Cryptography Reference
In-Depth Information
to be presented to the user. There's no realistic way to generate a new certifi cate
with a new public key “on the fl y.”
Recall that the certifi cate handshake message was the length of the chain,
followed by the length of the certifi cate, followed by the certifi cate, followed by
(optionally) another length of a certifi cate/certifi cate, and so on. The simplest
case is a certifi cate chain consisting of one certifi cate, so the certifi cate must be
loaded from disk, the length must be checked, prepended twice, and the whole
array serialized as a TLS handshake message. This is shown in Listing 7-11.
Listing 7-11:
“tls.c” send_certifi cate
static int send_certificate( int connection, TLSParameters *parameters )
{
short send_buffer_size;
unsigned char *send_buffer, *read_buffer;
int certificate_file;
struct stat certificate_stat;
short cert_len;
if ( ( certificate_file = open( “cert.der”, O_RDONLY ) ) == -1 )
{
perror( “unable to load certificate file” );
return 1;
}
if ( fstat( certificate_file, &certificate_stat ) == -1 )
{
perror( “unable to stat certificate file” );
return 1;
}
// Allocate enough space for the certificate file, plus 2 3-byte length
// entries.
send_buffer_size = certificate_stat.st_size + 6;
send_buffer = ( unsigned char * ) malloc( send_buffer_size );
memset( send_buffer, '\0', send_buffer_size );
cert_len = certificate_stat.st_size + 3;
cert_len = htons( cert_len );
memcpy( ( void * ) ( send_buffer + 1 ), &cert_len, 2 );
cert_len = certificate_stat.st_size;
cert_len = htons( cert_len );
memcpy( ( void * ) ( send_buffer + 4 ), &cert_len, 2 );
read_buffer = send_buffer + 6;
cert_len = certificate_stat.st_size;
while ( ( read_buffer - send_buffer ) < send_buffer_size )
{
int read_size;
read_size = read( certificate_file, read_buffer, cert_len );
Search WWH ::
Custom Search