Commit efd0db8c authored by Kenton Varda's avatar Kenton Varda

Implement TlsNetwork::restrictPeers().

parent 505e71f7
...@@ -441,6 +441,8 @@ private: ...@@ -441,6 +441,8 @@ private:
class TlsNetwork: public kj::Network { class TlsNetwork: public kj::Network {
public: public:
TlsNetwork(TlsContext& tls, kj::Network& inner): tls(tls), inner(inner) {} TlsNetwork(TlsContext& tls, kj::Network& inner): tls(tls), inner(inner) {}
TlsNetwork(TlsContext& tls, kj::Own<kj::Network> inner)
: tls(tls), inner(*inner), ownInner(kj::mv(inner)) {}
Promise<Own<NetworkAddress>> parseAddress(StringPtr addr, uint portHint) override { Promise<Own<NetworkAddress>> parseAddress(StringPtr addr, uint portHint) override {
kj::String hostname; kj::String hostname;
...@@ -461,9 +463,19 @@ public: ...@@ -461,9 +463,19 @@ public:
KJ_UNIMPLEMENTED("TLS does not implement getSockaddr() because it needs to know hostnames"); KJ_UNIMPLEMENTED("TLS does not implement getSockaddr() because it needs to know hostnames");
} }
Own<Network> restrictPeers(
kj::ArrayPtr<const kj::StringPtr> allow,
kj::ArrayPtr<const kj::StringPtr> deny = nullptr) override {
// TODO(someday): Maybe we could implement the ability to specify CA or hostname restrictions?
// Or is it better to let people do that via the TlsContext? A neat thing about
// restrictPeers() is that it's easy to make user-configurable.
return kj::heap<TlsNetwork>(tls, inner.restrictPeers(allow, deny));
}
private: private:
TlsContext& tls; TlsContext& tls;
kj::Network& inner; kj::Network& inner;
kj::Own<kj::Network> ownInner;
}; };
} // namespace } // namespace
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment