diff options
author | lloyd <[email protected]> | 2012-01-27 00:34:47 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-27 00:34:47 +0000 |
commit | 25b549117c2f0c1e01810c9929a4204e846b70b8 (patch) | |
tree | 3fbb43a5dff2b8e016bdadebb3cae178b7050a84 /src | |
parent | 17554e7261c56b809c48a55b3afffe7f87a3a8e1 (diff) |
First attempt to get certificates matching the name the client sent in
the SNI extension. If we can't find anything, send an unrecognized_name
alert and then retry with the requested server name as "" (ie default).
Diffstat (limited to 'src')
-rw-r--r-- | src/tls/tls_server.cpp | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 069c8f7e1..9002c3e05 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -62,6 +62,26 @@ bool check_for_resume(Session& session_info, return true; } +std::map<std::string, std::vector<X509_Certificate> > +get_server_certs(const std::string& hostname, + Credentials_Manager& creds) + { + const char* cert_types[] = { "RSA", "DSA", "ECDSA", 0 }; + + std::map<std::string, std::vector<X509_Certificate> > cert_chains; + + for(size_t i = 0; cert_types[i]; ++i) + { + std::vector<X509_Certificate> certs = + creds.cert_chain_single_type(cert_types[i], "tls-server", hostname); + + if(!certs.empty()) + cert_chains[cert_types[i]] = certs; + } + + return cert_chains; + } + } /* @@ -221,9 +241,13 @@ void Server::process_handshake_msg(Handshake_Type type, { std::map<std::string, std::vector<X509_Certificate> > cert_chains; - cert_chains["RSA"] = creds.cert_chain_single_type("RSA", "tls-server", m_hostname); - cert_chains["DSA"] = creds.cert_chain_single_type("DSA", "tls-server", m_hostname); - cert_chains["ECDSA"] = creds.cert_chain_single_type("ECDSA", "tls-server", m_hostname); + cert_chains = get_server_certs(m_hostname, creds); + + if(m_hostname != "" && cert_chains.empty()) + { + send_alert(Alert(Alert::UNRECOGNIZED_NAME)); + cert_chains = get_server_certs("", creds); + } std::vector<std::string> available_cert_types; |