mirror of
https://github.com/AdaCore/aws.git
synced 2026-02-12 12:29:46 -08:00
40c93aac18
First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.
The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:
WS : Server.HTTP;
SSL : Net.SSL.Config;
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Server,
Server_Certificate => "aws-server.crt",
Server_Key => "aws-server.key",
Check_Certificate => False);
Server.Set_SSL_Config (WS, SSL);
For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Client,
Client_Certificate => "cert.pem",
Check_Certificate => False,
Check_Host => False);
The configuration API has been updated to support those two new parameters.
TN: eng/toolchain/aws#31