Add Credentials_Manager which is an interface to something that knows

what certs, keys, etc are available to the app. Needs polishing but it seems like it should be sound.
author: lloyd <[email protected]> 2012-01-03 14:18:03 +0000
committer: lloyd <[email protected]> 2012-01-03 14:18:03 +0000
commit: 5c00cc7305718fe209757142f7a43b711cccd8f9 (patch)
tree: 560b225a66b06682d16182c5f0c57988242c8d48 /src/tls/tls_server.cpp
parent: 52868a93300a3b7e8666c49ccc786e6dba66438e (diff)
1 files changed, 17 insertions, 19 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 0e2e173cf..b981bdc69 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -85,25 +85,15 @@ TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn
                        std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
                        std::tr1::function<void (const TLS_Session&)> handshake_fn,
                        TLS_Session_Manager& session_manager,
+                       Credentials_Manager& creds,
                        const TLS_Policy& policy,
-                       RandomNumberGenerator& rng,
-                       const X509_Certificate& cert,
-                       const Private_Key& cert_key) :
+                       RandomNumberGenerator& rng) :
    TLS_Channel(output_fn, proc_fn, handshake_fn),
    policy(policy),
    rng(rng),
-   session_manager(session_manager)
+   session_manager(session_manager),
+   creds(creds)
    {
-   cert_chain.push_back(cert);
-   private_key = PKCS8::copy_key(cert_key, rng);
-   }
-
-/*
-* TLS Server Destructor
-*/
-TLS_Server::~TLS_Server()
-   {
-   delete private_key;
    }
 
 /*
@@ -183,7 +173,6 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
          {
          // resume session
 
-         printf("Resuming a session\n");
          state->server_hello = new Server_Hello(
             writer,
             state->hash,
@@ -222,6 +211,17 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
          }
       else // new session
          {
+         std::vector<X509_Certificate> server_certs =
+            creds.cert_chain("",
+                             "tls-server",
+                             client_requested_hostname);
+
+         Private_Key* private_key =
+            server_certs.empty() ? 0 :
+            (creds.private_key_for(server_certs[0],
+                                  "tls-server",
+                                   client_requested_hostname));
+
          state->server_hello = new Server_Hello(
             writer,
             state->hash,
@@ -229,9 +229,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
             rng,
             secure_renegotiation.supported(),
             secure_renegotiation.for_server_hello(),
-            cert_chain,
+            server_certs,
             *(state->client_hello),
-            rng.random_vec(32),
             state->version);
 
          if(state->client_hello->fragment_size())
@@ -241,10 +240,9 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
 
          if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON)
             {
-            // FIXME: should choose certs based on sig type
             state->server_certs = new Certificate(writer,
                                                   state->hash,
-                                                  cert_chain);
+                                                  server_certs);
             }
 
          if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_NOKEX)
author	lloyd <[email protected]>	2012-01-03 14:18:03 +0000
committer	lloyd <[email protected]>	2012-01-03 14:18:03 +0000
commit	5c00cc7305718fe209757142f7a43b711cccd8f9 (patch)
tree	560b225a66b06682d16182c5f0c57988242c8d48 /src/tls/tls_server.cpp
parent	52868a93300a3b7e8666c49ccc786e6dba66438e (diff)