diff options
Diffstat (limited to 'src/ssl/tls_server.cpp')
-rw-r--r-- | src/ssl/tls_server.cpp | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 37d9dbcd1..47902a71c 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -25,9 +25,9 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) throw TLS_Exception(PROTOCOL_VERSION, "Client version is unacceptable by policy"); - if(client == SSL_V3 || client == TLS_V10) + if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11) return client; - return TLS_V10; + return TLS_V11; } // FIXME: checks are wrong for session reuse (add a flag for that) @@ -88,7 +88,8 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state) TLS_Server::TLS_Server(RandomNumberGenerator& r, Socket& sock, const X509_Certificate& cert, const Private_Key& key, const TLS_Policy* pol) : - rng(r), writer(sock), reader(sock), policy(pol ? pol : new TLS_Policy) + rng(r), peer(sock), + writer(sock), policy(pol ? pol : new TLS_Policy) { peer_id = sock.peer_id(); @@ -112,7 +113,8 @@ TLS_Server::TLS_Server(RandomNumberGenerator& r, } writer.alert(FATAL, HANDSHAKE_FAILURE); - throw Stream_IO_Error("TLS_Server: Handshake failed"); + throw Stream_IO_Error(std::string("TLS_Server: Handshake failed: ") + + e.what()); } } @@ -207,8 +209,26 @@ void TLS_Server::close(Alert_Level level, Alert_Type alert_code) */ void TLS_Server::state_machine() { - byte rec_type; - SecureVector<byte> record = reader.get_record(rec_type); + byte rec_type = CONNECTION_CLOSED; + SecureVector<byte> record(1024); + + u32bit bytes_needed = reader.get_record(rec_type, record); + + while(bytes_needed) + { + u32bit to_get = std::min<u32bit>(record.size(), bytes_needed); + u32bit got = peer.read(&record[0], to_get); + + if(got == 0) + { + rec_type = CONNECTION_CLOSED; + break; + } + + reader.add_input(&record[0], got); + + bytes_needed = reader.get_record(rec_type, record); + } if(rec_type == CONNECTION_CLOSED) { @@ -250,7 +270,11 @@ void TLS_Server::read_handshake(byte rec_type, const MemoryRegion<byte>& rec_buf) { if(rec_type == HANDSHAKE) + { + if(!state) + state = new Handshake_State; state->queue.write(rec_buf, rec_buf.size()); + } while(true) { @@ -301,14 +325,6 @@ void TLS_Server::read_handshake(byte rec_type, void TLS_Server::process_handshake_msg(Handshake_Type type, const MemoryRegion<byte>& contents) { - if(type == CLIENT_HELLO) - { - if(state == 0) - state = new Handshake_State(); - else - return; - } - if(state == 0) throw Unexpected_Message("Unexpected handshake message"); @@ -327,6 +343,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->client_hello = new Client_Hello(contents); + client_requested_hostname = state->client_hello->hostname(); + state->version = choose_version(state->client_hello->version(), policy->min_version()); |