diff options
Diffstat (limited to 'src/libsec/port/tlshand.c')
-rw-r--r-- | src/libsec/port/tlshand.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/src/libsec/port/tlshand.c b/src/libsec/port/tlshand.c index 68c98084..47d0f80e 100644 --- a/src/libsec/port/tlshand.c +++ b/src/libsec/port/tlshand.c @@ -248,7 +248,7 @@ static uchar compressors[] = { CompressionNull, }; -static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...)); +static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...), PEMChain *chain); static TlsConnection *tlsClient2(int ctl, int hand, uchar *csid, int ncsid, int (*trace)(char*fmt, ...)); static void msgClear(Msg *m); @@ -273,7 +273,7 @@ static TlsSec* tlsSecInitc(int cvers, uchar *crandom); static int tlsSecSecretc(TlsSec *sec, uchar *sid, int nsid, uchar *srandom, uchar *cert, int ncert, int vers, uchar **epm, int *nepm, uchar *kd, int nkd); static int tlsSecFinished(TlsSec *sec, MD5state md5, SHAstate sha1, uchar *fin, int nfin, int isclient); static void tlsSecOk(TlsSec *sec); -static void tlsSecKill(TlsSec *sec); +/* static void tlsSecKill(TlsSec *sec); */ static void tlsSecClose(TlsSec *sec); static void setMasterSecret(TlsSec *sec, Bytes *pm); static void serverMasterSecret(TlsSec *sec, uchar *epm, int nepm); @@ -296,14 +296,14 @@ static void* erealloc(void*, int); static void put32(uchar *p, u32int); static void put24(uchar *p, int); static void put16(uchar *p, int); -static u32int get32(uchar *p); +/* static u32int get32(uchar *p); */ static int get24(uchar *p); static int get16(uchar *p); static Bytes* newbytes(int len); static Bytes* makebytes(uchar* buf, int len); static void freebytes(Bytes* b); static Ints* newints(int len); -static Ints* makeints(int* buf, int len); +/* static Ints* makeints(int* buf, int len); */ static void freeints(Ints* b); //================= client/server ======================== @@ -337,7 +337,7 @@ tlsServer(int fd, TLSconn *conn) return -1; } fprint(ctl, "fd %d 0x%x", fd, ProtocolVersion); - tls = tlsServer2(ctl, hand, conn->cert, conn->certlen, conn->trace); + tls = tlsServer2(ctl, hand, conn->cert, conn->certlen, conn->trace, conn->chain); sprint(dname, "#a/tls/%s/data", buf); data = open(dname, ORDWR); close(fd); @@ -412,15 +412,27 @@ tlsClient(int fd, TLSconn *conn) return data; } +static int +countchain(PEMChain *p) +{ + int i = 0; + + while (p) { + i++; + p = p->next; + } + return i; +} + static TlsConnection * -tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...)) +tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...), PEMChain *chp) { TlsConnection *c; Msg m; Bytes *csid; uchar sid[SidSize], kd[MaxKeyData]; char *secrets; - int cipher, compressor, nsid, rv; + int cipher, compressor, nsid, rv, numcerts, i; if(trace) trace("tlsServer2\n"); @@ -498,9 +510,12 @@ tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ... msgClear(&m); m.tag = HCertificate; - m.u.certificate.ncert = 1; + numcerts = countchain(chp); + m.u.certificate.ncert = 1 + numcerts; m.u.certificate.certs = emalloc(m.u.certificate.ncert * sizeof(Bytes)); m.u.certificate.certs[0] = makebytes(cert, ncert); + for (i = 0; i < numcerts && chp; i++, chp = chp->next) + m.u.certificate.certs[i+1] = makebytes(chp->pem, chp->pemlen); if(!msgSend(c, &m, AQueue)) goto Err; msgClear(&m); @@ -1824,6 +1839,7 @@ tlsSecOk(TlsSec *sec) sec->ok = 1; } +/* static void tlsSecKill(TlsSec *sec) { @@ -1832,6 +1848,7 @@ tlsSecKill(TlsSec *sec) factotum_rsa_close(sec->rpc); sec->ok = -1; } +*/ static void tlsSecClose(TlsSec *sec) @@ -2205,11 +2222,13 @@ put16(uchar *p, int x) p[1] = x; } +/* static u32int get32(uchar *p) { return (p[0]<<24)|(p[1]<<16)|(p[2]<<8)|p[3]; } +*/ static int get24(uchar *p) @@ -2272,6 +2291,7 @@ newints(int len) return ans; } +/* static Ints* makeints(int* buf, int len) { @@ -2282,6 +2302,7 @@ makeints(int* buf, int len) memmove(ans->data, buf, len*sizeof(int)); return ans; } +*/ static void freeints(Ints* b) |