aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/tls/cert_req.cpp53
-rw-r--r--src/tls/tls_magic.h11
-rw-r--r--src/tls/tls_messages.h4
3 files changed, 52 insertions, 16 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index 3f70c306b..f400a36d2 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -17,6 +17,37 @@ namespace Botan {
namespace TLS {
+namespace {
+
+std::string cert_type_code_to_name(byte code)
+ {
+ switch(code)
+ {
+ case 1:
+ return "RSA";
+ case 2:
+ return "DSA";
+ case 64:
+ return "ECDSA";
+ default:
+ return ""; // DH or something else
+ }
+ }
+
+byte cert_type_name_to_code(const std::string& name)
+ {
+ if(name == "RSA")
+ return 1;
+ if(name == "DSA")
+ return 2;
+ if(name == "ECDSA")
+ return 64;
+
+ throw Invalid_Argument("Unknown cert type " + name);
+ }
+
+}
+
/**
* Create a new Certificate Request message
*/
@@ -29,8 +60,9 @@ Certificate_Req::Certificate_Req(Record_Writer& writer,
for(size_t i = 0; i != ca_certs.size(); ++i)
names.push_back(ca_certs[i].subject_dn());
- cert_types.push_back(RSA_CERT);
- cert_types.push_back(DSS_CERT);
+ cert_key_types.push_back("RSA");
+ cert_key_types.push_back("DSA");
+ cert_key_types.push_back("ECDSA");
if(version >= Protocol_Version::TLS_V12)
{
@@ -56,7 +88,17 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf,
TLS_Data_Reader reader(buf);
- cert_types = reader.get_range_vector<byte>(1, 1, 255);
+ std::vector<byte> cert_type_codes = reader.get_range_vector<byte>(1, 1, 255);
+
+ for(size_t i = 0; i != cert_type_codes.size(); ++i)
+ {
+ const std::string cert_type_name = cert_type_code_to_name(cert_type_codes[i]);
+
+ if(cert_type_name == "") // something we don't know
+ continue;
+
+ cert_key_types.push_back(cert_type_name);
+ }
if(version >= Protocol_Version::TLS_V12)
{
@@ -103,6 +145,11 @@ MemoryVector<byte> Certificate_Req::serialize() const
{
MemoryVector<byte> buf;
+ std::vector<byte> cert_types;
+
+ for(size_t i = 0; i != cert_key_types.size(); ++i)
+ cert_types.push_back(cert_type_name_to_code(cert_key_types[i]));
+
append_tls_length_value(buf, cert_types, 1);
if(!m_supported_algos.empty())
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index ebca860de..ff8906b86 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -94,17 +94,6 @@ enum Alert_Type {
NULL_ALERT = 255
};
-enum Certificate_Type {
- RSA_CERT = 1,
- DSS_CERT = 2,
- DH_RSA_CERT = 3,
- DH_DSS_CERT = 4,
-
- ECDSA_CERT = 64,
- ECDH_RSA_CERT = 65,
- ECDH_ECDSA_CERT = 66
-};
-
enum Ciphersuite_Code {
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 33cd9e493..b5a651e7d 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -260,7 +260,7 @@ class Certificate_Req : public Handshake_Message
public:
Handshake_Type type() const { return CERTIFICATE_REQUEST; }
- std::vector<byte> acceptable_types() const { return cert_types; }
+ std::vector<std::string> acceptable_keys() const { return cert_key_types; }
std::vector<X509_DN> acceptable_CAs() const { return names; }
std::vector<std::pair<std::string, std::string> > supported_algos() const
@@ -278,7 +278,7 @@ class Certificate_Req : public Handshake_Message
MemoryVector<byte> serialize() const;
std::vector<X509_DN> names;
- std::vector<byte> cert_types;
+ std::vector<std::string> cert_key_types;
std::vector<std::pair<std::string, std::string> > m_supported_algos;
};