summary refs log tree commit diff
path: root/crypto/src/tls/AbstractTlsClient.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-09-24 18:09:39 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-09-24 18:09:39 +0700
commited081e3fe9634391ac496bd79193a7d00dfa6f07 (patch)
treeecc1382c5f3f9a17c6b21ebf8026076f6a32f15f /crypto/src/tls/AbstractTlsClient.cs
parentCmp updates (diff)
downloadBouncyCastle.NET-ed25519-ed081e3fe9634391ac496bd79193a7d00dfa6f07.tar.xz
(D)TLS: RFC 7250 Raw Public Keys
Diffstat (limited to 'crypto/src/tls/AbstractTlsClient.cs')
-rw-r--r--crypto/src/tls/AbstractTlsClient.cs37


1 files changed, 37 insertions, 0 deletions
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs
index 8bfd828f1..3061f3642 100644
--- a/crypto/src/tls/AbstractTlsClient.cs
+++ b/crypto/src/tls/AbstractTlsClient.cs
@@ -174,6 +174,16 @@ namespace Org.BouncyCastle.Tls
             return null;
         }
 
+        protected virtual short[] GetAllowedClientCertificateTypes()
+        {
+            return null;
+        }
+
+        protected virtual short[] GetAllowedServerCertificateTypes()
+        {
+            return null;
+        }
+
         public virtual void Init(TlsClientContext context)
         {
             this.m_context = context;
@@ -334,6 +344,33 @@ namespace Org.BouncyCastle.Tls
                 }
             }
 
+            /*
+             * RFC 7250 4.1:
+             *
+             * If the client has no remaining certificate types to send in
+             * the client hello, other than the default X.509 type, it MUST omit the
+             * client_certificate_type extension in the client hello.
+             */
+            short[] clientCertTypes = GetAllowedClientCertificateTypes();
+            if (clientCertTypes != null && (clientCertTypes.Length > 1 || clientCertTypes[0] != CertificateType.X509))
+            {
+                TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, clientCertTypes);
+            }
+
+            /*
+             * RFC 7250 4.1:
+             *
+             * If the client has no remaining certificate types to send in
+             * the client hello, other than the default X.509 certificate type, it
+             * MUST omit the entire server_certificate_type extension from the
+             * client hello.
+             */
+            short[] serverCertTypes = GetAllowedServerCertificateTypes();
+            if (serverCertTypes != null && (serverCertTypes.Length > 1 || serverCertTypes[0] != CertificateType.X509))
+            {
+                TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, serverCertTypes);
+            }
+
             return clientExtensions;
         }
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-10 04:03:25 +0000