Cryptography Reference
In-Depth Information
The certifi cate request message indicates what sort of certifi cates the server
is capable of receiving and what CAs it trusts to sign one. This implementation
isn't robust enough to associate potential certifi cates with their signers; it just
hardcodes a single certifi cate and always returns that, if asked for any certifi cate.
This has to be good enough for the server. However, to illustrate the layout of
the certifi cate request message, go ahead and add code to parse it as shown in
Listing 8-29.
Listing 8-29:
“tls.c” parse_certifi cate_request
#define MAX_CERTIFICATE_TYPES 4
typedef enum
{
rsa_signed = 1,
dss_signed = 2,
rsa_fixed_dh = 3,
dss_fixed_dh = 4
}
certificate_type;
typedef struct
{
unsigned char certificate_types_count;
certificate_type supported_certificate_types[ MAX_CERTIFICATE_TYPES ];
}
CertificateRequest;
static unsigned char *parse_certificate_request( unsigned char *read_pos,
TLSParameters *parameters )
{
int i;
int trusted_roots_length;
unsigned char *init_pos;
CertificateRequest request;
read_pos = read_buffer( &request.certificate_types_count, read_pos, 1 );
for ( i = 0; i < request.certificate_types_count; i++ )
{
read_pos = read_buffer(
( void * ) &request.supported_certificate_types[ i ], read_pos, 1 );
}
read_pos = read_buffer( ( void * ) &trusted_roots_length, read_pos, 2 );
trusted_roots_length = htons( trusted_roots_length );
init_pos = read_pos;
while ( ( read_pos - init_pos ) < trusted_roots_length )
{
int dn_length;
struct asn1struct dn_data;
(Continued)
Search WWH ::
Custom Search