aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_client.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_client.cpp')
-rw-r--r--src/tls/tls_client.cpp24
1 files changed, 11 insertions, 13 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index e0f9b11d8..d60aa611e 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -218,8 +218,6 @@ void Client::process_handshake_msg(Handshake_Type type,
m_peer_supports_heartbeats = m_state->server_hello()->supports_heartbeats();
m_heartbeat_sending_allowed = m_state->server_hello()->peer_can_send_heartbeats();
- m_state->suite = Ciphersuite::by_id(m_state->server_hello()->ciphersuite());
-
const bool server_returned_same_session_id =
!m_state->server_hello()->session_id().empty() &&
(m_state->server_hello()->session_id() == m_state->client_hello()->session_id());
@@ -262,11 +260,11 @@ void Client::process_handshake_msg(Handshake_Type type,
"Server version is unacceptable by policy");
}
- if(m_state->suite.sig_algo() != "")
+ if(m_state->ciphersuite().sig_algo() != "")
{
m_state->set_expected_next(CERTIFICATE);
}
- else if(m_state->suite.kex_algo() == "PSK")
+ else if(m_state->ciphersuite().kex_algo() == "PSK")
{
/* PSK is anonymous so no certificate/cert req message is
ever sent. The server may or may not send a server kex,
@@ -279,7 +277,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->set_expected_next(SERVER_KEX);
m_state->set_expected_next(SERVER_HELLO_DONE);
}
- else if(m_state->suite.kex_algo() != "RSA")
+ else if(m_state->ciphersuite().kex_algo() != "RSA")
{
m_state->set_expected_next(SERVER_KEX);
}
@@ -292,7 +290,7 @@ void Client::process_handshake_msg(Handshake_Type type,
}
else if(type == CERTIFICATE)
{
- if(m_state->suite.kex_algo() != "RSA")
+ if(m_state->ciphersuite().kex_algo() != "RSA")
{
m_state->set_expected_next(SERVER_KEX);
}
@@ -320,7 +318,7 @@ void Client::process_handshake_msg(Handshake_Type type,
std::unique_ptr<Public_Key> peer_key(m_peer_certs[0].subject_public_key());
- if(peer_key->algo_name() != m_state->suite.sig_algo())
+ if(peer_key->algo_name() != m_state->ciphersuite().sig_algo())
throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
"Certificate key type did not match ciphersuite");
}
@@ -331,12 +329,12 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->server_kex(
new Server_Key_Exchange(contents,
- m_state->suite.kex_algo(),
- m_state->suite.sig_algo(),
+ m_state->ciphersuite().kex_algo(),
+ m_state->ciphersuite().sig_algo(),
m_state->version())
);
- if(m_state->suite.sig_algo() != "")
+ if(m_state->ciphersuite().sig_algo() != "")
{
if(!m_state->server_kex()->verify(m_peer_certs[0], m_state.get()))
{
@@ -409,7 +407,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_writer.send(CHANGE_CIPHER_SPEC, 1);
m_writer.change_cipher_spec(CLIENT,
- m_state->suite,
+ m_state->ciphersuite(),
m_state->keys,
m_state->server_hello()->compression_method());
@@ -443,7 +441,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_state->set_expected_next(FINISHED);
m_reader.change_cipher_spec(CLIENT,
- m_state->suite,
+ m_state->ciphersuite(),
m_state->keys,
m_state->server_hello()->compression_method());
}
@@ -464,7 +462,7 @@ void Client::process_handshake_msg(Handshake_Type type,
m_writer.send(CHANGE_CIPHER_SPEC, 1);
m_writer.change_cipher_spec(CLIENT,
- m_state->suite,
+ m_state->ciphersuite(),
m_state->keys,
m_state->server_hello()->compression_method());