aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/cert_ver.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-19 13:37:39 +0000
committerlloyd <[email protected]>2012-01-19 13:37:39 +0000
commit0ac2549aba9a3265a8108b475dffb380dbb07715 (patch)
treeac71301adf5c6b337bf70c476f8c5a1dab6befbd /src/tls/cert_ver.cpp
parente3d14f1bacde5f23d63ccc5860d5c13c81f70b3a (diff)
Support SSLv3 client auth on the client side.
Add getters for major and minor protocoll version on TLS_Session. Add Certificate_Type code points for ECC certs.
Diffstat (limited to 'src/tls/cert_ver.cpp')
-rw-r--r--src/tls/cert_ver.cpp24
1 files changed, 21 insertions, 3 deletions
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp
index 5a20e3029..2c2ec9b2a 100644
--- a/src/tls/cert_ver.cpp
+++ b/src/tls/cert_ver.cpp
@@ -1,6 +1,6 @@
/*
* Certificate Verify Message
-* (C) 2004-2011 Jack Lloyd
+* (C) 2004,2006,2011,2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -23,6 +23,8 @@ namespace Botan {
Certificate_Verify::Certificate_Verify(Record_Writer& writer,
TLS_Handshake_Hash& hash,
RandomNumberGenerator& rng,
+ Version_Code version,
+ const SecureVector<byte>& master_secret,
const Private_Key* priv_key)
{
BOTAN_ASSERT_NONNULL(priv_key);
@@ -34,7 +36,10 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer,
padding = "EMSA3(TLS.Digest.0)";
else if(priv_key->algo_name() == "DSA")
{
- padding = "EMSA1(SHA-1)";
+ if(version == SSL_V3)
+ padding = "Raw";
+ else
+ padding = "EMSA1(SHA-1)";
format = DER_SEQUENCE;
}
else
@@ -43,7 +48,20 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer,
PK_Signer signer(*priv_key, padding, format);
- signature = signer.sign_message(hash.final(), rng);
+ if(version == SSL_V3)
+ {
+ SecureVector<byte> md5_sha = hash.final_ssl3(master_secret);
+
+ signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng);
+ }
+ else if(version == TLS_V10 || version == TLS_V11)
+ {
+ signature = signer.sign_message(hash.get_contents(), rng);
+ }
+ else
+ throw TLS_Exception(PROTOCOL_VERSION,
+ "Unknown TLS version in certificate verification");
+
send(writer, hash);
}