From 4caa380625e583c9bad5b9333e65ef1f9486bb2a Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 30 Dec 2011 18:29:11 +0100
Subject: Separated cipherspec checking and switching, allowing us to defer the
 second

---
 src/libtls/tls_server.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

(limited to 'src/libtls/tls_server.c')

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index d69ada859..e446a9622 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -956,28 +956,35 @@ METHOD(tls_handshake_t, build, status_t,
 }
 
 METHOD(tls_handshake_t, cipherspec_changed, bool,
-	private_tls_server_t *this)
+	private_tls_server_t *this, bool inbound)
 {
-	if (this->state == STATE_FINISHED_RECEIVED)
+	if (inbound)
 	{
-		this->crypto->change_cipher(this->crypto, FALSE);
-		this->state = STATE_CIPHERSPEC_CHANGED_OUT;
-		return TRUE;
+		if (this->peer)
+		{
+			return this->state == STATE_CERT_VERIFY_RECEIVED;
+		}
+		return this->state == STATE_KEY_EXCHANGE_RECEIVED;
+	}
+	else
+	{
+		return this->state == STATE_FINISHED_RECEIVED;
 	}
 	return FALSE;
 }
 
-METHOD(tls_handshake_t, change_cipherspec, bool,
-	private_tls_server_t *this)
+METHOD(tls_handshake_t, change_cipherspec, void,
+	private_tls_server_t *this, bool inbound)
 {
-	if ((this->peer && this->state == STATE_CERT_VERIFY_RECEIVED) ||
-	   (!this->peer && this->state == STATE_KEY_EXCHANGE_RECEIVED))
+	this->crypto->change_cipher(this->crypto, inbound);
+	if (inbound)
 	{
-		this->crypto->change_cipher(this->crypto, TRUE);
 		this->state = STATE_CIPHERSPEC_CHANGED_IN;
-		return TRUE;
 	}
-	return FALSE;
+	else
+	{
+		this->state = STATE_CIPHERSPEC_CHANGED_OUT;
+	}
 }
 
 METHOD(tls_handshake_t, finished, bool,
-- 
cgit v1.2.3