aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_client.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-27 15:38:53 +0000
committerlloyd <[email protected]>2012-01-27 15:38:53 +0000
commit2d31f3fc1b1c88739e5babbd6a9e8cb3b80263de (patch)
tree59eeaeae4d678f3d251fb3bdf6b9d25aa79140b0 /src/tls/tls_client.cpp
parent3d3c7f45e64c2dab1b9558fc9da80cdd30175063 (diff)
Add client-side support for PSK kex. Tested against OpenSSL.
Diffstat (limited to 'src/tls/tls_client.cpp')
-rw-r--r--src/tls/tls_client.cpp14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 8df0c77a1..39b0d3e59 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -221,6 +221,19 @@ void Client::process_handshake_msg(Handshake_Type type,
{
state->set_expected_next(CERTIFICATE);
}
+ else if(state->suite.kex_algo() == "PSK")
+ {
+ /* PSK is anonymous so no certificate/cert req message is
+ ever sent. The server may or may not send a server kex,
+ depending on if it has an identity hint for us.
+
+ PSK_DHE always sends a server key exchange for the DH
+ exchange portion.
+ */
+
+ state->set_expected_next(SERVER_KEX);
+ state->set_expected_next(SERVER_HELLO_DONE);
+ }
else if(state->suite.kex_algo() != "RSA")
{
state->set_expected_next(SERVER_KEX);
@@ -315,6 +328,7 @@ void Client::process_handshake_msg(Handshake_Type type,
state->client_kex =
new Client_Key_Exchange(writer,
state,
+ creds,
peer_certs,
rng);