aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-22 20:40:33 +0000
committerlloyd <[email protected]>2012-03-22 20:40:33 +0000
commit0a07acbfc915971a3da7e8f7e27819be8cbff923 (patch)
tree40f7c6114383bd6da5d793211b0839b24bfa392b /src
parent34940b08d7328a0baa51256781f5bb802a966217 (diff)
Call Credentials_Manager::psk for the session ticket key.
Diffstat (limited to 'src')
-rw-r--r--src/tls/tls_server.cpp35
1 files changed, 24 insertions, 11 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 7632dfcdd..a0920fc28 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -20,6 +20,7 @@ namespace {
bool check_for_resume(Session& session_info,
Session_Manager& session_manager,
+ Credentials_Manager& credentials,
Client_Hello* client_hello)
{
const MemoryVector<byte>& client_session_id = client_hello->session_id();
@@ -39,10 +40,11 @@ bool check_for_resume(Session& session_info,
// If a session ticket was sent, ignore client session ID
try
{
-#warning fixed key
- session_info = Session::decrypt(session_ticket, SymmetricKey("ABCDEF"));
+ session_info = Session::decrypt(
+ session_ticket,
+ credentials.psk("tls-server", "session-ticket", ""));
}
- catch(std::exception& e)
+ catch(...)
{
return false;
}
@@ -212,6 +214,7 @@ void Server::process_handshake_msg(Handshake_Type type,
Session session_info;
const bool resuming = check_for_resume(session_info,
session_manager,
+ creds,
state->client_hello);
if(resuming)
@@ -251,12 +254,19 @@ void Server::process_handshake_msg(Handshake_Type type,
session_manager.remove_entry(session_info.session_id());
}
- // Should only send a new ticket if we need too (eg old session)
+ // FIXME: should only send a new ticket if we need too (eg old session)
if(state->server_hello->supports_session_ticket() && !state->new_session_ticket)
{
- state->new_session_ticket =
- new New_Session_Ticket(writer, state->hash,
- session_info.encrypt(SymmetricKey("ABCDEF"), rng));
+ try
+ {
+ SymmetricKey key = creds.psk("tls-server", "session-ticket", "");
+ state->new_session_ticket =
+ new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng));
+ }
+ catch(...)
+ {
+ state->new_session_ticket = new New_Session_Ticket(writer, state->hash);
+ }
}
writer.send(CHANGE_CIPHER_SPEC, 1);
@@ -266,7 +276,6 @@ void Server::process_handshake_msg(Handshake_Type type,
state->server_finished = new Finished(writer, state, SERVER);
-
state->set_expected_next(HANDSHAKE_CCS);
}
else // new session
@@ -478,9 +487,13 @@ void Server::process_handshake_msg(Handshake_Type type,
{
if(state->server_hello->supports_session_ticket())
{
- state->new_session_ticket =
- new New_Session_Ticket(writer, state->hash,
- session_info.encrypt(SymmetricKey("ABCDEF"), rng));
+ try
+ {
+ SymmetricKey key = creds.psk("tls-server", "session-ticket", "");
+ state->new_session_ticket =
+ new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng));
+ }
+ catch(...) {}
}
else
session_manager.save(session_info);