aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-12-07 16:42:31 -0500
committerJack Lloyd <[email protected]>2017-12-07 16:42:31 -0500
commitb2ea1923e2f8d7b1d45f9362cb279ad9342191dc (patch)
tree600044e7e5d92a52ae5c058e646821202e9518e6 /src/lib/tls
parentd27f5a1ec8a4c239d4526fcccd2054e729f71c8c (diff)
Handle #1303 on the server side
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_server.cpp14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 5bc5410f5..cd52c92f2 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -31,6 +31,11 @@ class Server_Handshake_State final : public Handshake_State
void set_allow_session_resumption(bool allow_session_resumption)
{ m_allow_session_resumption = allow_session_resumption; }
+ const std::vector<X509_Certificate>& resume_peer_certs() const
+ { return m_resume_peer_certs; }
+
+ void set_resume_certs(const std::vector<X509_Certificate>& certs)
+ { m_resume_peer_certs = certs; }
private:
// Used by the server only, in case of RSA key exchange. Not owned
@@ -41,6 +46,8 @@ class Server_Handshake_State final : public Handshake_State
* a server-initiated renegotiation
*/
bool m_allow_session_resumption = true;
+
+ std::vector<X509_Certificate> m_resume_peer_certs;
};
namespace {
@@ -359,8 +366,12 @@ Handshake_State* Server::new_handshake_state(Handshake_IO* io)
}
std::vector<X509_Certificate>
-Server::get_peer_cert_chain(const Handshake_State& state) const
+Server::get_peer_cert_chain(const Handshake_State& state_base) const
{
+ const Server_Handshake_State& state = dynamic_cast<const Server_Handshake_State&>(state_base);
+ if(state.resume_peer_certs().size() > 0)
+ return state.resume_peer_certs();
+
if(state.client_certs())
return state.client_certs()->cert_chain();
return std::vector<X509_Certificate>();
@@ -725,6 +736,7 @@ void Server::session_resume(Server_Handshake_State& pending_state,
secure_renegotiation_check(pending_state.server_hello());
pending_state.compute_session_keys(session_info.master_secret());
+ pending_state.set_resume_certs(session_info.peer_certs());
if(!save_session(session_info))
{