Cryptography Reference
In-Depth Information
6. If the server is also capable and willing, it must respond with the exact
same extension. So far, you haven't added support to parse server hello
extensions, so you must do so now as in Listing 8-43.
Listing 8-43:
“tls.c” parse_server_hello with extensions recognition
static char *parse_server_hello( char *read_pos, int pdu_length, TLSParameters
*parameters )
{
int extensions_length;
char *server_hello_begin = read_pos;
…
extensions_length = pdu_length - ( read_pos - server_hello_begin );
if ( extensions_length )
{
read_pos = parse_server_hello_extensions( read_pos, extensions_length,
parameters );
// Abort the handshake if the extensions didn't parse.
if ( read_pos == NULL )
{
return NULL;
}
}
memcpy( ( void * ) parameters->server_random,
&hello.random.gmt_unix_time, 4 );
memcpy( ( void * ) ( parameters->server_random + 4 ),
( void * ) hello.random.random_bytes, 28 );
7. When parsing server hello extensions, just skip over the ones that aren't
recognized as shown in Listing 8-44. Technically, this violates the RFC
5246, which states:
An extension type MUST NOT appear in the ServerHello unless the same extension
type appeared in the corresponding ClientHello. If a client receives an extension
type in ServerHello that it did not request in the associated ClientHello, it MUST
abort the handshake with an unsupported_extension fatal alert.
In reality, you won't see server extensions other than the secure renegotia-
tion extension anyway.
Listing 8-44:
“tls.c” parse_server_hello_extensions
static char *parse_server_hello_extensions( char *read_pos,
int extensions_length,
TLSParameters *parameters )
{
unsigned short advertised_extensions_length;
Search WWH ::
Custom Search