From 340ba8d1a0d10761e6beb200d6a90332c7a7d3ba Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 11 Feb 2019 17:48:15 +0000 Subject: Implement handling of Certificate and CertificateVerify messages. This allows the TLS 1.3 client to process the certificates that the server has sent and verify that the server has possession of the private key. ok tb@ --- src/lib/libssl/tls13_handshake.c | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) (limited to 'src/lib/libssl/tls13_handshake.c') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 8d5b0e3516..3ebf1e9d73 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.25 2019/02/10 13:04:29 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.26 2019/02/11 17:48:15 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -490,35 +490,12 @@ tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx) return 0; } -int -tls13_server_certificate_recv(struct tls13_ctx *ctx) -{ - return 0; -} - int tls13_server_certificate_send(struct tls13_ctx *ctx) { return 0; } -int -tls13_server_certificate_request_recv(struct tls13_ctx *ctx) -{ - /* - * Thanks to poor state design in the RFC, this function can be called - * when we actually have a certificate message instead of a certificate - * request... in that case we call the certificate handler after - * switching state, to avoid advancing state. - */ - if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) { - ctx->handshake_stage.hs_type |= WITHOUT_CR; - return tls13_server_certificate_recv(ctx); - } - - return 0; -} - int tls13_server_certificate_request_send(struct tls13_ctx *ctx) { @@ -531,12 +508,6 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx) return 0; } -int -tls13_server_certificate_verify_recv(struct tls13_ctx *ctx) -{ - return 0; -} - int tls13_server_finished_recv(struct tls13_ctx *ctx) { -- cgit v1.2.3-55-g6feb