aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-27 00:34:47 +0000
committerlloyd <[email protected]>2012-01-27 00:34:47 +0000
commit25b549117c2f0c1e01810c9929a4204e846b70b8 (patch)
tree3fbb43a5dff2b8e016bdadebb3cae178b7050a84 /src
parent17554e7261c56b809c48a55b3afffe7f87a3a8e1 (diff)
First attempt to get certificates matching the name the client sent in
the SNI extension. If we can't find anything, send an unrecognized_name alert and then retry with the requested server name as "" (ie default).
Diffstat (limited to 'src')
-rw-r--r--src/tls/tls_server.cpp30
1 files changed, 27 insertions, 3 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 069c8f7e1..9002c3e05 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -62,6 +62,26 @@ bool check_for_resume(Session& session_info,
return true;
}
+std::map<std::string, std::vector<X509_Certificate> >
+get_server_certs(const std::string& hostname,
+ Credentials_Manager& creds)
+ {
+ const char* cert_types[] = { "RSA", "DSA", "ECDSA", 0 };
+
+ std::map<std::string, std::vector<X509_Certificate> > cert_chains;
+
+ for(size_t i = 0; cert_types[i]; ++i)
+ {
+ std::vector<X509_Certificate> certs =
+ creds.cert_chain_single_type(cert_types[i], "tls-server", hostname);
+
+ if(!certs.empty())
+ cert_chains[cert_types[i]] = certs;
+ }
+
+ return cert_chains;
+ }
+
}
/*
@@ -221,9 +241,13 @@ void Server::process_handshake_msg(Handshake_Type type,
{
std::map<std::string, std::vector<X509_Certificate> > cert_chains;
- cert_chains["RSA"] = creds.cert_chain_single_type("RSA", "tls-server", m_hostname);
- cert_chains["DSA"] = creds.cert_chain_single_type("DSA", "tls-server", m_hostname);
- cert_chains["ECDSA"] = creds.cert_chain_single_type("ECDSA", "tls-server", m_hostname);
+ cert_chains = get_server_certs(m_hostname, creds);
+
+ if(m_hostname != "" && cert_chains.empty())
+ {
+ send_alert(Alert(Alert::UNRECOGNIZED_NAME));
+ cert_chains = get_server_certs("", creds);
+ }
std::vector<std::string> available_cert_types;