aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl/tls_server.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/tls_server.cpp')
-rw-r--r--src/ssl/tls_server.cpp46
1 files changed, 32 insertions, 14 deletions
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index 37d9dbcd1..47902a71c 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -25,9 +25,9 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
throw TLS_Exception(PROTOCOL_VERSION,
"Client version is unacceptable by policy");
- if(client == SSL_V3 || client == TLS_V10)
+ if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11)
return client;
- return TLS_V10;
+ return TLS_V11;
}
// FIXME: checks are wrong for session reuse (add a flag for that)
@@ -88,7 +88,8 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state)
TLS_Server::TLS_Server(RandomNumberGenerator& r,
Socket& sock, const X509_Certificate& cert,
const Private_Key& key, const TLS_Policy* pol) :
- rng(r), writer(sock), reader(sock), policy(pol ? pol : new TLS_Policy)
+ rng(r), peer(sock),
+ writer(sock), policy(pol ? pol : new TLS_Policy)
{
peer_id = sock.peer_id();
@@ -112,7 +113,8 @@ TLS_Server::TLS_Server(RandomNumberGenerator& r,
}
writer.alert(FATAL, HANDSHAKE_FAILURE);
- throw Stream_IO_Error("TLS_Server: Handshake failed");
+ throw Stream_IO_Error(std::string("TLS_Server: Handshake failed: ") +
+ e.what());
}
}
@@ -207,8 +209,26 @@ void TLS_Server::close(Alert_Level level, Alert_Type alert_code)
*/
void TLS_Server::state_machine()
{
- byte rec_type;
- SecureVector<byte> record = reader.get_record(rec_type);
+ byte rec_type = CONNECTION_CLOSED;
+ SecureVector<byte> record(1024);
+
+ u32bit bytes_needed = reader.get_record(rec_type, record);
+
+ while(bytes_needed)
+ {
+ u32bit to_get = std::min<u32bit>(record.size(), bytes_needed);
+ u32bit got = peer.read(&record[0], to_get);
+
+ if(got == 0)
+ {
+ rec_type = CONNECTION_CLOSED;
+ break;
+ }
+
+ reader.add_input(&record[0], got);
+
+ bytes_needed = reader.get_record(rec_type, record);
+ }
if(rec_type == CONNECTION_CLOSED)
{
@@ -250,7 +270,11 @@ void TLS_Server::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE)
+ {
+ if(!state)
+ state = new Handshake_State;
state->queue.write(rec_buf, rec_buf.size());
+ }
while(true)
{
@@ -301,14 +325,6 @@ void TLS_Server::read_handshake(byte rec_type,
void TLS_Server::process_handshake_msg(Handshake_Type type,
const MemoryRegion<byte>& contents)
{
- if(type == CLIENT_HELLO)
- {
- if(state == 0)
- state = new Handshake_State();
- else
- return;
- }
-
if(state == 0)
throw Unexpected_Message("Unexpected handshake message");
@@ -327,6 +343,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
state->client_hello = new Client_Hello(contents);
+ client_requested_hostname = state->client_hello->hostname();
+
state->version = choose_version(state->client_hello->version(),
policy->min_version());