fill the server hello in the server and check the return value in the client.
This commit is contained in:
parent
96e6979ed4
commit
8329187394
2 changed files with 16 additions and 2 deletions
|
@ -361,11 +361,20 @@ handshakeServerWith ctx (ClientHello ver _ _ ciphers compressions _) = do
|
|||
-- the necessary bits set.
|
||||
|
||||
-- send ServerHello & Certificate & ServerKeyXchg & CertReq
|
||||
secReneg <- usingState_ ctx getSecureRenegotiation
|
||||
extensions <- if secReneg
|
||||
then do
|
||||
vf <- usingState_ ctx $ do
|
||||
cvf <- getVerifiedData True
|
||||
svf <- getVerifiedData False
|
||||
return $ B.concat [cvf,svf]
|
||||
return [ (0xff01, vf) ]
|
||||
else return []
|
||||
sendPacket ctx $ Handshake $ ServerHello ver srand
|
||||
(Session Nothing)
|
||||
(cipherID usedCipher)
|
||||
(compressionID usedCompression)
|
||||
[]
|
||||
extensions
|
||||
sendPacket ctx (Handshake $ Certificates srvCerts)
|
||||
when needKeyXchg $ do
|
||||
let skg = SKX_RSA Nothing
|
||||
|
|
|
@ -100,6 +100,9 @@ processHandshake ver ty econtent = do
|
|||
mapM_ processClientExtension ex
|
||||
startHandshakeClient cver ran
|
||||
ServerHello sver ran _ _ _ ex -> when clientmode $ do
|
||||
-- FIXME notify the user to take action if the extension requested is missing
|
||||
-- secreneg <- getSecureRenegotiation
|
||||
-- when (secreneg && (isNothing $ lookup 0xff01 ex)) $ ...
|
||||
mapM_ processServerExtension ex
|
||||
setServerRandom ran
|
||||
setVersion sver
|
||||
|
@ -119,7 +122,9 @@ processHandshake ver ty econtent = do
|
|||
processClientExtension _ = return ()
|
||||
|
||||
processServerExtension (0xff01, content) = do
|
||||
-- do something
|
||||
cv <- getVerifiedData True
|
||||
sv <- getVerifiedData False
|
||||
when (B.concat [cv,sv] /= content) $ throwError $ Error_Protocol ("server secure renegotiation data not matching", True, HandshakeFailure)
|
||||
return ()
|
||||
|
||||
processServerExtension _ = return ()
|
||||
|
|
Loading…
Reference in a new issue