TLS server: Add internal callbacks get_failed, get_*_alerts
These can be used to implement cleaner termination of the handshake in case of failures. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
b642ab4062
commit
f08ab18bf9
4 changed files with 38 additions and 0 deletions
|
|
@ -726,12 +726,20 @@ int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
|
|||
|
||||
int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
|
||||
{
|
||||
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
||||
if (conn->server)
|
||||
return tlsv1_server_get_failed(conn->server);
|
||||
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
|
||||
{
|
||||
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
||||
if (conn->server)
|
||||
return tlsv1_server_get_read_alerts(conn->server);
|
||||
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -739,6 +747,10 @@ int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
|
|||
int tls_connection_get_write_alerts(void *tls_ctx,
|
||||
struct tls_connection *conn)
|
||||
{
|
||||
#ifdef CONFIG_TLS_INTERNAL_SERVER
|
||||
if (conn->server)
|
||||
return tlsv1_server_get_write_alerts(conn->server);
|
||||
#endif /* CONFIG_TLS_INTERNAL_SERVER */
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -204,6 +204,7 @@ failed:
|
|||
msg = tlsv1_server_send_alert(conn, conn->alert_level,
|
||||
conn->alert_description,
|
||||
out_len);
|
||||
conn->write_alerts++;
|
||||
}
|
||||
|
||||
return msg;
|
||||
|
|
@ -296,6 +297,7 @@ int tlsv1_server_decrypt(struct tlsv1_server *conn,
|
|||
}
|
||||
tlsv1_server_log(conn, "Received alert %d:%d",
|
||||
out_pos[0], out_pos[1]);
|
||||
conn->read_alerts++;
|
||||
if (out_pos[0] == TLS_ALERT_LEVEL_WARNING) {
|
||||
/* Continue processing */
|
||||
pos += used;
|
||||
|
|
@ -708,6 +710,24 @@ void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
|
|||
}
|
||||
|
||||
|
||||
int tlsv1_server_get_failed(struct tlsv1_server *conn)
|
||||
{
|
||||
return conn->state == FAILED;
|
||||
}
|
||||
|
||||
|
||||
int tlsv1_server_get_read_alerts(struct tlsv1_server *conn)
|
||||
{
|
||||
return conn->read_alerts;
|
||||
}
|
||||
|
||||
|
||||
int tlsv1_server_get_write_alerts(struct tlsv1_server *conn)
|
||||
{
|
||||
return conn->write_alerts;
|
||||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -48,6 +48,10 @@ void tlsv1_server_set_session_ticket_cb(struct tlsv1_server *conn,
|
|||
void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
|
||||
void (*cb)(void *ctx, const char *msg), void *ctx);
|
||||
|
||||
int tlsv1_server_get_failed(struct tlsv1_server *conn);
|
||||
int tlsv1_server_get_read_alerts(struct tlsv1_server *conn);
|
||||
int tlsv1_server_get_write_alerts(struct tlsv1_server *conn);
|
||||
|
||||
void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags);
|
||||
|
||||
#endif /* TLSV1_SERVER_H */
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ struct tlsv1_server {
|
|||
u8 alert_level;
|
||||
u8 alert_description;
|
||||
|
||||
int read_alerts, write_alerts;
|
||||
|
||||
struct crypto_public_key *client_rsa_key;
|
||||
|
||||
struct tls_verify_hash verify;
|
||||
|
|
|
|||
Loading…
Reference in a new issue