aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-30 13:33:56 +0000
committerlloyd <[email protected]>2010-03-30 13:33:56 +0000
commit0aca16849d1fa72597b1a05c69f858d31c152200 (patch)
treed318ab323c9cce3690128e1d946cf8285dfbf556 /src/ssl
parent2127ed8bc7f50a805f0a587b56c5aa861cbc40c2 (diff)
Fix server handshake.
Support TLS 1.1 servers
Diffstat (limited to 'src/ssl')
-rw-r--r--src/ssl/hello.cpp10
-rw-r--r--src/ssl/tls_server.cpp19
2 files changed, 14 insertions, 15 deletions
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index e4a04dfa7..28574ad6c 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -118,8 +118,11 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
throw Decoding_Error("Client_Hello: Packet corrupted");
c_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1]));
- if(c_version != SSL_V3 && c_version != TLS_V10)
+
+ if(c_version != SSL_V3 && c_version != TLS_V10 && c_version != TLS_V11)
+ {
throw TLS_Exception(PROTOCOL_VERSION, "Client_Hello: Bad version code");
+ }
c_random.set(buf + 2, 32);
@@ -219,9 +222,8 @@ void Server_Hello::deserialize(const MemoryRegion<byte>& buf)
throw Decoding_Error("Server_Hello: Packet corrupted");
s_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1]));
- if(s_version != SSL_V3 &&
- s_version != TLS_V10 &&
- s_version != TLS_V11)
+
+ if(s_version != SSL_V3 && s_version != TLS_V10 && s_version != TLS_V11)
{
throw TLS_Exception(PROTOCOL_VERSION,
"Server_Hello: Unsupported server version");
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index 8d33fca64..82f90036d 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -25,9 +25,9 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
throw TLS_Exception(PROTOCOL_VERSION,
"Client version is unacceptable by policy");
- if(client == SSL_V3 || client == TLS_V10)
+ if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11)
return client;
- return TLS_V10;
+ return TLS_V11;
}
// FIXME: checks are wrong for session reuse (add a flag for that)
@@ -113,7 +113,8 @@ TLS_Server::TLS_Server(RandomNumberGenerator& r,
}
writer.alert(FATAL, HANDSHAKE_FAILURE);
- throw Stream_IO_Error("TLS_Server: Handshake failed");
+ throw Stream_IO_Error(std::string("TLS_Server: Handshake failed: ") +
+ e.what());
}
}
@@ -269,7 +270,11 @@ void TLS_Server::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE)
+ {
+ if(!state)
+ state = new Handshake_State;
state->queue.write(rec_buf, rec_buf.size());
+ }
while(true)
{
@@ -320,14 +325,6 @@ void TLS_Server::read_handshake(byte rec_type,
void TLS_Server::process_handshake_msg(Handshake_Type type,
const MemoryRegion<byte>& contents)
{
- if(type == CLIENT_HELLO)
- {
- if(state == 0)
- state = new Handshake_State();
- else
- return;
- }
-
if(state == 0)
throw Unexpected_Message("Unexpected handshake message");