projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
More Doxygen-compatible documentation (SSL API).
[BearSSL]
/
src
/
ssl
/
ssl_hs_server.t0
diff --git
a/src/ssl/ssl_hs_server.t0
b/src/ssl/ssl_hs_server.t0
index
c155e79
..
8176429
100644
(file)
--- a/
src/ssl/ssl_hs_server.t0
+++ b/
src/ssl/ssl_hs_server.t0
@@
-268,7
+268,6
@@
do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
0 8191 "offsetof(br_ssl_server_context, " field + ")" + make-CX
postpone literal postpone ; ;
0 8191 "offsetof(br_ssl_server_context, " field + ")" + make-CX
postpone literal postpone ; ;
-addr-ctx: flags
addr-ctx: client_max_version
addr-ctx: client_suites
addr-ctx: client_suites_num
addr-ctx: client_max_version
addr-ctx: client_suites
addr-ctx: client_suites_num
@@
-282,10
+281,6
@@
addr-ctx: sign_hash_id
addr-client_suites
CX 0 1023 { BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated) } ;
addr-client_suites
CX 0 1023 { BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated) } ;
-\ Check a server flag by index.
-: flag? ( index -- bool )
- addr-flags get32 swap >> 1 and neg ;
-
\ Read the client SNI extension.
: read-client-sni ( lim -- lim )
\ Open extension value.
\ Read the client SNI extension.
: read-client-sni ( lim -- lim )
\ Open extension value.
@@
-690,6
+685,7
@@
cc: save-session ( -- ) {
\ We are not resuming, so a new session ID should be generated.
addr-session_id 32 mkrand
\ We are not resuming, so a new session ID should be generated.
addr-session_id 32 mkrand
+ 32 addr-session_id_len set8
\ Translate common cipher suites, then squeeze out holes: there
\ may be holes because of the way we fill the list when the
\ Translate common cipher suites, then squeeze out holes: there
\ may be holes because of the way we fill the list when the
@@
-1011,18
+1007,17
@@
cc: do-ecdhe-part2 ( len prf_id -- ) {
endof
0x01 of
\ Reject renegotiations if the peer does not
endof
0x01 of
\ Reject renegotiations if the peer does not
- \ support secure renegotiation. As allowed
- \ by RFC 5246, we do not send a
- \ no_renegotiation alert and just ignore the
- \ HelloRequest.
+ \ support secure renegotiation, or if the
+ \ "no renegotiation" flag is set.
drop
drop
- addr-reneg get8 1 <> if
- 0 do-handshake
- else
+ addr-reneg get8 1 = 1 flag? or if
flush-record
begin can-output? not while
wait-co drop
repeat
flush-record
begin can-output? not while
wait-co drop
repeat
+ 100 send-warning
+ else
+ 0 do-handshake
then
endof
ERR_UNEXPECTED fail
then
endof
ERR_UNEXPECTED fail