aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/s_hello.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-24 16:42:18 +0000
committerlloyd <[email protected]>2012-01-24 16:42:18 +0000
commite4eb73dca7d7a74ecf8ef792d65640c4e44e2ab1 (patch)
tree5e7cd62ff1fe191c0369a41617b43ebf77d20ef9 /src/tls/s_hello.cpp
parentb8a8ba0428cd4235e1ac2ba8530e8f817a166773 (diff)
We can now actually handle multiple certificate types in the server
and will choose one depending on which ciphersuites the client offered.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r--src/tls/s_hello.cpp17
1 files changed, 3 insertions, 14 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 7b7e4a753..caf89fb44 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -23,7 +23,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
Handshake_Hash& hash,
Protocol_Version version,
const Client_Hello& c_hello,
- const std::vector<X509_Certificate>& certs,
+ const std::vector<std::string>& available_cert_types,
const Policy& policy,
bool client_has_secure_renegotiation,
const MemoryRegion<byte>& reneg_info,
@@ -39,22 +39,11 @@ Server_Hello::Server_Hello(Record_Writer& writer,
m_next_protocol(client_has_npn),
m_next_protocols(next_protocols)
{
- bool have_rsa = false, have_dsa = false;
-
- for(size_t i = 0; i != certs.size(); ++i)
- {
- Public_Key* key = certs[i].subject_public_key();
- if(key->algo_name() == "RSA")
- have_rsa = true;
-
- if(key->algo_name() == "DSA")
- have_dsa = true;
- }
-
suite = policy.choose_suite(
c_hello.ciphersuites(),
+ available_cert_types,
policy.choose_curve(c_hello.supported_ecc_curves()) != "",
- have_rsa, have_dsa, false);
+ false);
if(suite == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,