aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-30 01:41:04 +0000
committerlloyd <[email protected]>2012-03-30 01:41:04 +0000
commit4ff6063a9605c71cc734a594ddecbdb0d17541bf (patch)
tree845fa57d5f9e24fc39f5fa847296e4b778e6a894 /doc
parent8a31da4d60490753031267b18957c0c599bbee3b (diff)
parent4c12fa5de1b59f2c58f974412231a19c4dc7c10f (diff)
propagate from branch 'net.randombit.botan.tls-state-machine' (head 63b88a65b699c95ef839bc18336bceccfbfabd2e)
to branch 'net.randombit.botan.cxx11' (head 1adcc46808b403b8f6bf1669f022e65f9c30e8ea)
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/GNUmakefile7
-rw-r--r--doc/examples/asio_tls_server.cpp17
-rw-r--r--doc/examples/credentials.h22
-rw-r--r--doc/examples/tls_client.cpp11
-rw-r--r--doc/tls.txt5
5 files changed, 45 insertions, 17 deletions
diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile
index 77b5c67c7..1d4093fdb 100644
--- a/doc/examples/GNUmakefile
+++ b/doc/examples/GNUmakefile
@@ -20,8 +20,5 @@ clean:
eax_test: eax_test.cpp
echo $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@
-asio_tls_server.o: asio_tls_server.cpp
- g++-4.6.0 -c $(CFLAGS) -pthread $? -o $@
-
-asio_tls_server: asio_tls_server.o
- $(CXX) $? $(LIBS) -lboost_thread -lboost_system -lpthread -o $@
+asio_tls_server: asio_tls_server.cpp credentials.h
+ $(CXX) $(CFLAGS) $< $(LIBS) -lboost_thread -lboost_system -o $@
diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp
index efd150cae..55f29b336 100644
--- a/doc/examples/asio_tls_server.cpp
+++ b/doc/examples/asio_tls_server.cpp
@@ -247,6 +247,16 @@ class tls_server
Credentials_Manager_Simple m_creds;
};
+size_t choose_thread_count()
+ {
+ size_t result = boost::thread::hardware_concurrency();
+
+ if(result)
+ return result;
+
+ return 2;
+ }
+
int main()
{
try
@@ -254,13 +264,10 @@ int main()
Botan::LibraryInitializer init("thread_safe=true");
boost::asio::io_service io_service;
- unsigned short port = 4433;
+ unsigned short port = 4434;
tls_server server(io_service, port);
- size_t num_threads = boost::thread::hardware_concurrency();
-
- if(num_threads == 0)
- return num_threads = 2;
+ const size_t num_threads = choose_thread_count();
std::cout << "Using " << num_threads << " threads\n";
diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h
index 48aa00571..8a0d47911 100644
--- a/doc/examples/credentials.h
+++ b/doc/examples/credentials.h
@@ -25,8 +25,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
public:
Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {}
- std::string psk_identity_hint(const std::string& type,
- const std::string& context)
+ std::string psk_identity_hint(const std::string&,
+ const std::string&)
{
return "";
}
@@ -37,11 +37,19 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
return "Client_identity";
}
- Botan::SymmetricKey psk(const std::string&, const std::string&,
+ Botan::SymmetricKey psk(const std::string& type, const std::string& context,
const std::string& identity)
{
+ if(type == "tls-server" && context == "session-ticket")
+ {
+ if(session_ticket_key.length() == 0)
+ session_ticket_key = Botan::SymmetricKey(rng, 32);
+ return session_ticket_key;
+ }
+
if(identity == "Client_identity")
return Botan::SymmetricKey("b5a72e1387552e6dc10766dc0eda12961f5b21e17f98ef4c41e6572e53bd7527");
+
throw Botan::Internal_Error("No PSK set for " + identity);
}
@@ -80,16 +88,16 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
std::unique_ptr<Private_Key> key;
if(key_type == "rsa")
- key.reset(new RSA_PrivateKey(rng, 2048));
+ key.reset(new RSA_PrivateKey(rng, 1024));
else if(key_type == "dsa")
- key.reset(new DSA_PrivateKey(rng, DL_Group("dsa/botan/2048")));
+ key.reset(new DSA_PrivateKey(rng, DL_Group("dsa/jce/1024")));
else if(key_type == "ecdsa")
key.reset(new ECDSA_PrivateKey(rng, EC_Group("secp256r1")));
else
throw std::runtime_error("Don't know what to do about key type '" + key_type + "'");
X509_Certificate cert =
- X509::create_self_signed_cert(opts, *key, "SHA-256", rng);
+ X509::create_self_signed_cert(opts, *key, "SHA-1", rng);
// Now save both
@@ -162,6 +170,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
private:
Botan::RandomNumberGenerator& rng;
+
+ Botan::SymmetricKey session_ticket_key;
std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys;
};
diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp
index 654a3ccfe..7c921ce53 100644
--- a/doc/examples/tls_client.cpp
+++ b/doc/examples/tls_client.cpp
@@ -16,6 +16,10 @@
#include <errno.h>
#include <fcntl.h>
+#if defined(BOTAN_HAS_TLS_SQLITE_SESSION_MANAGER)
+ #include <botan/tls_sqlite_sess_mgr.h>
+#endif
+
#include "credentials.h"
using namespace Botan;
@@ -62,6 +66,7 @@ bool handshake_complete(const TLS::Session& session)
std::cout << "Protocol version " << session.version().to_string() << "\n";
std::cout << "Ciphersuite " << std::hex << session.ciphersuite().to_string() << "\n";
std::cout << "Session ID " << hex_encode(session.session_id()) << "\n";
+ std::cout << "Session ticket " << hex_encode(session.session_ticket()) << "\n";
return true;
}
@@ -203,7 +208,13 @@ int main(int argc, char* argv[])
LibraryInitializer botan_init;
AutoSeeded_RNG rng;
TLS::Policy policy;
+
+#if defined(BOTAN_HAS_TLS_SQLITE_SESSION_MANAGER)
+ TLS::Session_Manager_SQLite session_manager("my secret passphrase", rng,
+ "sessions.db");
+#else
TLS::Session_Manager_In_Memory session_manager;
+#endif
Credentials_Manager_Simple creds(rng);
diff --git a/doc/tls.txt b/doc/tls.txt
index 8c2b815b6..dd4fb1270 100644
--- a/doc/tls.txt
+++ b/doc/tls.txt
@@ -98,7 +98,10 @@ TLS Clients
The *handshake_complete* function is called when a handshake
(either initial or renegotiation) is completed. The return value of
the callback specifies if the session should be cached for later
- resumption.
+ resumption. If the function for some reason desires to prevent the
+ connection from completing, it should throw an exception
+ (preferably a TLS_Exception, which can provide more specific alert
+ information to the counterparty).
The *session_manager* is an interface for storing TLS sessions,
which allows for session resumption upon reconnecting to a server.