diff options
author | Jack Lloyd <[email protected]> | 2019-05-20 14:44:08 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-05-20 15:11:05 -0400 |
commit | 67df17d31d61f013d537abc7744f707435351125 (patch) | |
tree | cde44420bdcf69fccf8f79123479b6ef0a2712d0 /src/lib/tls/msg_client_hello.cpp | |
parent | 8e781e5a1be3ecc456c8e109571a084ec8bb792e (diff) |
Fix various issues in TLS found using BoGo
- BoGo sends unparseable OCSP responses, so we have to accomodate for
this by delaying decoding until verification and simply ignoring
OCSP responses that we can't parse.
- Check that there is no trailing garbage at the end of various messages.
- Don't send empty SNI
- Check the TLS record header versions (previously ignored)
- For CBC 1/n-1 splitting split every record instead of just first.
I think this is not a problem but it is what BoGo expects.
- New Channel::application_protocol virtual (previously was
implemented on both Client and Server but not shared).
- Changes to resumption version handling.
- Fix server version selection when newer versions are disabled.
New policy hooks added in service of BoGo:
- maximum_certificate_chain_size gives the maximum cert chain in bytes
that we'll accept.
- allow_resumption_for_renegotiation specifies if a renegotiation
attempt can be simply (re-)resumed instead.
- abort_handshake_on_undesired_renegotiation - previously we just
ignored it with a warning alert. Now behavior is configurable.
- request_client_certificate_authentication
- require_client_certificate_authentication
Diffstat (limited to 'src/lib/tls/msg_client_hello.cpp')
-rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 2d303a77e..539e2a780 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -92,8 +92,9 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_suites(policy.ciphersuite_list(m_version, !client_settings.srp_identifier().empty())), m_comp_methods(1) { - BOTAN_ASSERT(policy.acceptable_protocol_version(client_settings.protocol_version()), - "Our policy accepts the version we are offering"); + if(!policy.acceptable_protocol_version(m_version)) + throw Internal_Error("Offering " + m_version.to_string() + + " but our own policy does not accept it"); /* * Place all empty extensions in front to avoid a bug in some systems @@ -106,7 +107,9 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); m_extensions.add(new Renegotiation_Extension(reneg_info)); - m_extensions.add(new Server_Name_Indicator(client_settings.hostname())); + + if(client_settings.hostname() != "") + m_extensions.add(new Server_Name_Indicator(client_settings.hostname())); if(policy.support_cert_status_message()) m_extensions.add(new Certificate_Status_Request({}, {})); @@ -163,6 +166,10 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))), m_comp_methods(1) { + if(!policy.acceptable_protocol_version(m_version)) + throw Internal_Error("Offering " + m_version.to_string() + + " but our own policy does not accept it"); + if(!value_exists(m_suites, session.ciphersuite_code())) m_suites.push_back(session.ciphersuite_code()); @@ -273,7 +280,7 @@ Client_Hello::Client_Hello(const std::vector<uint8_t>& buf) m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255); - m_extensions.deserialize(reader); + m_extensions.deserialize(reader, Connection_Side::SERVER); if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) { |