diff options
| author | lloyd <[email protected]> | 2012-09-07 17:32:35 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-09-07 17:32:35 +0000 |
| commit | 2bb0c695f53f08324ac4fbe03d3e052d5e2d089a (patch) | |
| tree | 54b4300d7b67f876c5470379a3ee270878251a0d /src/tls/tls_server.cpp | |
| parent | fa155f8caf5079af767d999356469cf059bca35a (diff) | |
Pass the current active state as well as the pending state which is
quite helpful in the server. May also be useful for the renegotiation
extension.
Diffstat (limited to 'src/tls/tls_server.cpp')
| -rw-r--r-- | src/tls/tls_server.cpp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 313640008..609954f51 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -251,7 +251,8 @@ void Server::initiate_handshake(Handshake_State& state, /* * Process a handshake message */ -void Server::process_handshake_msg(Handshake_State& state, +void Server::process_handshake_msg(const Handshake_State* active_state, + Handshake_State& state, Handshake_Type type, const std::vector<byte>& contents) { @@ -274,8 +275,10 @@ void Server::process_handshake_msg(Handshake_State& state, if(type == CLIENT_HELLO || type == CLIENT_HELLO_SSLV2) { + const bool initial_handshake = !active_state; + if(!m_policy.allow_insecure_renegotiation() && - !(m_secure_renegotiation.initial_handshake() || m_secure_renegotiation.supported())) + !(initial_handshake || m_secure_renegotiation.supported())) { send_alert(Alert(Alert::NO_RENEGOTIATION)); return; @@ -288,13 +291,10 @@ void Server::process_handshake_msg(Handshake_State& state, Protocol_Version client_version = state.client_hello()->version(); - const Protocol_Version prev_version = current_protocol_version(); - const bool is_renegotiation = prev_version.valid(); - Protocol_Version negotiated_version; - if((is_renegotiation && client_version == prev_version) || - (!is_renegotiation && client_version.known_version())) + if((initial_handshake && client_version.known_version()) || + (!initial_handshake && client_version == active_state->version())) { /* Common cases: new client hello with some known version, or a @@ -304,7 +304,7 @@ void Server::process_handshake_msg(Handshake_State& state, negotiated_version = client_version; } - else if(is_renegotiation && (client_version != prev_version)) + else if(!initial_handshake && (client_version != active_state->version())) { /* * If this is a renegotation, and the client has offered a @@ -314,16 +314,16 @@ void Server::process_handshake_msg(Handshake_State& state, * than what it initially negotiated, reject as a probable * attack. */ - if(prev_version > client_version) + if(active_state->version() > client_version) { throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client negotiated " + - prev_version.to_string() + + active_state->version().to_string() + " then renegotiated with " + client_version.to_string()); } else - negotiated_version = prev_version; + negotiated_version = active_state->version(); } else { |