diff options
author | lloyd <[email protected]> | 2012-03-30 01:41:04 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-30 01:41:04 +0000 |
commit | 4ff6063a9605c71cc734a594ddecbdb0d17541bf (patch) | |
tree | 845fa57d5f9e24fc39f5fa847296e4b778e6a894 /doc | |
parent | 8a31da4d60490753031267b18957c0c599bbee3b (diff) | |
parent | 4c12fa5de1b59f2c58f974412231a19c4dc7c10f (diff) |
propagate from branch 'net.randombit.botan.tls-state-machine' (head 63b88a65b699c95ef839bc18336bceccfbfabd2e)
to branch 'net.randombit.botan.cxx11' (head 1adcc46808b403b8f6bf1669f022e65f9c30e8ea)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/examples/GNUmakefile | 7 | ||||
-rw-r--r-- | doc/examples/asio_tls_server.cpp | 17 | ||||
-rw-r--r-- | doc/examples/credentials.h | 22 | ||||
-rw-r--r-- | doc/examples/tls_client.cpp | 11 | ||||
-rw-r--r-- | doc/tls.txt | 5 |
5 files changed, 45 insertions, 17 deletions
diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile index 77b5c67c7..1d4093fdb 100644 --- a/doc/examples/GNUmakefile +++ b/doc/examples/GNUmakefile @@ -20,8 +20,5 @@ clean: eax_test: eax_test.cpp echo $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ -asio_tls_server.o: asio_tls_server.cpp - g++-4.6.0 -c $(CFLAGS) -pthread $? -o $@ - -asio_tls_server: asio_tls_server.o - $(CXX) $? $(LIBS) -lboost_thread -lboost_system -lpthread -o $@ +asio_tls_server: asio_tls_server.cpp credentials.h + $(CXX) $(CFLAGS) $< $(LIBS) -lboost_thread -lboost_system -o $@ diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index efd150cae..55f29b336 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -247,6 +247,16 @@ class tls_server Credentials_Manager_Simple m_creds; }; +size_t choose_thread_count() + { + size_t result = boost::thread::hardware_concurrency(); + + if(result) + return result; + + return 2; + } + int main() { try @@ -254,13 +264,10 @@ int main() Botan::LibraryInitializer init("thread_safe=true"); boost::asio::io_service io_service; - unsigned short port = 4433; + unsigned short port = 4434; tls_server server(io_service, port); - size_t num_threads = boost::thread::hardware_concurrency(); - - if(num_threads == 0) - return num_threads = 2; + const size_t num_threads = choose_thread_count(); std::cout << "Using " << num_threads << " threads\n"; diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index 48aa00571..8a0d47911 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -25,8 +25,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager public: Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} - std::string psk_identity_hint(const std::string& type, - const std::string& context) + std::string psk_identity_hint(const std::string&, + const std::string&) { return ""; } @@ -37,11 +37,19 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager return "Client_identity"; } - Botan::SymmetricKey psk(const std::string&, const std::string&, + Botan::SymmetricKey psk(const std::string& type, const std::string& context, const std::string& identity) { + if(type == "tls-server" && context == "session-ticket") + { + if(session_ticket_key.length() == 0) + session_ticket_key = Botan::SymmetricKey(rng, 32); + return session_ticket_key; + } + if(identity == "Client_identity") return Botan::SymmetricKey("b5a72e1387552e6dc10766dc0eda12961f5b21e17f98ef4c41e6572e53bd7527"); + throw Botan::Internal_Error("No PSK set for " + identity); } @@ -80,16 +88,16 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager std::unique_ptr<Private_Key> key; if(key_type == "rsa") - key.reset(new RSA_PrivateKey(rng, 2048)); + key.reset(new RSA_PrivateKey(rng, 1024)); else if(key_type == "dsa") - key.reset(new DSA_PrivateKey(rng, DL_Group("dsa/botan/2048"))); + key.reset(new DSA_PrivateKey(rng, DL_Group("dsa/jce/1024"))); else if(key_type == "ecdsa") key.reset(new ECDSA_PrivateKey(rng, EC_Group("secp256r1"))); else throw std::runtime_error("Don't know what to do about key type '" + key_type + "'"); X509_Certificate cert = - X509::create_self_signed_cert(opts, *key, "SHA-256", rng); + X509::create_self_signed_cert(opts, *key, "SHA-1", rng); // Now save both @@ -162,6 +170,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager private: Botan::RandomNumberGenerator& rng; + + Botan::SymmetricKey session_ticket_key; std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys; }; diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 654a3ccfe..7c921ce53 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -16,6 +16,10 @@ #include <errno.h> #include <fcntl.h> +#if defined(BOTAN_HAS_TLS_SQLITE_SESSION_MANAGER) + #include <botan/tls_sqlite_sess_mgr.h> +#endif + #include "credentials.h" using namespace Botan; @@ -62,6 +66,7 @@ bool handshake_complete(const TLS::Session& session) std::cout << "Protocol version " << session.version().to_string() << "\n"; std::cout << "Ciphersuite " << std::hex << session.ciphersuite().to_string() << "\n"; std::cout << "Session ID " << hex_encode(session.session_id()) << "\n"; + std::cout << "Session ticket " << hex_encode(session.session_ticket()) << "\n"; return true; } @@ -203,7 +208,13 @@ int main(int argc, char* argv[]) LibraryInitializer botan_init; AutoSeeded_RNG rng; TLS::Policy policy; + +#if defined(BOTAN_HAS_TLS_SQLITE_SESSION_MANAGER) + TLS::Session_Manager_SQLite session_manager("my secret passphrase", rng, + "sessions.db"); +#else TLS::Session_Manager_In_Memory session_manager; +#endif Credentials_Manager_Simple creds(rng); diff --git a/doc/tls.txt b/doc/tls.txt index 8c2b815b6..dd4fb1270 100644 --- a/doc/tls.txt +++ b/doc/tls.txt @@ -98,7 +98,10 @@ TLS Clients The *handshake_complete* function is called when a handshake (either initial or renegotiation) is completed. The return value of the callback specifies if the session should be cached for later - resumption. + resumption. If the function for some reason desires to prevent the + connection from completing, it should throw an exception + (preferably a TLS_Exception, which can provide more specific alert + information to the counterparty). The *session_manager* is an interface for storing TLS sessions, which allows for session resumption upon reconnecting to a server. |