diff options
author | lloyd <[email protected]> | 2012-03-22 20:40:33 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-22 20:40:33 +0000 |
commit | 0a07acbfc915971a3da7e8f7e27819be8cbff923 (patch) | |
tree | 40f7c6114383bd6da5d793211b0839b24bfa392b /src/tls | |
parent | 34940b08d7328a0baa51256781f5bb802a966217 (diff) |
Call Credentials_Manager::psk for the session ticket key.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_server.cpp | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 7632dfcdd..a0920fc28 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -20,6 +20,7 @@ namespace { bool check_for_resume(Session& session_info, Session_Manager& session_manager, + Credentials_Manager& credentials, Client_Hello* client_hello) { const MemoryVector<byte>& client_session_id = client_hello->session_id(); @@ -39,10 +40,11 @@ bool check_for_resume(Session& session_info, // If a session ticket was sent, ignore client session ID try { -#warning fixed key - session_info = Session::decrypt(session_ticket, SymmetricKey("ABCDEF")); + session_info = Session::decrypt( + session_ticket, + credentials.psk("tls-server", "session-ticket", "")); } - catch(std::exception& e) + catch(...) { return false; } @@ -212,6 +214,7 @@ void Server::process_handshake_msg(Handshake_Type type, Session session_info; const bool resuming = check_for_resume(session_info, session_manager, + creds, state->client_hello); if(resuming) @@ -251,12 +254,19 @@ void Server::process_handshake_msg(Handshake_Type type, session_manager.remove_entry(session_info.session_id()); } - // Should only send a new ticket if we need too (eg old session) + // FIXME: should only send a new ticket if we need too (eg old session) if(state->server_hello->supports_session_ticket() && !state->new_session_ticket) { - state->new_session_ticket = - new New_Session_Ticket(writer, state->hash, - session_info.encrypt(SymmetricKey("ABCDEF"), rng)); + try + { + SymmetricKey key = creds.psk("tls-server", "session-ticket", ""); + state->new_session_ticket = + new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng)); + } + catch(...) + { + state->new_session_ticket = new New_Session_Ticket(writer, state->hash); + } } writer.send(CHANGE_CIPHER_SPEC, 1); @@ -266,7 +276,6 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_finished = new Finished(writer, state, SERVER); - state->set_expected_next(HANDSHAKE_CCS); } else // new session @@ -478,9 +487,13 @@ void Server::process_handshake_msg(Handshake_Type type, { if(state->server_hello->supports_session_ticket()) { - state->new_session_ticket = - new New_Session_Ticket(writer, state->hash, - session_info.encrypt(SymmetricKey("ABCDEF"), rng)); + try + { + SymmetricKey key = creds.psk("tls-server", "session-ticket", ""); + state->new_session_ticket = + new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng)); + } + catch(...) {} } else session_manager.save(session_info); |