diff options
author | lloyd <[email protected]> | 2014-04-11 22:13:07 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-04-11 22:13:07 +0000 |
commit | d96b4425121bfeb122d90c73405f951b220a839c (patch) | |
tree | 20cca858ce4aa844f9067391f7380507cca6a2d1 /src/lib/tls/tls_client.cpp | |
parent | a69436e3cb4b91ec835673145fd4dbe703342a4c (diff) |
Verify that the server did not send any extension that the client didn't
offer. Previously the client only checked a couple of special cases.
Diffstat (limited to 'src/lib/tls/tls_client.cpp')
-rw-r--r-- | src/lib/tls/tls_client.cpp | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 2bbe51fd7..3de9130d4 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -209,18 +209,20 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with compression method we didn't send"); } - if(!state.client_hello()->next_protocol_notification() && - state.server_hello()->next_protocol_notification()) - { - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server sent next protocol but we didn't request it"); - } + auto client_extn = state.client_hello()->extension_types(); + auto server_extn = state.server_hello()->extension_types(); - if(state.server_hello()->supports_session_ticket()) + std::vector<Handshake_Extension_Type> diff; + + std::set_difference(server_extn.begin(), server_extn.end(), + client_extn.begin(), server_extn.end(), + std::back_inserter(diff)); + + for(auto i : diff) { - if(!state.client_hello()->supports_session_ticket()) - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server sent session ticket extension but we did not"); + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Server sent extension " + std::to_string(i) + + " but we did not request it"); } state.set_version(state.server_hello()->version()); |