Cryptography Reference
In-Depth Information
Listing 8-42:
“tls.c” secure renegotiation extension
static unsigned short add_renegotiation_extension(
unsigned char **renegotiation_extension,
int renegotiating,
TLSParameters *parameters )
{
unsigned char *write_ptr;
unsigned char data_length;
unsigned short renegotiation_length;
if ( renegotiating )
{
renegotiation_length =
( parameters->connection_end == connection_end_client ?
VERIFY_DATA_LEN : ( VERIFY_DATA_LEN * 2 ) );
write_ptr = *renegotiation_extension = ( unsigned char * ) malloc(
renegotiation_length + 1 );
data_length = renegotiation_length;
write_ptr = append_buffer( write_ptr, ( void * ) &data_length,
sizeof( unsigned char ) );
write_ptr = append_buffer( write_ptr,
parameters->client_verify_data, renegotiation_length );
return renegotiation_length + 1;
}
else
{
renegotiation_length = 1;
write_ptr = *renegotiation_extension = ( unsigned char * ) malloc(
renegotiation_length );
write_ptr = append_buffer( write_ptr,
parameters->client_verify_data, renegotiation_length );
return 1;
}
}
At this point, the client will send an empty renegotiation extension of
0xFF01 0001 00 on every initial handshake — this tells the server both that
the client is capable and interested in performing secure renegotiation. As
coded in Listing 8-42, this extension would allow for the server to support
secure renegotiation as well, because it checks the connection end. The
code in this topic won't illustrate implementing secure renegotiation on
the server, but it should be fairly clear at this point how you would go
about doing so.
Search WWH ::
Custom Search