diff options
author | lloyd <[email protected]> | 2010-03-30 13:33:56 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-30 13:33:56 +0000 |
commit | 0aca16849d1fa72597b1a05c69f858d31c152200 (patch) | |
tree | d318ab323c9cce3690128e1d946cf8285dfbf556 /src/ssl | |
parent | 2127ed8bc7f50a805f0a587b56c5aa861cbc40c2 (diff) |
Fix server handshake.
Support TLS 1.1 servers
Diffstat (limited to 'src/ssl')
-rw-r--r-- | src/ssl/hello.cpp | 10 | ||||
-rw-r--r-- | src/ssl/tls_server.cpp | 19 |
2 files changed, 14 insertions, 15 deletions
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index e4a04dfa7..28574ad6c 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -118,8 +118,11 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Client_Hello: Packet corrupted"); c_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1])); - if(c_version != SSL_V3 && c_version != TLS_V10) + + if(c_version != SSL_V3 && c_version != TLS_V10 && c_version != TLS_V11) + { throw TLS_Exception(PROTOCOL_VERSION, "Client_Hello: Bad version code"); + } c_random.set(buf + 2, 32); @@ -219,9 +222,8 @@ void Server_Hello::deserialize(const MemoryRegion<byte>& buf) throw Decoding_Error("Server_Hello: Packet corrupted"); s_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1])); - if(s_version != SSL_V3 && - s_version != TLS_V10 && - s_version != TLS_V11) + + if(s_version != SSL_V3 && s_version != TLS_V10 && s_version != TLS_V11) { throw TLS_Exception(PROTOCOL_VERSION, "Server_Hello: Unsupported server version"); diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 8d33fca64..82f90036d 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -25,9 +25,9 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) throw TLS_Exception(PROTOCOL_VERSION, "Client version is unacceptable by policy"); - if(client == SSL_V3 || client == TLS_V10) + if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11) return client; - return TLS_V10; + return TLS_V11; } // FIXME: checks are wrong for session reuse (add a flag for that) @@ -113,7 +113,8 @@ TLS_Server::TLS_Server(RandomNumberGenerator& r, } writer.alert(FATAL, HANDSHAKE_FAILURE); - throw Stream_IO_Error("TLS_Server: Handshake failed"); + throw Stream_IO_Error(std::string("TLS_Server: Handshake failed: ") + + e.what()); } } @@ -269,7 +270,11 @@ void TLS_Server::read_handshake(byte rec_type, const MemoryRegion<byte>& rec_buf) { if(rec_type == HANDSHAKE) + { + if(!state) + state = new Handshake_State; state->queue.write(rec_buf, rec_buf.size()); + } while(true) { @@ -320,14 +325,6 @@ void TLS_Server::read_handshake(byte rec_type, void TLS_Server::process_handshake_msg(Handshake_Type type, const MemoryRegion<byte>& contents) { - if(type == CLIENT_HELLO) - { - if(state == 0) - state = new Handshake_State(); - else - return; - } - if(state == 0) throw Unexpected_Message("Unexpected handshake message"); |