New functions SSL_get_finished, SSL_get_peer_finished.
Add short state string for MS SGC.
This commit is contained in:
Bodo Möller
parent
9fb617e252
commit
ca03109c3a
4 changed files with 50 additions and 1 deletions
11
CHANGES
11
CHANGES
|
|
@ -4,7 +4,16 @@
|
|||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
|
||||
|
||||
*) Clean up 'Finished' handling.
|
||||
*) Clean up 'Finished' handling, and add functions SSL_get_finished and
|
||||
SSL_get_peer_finished to allow applications to obtain the latest
|
||||
Finished messages sent to the peer or expected from the peer,
|
||||
respectively. (SSL_get_peer_finished is usually the Finished message
|
||||
actually received from the peer, otherwise the protocol will be aborted.)
|
||||
|
||||
As the Finished message are message digests of the complete handshake
|
||||
(with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
|
||||
be used for external authentication procedures when the authentication
|
||||
provided by SSL/TLS is not desired or is not enough.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Enhanced support for Alpha Linux is added. Now ./config checks if
|
||||
|
|
|
|||
|
|
@ -704,6 +704,13 @@ struct ssl_st
|
|||
#define SSL_ST_READ_BODY 0xF1
|
||||
#define SSL_ST_READ_DONE 0xF2
|
||||
|
||||
/* Obtain latest Finished message
|
||||
* -- that we sent (SSL_get_finished)
|
||||
* -- that we expected from peer (SSL_get_peer_finished).
|
||||
* Returns length (0 == no Finished so far), copies up to 'count' bytes. */
|
||||
size_t SSL_get_finished(SSL *s, void *buf, size_t count);
|
||||
size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
|
||||
|
||||
/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
|
||||
* are 'ored' with SSL_VERIFY_PEER if they are desired */
|
||||
#define SSL_VERIFY_NONE 0x00
|
||||
|
|
|
|||
|
|
@ -477,6 +477,38 @@ err:
|
|||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* return length of latest Finished message we sent, copy to 'buf' */
|
||||
size_t SSL_get_finished(SSL *s, void *buf, size_t count)
|
||||
{
|
||||
size_t ret = 0;
|
||||
|
||||
if (s->s3 != NULL)
|
||||
{
|
||||
ret = s->s3->tmp.finish_md_len;
|
||||
if (count > ret)
|
||||
count = ret;
|
||||
memcpy(buf, s->s3->tmp.finish_md, count);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* return length of latest Finished message we expected, copy to 'buf' */
|
||||
size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
|
||||
{
|
||||
size_t ret = 0;
|
||||
|
||||
if (s->s3 != NULL)
|
||||
{
|
||||
ret = s->s3->tmp.peer_finish_md_len;
|
||||
if (count > ret)
|
||||
count = ret;
|
||||
memcpy(buf, s->s3->tmp.peer_finish_md, count);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int SSL_get_verify_mode(SSL *s)
|
||||
{
|
||||
return(s->verify_mode);
|
||||
|
|
|
|||
|
|
@ -313,6 +313,7 @@ case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
|
|||
case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
|
||||
case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
|
||||
case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
|
||||
case SSL3_ST_SR_MS_SGC: str="3RMSSG"; break;
|
||||
case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
|
||||
case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
|
||||
case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
|
||||
|
|
|
|||
Loading…
Reference in a new issue