diff options
| author | Jack Lloyd <[email protected]> | 2016-10-20 22:41:22 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-10-20 22:41:22 -0400 |
| commit | 36e5b56eb4298e81e8413ac1ef0eada096df8abc (patch) | |
| tree | fc1f885189293eb5ea3d1ea7edab7641b7cce89d | |
| parent | 4b554a36b81b1a67987b6e32456c54c2ff4b6b49 (diff) | |
Tighten up TLS server handshake logic.
Previously client was allowed to omit the Certificate message, a
leftover from supporting SSLv3. In all versions of TLS, an empty
message must be sent if the client does not want to use a cert.
No known security impact, but nothing we need to allow anymore.
Clean up the handshake switch a bit by using return statements.
| -rw-r--r-- | src/lib/tls/tls_server.cpp | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 82e7fad75..5e3b222f1 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -633,32 +633,25 @@ void Server::process_handshake_msg(const Handshake_State* active_state, switch(type) { case CLIENT_HELLO: - this->process_client_hello_msg(active_state, state, contents); - break; + return this->process_client_hello_msg(active_state, state, contents); case CERTIFICATE: - this->process_certificate_msg(state, contents); - break; + return this->process_certificate_msg(state, contents); case CLIENT_KEX: - this->process_client_key_exchange_msg(state, contents); - break; + return this->process_client_key_exchange_msg(state, contents); case CERTIFICATE_VERIFY: - this->process_certificate_verify_msg(state, type, contents); - break; + return this->process_certificate_verify_msg(state, type, contents); case HANDSHAKE_CCS: - this->process_change_cipher_spec_msg(state); - break; + return this->process_change_cipher_spec_msg(state); case FINISHED: - this->process_finished_msg(state, type, contents); - break; + return this->process_finished_msg(state, type, contents); default: throw Unexpected_Message("Unknown handshake message received"); - break; } } @@ -839,15 +832,17 @@ void Server::session_create(Server_Handshake_State& pending_state, client_auth_CAs, pending_state.version())); + /* + SSLv3 allowed clients to skip the Certificate message entirely + if they wanted. In TLS v1.0 and later clients must send a + (possibly empty) Certificate message + */ pending_state.set_expected_next(CERTIFICATE); } - - /* - * If the client doesn't have a cert they want to use they are - * allowed to send either an empty cert message or proceed - * directly to the client key exchange, so allow either case. - */ - pending_state.set_expected_next(CLIENT_KEX); + else + { + pending_state.set_expected_next(CLIENT_KEX); + } pending_state.server_hello_done(new Server_Hello_Done(pending_state.handshake_io(), pending_state.hash())); } |