Cryptography Reference
In-Depth Information
Compare the challenge token sent back by the server with the challenge
token sent in the “hello” message, and return an error code if they don't match.
If the two tokens don't match, this error code is a signal to the outer function
to close the socket.
SSL Server Finished
At this point, the secure channel has been all but negotiated. The only thing
remaining is the
server_finished
message. This also has only one fi eld in
Listing C-30.
Listing C-30:
“ssl.h” ServerFinished declaration
typedef struct
{
unsigned char *session_id;
}
ServerFinished;
This is the session ID, chosen by the server, that can be passed in a later
cli-
ent_hello
message to resume this session.
The
ssl_connect
function waits until this is received and, after it has been,
marks the handshake as complete:
while ( !parameters->got_server_finished )
{
if ( receive_ssl_message( connection, NULL, 0, parameters ) == -1 )
{
return -1;
}
}
parameters->handshake_finished = 1;
Server fi nished is the fi nal case arm in
receive_ssl_message'
s handshake
switch:
if ( !parameters->handshake_finished )
{
switch ( buffer[ 0 ] )
{
…
case SSL_MT_SERVER_FINISHED:
status = parse_server_finished( parameters, buffer + 1,
message_len );
break;
For this implementation,
parse_server_finished
in Listing C-31 is a formality
because the session ID isn't stored anywhere.
Search WWH ::
Custom Search