Cryptography Reference
In-Depth Information
Notice that alert level is checked. If the server specifi cally marks an alert as
a fatal, the handshake is aborted; otherwise, the handshake process continues.
Effectively this means that this implementation is ignoring warnings, which is
technically a Bad Thing. However, as noted previously, there's really not much
that can be done about the few alerts defi ned as warnings anyway. In any case, the
alert itself is written to
stdout
via the helper function
report_alert
in Listing 6-27.
Listing 6-27:
“tls.c” report_alert
static void report_alert( Alert *alert )
{
printf( “Alert - “ );
switch ( alert->level )
{
case warning:
printf( “Warning: “ );
break;
case fatal:
printf( “Fatal: “ );
break;
default:
printf( “UNKNOWN ALERT TYPE %d (!!!): “, alert->level );
break;
}
switch ( alert->description )
{
case close_notify:
printf( “Close notify\n” );
break;
case unexpected_message:
printf( “Unexpected message\n” );
break;
case bad_record_mac:
printf( “Bad Record Mac\n” );
break;
…
default:
printf( “UNKNOWN ALERT DESCRIPTION %d (!!!)\n”, alert->description );
break;
}
TLS Certifi cate
According to the handshake protocol, the next message after the server hello
ought to be the certifi cate that both identifi es the server and provides a public
key for key exchange. The client, then, should accept the server hello and imme-
diately start waiting for the certifi cate message that follows.
Search WWH ::
Custom Search