aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_client.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-04-11 22:13:07 +0000
committerlloyd <[email protected]>2014-04-11 22:13:07 +0000
commitd96b4425121bfeb122d90c73405f951b220a839c (patch)
tree20cca858ce4aa844f9067391f7380507cca6a2d1 /src/lib/tls/tls_client.cpp
parenta69436e3cb4b91ec835673145fd4dbe703342a4c (diff)
Verify that the server did not send any extension that the client didn't
offer. Previously the client only checked a couple of special cases.
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r--src/lib/tls/tls_client.cpp22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 2bbe51fd7..3de9130d4 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -209,18 +209,20 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
"Server replied with compression method we didn't send");
}
- if(!state.client_hello()->next_protocol_notification() &&
- state.server_hello()->next_protocol_notification())
- {
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Server sent next protocol but we didn't request it");
- }
+ auto client_extn = state.client_hello()->extension_types();
+ auto server_extn = state.server_hello()->extension_types();
- if(state.server_hello()->supports_session_ticket())
+ std::vector<Handshake_Extension_Type> diff;
+
+ std::set_difference(server_extn.begin(), server_extn.end(),
+ client_extn.begin(), server_extn.end(),
+ std::back_inserter(diff));
+
+ for(auto i : diff)
{
- if(!state.client_hello()->supports_session_ticket())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Server sent session ticket extension but we did not");
+ throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
+ "Server sent extension " + std::to_string(i) +
+ " but we did not request it");
}
state.set_version(state.server_hello()->version());