Cryptography Reference
In-Depth Information
read_buffer += read_size;
cert_len -= read_size;
}
if ( close( certificate_file ) == -1 )
{
perror( “unable to close certificate file” );
return 1;
}
send_handshake_message( connection, certificate, send_buffer,
send_buffer_size, parameters );
free( send_buffer );
return 0;
}
This loads the fi le cert.der from the current directory into memory, builds
a certifi cate handshake message, and sends it on. Notice the use of
fstat
to
allocate a buffer of exactly the right size for the certifi cate fi le, along with two
three-byte length fi elds. The fi rst length fi eld is three more than the second
because it includes the second length in its count. Of course, all of the lengths
need to be given in network, not host, order. Although there's no three-byte
integral type, it's doubtful that a certifi cate is going to be greater than 65,536
bytes in length, so this code just assumes two byte lengths and pads with an
extra 0 to satisfy the formatting requirements.
You can almost certainly see an obvious performance improvement here;
nothing in this packet changes from one handshake to the next. Although the
code as presented here permits the server administrator to update the certifi cate
without a server restart, the performance hit of loading the entire thing from
fi le to satisfy every single HTTP connection is probably not worth this fl exibil-
ity. This message ought to be cached in memory and sent from cache after it's
generated the fi rst time.
TLS Server Hello Done
As you can see from Listing 7-12, there's not much to the server hello done
message:
Listing 7-12:
“tls.c” send_server_hello_done
static int send_server_hello_done( int connection, TLSParameters *parameters )
{
send_handshake_message( connection, server_hello_done, NULL, 0, parameters );
return 0;
}
Search WWH ::
Custom Search