|
|
|
@ -99,6 +99,7 @@ struct sTLSSocket {
|
|
|
|
|
|
|
|
|
|
|
|
/* time of last session renegotiation (used to calculate next renegotiation time) */
|
|
|
|
/* time of last session renegotiation (used to calculate next renegotiation time) */
|
|
|
|
uint64_t lastRenegotiationTime;
|
|
|
|
uint64_t lastRenegotiationTime;
|
|
|
|
|
|
|
|
Semaphore renegotiationLock;
|
|
|
|
|
|
|
|
|
|
|
|
/* time of the last CRL update */
|
|
|
|
/* time of the last CRL update */
|
|
|
|
uint64_t crlUpdated;
|
|
|
|
uint64_t crlUpdated;
|
|
|
|
@ -708,6 +709,7 @@ TLSSocket_create(Socket socket, TLSConfiguration configuration, bool storeClient
|
|
|
|
self->storePeerCert = storeClientCert;
|
|
|
|
self->storePeerCert = storeClientCert;
|
|
|
|
self->peerCert = NULL;
|
|
|
|
self->peerCert = NULL;
|
|
|
|
self->peerCertLength = 0;
|
|
|
|
self->peerCertLength = 0;
|
|
|
|
|
|
|
|
self->renegotiationLock = Semaphore_create(1);
|
|
|
|
|
|
|
|
|
|
|
|
TLSConfiguration_setupComplete(configuration);
|
|
|
|
TLSConfiguration_setupComplete(configuration);
|
|
|
|
|
|
|
|
|
|
|
|
@ -850,6 +852,7 @@ TLSSocket_getPeerCertificate(TLSSocket self, int* certSize)
|
|
|
|
bool
|
|
|
|
bool
|
|
|
|
TLSSocket_performHandshake(TLSSocket self)
|
|
|
|
TLSSocket_performHandshake(TLSSocket self)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
Semaphore_wait(self->renegotiationLock);
|
|
|
|
int ret = mbedtls_ssl_renegotiate(&(self->ssl));
|
|
|
|
int ret = mbedtls_ssl_renegotiate(&(self->ssl));
|
|
|
|
|
|
|
|
|
|
|
|
if (ret == 0) {
|
|
|
|
if (ret == 0) {
|
|
|
|
@ -857,6 +860,9 @@ TLSSocket_performHandshake(TLSSocket self)
|
|
|
|
raiseSecurityEvent(self->tlsConfig, TLS_SEC_EVT_WARNING, TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION, "Warning: Insecure TLS version", self);
|
|
|
|
raiseSecurityEvent(self->tlsConfig, TLS_SEC_EVT_WARNING, TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION, "Warning: Insecure TLS version", self);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Semaphore_post(self->renegotiationLock);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DEBUG_PRINT("TLS", "TLSSocket_performHandshake Success -> ret=%i\n", ret);
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
else {
|
|
|
|
@ -868,6 +874,7 @@ TLSSocket_performHandshake(TLSSocket self)
|
|
|
|
createSecurityEvents(self->tlsConfig, ret, flags, self);
|
|
|
|
createSecurityEvents(self->tlsConfig, ret, flags, self);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Semaphore_post(self->renegotiationLock);
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -1008,6 +1015,8 @@ TLSSocket_close(TLSSocket self)
|
|
|
|
if (self->peerCert)
|
|
|
|
if (self->peerCert)
|
|
|
|
GLOBAL_FREEMEM(self->peerCert);
|
|
|
|
GLOBAL_FREEMEM(self->peerCert);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Semaphore_destroy(self->renegotiationLock);
|
|
|
|
|
|
|
|
|
|
|
|
GLOBAL_FREEMEM(self);
|
|
|
|
GLOBAL_FREEMEM(self);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
Federico Francescon
2 years ago