diff options
author | lloyd <[email protected]> | 2012-01-19 13:37:39 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-19 13:37:39 +0000 |
commit | 0ac2549aba9a3265a8108b475dffb380dbb07715 (patch) | |
tree | ac71301adf5c6b337bf70c476f8c5a1dab6befbd /src/tls/cert_ver.cpp | |
parent | e3d14f1bacde5f23d63ccc5860d5c13c81f70b3a (diff) |
Support SSLv3 client auth on the client side.
Add getters for major and minor protocoll version on TLS_Session.
Add Certificate_Type code points for ECC certs.
Diffstat (limited to 'src/tls/cert_ver.cpp')
-rw-r--r-- | src/tls/cert_ver.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 5a20e3029..2c2ec9b2a 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -1,6 +1,6 @@ /* * Certificate Verify Message -* (C) 2004-2011 Jack Lloyd +* (C) 2004,2006,2011,2012 Jack Lloyd * * Released under the terms of the Botan license */ @@ -23,6 +23,8 @@ namespace Botan { Certificate_Verify::Certificate_Verify(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, + Version_Code version, + const SecureVector<byte>& master_secret, const Private_Key* priv_key) { BOTAN_ASSERT_NONNULL(priv_key); @@ -34,7 +36,10 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, padding = "EMSA3(TLS.Digest.0)"; else if(priv_key->algo_name() == "DSA") { - padding = "EMSA1(SHA-1)"; + if(version == SSL_V3) + padding = "Raw"; + else + padding = "EMSA1(SHA-1)"; format = DER_SEQUENCE; } else @@ -43,7 +48,20 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, PK_Signer signer(*priv_key, padding, format); - signature = signer.sign_message(hash.final(), rng); + if(version == SSL_V3) + { + SecureVector<byte> md5_sha = hash.final_ssl3(master_secret); + + signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng); + } + else if(version == TLS_V10 || version == TLS_V11) + { + signature = signer.sign_message(hash.get_contents(), rng); + } + else + throw TLS_Exception(PROTOCOL_VERSION, + "Unknown TLS version in certificate verification"); + send(writer, hash); } |