diff options
author | lv-426 <oxcafebaby@yahoo.com> | 2008-06-22 18:20:35 +0000 |
---|---|---|
committer | lv-426 <oxcafebaby@yahoo.com> | 2008-06-22 18:20:35 +0000 |
commit | a0339d2458867dbe9485499265641ff205063445 (patch) | |
tree | 055b38828b3696520408a32edf81df5bb37400f0 /src/daemon/https/tls/ext_inner_application.c | |
parent | 97c026da05495b83f1511906c2ca027e12ef6cf7 (diff) | |
download | libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.tar.gz libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.zip |
initial GNU TLS import - this should reduce in size considerable
Diffstat (limited to 'src/daemon/https/tls/ext_inner_application.c')
-rw-r--r-- | src/daemon/https/tls/ext_inner_application.c | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c new file mode 100644 index 00000000..b86b7151 --- /dev/null +++ b/src/daemon/https/tls/ext_inner_application.c | |||
@@ -0,0 +1,147 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Simon Josefsson | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
21 | * 02110-1301, USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | #include "gnutls_auth_int.h" | ||
27 | #include "gnutls_errors.h" | ||
28 | #include "gnutls_num.h" | ||
29 | #include "ext_inner_application.h" | ||
30 | |||
31 | #define NO 0 | ||
32 | #define YES 1 | ||
33 | |||
34 | int | ||
35 | _gnutls_inner_application_recv_params (gnutls_session_t session, | ||
36 | const opaque * data, size_t data_size) | ||
37 | { | ||
38 | tls_ext_st *ext = &session->security_parameters.extensions; | ||
39 | |||
40 | if (data_size != 1) | ||
41 | { | ||
42 | gnutls_assert (); | ||
43 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
44 | } | ||
45 | |||
46 | ext->gnutls_ia_peer_enable = 1; | ||
47 | ext->gnutls_ia_peer_allowskip = 0; | ||
48 | |||
49 | switch ((unsigned char) *data) | ||
50 | { | ||
51 | case NO: /* Peer's ia_on_resume == no */ | ||
52 | ext->gnutls_ia_peer_allowskip = 1; | ||
53 | break; | ||
54 | |||
55 | case YES: | ||
56 | break; | ||
57 | |||
58 | default: | ||
59 | gnutls_assert (); | ||
60 | } | ||
61 | |||
62 | return 0; | ||
63 | } | ||
64 | |||
65 | |||
66 | /* returns data_size or a negative number on failure | ||
67 | */ | ||
68 | int | ||
69 | _gnutls_inner_application_send_params (gnutls_session_t session, | ||
70 | opaque * data, size_t data_size) | ||
71 | { | ||
72 | tls_ext_st *ext = &session->security_parameters.extensions; | ||
73 | |||
74 | /* Set ext->gnutls_ia_enable depending on whether we have a TLS/IA | ||
75 | credential in the session. */ | ||
76 | |||
77 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
78 | { | ||
79 | gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t) | ||
80 | _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); | ||
81 | |||
82 | if (cred) | ||
83 | ext->gnutls_ia_enable = 1; | ||
84 | } | ||
85 | else | ||
86 | { | ||
87 | gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t) | ||
88 | _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); | ||
89 | |||
90 | if (cred) | ||
91 | ext->gnutls_ia_enable = 1; | ||
92 | } | ||
93 | |||
94 | /* If we don't want gnutls_ia locally, or we are a server and the | ||
95 | * client doesn't want it, don't advertise TLS/IA support at all, as | ||
96 | * required. */ | ||
97 | |||
98 | if (!ext->gnutls_ia_enable) | ||
99 | return 0; | ||
100 | |||
101 | if (session->security_parameters.entity == GNUTLS_SERVER && | ||
102 | !ext->gnutls_ia_peer_enable) | ||
103 | return 0; | ||
104 | |||
105 | /* We'll advertise. Check if there's room in the hello buffer. */ | ||
106 | |||
107 | if (data_size < 1) | ||
108 | { | ||
109 | gnutls_assert (); | ||
110 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
111 | } | ||
112 | |||
113 | /* default: require new application phase */ | ||
114 | |||
115 | *data = YES; | ||
116 | |||
117 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
118 | { | ||
119 | |||
120 | /* Client: value follows local setting */ | ||
121 | |||
122 | if (ext->gnutls_ia_allowskip) | ||
123 | *data = NO; | ||
124 | } | ||
125 | else | ||
126 | { | ||
127 | |||
128 | /* Server: value follows local setting and client's setting, but only | ||
129 | * if we are resuming. | ||
130 | * | ||
131 | * XXX Can server test for resumption at this stage? | ||
132 | * | ||
133 | * Ai! It seems that read_client_hello only calls parse_extensions if | ||
134 | * we're NOT resuming! That would make us automatically violate the IA | ||
135 | * draft; if we're resuming, we must first learn what the client wants | ||
136 | * -- IA or no IA -- and then prepare our response. Right now we'll | ||
137 | * always skip IA on resumption, because recv_ext isn't even called | ||
138 | * to record the peer's support for IA at all. Simon? */ | ||
139 | |||
140 | if (ext->gnutls_ia_allowskip && | ||
141 | ext->gnutls_ia_peer_allowskip && | ||
142 | session->internals.resumed == RESUME_TRUE) | ||
143 | *data = NO; | ||
144 | } | ||
145 | |||
146 | return 1; | ||
147 | } | ||