aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_channel.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_channel.cpp')
-rw-r--r--src/tls/tls_channel.cpp68
1 files changed, 23 insertions, 45 deletions
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index bfb2ef9b5..6448ca2d4 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -457,73 +457,47 @@ void Channel::send_alert(const Alert& alert)
void Channel::secure_renegotiation_check(const Client_Hello* client_hello)
{
- const bool initial_handshake = !m_active_state;
+ const bool secure_renegotiation = client_hello->secure_renegotiation();
- if(initial_handshake)
- {
- m_secure_renegotiation = client_hello->secure_renegotiation();
- }
- else
+ if(m_active_state)
{
- if(secure_renegotiation_supported() && !client_hello->secure_renegotiation())
+ const bool active_sr = m_active_state->client_hello()->secure_renegotiation();
+
+ if(active_sr != secure_renegotiation)
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
"Client changed its mind about secure renegotiation");
}
- if(client_hello->secure_renegotiation())
+ if(secure_renegotiation)
{
const std::vector<byte>& data = client_hello->renegotiation_info();
- if(initial_handshake)
- {
- if(!data.empty())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Client sent renegotiation data on initial handshake");
- }
- else
- {
- if(data != secure_renegotiation_data_for_client_hello())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Client sent bad renegotiation data");
- }
+ if(data != secure_renegotiation_data_for_client_hello())
+ throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
+ "Client sent bad values for secure renegotiation");
}
}
void Channel::secure_renegotiation_check(const Server_Hello* server_hello)
{
- const bool initial_handshake = !m_active_state;
+ const bool secure_renegotiation = server_hello->secure_renegotiation();
- if(initial_handshake)
- {
- /* If the client offered but server rejected, then this toggles
- * secure renegotiation to off
- */
- if(m_secure_renegotiation)
- m_secure_renegotiation = server_hello->secure_renegotiation();
- }
- else
+ if(m_active_state)
{
- if(secure_renegotiation_supported() != server_hello->secure_renegotiation())
+ const bool active_sr = m_active_state->client_hello()->secure_renegotiation();
+
+ if(active_sr != secure_renegotiation)
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
"Server changed its mind about secure renegotiation");
}
- if(secure_renegotiation_supported())
+ if(secure_renegotiation)
{
const std::vector<byte>& data = server_hello->renegotiation_info();
- if(initial_handshake)
- {
- if(!data.empty())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Server sent renegotiation data on initial handshake");
- }
- else
- {
- if(data != secure_renegotiation_data_for_server_hello())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Server sent bad renegotiation data");
- }
+ if(data != secure_renegotiation_data_for_server_hello())
+ throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
+ "Server sent bad values for secure renegotiation");
}
}
@@ -548,7 +522,11 @@ std::vector<byte> Channel::secure_renegotiation_data_for_server_hello() const
bool Channel::secure_renegotiation_supported() const
{
- return m_secure_renegotiation;
+ if(m_active_state)
+ return m_active_state->server_hello()->secure_renegotiation();
+ if(m_pending_state && m_pending_state->server_hello())
+ return m_pending_state->server_hello()->secure_renegotiation();
+ return false;
}
SymmetricKey Channel::key_material_export(const std::string& label,