aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-04-10 22:11:56 +0000
committerlloyd <[email protected]>2013-04-10 22:11:56 +0000
commitbf8e0fc381df4f4c89b5d7bf8f4f6f6038ad287d (patch)
tree9b0ce51dbcc3ca932b7121f16307d93d3f72c1b5 /src/tls
parent56e7e7187985f87037d032b49b6ff3699e7668f7 (diff)
Make ciphersuite_list a virtual member of TLS::Policy
so it can be overridden by applications.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/msg_client_hello.cpp4
-rw-r--r--src/tls/tls_policy.cpp17
-rw-r--r--src/tls/tls_policy.h14
-rw-r--r--src/tls/tls_server.cpp6
4 files changed, 20 insertions, 21 deletions
diff --git a/src/tls/msg_client_hello.cpp b/src/tls/msg_client_hello.cpp
index 6176ca6bf..0d91af472 100644
--- a/src/tls/msg_client_hello.cpp
+++ b/src/tls/msg_client_hello.cpp
@@ -71,7 +71,7 @@ Client_Hello::Client_Hello(Handshake_IO& io,
const std::string& srp_identifier) :
m_version(version),
m_random(make_hello_random(rng)),
- m_suites(ciphersuite_list(policy, m_version, (srp_identifier != ""))),
+ m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))),
m_comp_methods(policy.compression())
{
m_extensions.add(new Renegotiation_Extension(reneg_info));
@@ -106,7 +106,7 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_version(session.version()),
m_session_id(session.session_id()),
m_random(make_hello_random(rng)),
- m_suites(ciphersuite_list(policy, m_version, (session.srp_identifier() != ""))),
+ m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))),
m_comp_methods(policy.compression())
{
if(!value_exists(m_suites, session.ciphersuite_code()))
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 1048e0a62..149adb138 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -10,7 +10,6 @@
#include <botan/tls_magic.h>
#include <botan/tls_exceptn.h>
#include <botan/internal/stl_util.h>
-#include <set>
namespace Botan {
@@ -214,14 +213,13 @@ class Ciphersuite_Preference_Ordering
}
-std::vector<u16bit> ciphersuite_list(const Policy& policy,
- Protocol_Version version,
- bool have_srp)
+std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version,
+ bool have_srp) const
{
- const std::vector<std::string> ciphers = policy.allowed_ciphers();
- const std::vector<std::string> macs = policy.allowed_macs();
- const std::vector<std::string> kex = policy.allowed_key_exchange_methods();
- const std::vector<std::string> sigs = policy.allowed_signature_methods();
+ const std::vector<std::string> ciphers = allowed_ciphers();
+ const std::vector<std::string> macs = allowed_macs();
+ const std::vector<std::string> kex = allowed_key_exchange_methods();
+ const std::vector<std::string> sigs = allowed_signature_methods();
Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
@@ -255,6 +253,9 @@ std::vector<u16bit> ciphersuite_list(const Policy& policy,
ciphersuites.insert(suite);
}
+ if(ciphersuites.empty())
+ throw std::logic_error("Policy does not allow any available cipher suite");
+
std::vector<u16bit> ciphersuite_codes;
for(auto i : ciphersuites)
ciphersuite_codes.push_back(i.ciphersuite_code());
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 7176f7fd5..7d3788b2e 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -133,16 +133,16 @@ class BOTAN_DLL Policy
*/
virtual bool server_uses_own_ciphersuite_preferences() const;
+
+ /**
+ * Return allowed ciphersuites, in order of preference
+ */
+ virtual std::vector<u16bit> ciphersuite_list(Protocol_Version version,
+ bool have_srp) const;
+
virtual ~Policy() {}
};
-/**
-* Return allowed ciphersuites, in order of preference
-*/
-std::vector<u16bit> ciphersuite_list(const Policy& policy,
- Protocol_Version version,
- bool have_srp);
-
}
}
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index d8e827b39..496d6c35b 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -117,11 +117,9 @@ u16bit choose_ciphersuite(
const bool have_srp = creds.attempt_srp("tls-server",
client_hello->sni_hostname());
- const std::vector<u16bit> client_suites =
- client_hello->ciphersuites();
+ const std::vector<u16bit> client_suites = client_hello->ciphersuites();
- const std::vector<u16bit> server_suites =
- ciphersuite_list(policy, version, have_srp);
+ const std::vector<u16bit> server_suites = policy.ciphersuite_list(version, have_srp);
if(server_suites.empty())
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,