From d27f5a1ec8a4c239d4526fcccd2054e729f71c8c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 00:09:38 -0500 Subject: On resuming a client session, save the certificates that were used. GH #1303 --- src/lib/tls/tls_channel.cpp | 5 +++++ src/lib/tls/tls_channel.h | 2 +- src/lib/tls/tls_client.cpp | 13 +++++++++++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 892e1a399..f56cff24b 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -117,6 +117,11 @@ std::vector Channel::peer_cert_chain() const return std::vector(); } +bool Channel::save_session(const Session& session) + { + return callbacks().tls_session_established(session); + } + Handshake_State& Channel::create_handshake_state(Protocol_Version version) { if(pending_state()) diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 070a190dd..0362faaa8 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -237,7 +237,7 @@ class BOTAN_PUBLIC_API(2,0) Channel const Policy& policy() const { return m_policy; } - bool save_session(const Session& session) const { return callbacks().tls_session_established(session); } + bool save_session(const Session& session); Callbacks& callbacks() const { return m_callbacks; } private: diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ad8fdfa2d..ed3821ed2 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -33,10 +33,11 @@ class Client_Handshake_State final : public Handshake_State return *server_public_key.get(); } + std::unique_ptr server_public_key; + // Used during session resumption secure_vector resume_master_secret; - - std::unique_ptr server_public_key; + std::vector resume_peer_certs; }; } @@ -119,6 +120,10 @@ Handshake_State* Client::new_handshake_state(Handshake_IO* io) std::vector Client::get_peer_cert_chain(const Handshake_State& state) const { + const Client_Handshake_State& cstate = dynamic_cast(state); + if(cstate.resume_peer_certs.size() > 0) + return cstate.resume_peer_certs; + if(state.server_certs()) return state.server_certs()->cert_chain(); return std::vector(); @@ -168,6 +173,7 @@ void Client::send_client_hello(Handshake_State& state_base, next_protocols)); state.resume_master_secret = session_info.master_secret(); + state.resume_peer_certs = session_info.peer_certs(); } } } @@ -321,6 +327,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { // new session + state.resume_master_secret.clear(); + state.resume_peer_certs.clear(); + if(state.client_hello()->version().is_datagram_protocol() != state.server_hello()->version().is_datagram_protocol()) { -- cgit v1.2.3