diff options
-rw-r--r-- | doc/examples/asio_tls_server.cpp | 16 | ||||
-rw-r--r-- | doc/examples/tls_client.cpp | 6 | ||||
-rw-r--r-- | doc/examples/tls_server.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_alert.cpp | 71 | ||||
-rw-r--r-- | src/tls/tls_alert.h | 2 | ||||
-rw-r--r-- | src/tls/tls_channel.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_channel.h | 4 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_client.h | 4 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_server.h | 4 |
11 files changed, 100 insertions, 31 deletions
diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index 6d6c0e80e..58f59d968 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -84,7 +84,7 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess } catch(std::exception& e) { - printf("Failed - %s\n", e.what()); + std::cout << "Read failed " << e.what() << "\n"; stop(); return; } @@ -98,7 +98,6 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess else { stop(); - //printf("Error in read: %s\n", error.message().c_str()); } } @@ -114,7 +113,6 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess } else { - //printf("Error in write: %s\n", error.message().c_str()); stop(); } } @@ -139,12 +137,11 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess } } - void tls_data_recv(const byte buf[], size_t buf_len, Botan::u16bit alert_info) + void tls_data_recv(const byte buf[], size_t buf_len, Botan::TLS::Alert alert) { - if(buf_len == 0 && alert_info != Botan::TLS::NULL_ALERT) + if(alert.is_valid()) { - //printf("Alert: %d\n", alert_info); - if(alert_info == 0) + if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY) { m_tls.close(); return; @@ -157,7 +154,8 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess out += "\r\n"; out += "HTTP/1.0 200 OK\r\n"; out += "Server: Botan ASIO test server\r\n"; - out += "Host: 192.168.10.5\r\n"; + if(m_hostname != "") + out += "Host: " + m_hostname + "\r\n"; out += "Content-Type: text/html\r\n"; out += "\r\n"; out += "<html><body>Greets. You said: "; @@ -172,6 +170,7 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess bool tls_handshake_complete(const Botan::TLS::Session& session) { + m_hostname = session.sni_hostname(); return true; } @@ -179,6 +178,7 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess tcp::socket m_socket; Botan::TLS::Server m_tls; + std::string m_hostname; unsigned char m_read_buf[Botan::TLS::MAX_TLS_RECORD_SIZE]; diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 80947af62..1cca002af 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -90,11 +90,11 @@ void socket_write(int sockfd, const byte buf[], size_t length) bool got_alert = false; -void process_data(const byte buf[], size_t buf_size, u16bit alert_info) +void process_data(const byte buf[], size_t buf_size, TLS::Alert alert) { - if(alert_info != TLS::NULL_ALERT) + if(alert.is_valid()) { - std::cout << "Alert: " << alert_info << "\n"; + std::cout << "Alert: " << alert.type_string() << "\n"; got_alert = true; } diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index e896b5bcc..a5f2c5d78 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -100,11 +100,11 @@ class Blocking_TLS_Server } } - void reader_fn(const byte buf[], size_t buf_len, u16bit alert_code) + void reader_fn(const byte buf[], size_t buf_len, TLS::Alert alert) { - if(buf_len == 0 && alert_code != TLS::NULL_ALERT) + if(alert.is_valid()) { - printf("Alert: %d\n", alert_code); + printf("Alert %s\n", alert.type_string().c_str()); //exit = true; } diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index 63cac9d79..9d2b74aca 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -37,7 +37,76 @@ Alert::Alert(const MemoryRegion<byte>& buf) std::string Alert::type_string() const { - return ""; + switch(type()) + { + case CLOSE_NOTIFY: + return "close_notify"; + case UNEXPECTED_MESSAGE: + return "unexpected_message"; + case BAD_RECORD_MAC: + return "bad_record_mac"; + case DECRYPTION_FAILED: + return "decryption_failed"; + case RECORD_OVERFLOW: + return "record_overflow"; + case DECOMPRESSION_FAILURE: + return "decompression_failure"; + case HANDSHAKE_FAILURE: + return "handshake_failure"; + case NO_CERTIFICATE: + return "no_certificate"; + case BAD_CERTIFICATE: + return "bad_certificate"; + case UNSUPPORTED_CERTIFICATE: + return "unsupported_certificate"; + case CERTIFICATE_REVOKED: + return "certificate_revoked"; + case CERTIFICATE_EXPIRED: + return "certificate_expired"; + case CERTIFICATE_UNKNOWN: + return "certificate_unknown"; + case ILLEGAL_PARAMETER: + return "illegal_parameter"; + case UNKNOWN_CA: + return "unknown_ca"; + case ACCESS_DENIED: + return "access_denied"; + case DECODE_ERROR: + return "decode_error"; + case DECRYPT_ERROR: + return "decrypt_error"; + case EXPORT_RESTRICTION: + return "export_restriction"; + case PROTOCOL_VERSION: + return "protocol_version"; + case INSUFFICIENT_SECURITY: + return "insufficient_security"; + case INTERNAL_ERROR: + return "internal_error"; + case USER_CANCELED: + return "user_canceled"; + case NO_RENEGOTIATION: + return "no_renegotiation"; + + case UNSUPPORTED_EXTENSION: + return "unsupported_extension"; + case UNRECOGNIZED_NAME: + return "unrecognized_name"; + + case UNKNOWN_PSK_IDENTITY: + return "unknown_psk_identity"; + + case NULL_ALERT: + return ""; + } + + /* + * This is effectively the default case for the switch above, but we + * leave it out so that when an alert type is added to the enum the + * compiler can warn us that it is not included in the switch + * statement. + */ + return "unrecognized_alert_" + to_string(type()); } diff --git a/src/tls/tls_alert.h b/src/tls/tls_alert.h index 5a888805e..d09b79168 100644 --- a/src/tls/tls_alert.h +++ b/src/tls/tls_alert.h @@ -18,7 +18,7 @@ namespace TLS { /** * SSL/TLS Alert Message */ -class Alert +class BOTAN_DLL Alert { public: enum Level { diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 4c8cc4fbf..372d4125f 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), @@ -66,7 +66,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) * following record. Avoid spurious callbacks. */ if(record.size() > 0) - proc_fn(&record[0], record.size(), Alert::NULL_ALERT); + proc_fn(&record[0], record.size(), Alert()); } else { @@ -83,7 +83,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) alert_notify(alert_msg); - proc_fn(0, 0, alert_msg.type()); + proc_fn(0, 0, alert_msg); if(alert_msg.type() == Alert::CLOSE_NOTIFY) { diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 75d2b5918..bba6c23ec 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -63,7 +63,7 @@ class BOTAN_DLL Channel std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; } Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_complete); virtual ~Channel(); @@ -85,7 +85,7 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn; + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn; std::tr1::function<bool (const Session&)> handshake_fn; Record_Writer writer; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 0fb80e034..9fbf8c772 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -19,7 +19,7 @@ namespace TLS { * TLS Client Constructor */ Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, @@ -96,9 +96,9 @@ void Client::renegotiate() secure_renegotiation.update(state->client_hello); } -void Client::alert_notify(bool, Alert::Type type) +void Client::alert_notify(const Alert& alert) { - if(type == Alert::NO_RENEGOTIATION) + if(alert.type() == Alert::NO_RENEGOTIATION) { if(handshake_completed && state) { diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 9f8e33f30..f5528f4c1 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -43,7 +43,7 @@ class BOTAN_DLL Client : public Channel * the client should return the protocol it would like to use. */ Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, @@ -58,7 +58,7 @@ class BOTAN_DLL Client : public Channel void process_handshake_msg(Handshake_Type type, const MemoryRegion<byte>& contents); - void alert_notify(bool is_fatal, Alert::Type type); + void alert_notify(const Alert& alert); const Policy& policy; RandomNumberGenerator& rng; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index d5357f86e..069c8f7e1 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -68,7 +68,7 @@ bool check_for_resume(Session& session_info, * TLS Server Constructor */ Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, @@ -97,9 +97,9 @@ void Server::renegotiate() Hello_Request hello_req(writer); } -void Server::alert_notify(bool, Alert::Type type) +void Server::alert_notify(const Alert& alert) { - if(type == Alert::NO_RENEGOTIATION) + if(alert.type() == Alert::NO_RENEGOTIATION) { if(handshake_completed && state) { diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 5be2b1bb0..bb385e420 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -27,7 +27,7 @@ class BOTAN_DLL Server : public Channel * Server initialization */ Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn, - std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, + std::tr1::function<void (const byte[], size_t, Alert)> proc_fn, std::tr1::function<bool (const Session&)> handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, @@ -55,7 +55,7 @@ class BOTAN_DLL Server : public Channel void process_handshake_msg(Handshake_Type, const MemoryRegion<byte>&); - void alert_notify(bool is_fatal, Alert::Type type); + void alert_notify(const Alert& alert); const Policy& policy; RandomNumberGenerator& rng; |