diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 09:18:38 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 09:18:38 +0400 |
commit | cb5c2b1e900729d4fd367ec3087accc92ca591bb (patch) | |
tree | c3bb638c4a421b6a892123d6099ad4a92349143c /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
parent | 33cdae127fd0b6262dd840783e23fb47acf6af9e (diff) |
Add calls to TlsHandshakeHash.stopTracking()
Add TODOs to reconsider how the server calculates the CertificateVerify
handshake hash for TLS 1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 9f8494d3..fdde1beb 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -5,7 +5,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.SecureRandom; -import java.util.Hashtable; import java.util.Vector; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -287,8 +286,12 @@ public class TlsServerProtocol { throw new TlsFatalAlert(AlertDescription.unexpected_message); } + receiveCertificateVerifyMessage(buf); this.connection_state = CS_CERTIFICATE_VERIFY; + + this.recordStream.getHandshakeHash().stopTracking(); + break; } default: @@ -572,8 +575,13 @@ public class TlsServerProtocol if (expectCertificateVerifyMessage()) { + // TODO For TLS 1.2, this can't be calculated until we see what hash algorithm the sender used this.certificateVerifyHash = recordStream.getCurrentHash(null); } + else + { + this.recordStream.getHandshakeHash().stopTracking(); + } } protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) |