gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

simplify server proof verification function signature

Browse Source
This commit is contained in:
Marten Seemann
2016-11-24 08:50:49 +08:00
parent 6f5b2d308d
commit 8161e1f4a1
4 changed files with 106 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
handshake/crypto_setup_client.go
View File

@@ -156,28 +156,17 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
}
if h.serverConfig != nil && len(h.proof) != 0 && h.certManager.GetLeafCert() != nil {
return h.verifyServerConfigSignature()
validProof := h.certManager.VerifyServerProof(h.proof, h.chloForSignature, h.serverConfig.Get())
if !validProof {
return qerr.ProofInvalid
}
h.serverVerified = true
}
return nil
}
func (h *cryptoSetupClient) verifyServerConfigSignature() error {
validProof, err := h.certManager.VerifyServerProof(h.proof, h.chloForSignature, h.serverConfig.Get())
if err != nil {
return qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid")
}
if !validProof {
return qerr.ProofInvalid
}
// TODO: verify certificate chain
h.serverVerified = true
return nil
}
func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
serverPubs, ok := cryptoData[TagPUBS]
if !ok {