diff options
author | Jack Lloyd <[email protected]> | 2017-11-24 00:09:38 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-12-07 16:15:57 -0500 |
commit | d27f5a1ec8a4c239d4526fcccd2054e729f71c8c (patch) | |
tree | 78d48524a335787652c8121d45e6b617d600a2a5 | |
parent | e581ec624ba31f1134fb746731c3957d669050da (diff) |
On resuming a client session, save the certificates that were used.
GH #1303
-rw-r--r-- | src/lib/tls/tls_channel.cpp | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_channel.h | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_client.cpp | 13 |
3 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 892e1a399..f56cff24b 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -117,6 +117,11 @@ std::vector<X509_Certificate> Channel::peer_cert_chain() const return std::vector<X509_Certificate>(); } +bool Channel::save_session(const Session& session) + { + return callbacks().tls_session_established(session); + } + Handshake_State& Channel::create_handshake_state(Protocol_Version version) { if(pending_state()) diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 070a190dd..0362faaa8 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -237,7 +237,7 @@ class BOTAN_PUBLIC_API(2,0) Channel const Policy& policy() const { return m_policy; } - bool save_session(const Session& session) const { return callbacks().tls_session_established(session); } + bool save_session(const Session& session); Callbacks& callbacks() const { return m_callbacks; } private: diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ad8fdfa2d..ed3821ed2 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -33,10 +33,11 @@ class Client_Handshake_State final : public Handshake_State return *server_public_key.get(); } + std::unique_ptr<Public_Key> server_public_key; + // Used during session resumption secure_vector<uint8_t> resume_master_secret; - - std::unique_ptr<Public_Key> server_public_key; + std::vector<X509_Certificate> resume_peer_certs; }; } @@ -119,6 +120,10 @@ Handshake_State* Client::new_handshake_state(Handshake_IO* io) std::vector<X509_Certificate> Client::get_peer_cert_chain(const Handshake_State& state) const { + const Client_Handshake_State& cstate = dynamic_cast<const Client_Handshake_State&>(state); + if(cstate.resume_peer_certs.size() > 0) + return cstate.resume_peer_certs; + if(state.server_certs()) return state.server_certs()->cert_chain(); return std::vector<X509_Certificate>(); @@ -168,6 +173,7 @@ void Client::send_client_hello(Handshake_State& state_base, next_protocols)); state.resume_master_secret = session_info.master_secret(); + state.resume_peer_certs = session_info.peer_certs(); } } } @@ -321,6 +327,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { // new session + state.resume_master_secret.clear(); + state.resume_peer_certs.clear(); + if(state.client_hello()->version().is_datagram_protocol() != state.server_hello()->version().is_datagram_protocol()) { |