Botan 2.19.3
Crypto and TLS for C&
|
#include <x509path.h>
Public Member Functions | |
std::chrono::seconds | max_ocsp_age () const |
size_t | minimum_key_strength () const |
bool | ocsp_all_intermediates () const |
Path_Validation_Restrictions (bool require_rev, size_t minimum_key_strength, bool ocsp_all_intermediates, const std::set< std::string > &trusted_hashes, std::chrono::seconds max_ocsp_age=std::chrono::seconds::zero()) | |
Path_Validation_Restrictions (bool require_rev=false, size_t minimum_key_strength=110, bool ocsp_all_intermediates=false, std::chrono::seconds max_ocsp_age=std::chrono::seconds::zero()) | |
bool | require_revocation_information () const |
const std::set< std::string > & | trusted_hashes () const |
Specifies restrictions on the PKIX path validation
Definition at line 34 of file x509path.h.
Botan::Path_Validation_Restrictions::Path_Validation_Restrictions | ( | bool | require_rev = false , |
size_t | minimum_key_strength = 110 , |
||
bool | ocsp_all_intermediates = false , |
||
std::chrono::seconds | max_ocsp_age = std::chrono::seconds::zero() |
||
) |
require_rev | if true, revocation information is required |
minimum_key_strength | is the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected. If more than 80, SHA-1 signatures are also rejected. If possible use at least setting 110. 80 bit strength requires 1024 bit RSA 110 bit strength requires 2k bit RSA 128 bit strength requires ~3k bit RSA or P-256 |
ocsp_all_intermediates | Make OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request) |
max_ocsp_age | maximum age of OCSP responses w/o next_update. If zero, there is no maximum age |
Definition at line 979 of file x509path.cpp.
|
inline |
require_rev | if true, revocation information is required |
minimum_key_strength | is the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected. |
ocsp_all_intermediates | Make OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request) |
trusted_hashes | a set of trusted hashes. Any signatures created using a hash other than one of these will be rejected. |
max_ocsp_age | maximum age of OCSP responses w/o next_update. If zero, there is no maximum age |
Definition at line 71 of file x509path.h.
|
inline |
Definition at line 111 of file x509path.h.
Referenced by Botan::x509_path_validate().
|
inline |
Definition at line 104 of file x509path.h.
Referenced by Botan::x509_path_validate().
|
inline |
Definition at line 92 of file x509path.h.
Referenced by Botan::x509_path_validate().
|
inline |
Definition at line 85 of file x509path.h.
Referenced by Botan::x509_path_validate().
|
inline |
Definition at line 98 of file x509path.h.
Referenced by Botan::x509_path_validate().