                                      std::string_view padding,

                                                      Signature_Format format,

                                                      const std::vector<uint8_t>& msg) {

   PK_Signer signer(key, rng, padding, format);


   return signer.sign_message(msg, rng);

}


bool TLS::Callbacks::tls_verify_message(const Public_Key& key,

                                        std::string_view padding,

                                        Signature_Format format,

                                        const std::vector<uint8_t>& msg,

                                        const std::vector<uint8_t>& sig) {

   PK_Verifier verifier(key, padding, format);


   return verifier.verify_message(msg, sig);

}


std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng) {

#if defined(BOTAN_HAS_KYBER)

   if(group.is_pure_kyber()) {

      return std::make_unique<Kyber_PrivateKey>(rng, KyberMode(group.to_string().value()));

   }

#endif


#if defined(BOTAN_HAS_FRODOKEM)

   if(group.is_pure_frodokem()) {

      return std::make_unique<FrodoKEM_PrivateKey>(rng, FrodoKEMMode(group.to_string().value()));

   }

#endif


#if defined(BOTAN_HAS_TLS_13_PQC)

   if(group.is_pqc_hybrid()) {

      return Hybrid_KEM_PrivateKey::generate_from_group(group, rng);

   }

#endif


   return tls_generate_ephemeral_key(group, rng);

}


KEM_Encapsulation TLS::Callbacks::tls_kem_encapsulate(TLS::Group_Params group,

                                                      const std::vector<uint8_t>& encoded_public_key,

                                                      RandomNumberGenerator& rng,

                                                      const Policy& policy) {

   if(group.is_kem()) {

      auto kem_pub_key = [&]() -> std::unique_ptr<Public_Key> {


#if defined(BOTAN_HAS_TLS_13_PQC)

         if(group.is_pqc_hybrid()) {

            return Hybrid_KEM_PublicKey::load_for_group(group, encoded_public_key);

         }

#endif


#if defined(BOTAN_HAS_KYBER)

         if(group.is_pure_kyber()) {

            return std::make_unique<Kyber_PublicKey>(encoded_public_key, KyberMode(group.to_string().value()));

         }

#endif


#if defined(BOTAN_HAS_FRODOKEM)

         if(group.is_pure_frodokem()) {

            return std::make_unique<FrodoKEM_PublicKey>(encoded_public_key, FrodoKEMMode(group.to_string().value()));

         }

#endif


         throw TLS_Exception(Alert::IllegalParameter, "KEM is not supported");

      }();


      return PK_KEM_Encryptor(*kem_pub_key, "Raw").encrypt(rng);

   }


   // TODO: We could use the KEX_to_KEM_Adapter to remove the case distinction

   //       of KEM and KEX. However, the workarounds in this adapter class

   //       should first be addressed.

   auto ephemeral_keypair = tls_generate_ephemeral_key(group, rng);

   return KEM_Encapsulation(ephemeral_keypair->public_value(),

                            tls_ephemeral_key_agreement(group, *ephemeral_keypair, encoded_public_key, rng, policy));

}


secure_vector<uint8_t> TLS::Callbacks::tls_kem_decapsulate(TLS::Group_Params group,

                                                           const Private_Key& private_key,

                                                           const std::vector<uint8_t>& encapsulated_bytes,

                                                           RandomNumberGenerator& rng,

                                                           const Policy& policy) {

   if(group.is_kem()) {

      PK_KEM_Decryptor kemdec(private_key, rng, "Raw");

      return kemdec.decrypt(encapsulated_bytes, 0, {});

   }


   try {

      auto& key_agreement_key = dynamic_cast<const PK_Key_Agreement_Key&>(private_key);

      return tls_ephemeral_key_agreement(group, key_agreement_key, encapsulated_bytes, rng, policy);

   } catch(const std::bad_cast&) {

      throw Invalid_Argument("provided ephemeral key is not a PK_Key_Agreement_Key");

   }

}


namespace {


bool is_dh_group(const std::variant<TLS::Group_Params, DL_Group>& group) {

   return std::holds_alternative<DL_Group>(group) || std::get<TLS::Group_Params>(group).is_dh_named_group();

}


DL_Group get_dl_group(const std::variant<TLS::Group_Params, DL_Group>& group) {

   BOTAN_ASSERT_NOMSG(is_dh_group(group));


   // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of

   // a standardized DH group identifier. TLS 1.3 just offers pre-defined

   // groups.

   return std::visit(

      overloaded{[](const DL_Group& dl_group) { return dl_group; },

                 [&](TLS::Group_Params group_param) { return DL_Group(group_param.to_string().value()); }},

      group);

}


}  // namespace


std::unique_ptr<PK_Key_Agreement_Key> TLS::Callbacks::tls_generate_ephemeral_key(

   const std::variant<TLS::Group_Params, DL_Group>& group, RandomNumberGenerator& rng) {

   if(is_dh_group(group)) {

      const DL_Group dl_group = get_dl_group(group);

      return std::make_unique<DH_PrivateKey>(rng, dl_group);

   }


   BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));

   const auto group_params = std::get<TLS::Group_Params>(group);


   if(group_params.is_ecdh_named_curve()) {

      const EC_Group ec_group(group_params.to_string().value());

      return std::make_unique<ECDH_PrivateKey>(rng, ec_group);

   }


#if defined(BOTAN_HAS_CURVE_25519)

   if(group_params.is_x25519()) {

      return std::make_unique<X25519_PrivateKey>(rng);

   }

#endif


#if defined(BOTAN_HAS_X448)

   if(group_params.is_x448()) {

      return std::make_unique<X448_PrivateKey>(rng);

   }

#endif


   if(group_params.is_kem()) {

      throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM");

   }


   throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition");

}


secure_vector<uint8_t> TLS::Callbacks::tls_ephemeral_key_agreement(

   const std::variant<TLS::Group_Params, DL_Group>& group,

   const PK_Key_Agreement_Key& private_key,

   const std::vector<uint8_t>& public_value,

   RandomNumberGenerator& rng,

   const Policy& policy) {

   auto agree = [&](const PK_Key_Agreement_Key& sk, const auto& pk) {

      PK_Key_Agreement ka(sk, rng, "Raw");

      return ka.derive_key(0, pk.public_value()).bits_of();

   };


   if(is_dh_group(group)) {

      // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of

      // a standardized DH group identifier.

      const auto dl_group = get_dl_group(group);


      auto Y = BigInt::decode(public_value);


      /*

       * A basic check for key validity. As we do not know q here we

       * cannot check that Y is in the right subgroup. However since

       * our key is ephemeral there does not seem to be any

       * advantage to bogus keys anyway.

       */

      if(Y <= 1 || Y >= dl_group.get_p() - 1) {

         throw TLS_Exception(Alert::IllegalParameter, "Server sent bad DH key for DHE exchange");

      }


      DH_PublicKey peer_key(dl_group, Y);

      policy.check_peer_key_acceptable(peer_key);


      return agree(private_key, peer_key);

   }


   BOTAN_ASSERT_NOMSG(std::holds_alternative<TLS::Group_Params>(group));

   const auto group_params = std::get<TLS::Group_Params>(group);


   if(group_params.is_ecdh_named_curve()) {

      const EC_Group ec_group(group_params.to_string().value());

      ECDH_PublicKey peer_key(ec_group, ec_group.OS2ECP(public_value));

      policy.check_peer_key_acceptable(peer_key);


      return agree(private_key, peer_key);

   }


#if defined(BOTAN_HAS_CURVE_25519)

   if(group_params.is_x25519()) {

      if(public_value.size() != 32) {

         throw TLS_Exception(Alert::HandshakeFailure, "Invalid X25519 key size");

      }


      Curve25519_PublicKey peer_key(public_value);

      policy.check_peer_key_acceptable(peer_key);


      return agree(private_key, peer_key);

   }

#endif


#if defined(BOTAN_HAS_X448)

   if(group_params.is_x448()) {

      if(public_value.size() != 56) {

         throw TLS_Exception(Alert::HandshakeFailure, "Invalid X448 key size");

      }


      X448_PublicKey peer_key(public_value);

      policy.check_peer_key_acceptable(peer_key);


      return agree(private_key, peer_key);

   }

#endif


   throw TLS_Exception(Alert::IllegalParameter, "Did not recognize the key exchange group");

}


}  // namespace Botan

BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

Botan::BigInt::decode
static BigInt decode(const uint8_t buf[], size_t length)
Definition bigint.h:773

Botan::Curve25519_PublicKey
Definition curve25519.h:15

Botan::DH_PublicKey
Definition dh.h:24

Botan::DL_Group
Definition dl_group.h:44

Botan::Decoding_Error
Definition exceptn.h:191

Botan::ECDH_PublicKey
Definition ecdh.h:20

Botan::EC_Group
Definition ec_group.h:48

Botan::EC_Group::OS2ECP
EC_Point OS2ECP(const uint8_t bits[], size_t len) const
Definition ec_group.cpp:561

Botan::FrodoKEMMode
Definition frodo_mode.h:20

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::KEM_Encapsulation
Definition pubkey.h:548

Botan::KyberMode
Definition kyber.h:30

Botan::OCSP::Response
Definition ocsp.h:127

Botan::OctetString::bits_of
secure_vector< uint8_t > bits_of() const
Definition symkey.h:36

Botan::PK_KEM_Decryptor
Definition pubkey.h:727

Botan::PK_KEM_Decryptor::decrypt
void decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encap_key, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.cpp:190

Botan::PK_KEM_Encryptor
Definition pubkey.h:584

Botan::PK_KEM_Encryptor::encrypt
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
Definition pubkey.h:651

Botan::PK_Key_Agreement_Key
Definition pk_keys.h:376

Botan::PK_Key_Agreement
Definition pubkey.h:397

Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
Definition pubkey.cpp:231

Botan::PK_Signer
Definition pubkey.h:155

Botan::PK_Signer::sign_message
std::vector< uint8_t > sign_message(const uint8_t in[], size_t length, RandomNumberGenerator &rng)
Definition pubkey.h:186

Botan::PK_Verifier
Definition pubkey.h:272

Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition pubkey.cpp:368

Botan::Path_Validation_Restrictions
Definition x509path.h:34

Botan::Path_Validation_Result
Definition x509path.h:157

Botan::Path_Validation_Result::successful_validation
bool successful_validation() const
Definition x509path.cpp:1014

Botan::Path_Validation_Result::result_string
std::string result_string() const
Definition x509path.cpp:1032

Botan::Private_Key
Definition pk_keys.h:252

Botan::Public_Key
Definition pk_keys.h:119

Botan::RandomNumberGenerator
Definition rng.h:30

Botan::TLS::Callbacks::tls_peer_network_identity
virtual std::string tls_peer_network_identity()
Definition tls_callbacks.cpp:55

Botan::TLS::Callbacks::tls_modify_extensions
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:63

Botan::TLS::Callbacks::tls_provide_cert_chain_status
virtual std::vector< std::vector< uint8_t > > tls_provide_cert_chain_status(const std::vector< X509_Certificate > &chain, const Certificate_Status_Request &csr)
Definition tls_callbacks.cpp:132

Botan::TLS::Callbacks::tls_server_choose_app_protocol
virtual std::string tls_server_choose_app_protocol(const std::vector< std::string > &client_protos)
Definition tls_callbacks.cpp:51

Botan::TLS::Callbacks::tls_parse_ocsp_response
virtual std::optional< OCSP::Response > tls_parse_ocsp_response(const std::vector< uint8_t > &raw_response)
Definition tls_callbacks.cpp:123

Botan::TLS::Callbacks::tls_examine_extensions
virtual void tls_examine_extensions(const Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
Definition tls_callbacks.cpp:67

Botan::TLS::Callbacks::tls_sign_message
virtual std::vector< uint8_t > tls_sign_message(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg)
Definition tls_callbacks.cpp:141

Botan::TLS::Callbacks::tls_verify_raw_public_key
virtual void tls_verify_raw_public_key(const Public_Key &raw_public_key, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:113

Botan::TLS::Callbacks::tls_kem_encapsulate
virtual KEM_Encapsulation tls_kem_encapsulate(TLS::Group_Params group, const std::vector< uint8_t > &encoded_public_key, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:183

Botan::TLS::Callbacks::tls_should_persist_resumption_information
virtual bool tls_should_persist_resumption_information(const Session &session)
Definition tls_callbacks.cpp:71

Botan::TLS::Callbacks::tls_kem_generate_key
virtual std::unique_ptr< Private_Key > tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:161

Botan::TLS::Callbacks::tls_ephemeral_key_agreement
virtual secure_vector< uint8_t > tls_ephemeral_key_agreement(const std::variant< TLS::Group_Params, DL_Group > &group, const PK_Key_Agreement_Key &private_key, const std::vector< uint8_t > &public_value, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:294

Botan::TLS::Callbacks::tls_kem_decapsulate
virtual secure_vector< uint8_t > tls_kem_decapsulate(TLS::Group_Params group, const Private_Key &private_key, const std::vector< uint8_t > &encapsulated_bytes, RandomNumberGenerator &rng, const Policy &policy)
Definition tls_callbacks.cpp:222

Botan::TLS::Callbacks::tls_current_timestamp
virtual std::chrono::system_clock::time_point tls_current_timestamp()
Definition tls_callbacks.cpp:59

Botan::TLS::Callbacks::tls_generate_ephemeral_key
virtual std::unique_ptr< PK_Key_Agreement_Key > tls_generate_ephemeral_key(const std::variant< TLS::Group_Params, DL_Group > &group, RandomNumberGenerator &rng)
Definition tls_callbacks.cpp:260

Botan::TLS::Callbacks::tls_verify_cert_chain
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::optional< OCSP::Response > > &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, std::string_view hostname, const TLS::Policy &policy)
Definition tls_callbacks.cpp:86

Botan::TLS::Callbacks::tls_verify_message
virtual bool tls_verify_message(const Public_Key &key, std::string_view padding, Signature_Format format, const std::vector< uint8_t > &msg, const std::vector< uint8_t > &sig)
Definition tls_callbacks.cpp:151

Botan::TLS::Callbacks::tls_inspect_handshake_msg
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
Definition tls_callbacks.cpp:47

Botan::TLS::Certificate_Status_Request
Definition tls_extensions.h:498

Botan::TLS::Extensions
Definition tls_extensions.h:908

Botan::TLS::Group_Params
Definition tls_algos.h:151

Botan::TLS::Group_Params::is_pqc_hybrid
constexpr bool is_pqc_hybrid() const
Definition tls_algos.h:215

Botan::TLS::Group_Params::is_kem
constexpr bool is_kem() const
Definition tls_algos.h:236

Botan::TLS::Group_Params::is_pure_frodokem
constexpr bool is_pure_frodokem() const
Definition tls_algos.h:202

Botan::TLS::Group_Params::is_pure_kyber
constexpr bool is_pure_kyber() const
Definition tls_algos.h:197

Botan::TLS::Group_Params::to_string
std::optional< std::string > to_string() const
Definition tls_algos.cpp:269

Botan::TLS::Handshake_Message
Definition tls_handshake_msg.h:24

Botan::TLS::Hybrid_KEM_PrivateKey::generate_from_group
static std::unique_ptr< Hybrid_KEM_PrivateKey > generate_from_group(Group_Params group, RandomNumberGenerator &rng)
Definition hybrid_public_key.cpp:329

Botan::TLS::Hybrid_KEM_PublicKey::load_for_group
static std::unique_ptr< Hybrid_KEM_PublicKey > load_for_group(Group_Params group, std::span< const uint8_t > concatenated_public_values)
Definition hybrid_public_key.cpp:147

Botan::TLS::Policy
Definition tls_policy.h:32

Botan::TLS::Policy::check_peer_key_acceptable
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
Definition tls_policy.cpp:219

Botan::TLS::Policy::require_cert_revocation_info
virtual bool require_cert_revocation_info() const
Definition tls_policy.cpp:204

Botan::TLS::Policy::minimum_signature_strength
virtual size_t minimum_signature_strength() const
Definition tls_policy.cpp:200

Botan::TLS::Protocol_Version::is_pre_tls_13
bool is_pre_tls_13() const
Definition tls_version.cpp:40

Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:172

Botan::TLS::Session
Definition tls_session.h:328

Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:454

Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19

Botan::X448_PublicKey
A public key for the X448 key agreement scheme according to RFC 7748.
Definition x448.h:19

Y
FE_25519 Y
Definition ge.cpp:26

Botan::TLS::Handshake_Type
Handshake_Type
Definition tls_magic.h:51

Botan::TLS::Connection_Side
Connection_Side
Definition tls_magic.h:43

Botan
Definition alg_id.cpp:13

Botan::x509_path_validate
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, std::string_view hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::optional< OCSP::Response > > &ocsp_resp)
Definition x509path.cpp:850

Botan::Usage_Type
Usage_Type
Definition x509cert.h:22

Botan::Usage_Type::TLS_SERVER_AUTH
@ TLS_SERVER_AUTH

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

Botan::Signature_Format
Signature_Format
Definition pk_keys.h:31

Botan::overloaded
Definition stl_util.h:325