aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/msg_client_hello.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-05-20 14:44:08 -0400
committerJack Lloyd <[email protected]>2019-05-20 15:11:05 -0400
commit67df17d31d61f013d537abc7744f707435351125 (patch)
treecde44420bdcf69fccf8f79123479b6ef0a2712d0 /src/lib/tls/msg_client_hello.cpp
parent8e781e5a1be3ecc456c8e109571a084ec8bb792e (diff)
Fix various issues in TLS found using BoGo
- BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
Diffstat (limited to 'src/lib/tls/msg_client_hello.cpp')
-rw-r--r--src/lib/tls/msg_client_hello.cpp15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 2d303a77e..539e2a780 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -92,8 +92,9 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_suites(policy.ciphersuite_list(m_version, !client_settings.srp_identifier().empty())),
m_comp_methods(1)
{
- BOTAN_ASSERT(policy.acceptable_protocol_version(client_settings.protocol_version()),
- "Our policy accepts the version we are offering");
+ if(!policy.acceptable_protocol_version(m_version))
+ throw Internal_Error("Offering " + m_version.to_string() +
+ " but our own policy does not accept it");
/*
* Place all empty extensions in front to avoid a bug in some systems
@@ -106,7 +107,9 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Encrypt_then_MAC);
m_extensions.add(new Renegotiation_Extension(reneg_info));
- m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));
+
+ if(client_settings.hostname() != "")
+ m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));
if(policy.support_cert_status_message())
m_extensions.add(new Certificate_Status_Request({}, {}));
@@ -163,6 +166,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))),
m_comp_methods(1)
{
+ if(!policy.acceptable_protocol_version(m_version))
+ throw Internal_Error("Offering " + m_version.to_string() +
+ " but our own policy does not accept it");
+
if(!value_exists(m_suites, session.ciphersuite_code()))
m_suites.push_back(session.ciphersuite_code());
@@ -273,7 +280,7 @@ Client_Hello::Client_Hello(const std::vector<uint8_t>& buf)
m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255);
- m_extensions.deserialize(reader);
+ m_extensions.deserialize(reader, Connection_Side::SERVER);
if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
{