Cryptography Reference
In-Depth Information
break;
}
}
}
// TODO validate the certificate/Check expiration date/Signer
copy_huge( parameters->server_public_key.modulus,
package.certificate.tbsCertificate.subjectPublicKeyInfo.
rsa_public_key.modulus );
copy_huge( parameters->server_public_key.exponent,
package.certificate.tbsCertificate.subjectPublicKeyInfo.
rsa_public_key.exponent );
free( package.cipher_specs );
free( package.connection_id );
free_x509_certificate( &package.certificate );
return status;
}
Part of the unfl attening process involves a call to
parse_x509_certificate
,
developed in Chapter 5. The process of parsing a certifi cate did not change
between SSLv2 and TLS 1.2, although the certifi cate format itself grew a bit to
include extensions and unique IDs.
Now, choose a cipher spec. Cycle through the list presented by the server
and when you fi nd one that's supported by this implementation, make that the
proposed_cipher_spec
. Also keep track of the connection ID, and the server's
public RSA key.
Finally, if anything went wrong,
receive_ssl_message
will halt the process
with an error message:
if ( status == -1 )
{
send_error( connection,
SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE,
parameters );
}
Sending an SSL error message in Listing C-18 is as simple as receiving one.
Listing C-18:
“ssl.c” send_error
static int send_error( int connection,
unsigned short error_code,
SSLParameters *parameters )
{
unsigned char buffer[ 3 ];
unsigned short send_error;
buffer[ 0 ] = SSL_MT_ERROR;
(Continued)
Search WWH ::
Custom Search