mirror of https://github.com/ctz/rustls
Move send_cert_error_alert from hs mod to conn mod
send_cert_error_alert could be shared between tls server and tls client.
This commit is contained in:
parent
383c96afa4
commit
843e6fc02a
|
@ -3,7 +3,7 @@ use crate::bs_debug;
|
|||
use crate::check::inappropriate_handshake_message;
|
||||
use crate::conn::{CommonState, ConnectionRandoms, State};
|
||||
use crate::enums::{CipherSuite, ProtocolVersion};
|
||||
use crate::error::{CertificateError, Error, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHashBuffer;
|
||||
use crate::kx;
|
||||
#[cfg(feature = "logging")]
|
||||
|
@ -811,19 +811,3 @@ impl State<ClientConnectionData> for ExpectServerHelloOrHelloRetryRequest {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub(super) fn send_cert_error_alert(common: &mut CommonState, err: Error) -> Error {
|
||||
match err {
|
||||
Error::InvalidCertificate(CertificateError::BadEncoding) => {
|
||||
common.send_fatal_alert(AlertDescription::DecodeError);
|
||||
}
|
||||
Error::PeerMisbehaved(_) => {
|
||||
common.send_fatal_alert(AlertDescription::IllegalParameter);
|
||||
}
|
||||
_ => {
|
||||
common.send_fatal_alert(AlertDescription::BadCertificate);
|
||||
}
|
||||
};
|
||||
|
||||
err
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
||||
use crate::conn::{CommonState, ConnectionRandoms, Side, State};
|
||||
use crate::conn::{self, CommonState, ConnectionRandoms, Side, State};
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::error::{Error, InvalidMessage, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHash;
|
||||
|
@ -740,7 +740,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
|
|||
&st.server_cert.ocsp_response,
|
||||
now,
|
||||
)
|
||||
.map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
|
||||
.map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
|
||||
|
||||
// 3.
|
||||
// Build up the contents of the signed message.
|
||||
|
@ -766,7 +766,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
|
|||
st.config
|
||||
.verifier
|
||||
.verify_tls12_signature(&message, &st.server_cert.cert_chain[0], sig)
|
||||
.map_err(|err| hs::send_cert_error_alert(cx.common, err))?
|
||||
.map_err(|err| conn::send_cert_error_alert(cx.common, err))?
|
||||
};
|
||||
cx.common.peer_certificates = Some(st.server_cert.cert_chain);
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ use crate::check::inappropriate_handshake_message;
|
|||
use crate::conn::Protocol;
|
||||
#[cfg(feature = "secret_extraction")]
|
||||
use crate::conn::Side;
|
||||
use crate::conn::{CommonState, ConnectionRandoms, State};
|
||||
use crate::conn::{self, CommonState, ConnectionRandoms, State};
|
||||
use crate::enums::{ProtocolVersion, SignatureScheme};
|
||||
use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer};
|
||||
|
@ -669,7 +669,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
|
|||
&self.server_cert.ocsp_response,
|
||||
now,
|
||||
)
|
||||
.map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
|
||||
.map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
|
||||
|
||||
// 2. Verify their signature on the handshake.
|
||||
let handshake_hash = self.transcript.get_current_hash();
|
||||
|
@ -681,7 +681,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
|
|||
&self.server_cert.cert_chain[0],
|
||||
cert_verify,
|
||||
)
|
||||
.map_err(|err| hs::send_cert_error_alert(cx.common, err))?;
|
||||
.map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
|
||||
|
||||
cx.common.peer_certificates = Some(self.server_cert.cert_chain);
|
||||
self.transcript.add_message(&m);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use crate::enums::ProtocolVersion;
|
||||
use crate::error::{Error, InvalidMessage, PeerMisbehaved};
|
||||
use crate::key;
|
||||
use crate::{key, CertificateError};
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, error, trace, warn};
|
||||
use crate::msgs::alert::AlertMessagePayload;
|
||||
|
@ -1432,3 +1432,19 @@ pub trait SideData {}
|
|||
|
||||
const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024;
|
||||
const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024;
|
||||
|
||||
pub(crate) fn send_cert_error_alert(common: &mut CommonState, err: Error) -> Error {
|
||||
match err {
|
||||
Error::InvalidCertificate(CertificateError::BadEncoding) => {
|
||||
common.send_fatal_alert(AlertDescription::DecodeError);
|
||||
}
|
||||
Error::PeerMisbehaved(_) => {
|
||||
common.send_fatal_alert(AlertDescription::IllegalParameter);
|
||||
}
|
||||
_ => {
|
||||
common.send_fatal_alert(AlertDescription::BadCertificate);
|
||||
}
|
||||
};
|
||||
|
||||
err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue