Cryptography Reference
In-Depth Information
The specifi cation isn't clear on exactly what the server should do if the client
doesn't offer any supported cipher suites; OpenSSL just closes the connection
without sending an alert. This implementation returns NULL here, which ulti-
mately triggers a
handshake failed
alert back in the
tls_accept
code.
Finally, record the client random for the key exchange step and clean up.
memcpy( ( void * ) parameters->client_random, &hello.random.gmt_unix_time, 4 );
memcpy( ( void * ) ( parameters->client_random + 4 ),
( void * ) hello.random.random_bytes, 28 );
free( hello.cipher_suites );
free( hello.compression_methods );
if ( hello.session_id )
{
free( hello.session_id );
}
return read_pos;
}
TLS Server Hello
Sending a server hello is pretty much the same as sending a client hello; the only
difference between the two structures is that the server hello only has space for
one cipher suite and one compression method. This is shown in Listing 7-10.
Listing 7-10:
“tls.c” send_server_hello
static int send_server_hello( int connection, TLSParameters *parameters )
{
ServerHello package;
int send_buffer_size;
char *send_buffer;
void *write_buffer;
time_t local_time;
package.server_version.major = 3;
package.server_version.minor = 1;
time( &local_time );
package.random.gmt_unix_time = htonl( local_time );
// TODO - actually make this random.
// This is 28 bytes, but server random is 32 - the first four bytes of
// “server random” are the GMT unix time computed above.
memcpy( parameters->server_random, &package.random.gmt_unix_time, 4 );
memcpy( package.random.random_bytes, parameters->server_random + 4, 28 );
package.session_id_length = 0;
package.cipher_suite = htons( parameters->pending_send_parameters.suite );
package.compression_method = 0;
Search WWH ::
Custom Search