This file is indexed.

/usr/include/Wt/WSslInfo is in libwt-dev 3.3.6+dfsg-1.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// This may look like C code, but it's really -*- C++ -*-
/*
 * Copyright (C) 2012 Emweb bvba, Leuven, Belgium.
 *
 * See the LICENSE file for terms of use.
 */
#ifndef WT_WSSL_INFO_H_
#define WT_WSSL_INFO_H_

#include <Wt/WDllDefs.h>
#include <Wt/WSslCertificate>
#include <Wt/WValidator>

#include <string>
#include <vector>

#if defined(WT_WITH_SSL) || defined(DOXYGEN_ONLY)

namespace Wt {

/*! \class WSslInfo Wt/WSslInfo Wt/WSslInfo.C
 *  \brief Provides SSL information about the current session.
 *  
 * This class provides an interface to the SSL information related
 * to the current session. This class is returned by
 * WEnvironment::sslInfo().
 *
 * Probably the most important use of this class is that it provides
 * access to the client certificate which was presented by the
 * client during an https handshake to authenticate the SSL session.
 * This class collects the information on the verification that was
 * performed by the connector (FCGI, ISAPI, the built-in webserver, ...)
 * and presents it to the application programmer.
 *
 * The verification and the acceptance of the certificate has to be
 * configured in the web server (built-in httpd, Apache, IIS, ...).
 * When WEnvironment::sslInfo() returns a WSslInfo object, this means
 * that the client verification has already passed the verification
 * procedures in the webserver. This does not mean that the
 * certificate is valid; depending on the configuration of your web
 * server, this verification may be weak. Always check the
 * verification result with clientVerificationResult().
 *
 * This class is only available when %Wt was compiled with SSL support.
 */
class WT_API WSslInfo
{
public:
  /*
   * The WSslInfo class will usually be created by the library itself
   * and is therefore not public API.
   */
  WSslInfo(const WSslCertificate &clientCertificate,
	   const std::vector<WSslCertificate> &clientCertificateChain,
	   WValidator::Result clientVerificationResult);

  /*! \brief Returns the certificate used by the client for authentication.
   */
  const WSslCertificate &clientCertificate() const {
    return clientCertificate_; 
  }

  /*! \brief Returns the certificate chain used for client authentication.
   *
   * Warning: for the ISAPI connector, the certificate chain will always be
   * empty.
   */
  const std::vector<WSslCertificate> &clientPemCertificateChain() const {
    return clientCertificateChain_;
  }

  /*! \brief Returns the result of the client certificate verification.
   *
   * WSslInfo (and thus Wt) by itself does not perform any validation:
   * this task is entirely up to the web server, and this class merely
   * reports the validation status reported by the webserver.
   */
  WValidator::Result clientVerificationResult() const { 
    return clientVerificationResult_; 
  }
  
private:
  WSslCertificate              clientCertificate_;
  std::vector<WSslCertificate> clientCertificateChain_;
  WValidator::Result           clientVerificationResult_;

  std::string gdb() const;  
};

}

#endif

#endif // WT_WSSL_INFO_H_