aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-10-20 22:41:22 -0400
committerJack Lloyd <[email protected]>2016-10-20 22:41:22 -0400
commit36e5b56eb4298e81e8413ac1ef0eada096df8abc (patch)
treefc1f885189293eb5ea3d1ea7edab7641b7cce89d /src
parent4b554a36b81b1a67987b6e32456c54c2ff4b6b49 (diff)
Tighten up TLS server handshake logic.
Previously client was allowed to omit the Certificate message, a leftover from supporting SSLv3. In all versions of TLS, an empty message must be sent if the client does not want to use a cert. No known security impact, but nothing we need to allow anymore. Clean up the handshake switch a bit by using return statements.
Diffstat (limited to 'src')
-rw-r--r--src/lib/tls/tls_server.cpp35
1 files changed, 15 insertions, 20 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 82e7fad75..5e3b222f1 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -633,32 +633,25 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
switch(type)
{
case CLIENT_HELLO:
- this->process_client_hello_msg(active_state, state, contents);
- break;
+ return this->process_client_hello_msg(active_state, state, contents);
case CERTIFICATE:
- this->process_certificate_msg(state, contents);
- break;
+ return this->process_certificate_msg(state, contents);
case CLIENT_KEX:
- this->process_client_key_exchange_msg(state, contents);
- break;
+ return this->process_client_key_exchange_msg(state, contents);
case CERTIFICATE_VERIFY:
- this->process_certificate_verify_msg(state, type, contents);
- break;
+ return this->process_certificate_verify_msg(state, type, contents);
case HANDSHAKE_CCS:
- this->process_change_cipher_spec_msg(state);
- break;
+ return this->process_change_cipher_spec_msg(state);
case FINISHED:
- this->process_finished_msg(state, type, contents);
- break;
+ return this->process_finished_msg(state, type, contents);
default:
throw Unexpected_Message("Unknown handshake message received");
- break;
}
}
@@ -839,15 +832,17 @@ void Server::session_create(Server_Handshake_State& pending_state,
client_auth_CAs,
pending_state.version()));
+ /*
+ SSLv3 allowed clients to skip the Certificate message entirely
+ if they wanted. In TLS v1.0 and later clients must send a
+ (possibly empty) Certificate message
+ */
pending_state.set_expected_next(CERTIFICATE);
}
-
- /*
- * If the client doesn't have a cert they want to use they are
- * allowed to send either an empty cert message or proceed
- * directly to the client key exchange, so allow either case.
- */
- pending_state.set_expected_next(CLIENT_KEX);
+ else
+ {
+ pending_state.set_expected_next(CLIENT_KEX);
+ }
pending_state.server_hello_done(new Server_Hello_Done(pending_state.handshake_io(), pending_state.hash()));
}