diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-27 21:10:39 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-27 21:10:39 +0000 |
commit | ff92d28ef7eee95b4136096e804b1cda7b0f6cb0 (patch) | |
tree | 9ecf0352584fb9590be423783905074dcf167cc6 /lib/gnutls_v2_compat.c | |
parent | ab9418adda3901b1f73ad63b49aefc5a2fcc61da (diff) | |
download | gnutls-ff92d28ef7eee95b4136096e804b1cda7b0f6cb0.tar.gz |
Added support to select a certificate based on the peer's cipher
suite list. (ie if DSS cipher suites are requested and a DSA certificate
is available, then this will be used)
Diffstat (limited to 'lib/gnutls_v2_compat.c')
-rw-r--r-- | lib/gnutls_v2_compat.c | 74 |
1 files changed, 22 insertions, 52 deletions
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index e5fbbb4356..4c77bc1789 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -35,62 +35,34 @@ #include "gnutls_random.h" #include "gnutls_auth_int.h" -int _gnutls_SelectCompMethod(GNUTLS_STATE state, CompressionMethod * ret, opaque * data, int datalen); - /* This selects the best supported ciphersuite from the ones provided */ -static int SelectSuite_v2(GNUTLS_STATE state, opaque ret[2], char *data, - int datalen) +static int _gnutls_handshake_select_v2_suite(GNUTLS_STATE state, char *data, int datalen) { - int x, i, j; - GNUTLS_CipherSuite *ciphers; - - x = _gnutls_supported_ciphersuites(state, &ciphers); - x = _gnutls_remove_unwanted_ciphersuites( state, &ciphers, x); - -#ifdef HANDSHAKE_DEBUG - _gnutls_handshake_log( "HSK: Requested cipher suites [v2 hello]: \n"); - for (j = 0; j < datalen; j += 3) { - if (data[j] == 0) { /* only print if in v2 compat mode */ - _gnutls_handshake_log( "\t%s\n", - _gnutls_cipher_suite_get_name(* - ((GNUTLS_CipherSuite *) & data[j+1]))); - } + int i, j, ret; + char* _data; + int _datalen; + + _data = gnutls_malloc( datalen); + if (_data==NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_handshake_log( "HSK: Supported cipher suites: \n"); - for (j = 0; j < x; j++) - _gnutls_handshake_log( "\t%s\n", - _gnutls_cipher_suite_get_name(ciphers[j])); -#endif - memset(ret, '\0', 2); + _gnutls_handshake_log( "HSK: Parsing a version 2.0 client hello.\n"); + + i = _datalen = 0; for (j = 0; j < datalen; j += 3) { - for (i = 0; i < x; i++) { - if (data[j] == 0) - if ( memcmp(ciphers[i].CipherSuite, &data[j+1], - 2) == 0) { - - _gnutls_handshake_log( - "HSK: Selected cipher suite: "); - _gnutls_handshake_log( "%s\n", - _gnutls_cipher_suite_get_name - (* - ((GNUTLS_CipherSuite *) & - data[j+1]))); - - memcpy(ret, - ciphers[i].CipherSuite, - 2); - gnutls_free(ciphers); - - return 0; - } + if (data[j] == 0) { + memcpy( &_data[i], &data[j+1], 2); + i+=2; + _datalen+=2; } } + ret = _gnutls_server_select_suite( state, _data, _datalen); + gnutls_free(_data); - gnutls_free(ciphers); - gnutls_assert(); - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + return ret; } @@ -118,7 +90,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, DECR_LEN(len, 2); - _gnutls_handshake_log( "HSK: V2 Hello: Client's version: %d.%d\n", data[pos], + _gnutls_handshake_log( "HSK: SSL 2.0 Hello: Client's version: %d.%d\n", data[pos], data[pos + 1]); set_adv_version( state, data[pos], data[pos+1]); @@ -170,9 +142,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, /* find an appropriate cipher suite */ DECR_LEN(len, sizeOfSuites); - ret = SelectSuite_v2(state, state->security_parameters. - current_cipher_suite.CipherSuite, - &data[pos], sizeOfSuites); + ret = _gnutls_handshake_select_v2_suite(state, &data[pos], sizeOfSuites); pos += sizeOfSuites; if (ret < 0) { @@ -198,7 +168,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, if (state->gnutls_internals.auth_struct == NULL) { _gnutls_handshake_log( - "HSK: V2 Hello: Cannot find the appropriate handler for the KX algorithm\n"); + "HSK: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n"); gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; |