Add a CertificateIdentityVerifier to AsyncSSLSocket
Summary: This diff introduces a callback, `CertificateIdentityVerifier` that can probe peer end-entity certificates during a TLS handshake in `AsyncSSLSocket`. The verifier gets called only if regular chain verification (OpenSSL's and a `HandshakeCB`'s) succeeds and can return a `Try` with a `CertificateIdentityVerifierException` to indicate that a failure occurred. `AsyncSSLSocket` will then fail the TLS handshake. The diff also adds a new `AsyncSSLSocket` constructor with a new `Options` parameter that groups together some optional properties, including the verifier. We can eventually refactor the other constructors to use it too. Reviewed By: mingtaoy Differential Revision: D22821714 fbshipit-source-id: b63b141862b5703eb5274fb6ef8aa98934a55df0
Showing
Please register or sign in to comment