aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-24 00:09:38 -0500
committerJack Lloyd <[email protected]>2017-12-07 16:15:57 -0500
commitd27f5a1ec8a4c239d4526fcccd2054e729f71c8c (patch)
tree78d48524a335787652c8121d45e6b617d600a2a5
parente581ec624ba31f1134fb746731c3957d669050da (diff)
On resuming a client session, save the certificates that were used.
GH #1303
-rw-r--r--src/lib/tls/tls_channel.cpp5
-rw-r--r--src/lib/tls/tls_channel.h2
-rw-r--r--src/lib/tls/tls_client.cpp13
3 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index 892e1a399..f56cff24b 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -117,6 +117,11 @@ std::vector<X509_Certificate> Channel::peer_cert_chain() const
return std::vector<X509_Certificate>();
}
+bool Channel::save_session(const Session& session)
+ {
+ return callbacks().tls_session_established(session);
+ }
+
Handshake_State& Channel::create_handshake_state(Protocol_Version version)
{
if(pending_state())
diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h
index 070a190dd..0362faaa8 100644
--- a/src/lib/tls/tls_channel.h
+++ b/src/lib/tls/tls_channel.h
@@ -237,7 +237,7 @@ class BOTAN_PUBLIC_API(2,0) Channel
const Policy& policy() const { return m_policy; }
- bool save_session(const Session& session) const { return callbacks().tls_session_established(session); }
+ bool save_session(const Session& session);
Callbacks& callbacks() const { return m_callbacks; }
private:
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index ad8fdfa2d..ed3821ed2 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -33,10 +33,11 @@ class Client_Handshake_State final : public Handshake_State
return *server_public_key.get();
}
+ std::unique_ptr<Public_Key> server_public_key;
+
// Used during session resumption
secure_vector<uint8_t> resume_master_secret;
-
- std::unique_ptr<Public_Key> server_public_key;
+ std::vector<X509_Certificate> resume_peer_certs;
};
}
@@ -119,6 +120,10 @@ Handshake_State* Client::new_handshake_state(Handshake_IO* io)
std::vector<X509_Certificate>
Client::get_peer_cert_chain(const Handshake_State& state) const
{
+ const Client_Handshake_State& cstate = dynamic_cast<const Client_Handshake_State&>(state);
+ if(cstate.resume_peer_certs.size() > 0)
+ return cstate.resume_peer_certs;
+
if(state.server_certs())
return state.server_certs()->cert_chain();
return std::vector<X509_Certificate>();
@@ -168,6 +173,7 @@ void Client::send_client_hello(Handshake_State& state_base,
next_protocols));
state.resume_master_secret = session_info.master_secret();
+ state.resume_peer_certs = session_info.peer_certs();
}
}
}
@@ -321,6 +327,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
{
// new session
+ state.resume_master_secret.clear();
+ state.resume_peer_certs.clear();
+
if(state.client_hello()->version().is_datagram_protocol() !=
state.server_hello()->version().is_datagram_protocol())
{