fill the server hello in the server and check the return value in the client.

Network/TLS/Core.hs

@@ -361,11 +361,20 @@ handshakeServerWith ctx (ClientHello ver _ _ ciphers compressions _) = do
 			-- the necessary bits set.
 
 			-- send ServerHello & Certificate & ServerKeyXchg & CertReq
+			secReneg   <- usingState_ ctx getSecureRenegotiation
+			extensions <- if secReneg
+				then do
+					vf <- usingState_ ctx $ do
+						cvf <- getVerifiedData True
+						svf <- getVerifiedData False
+						return $ B.concat [cvf,svf]
+					return [ (0xff01, vf) ]
+				else return []
 			sendPacket ctx $ Handshake $ ServerHello ver srand
 			                                         (Session Nothing)
 			                                         (cipherID usedCipher)
 			                                         (compressionID usedCompression)
-			                                         []
+			                                         extensions
 			sendPacket ctx (Handshake $ Certificates srvCerts)
 			when needKeyXchg $ do
 				let skg = SKX_RSA Nothing

Network/TLS/Receiving.hs

@@ -100,6 +100,9 @@ processHandshake ver ty econtent = do
 			mapM_ processClientExtension ex
 			startHandshakeClient cver ran
 		ServerHello sver ran _ _ _ ex -> when clientmode $ do
+			-- FIXME notify the user to take action if the extension requested is missing
+			-- secreneg <- getSecureRenegotiation
+			-- when (secreneg && (isNothing $ lookup 0xff01 ex)) $ ...
 			mapM_ processServerExtension ex
 			setServerRandom ran
 			setVersion sver
@@ -119,7 +122,9 @@ processHandshake ver ty econtent = do
 		processClientExtension _ = return ()
 
 		processServerExtension (0xff01, content) = do
-			-- do something
+			cv <- getVerifiedData True
+			sv <- getVerifiedData False
+			when (B.concat [cv,sv] /= content) $ throwError $ Error_Protocol ("server secure renegotiation data not matching", True, HandshakeFailure)
 			return ()
 
 		processServerExtension _ = return ()