1//
2// InvalidCertificateHandler.h
3//
4// Library: NetSSL_OpenSSL
5// Package: SSLCore
6// Module: InvalidCertificateHandler
7//
8// Definition of the InvalidCertificateHandler class.
9//
10// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef NetSSL_InvalidCertificateHandler_INCLUDED
18#define NetSSL_InvalidCertificateHandler_INCLUDED
19
20
21#include "Poco/Net/NetSSL.h"
22#include "Poco/Net/VerificationErrorArgs.h"
23
24
25namespace Poco {
26namespace Net {
27
28
29class NetSSL_API InvalidCertificateHandler
30 /// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
31 /// to inspect and accept/reject the certificate.
32 /// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
33 /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
34 /// and the name of your handler class is MyGuiHandler):
35 ///
36 /// #include "Poco/Net/CertificateHandlerFactory.h"
37 /// ...
38 /// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler)
39 ///
40 /// One can either set the handler directly in the startup code of the main method of ones application by calling
41 ///
42 /// SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext)
43 ///
44 /// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry
45 /// under the path openSSL.invalidCertificateHandler:
46 ///
47 /// <invalidCertificateHandler>
48 /// <name>MyGuiHandler<name>
49 /// <options>
50 /// [...] // Put optional config params for the handler here
51 /// </options>
52 /// </invalidCertificateHandler>
53 ///
54 /// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
55{
56public:
57 InvalidCertificateHandler(bool handleErrorsOnServerSide);
58 /// Creates the InvalidCertificateHandler.
59 ///
60 /// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
61 /// Automatically registers at one of the SSLManager::VerificationError events.
62
63 virtual ~InvalidCertificateHandler();
64 /// Destroys the InvalidCertificateHandler.
65
66 virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0;
67 /// Receives the questionable certificate in parameter errorCert. If one wants to accept the
68 /// certificate, call errorCert.setIgnoreError(true).
69
70protected:
71 bool _handleErrorsOnServerSide;
72 /// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong)
73 /// or the client (a server certificate is wrong)
74};
75
76
77} } // namespace Poco::Net
78
79
80#endif // NetSSL_InvalidCertificateHandler_INCLUDED
81