diff options
| author | lloyd <[email protected]> | 2011-12-27 20:21:14 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2011-12-27 20:21:14 +0000 |
| commit | fbe23e197b5c80b162234aa1cf5723037b22bdc2 (patch) | |
| tree | 8c40c158161c420282ac44840ccee73ab62c6554 /src/tls/tls_server.cpp | |
| parent | 8c2ab53dfd502d7019468bf24ad8e223531df8b4 (diff) | |
Force resumed session to use previous ciphersuite, etc
Diffstat (limited to 'src/tls/tls_server.cpp')
| -rw-r--r-- | src/tls/tls_server.cpp | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 67db0f593..ac16aa42e 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -7,12 +7,10 @@ #include <botan/tls_server.h> #include <botan/internal/tls_state.h> +#include <botan/internal/stl_util.h> #include <botan/rsa.h> #include <botan/dh.h> -#include <stdio.h> -#include <fstream> - namespace Botan { namespace { @@ -31,6 +29,32 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) return TLS_V11; } +bool check_for_resume(TLS_Session_Params& session_info, + TLS_Session_Manager& session_manager, + Client_Hello* client_hello) + { + MemoryVector<byte> client_session_id = client_hello->session_id(); + + if(client_session_id.empty()) + return false; + + if(!session_manager.find(client_session_id, session_info, SERVER)) + return false; + + if(client_hello->version() != session_info.version) + return false; + + if(!value_exists(client_hello->ciphersuites(), + session_info.ciphersuite)) + return false; + + if(!value_exists(client_hello->compression_algos(), + session_info.compression_method)) + return false; + + return true; + } + } /* @@ -116,26 +140,15 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_version(state->version); reader.set_version(state->version); - MemoryVector<byte> client_session_id = state->client_hello->session_id(); - TLS_Session_Params session_info; - const bool resuming = - (!client_session_id.empty()) && - session_manager.find(client_session_id, session_info, SERVER); - - printf("Resuming ? %d\n", resuming); + const bool resuming = check_for_resume(session_info, + session_manager, + state->client_hello); if(resuming) { // resume session - // Check version matches the client requested version (???) - - // Check that resumed ciphersuite is in the client hello - - // Check that the resumed compression is in the client hello - - // FIXME: should only send the resumed ciphersuite // (eg even if policy object changed) state->server_hello = new Server_Hello( @@ -298,11 +311,6 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, ); session_manager.save(session_info); - - std::ofstream tmp("/tmp/session.data"); - SecureVector<byte> b = session_info.BER_encode(); - tmp.write((char*)&b[0], b.size()); - tmp.close(); } delete state; |