diff options
author | lloyd <[email protected]> | 2012-09-07 19:56:34 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-09-07 19:56:34 +0000 |
commit | 9126c751ce89bf8a6c226e4a73d68cb59fa8a8b6 (patch) | |
tree | 4e9e96be1274264c31ca838e6b2a8e6409eb8f41 /src/tls/tls_channel.h | |
parent | b6413e5caa243c069525ed35b5affb24f64dab8d (diff) |
Remove Channel::m_peer_certs, instead retrieve directly from the state.
This also very happily avoids a race in renegotiation. If you first
negotiated using cert X, then renegotiated with Y, during the period
between the certificate message and the finished message,
Channel::peer_cert_chain would return Y instead of X. Now, it returns
Y only after the finished message has been verified.
Diffstat (limited to 'src/tls/tls_channel.h')
-rw-r--r-- | src/tls/tls_channel.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 1d0629ff9..1ea6b06eb 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -83,7 +83,7 @@ class BOTAN_DLL Channel /** * @return certificate chain of the peer (may be empty) */ - std::vector<X509_Certificate> peer_cert_chain() const { return m_peer_certs; } + std::vector<X509_Certificate> peer_cert_chain() const; Channel(std::function<void (const byte[], size_t)> socket_output_fn, std::function<void (const byte[], size_t, Alert)> proc_fn, @@ -106,6 +106,9 @@ class BOTAN_DLL Channel virtual void initiate_handshake(Handshake_State& state, bool force_full_renegotiation) = 0; + virtual std::vector<X509_Certificate> + get_peer_cert_chain(const Handshake_State& state) const = 0; + virtual Handshake_State* new_handshake_state() = 0; Handshake_State& create_handshake_state(); @@ -148,8 +151,6 @@ class BOTAN_DLL Channel RandomNumberGenerator& m_rng; Session_Manager& m_session_manager; - std::vector<X509_Certificate> m_peer_certs; - private: void send_record(byte type, const byte input[], size_t length); |