diff options
author | lloyd <[email protected]> | 2012-01-24 16:42:18 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-24 16:42:18 +0000 |
commit | e4eb73dca7d7a74ecf8ef792d65640c4e44e2ab1 (patch) | |
tree | 5e7cd62ff1fe191c0369a41617b43ebf77d20ef9 /src/tls/s_hello.cpp | |
parent | b8a8ba0428cd4235e1ac2ba8530e8f817a166773 (diff) |
We can now actually handle multiple certificate types in the server
and will choose one depending on which ciphersuites the client
offered.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r-- | src/tls/s_hello.cpp | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 7b7e4a753..caf89fb44 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -23,7 +23,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, Handshake_Hash& hash, Protocol_Version version, const Client_Hello& c_hello, - const std::vector<X509_Certificate>& certs, + const std::vector<std::string>& available_cert_types, const Policy& policy, bool client_has_secure_renegotiation, const MemoryRegion<byte>& reneg_info, @@ -39,22 +39,11 @@ Server_Hello::Server_Hello(Record_Writer& writer, m_next_protocol(client_has_npn), m_next_protocols(next_protocols) { - bool have_rsa = false, have_dsa = false; - - for(size_t i = 0; i != certs.size(); ++i) - { - Public_Key* key = certs[i].subject_public_key(); - if(key->algo_name() == "RSA") - have_rsa = true; - - if(key->algo_name() == "DSA") - have_dsa = true; - } - suite = policy.choose_suite( c_hello.ciphersuites(), + available_cert_types, policy.choose_curve(c_hello.supported_ecc_curves()) != "", - have_rsa, have_dsa, false); + false); if(suite == 0) throw TLS_Exception(HANDSHAKE_FAILURE, |