1 files changed, 32 insertions, 61 deletions

diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 7da9fdc57..1244dd2d8 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -21,47 +21,6 @@ namespace TLS {
 */
 Server_Hello::Server_Hello(Record_Writer& writer,
                            Handshake_Hash& hash,
-                           Protocol_Version version,
-                           const Client_Hello& c_hello,
-                           const std::vector<std::string>& available_cert_types,
-                           const Policy& policy,
-                           bool have_session_ticket_key,
-                           bool client_has_secure_renegotiation,
-                           const MemoryRegion<byte>& reneg_info,
-                           bool client_has_npn,
-                           const std::vector<std::string>& next_protocols,
-                           RandomNumberGenerator& rng) :
-   s_version(version),
-   m_session_id(rng.random_vec(32)),
-   s_random(make_hello_random(rng)),
-   m_fragment_size(c_hello.fragment_size()),
-   m_secure_renegotiation(client_has_secure_renegotiation),
-   m_renegotiation_info(reneg_info),
-   m_next_protocol(client_has_npn),
-   m_next_protocols(next_protocols),
-   m_supports_session_ticket(have_session_ticket_key &&
-                             c_hello.supports_session_ticket())
-   {
-   suite = policy.choose_suite(
-      c_hello.ciphersuites(),
-      available_cert_types,
-      policy.choose_curve(c_hello.supported_ecc_curves()) != "",
-      false);
-
-   if(suite == 0)
-      throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
-                          "Can't agree on a ciphersuite with client");
-
-   comp_method = policy.choose_compression(c_hello.compression_methods());
-
-   hash.update(writer.send(*this));
-   }
-
-/*
-* Create a new Server Hello message
-*/
-Server_Hello::Server_Hello(Record_Writer& writer,
-                           Handshake_Hash& hash,
                            const MemoryRegion<byte>& session_id,
                            Protocol_Version ver,
                            u16bit ciphersuite,
@@ -69,21 +28,24 @@ Server_Hello::Server_Hello(Record_Writer& writer,
                            size_t max_fragment_size,
                            bool client_has_secure_renegotiation,
                            const MemoryRegion<byte>& reneg_info,
-                           bool client_supports_session_tickets,
+                           bool offer_session_ticket,
                            bool client_has_npn,
                            const std::vector<std::string>& next_protocols,
+                           bool client_has_heartbeat,
                            RandomNumberGenerator& rng) :
-   s_version(ver),
+   m_version(ver),
    m_session_id(session_id),
-   s_random(make_hello_random(rng)),
-   suite(ciphersuite),
-   comp_method(compression),
+   m_random(make_hello_random(rng)),
+   m_ciphersuite(ciphersuite),
+   m_comp_method(compression),
    m_fragment_size(max_fragment_size),
    m_secure_renegotiation(client_has_secure_renegotiation),
    m_renegotiation_info(reneg_info),
    m_next_protocol(client_has_npn),
    m_next_protocols(next_protocols),
-   m_supports_session_ticket(client_supports_session_tickets)
+   m_supports_session_ticket(offer_session_ticket),
+   m_supports_heartbeats(client_has_heartbeat),
+   m_peer_can_send_heartbeats(true)
    {
    hash.update(writer.send(*this));
    }
@@ -105,24 +67,24 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
    const byte major_version = reader.get_byte();
    const byte minor_version = reader.get_byte();
 
-   s_version = Protocol_Version(major_version, minor_version);
+   m_version = Protocol_Version(major_version, minor_version);
 
-   if(s_version != Protocol_Version::SSL_V3 &&
-      s_version != Protocol_Version::TLS_V10 &&
-      s_version != Protocol_Version::TLS_V11 &&
-      s_version != Protocol_Version::TLS_V12)
+   if(m_version != Protocol_Version::SSL_V3 &&
+      m_version != Protocol_Version::TLS_V10 &&
+      m_version != Protocol_Version::TLS_V11 &&
+      m_version != Protocol_Version::TLS_V12)
       {
       throw TLS_Exception(Alert::PROTOCOL_VERSION,
                           "Server_Hello: Unsupported server version");
       }
 
-   s_random = reader.get_fixed<byte>(32);
+   m_random = reader.get_fixed<byte>(32);
 
    m_session_id = reader.get_range<byte>(1, 0, 32);
 
-   suite = reader.get_u16bit();
+   m_ciphersuite = reader.get_u16bit();
 
-   comp_method = reader.get_byte();
+   m_comp_method = reader.get_byte();
 
    Extensions extensions(reader);
 
@@ -145,6 +107,12 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
          throw Decoding_Error("TLS server sent non-empty session ticket extension");
       m_supports_session_ticket = true;
       }
+
+   if(Heartbeat_Support_Indicator* hb = extensions.get<Heartbeat_Support_Indicator>())
+      {
+      m_supports_heartbeats = true;
+      m_peer_can_send_heartbeats = hb->peer_allowed_to_send();
+      }
    }
 
 /*
@@ -154,19 +122,22 @@ MemoryVector<byte> Server_Hello::serialize() const
    {
    MemoryVector<byte> buf;
 
-   buf.push_back(s_version.major_version());
-   buf.push_back(s_version.minor_version());
-   buf += s_random;
+   buf.push_back(m_version.major_version());
+   buf.push_back(m_version.minor_version());
+   buf += m_random;
 
    append_tls_length_value(buf, m_session_id, 1);
 
-   buf.push_back(get_byte(0, suite));
-   buf.push_back(get_byte(1, suite));
+   buf.push_back(get_byte(0, m_ciphersuite));
+   buf.push_back(get_byte(1, m_ciphersuite));
 
-   buf.push_back(comp_method);
+   buf.push_back(m_comp_method);
 
    Extensions extensions;
 
+   if(m_supports_heartbeats)
+      extensions.add(new Heartbeat_Support_Indicator(m_peer_can_send_heartbeats));
+
    if(m_secure_renegotiation)
       extensions.add(new Renegotation_Extension(m_renegotiation_info));