Cryptography Reference
In-Depth Information
Recall that
CipherSuiteIdentifier
was defi ned as part of the client hello.
parse_server_hello
is something of the opposite of
send_client_hello
and it even makes use of a function complementary to
append_buffer
, shown
in Listing 6-25.
Listing 6-25:
“tls.c” read_buffer
static char *read_buffer( char *dest, char *src, size_t n )
{
memcpy( dest, src, n );
return src + n;
}
Reporting Server Alerts
What if the server doesn't happen to support
TLS_RSA_WITH_3DES_EDE_CBC_
SHA
(or any of the cipher suites on the list the client sends)? It doesn't return a
server_hello
at all; instead it responds with an alert message. You need to be
prepared to deal with alerts at any time, so extend
receive_tls_message
to
handle alerts as shown in Listing 6-26.
Listing 6-26:
“receive_tls_message” with alert support
static int receive_tls_msg( int connection,
TLSParameters *parameters )
{
…
if ( message.type == content_handshake )
{
…
}
else if ( message.type == content_alert )
{
while ( ( read_pos - decrypted_message ) < decrypted_length )
{
Alert alert;
read_pos = read_buffer( ( void * ) &alert.level,
( void * ) read_pos, 1 );
read_pos = read_buffer( ( void * ) &alert.description,
( void * ) read_pos, 1 );
report_alert( &alert );
if ( alert.level == fatal )
{
return -1;
}
}
}
Search WWH ::
Custom Search