Cryptography Reference
In-Depth Information
// Per the spec, this isn't an error, just ignore if
// currently negotiating
if ( parameters->peer_finished )
{
// recursive, but the check for peer_finished above
// prevents infinite recursion.
tls_connect( connection, parameters );
}
else
{
read_pos += handshake.length;
}
break;
The hello request is just a marker; there's no data contained within it, so
there's nothing to parse. After it's received, fi rst make sure that it was sent by
the server; a client cannot legally send this message. Next, check to see if the
current handshake has completed — if
peer_finished
hasn't been received,
ignore the hello request and continue on. Otherwise, invoke
tls_connect
. The
check for
peer_finished
prevents infi nite recursion.
This almost works. The only problem with this routine is that
tls_connect
resets the active cipher suite. Remember that the renegotiation should happen
using the currently active cipher suite. So, you have to have a way to indicate
to the
tls_connect
routine to initialize most, but not all, of the parameters.
The easiest way to support this is to simply pass a
renegotiate
fl ag into
tls_connect
as in Listing 8-37.
Listing 8-37:
“tls.c” tls_connect with renegotiate fl ag
void init_parameters( TLSParameters *parameters,
int renegotiate
)
{
init_protection_parameters( ¶meters->pending_send_parameters );
init_protection_parameters( ¶meters->pending_recv_parameters );
if ( !renegotiate )
{
init_protection_parameters( ¶meters->active_send_parameters );
init_protection_parameters( ¶meters->active_recv_parameters );
}
…
int tls_connect( int connection,
TLSParameters *parameters
,
int renegotiate )
init_parameters( parameters,
renegotiate
);
This just warns the
init_parameters
routine not to reset the currently
active parameters; they stay in place until the renegotiation has completed
successfully.
Search WWH ::
Custom Search