|
|
@ -401,6 +401,14 @@ namespace data |
|
|
|
decoder.Put ((const uint8_t *)base64.data(), base64.length()); |
|
|
|
decoder.Put ((const uint8_t *)base64.data(), base64.length()); |
|
|
|
decoder.MessageEnd (); |
|
|
|
decoder.MessageEnd (); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LoadCertificate (queue); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
LogPrint (eLogError, "Can't open certificate file ", filename); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void Reseeder::LoadCertificate (CryptoPP::ByteQueue& queue) |
|
|
|
|
|
|
|
{ |
|
|
|
// extract X.509
|
|
|
|
// extract X.509
|
|
|
|
CryptoPP::BERSequenceDecoder x509Cert (queue); |
|
|
|
CryptoPP::BERSequenceDecoder x509Cert (queue); |
|
|
|
CryptoPP::BERSequenceDecoder tbsCert (x509Cert); |
|
|
|
CryptoPP::BERSequenceDecoder tbsCert (x509Cert); |
|
|
@ -465,9 +473,6 @@ namespace data |
|
|
|
tbsCert.SkipAll(); |
|
|
|
tbsCert.SkipAll(); |
|
|
|
x509Cert.SkipAll(); |
|
|
|
x509Cert.SkipAll(); |
|
|
|
} |
|
|
|
} |
|
|
|
else |
|
|
|
|
|
|
|
LogPrint (eLogError, "Can't open certificate file ", filename); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void Reseeder::LoadCertificates () |
|
|
|
void Reseeder::LoadCertificates () |
|
|
|
{ |
|
|
|
{ |
|
|
@ -500,8 +505,8 @@ namespace data |
|
|
|
0x03, 0x02, // version (TSL 1.2)
|
|
|
|
0x03, 0x02, // version (TSL 1.2)
|
|
|
|
0x00, 0x2F, // length of handshake
|
|
|
|
0x00, 0x2F, // length of handshake
|
|
|
|
// handshake
|
|
|
|
// handshake
|
|
|
|
0x01, // client hello
|
|
|
|
0x01, // handshake type (client hello)
|
|
|
|
0x00, 0x00, 0x2B, // length of client hello
|
|
|
|
0x00, 0x00, 0x2B, // length of handshake payload
|
|
|
|
// client hello
|
|
|
|
// client hello
|
|
|
|
0x03, 0x02, // highest version supported (TSL 1.2)
|
|
|
|
0x03, 0x02, // highest version supported (TSL 1.2)
|
|
|
|
0x01, 0x01, 0x01, 0x01, // date, can be anything
|
|
|
|
0x01, 0x01, 0x01, 0x01, // date, can be anything
|
|
|
@ -533,6 +538,27 @@ namespace data |
|
|
|
char * serverHello = new char[length]; |
|
|
|
char * serverHello = new char[length]; |
|
|
|
site.read (serverHello, length); |
|
|
|
site.read (serverHello, length); |
|
|
|
delete[] serverHello; |
|
|
|
delete[] serverHello; |
|
|
|
|
|
|
|
// read Certificate
|
|
|
|
|
|
|
|
site.read ((char *)&type, 1); |
|
|
|
|
|
|
|
site.read ((char *)&version, 2); |
|
|
|
|
|
|
|
site.read ((char *)&length, 2); |
|
|
|
|
|
|
|
length = be16toh (length); |
|
|
|
|
|
|
|
char * certificate = new char[length]; |
|
|
|
|
|
|
|
site.read (certificate, length); |
|
|
|
|
|
|
|
// 0 - handshake type
|
|
|
|
|
|
|
|
// 1 - 3 - handshake payload length
|
|
|
|
|
|
|
|
// 4 - 6 - length of array of certificates
|
|
|
|
|
|
|
|
// 7 - 9 - length of certificate
|
|
|
|
|
|
|
|
if (certificate[0] == 0x0B) // handshake type certificate
|
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
CryptoPP::ByteQueue queue; |
|
|
|
|
|
|
|
queue.Put ((uint8_t *)certificate + 10, length - 10); |
|
|
|
|
|
|
|
queue.MessageEnd (); |
|
|
|
|
|
|
|
LoadCertificate (queue); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
LogPrint (eLogError, "Unexpected handshake type ", (int)certificate[0]); |
|
|
|
|
|
|
|
delete[] certificate; |
|
|
|
} |
|
|
|
} |
|
|
|
else |
|
|
|
else |
|
|
|
LogPrint (eLogError, "Can't connect to ", address); |
|
|
|
LogPrint (eLogError, "Can't connect to ", address); |
|
|
|