-- |
-- Module      : Network.TLS.Handshake.Process
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
-- process handshake message received
--
module Network.TLS.Handshake.Process
    ( processHandshake
    , processHandshake13
    , startHandshake
    ) where

import Network.TLS.Context.Internal
import Network.TLS.Crypto
import Network.TLS.ErrT
import Network.TLS.Extension
import Network.TLS.Handshake.Key
import Network.TLS.Handshake.Random
import Network.TLS.Handshake.Signature
import Network.TLS.Handshake.State
import Network.TLS.Handshake.State13
import Network.TLS.Imports
import Network.TLS.Packet
import Network.TLS.Parameters
import Network.TLS.Sending
import Network.TLS.State
import Network.TLS.Struct
import Network.TLS.Struct13
import Network.TLS.Types (Role(..), invertRole, MasterSecret(..))
import Network.TLS.Util

import Control.Concurrent.MVar
import Control.Monad.IO.Class (liftIO)
import Control.Monad.State.Strict (gets)
import Data.X509 (CertificateChain(..), Certificate(..), getCertificate)
import Data.IORef (writeIORef)

processHandshake :: Context -> Handshake -> IO ()
processHandshake :: Context -> Handshake -> IO ()
processHandshake Context
ctx Handshake
hs = do
    Role
role <- Context -> TLSSt Role -> IO Role
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Role
isClientContext
    case Handshake
hs of
        ClientHello Version
cver ClientRandom
ran Session
_ [CipherID]
cids [CompressionID]
_ [ExtensionRaw]
ex Maybe DeprecatedRecord
_ -> Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (Role
role Role -> Role -> Bool
forall a. Eq a => a -> a -> Bool
== Role
ServerRole) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ do
            (ExtensionRaw -> IO ()) -> [ExtensionRaw] -> IO ()
forall (t :: * -> *) (m :: * -> *) a b.
(Foldable t, Monad m) =>
(a -> m b) -> t a -> m ()
mapM_ (Context -> TLSSt () -> IO ()
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx (TLSSt () -> IO ())
-> (ExtensionRaw -> TLSSt ()) -> ExtensionRaw -> IO ()
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ExtensionRaw -> TLSSt ()
processClientExtension) [ExtensionRaw]
ex
            -- RFC 5746: secure renegotiation
            -- TLS_EMPTY_RENEGOTIATION_INFO_SCSV: {0x00, 0xFF}
            Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (Bool
secureRenegotiation Bool -> Bool -> Bool
&& (CipherID
0xff CipherID -> [CipherID] -> Bool
forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`elem` [CipherID]
cids)) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$
                Context -> TLSSt () -> IO ()
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx (TLSSt () -> IO ()) -> TLSSt () -> IO ()
forall a b. (a -> b) -> a -> b
$ Bool -> TLSSt ()
setSecureRenegotiation Bool
True
            Bool
hrr <- Context -> TLSSt Bool -> IO Bool
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Bool
getTLS13HRR
            Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
unless Bool
hrr (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> Version -> ClientRandom -> IO ()
startHandshake Context
ctx Version
cver ClientRandom
ran
        Certificates CertificateChain
certs            -> Role -> CertificateChain -> IO ()
processCertificates Role
role CertificateChain
certs
        Finished DeprecatedRecord
fdata                -> Context -> DeprecatedRecord -> IO ()
processClientFinished Context
ctx DeprecatedRecord
fdata
        Handshake
_                             -> () -> IO ()
forall (m :: * -> *) a. Monad m => a -> m a
return ()
    Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (Handshake -> Bool
isHRR Handshake
hs) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> HandshakeM () -> IO ()
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx HandshakeM ()
wrapAsMessageHash13
    IO DeprecatedRecord -> IO ()
forall (f :: * -> *) a. Functor f => f a -> f ()
void (IO DeprecatedRecord -> IO ()) -> IO DeprecatedRecord -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> Role -> Handshake -> IO DeprecatedRecord
updateHandshake Context
ctx Role
ServerRole Handshake
hs
    case Handshake
hs of
        ClientKeyXchg ClientKeyXchgAlgorithmData
content  -> Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (Role
role Role -> Role -> Bool
forall a. Eq a => a -> a -> Bool
== Role
ServerRole) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$
            Context -> ClientKeyXchgAlgorithmData -> IO ()
processClientKeyXchg Context
ctx ClientKeyXchgAlgorithmData
content
        Handshake
_                      -> () -> IO ()
forall (m :: * -> *) a. Monad m => a -> m a
return ()
  where secureRenegotiation :: Bool
secureRenegotiation = Supported -> Bool
supportedSecureRenegotiation (Supported -> Bool) -> Supported -> Bool
forall a b. (a -> b) -> a -> b
$ Context -> Supported
ctxSupported Context
ctx
        -- RFC5746: secure renegotiation
        -- the renegotiation_info extension: 0xff01
        processClientExtension :: ExtensionRaw -> TLSSt ()
processClientExtension (ExtensionRaw CipherID
0xff01 DeprecatedRecord
content) | Bool
secureRenegotiation = do
            DeprecatedRecord
v <- Role -> TLSSt DeprecatedRecord
getVerifiedData Role
ClientRole
            let bs :: DeprecatedRecord
bs = SecureRenegotiation -> DeprecatedRecord
forall a. Extension a => a -> DeprecatedRecord
extensionEncode (DeprecatedRecord -> Maybe DeprecatedRecord -> SecureRenegotiation
SecureRenegotiation DeprecatedRecord
v Maybe DeprecatedRecord
forall a. Maybe a
Nothing)
            Bool -> TLSSt () -> TLSSt ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
unless (DeprecatedRecord
bs DeprecatedRecord -> DeprecatedRecord -> Bool
`bytesEq` DeprecatedRecord
content) (TLSSt () -> TLSSt ()) -> TLSSt () -> TLSSt ()
forall a b. (a -> b) -> a -> b
$ TLSError -> TLSSt ()
forall e (m :: * -> *) a. MonadError e m => e -> m a
throwError (TLSError -> TLSSt ()) -> TLSError -> TLSSt ()
forall a b. (a -> b) -> a -> b
$ (String, Bool, AlertDescription) -> TLSError
Error_Protocol (String
"client verified data not matching: " String -> String -> String
forall a. [a] -> [a] -> [a]
++ DeprecatedRecord -> String
forall a. Show a => a -> String
show DeprecatedRecord
v String -> String -> String
forall a. [a] -> [a] -> [a]
++ String
":" String -> String -> String
forall a. [a] -> [a] -> [a]
++ DeprecatedRecord -> String
forall a. Show a => a -> String
show DeprecatedRecord
content, Bool
True, AlertDescription
HandshakeFailure)

            Bool -> TLSSt ()
setSecureRenegotiation Bool
True
        -- unknown extensions
        processClientExtension ExtensionRaw
_ = () -> TLSSt ()
forall (m :: * -> *) a. Monad m => a -> m a
return ()

        processCertificates :: Role -> CertificateChain -> IO ()
        processCertificates :: Role -> CertificateChain -> IO ()
processCertificates Role
ServerRole (CertificateChain []) = () -> IO ()
forall (m :: * -> *) a. Monad m => a -> m a
return ()
        processCertificates Role
ClientRole (CertificateChain []) =
            TLSError -> IO ()
forall (m :: * -> *) a. MonadIO m => TLSError -> m a
throwCore (TLSError -> IO ()) -> TLSError -> IO ()
forall a b. (a -> b) -> a -> b
$ (String, Bool, AlertDescription) -> TLSError
Error_Protocol (String
"server certificate missing", Bool
True, AlertDescription
HandshakeFailure)
        processCertificates Role
_ (CertificateChain (SignedExact Certificate
c:[SignedExact Certificate]
_)) =
            Context -> HandshakeM () -> IO ()
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx (HandshakeM () -> IO ()) -> HandshakeM () -> IO ()
forall a b. (a -> b) -> a -> b
$ PubKey -> HandshakeM ()
setPublicKey PubKey
pubkey
          where pubkey :: PubKey
pubkey = Certificate -> PubKey
certPubKey (Certificate -> PubKey) -> Certificate -> PubKey
forall a b. (a -> b) -> a -> b
$ SignedExact Certificate -> Certificate
getCertificate SignedExact Certificate
c

        isHRR :: Handshake -> Bool
isHRR (ServerHello Version
TLS12 ServerRandom
srand Session
_ CipherID
_ CompressionID
_ [ExtensionRaw]
_) = ServerRandom -> Bool
isHelloRetryRequest ServerRandom
srand
        isHRR Handshake
_                                 = Bool
False

processHandshake13 :: Context -> Handshake13 -> IO ()
processHandshake13 :: Context -> Handshake13 -> IO ()
processHandshake13 Context
ctx = IO DeprecatedRecord -> IO ()
forall (f :: * -> *) a. Functor f => f a -> f ()
void (IO DeprecatedRecord -> IO ())
-> (Handshake13 -> IO DeprecatedRecord) -> Handshake13 -> IO ()
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Context -> Handshake13 -> IO DeprecatedRecord
updateHandshake13 Context
ctx

-- process the client key exchange message. the protocol expects the initial
-- client version received in ClientHello, not the negotiated version.
-- in case the version mismatch, generate a random master secret
processClientKeyXchg :: Context -> ClientKeyXchgAlgorithmData -> IO ()
processClientKeyXchg :: Context -> ClientKeyXchgAlgorithmData -> IO ()
processClientKeyXchg Context
ctx (CKX_RSA DeprecatedRecord
encryptedPremaster) = do
    (Version
rver, Role
role, DeprecatedRecord
random) <- Context
-> TLSSt (Version, Role, DeprecatedRecord)
-> IO (Version, Role, DeprecatedRecord)
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx (TLSSt (Version, Role, DeprecatedRecord)
 -> IO (Version, Role, DeprecatedRecord))
-> TLSSt (Version, Role, DeprecatedRecord)
-> IO (Version, Role, DeprecatedRecord)
forall a b. (a -> b) -> a -> b
$ do
        (,,) (Version
 -> Role -> DeprecatedRecord -> (Version, Role, DeprecatedRecord))
-> TLSSt Version
-> TLSSt
     (Role -> DeprecatedRecord -> (Version, Role, DeprecatedRecord))
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> TLSSt Version
getVersion TLSSt
  (Role -> DeprecatedRecord -> (Version, Role, DeprecatedRecord))
-> TLSSt Role
-> TLSSt (DeprecatedRecord -> (Version, Role, DeprecatedRecord))
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
<*> TLSSt Role
isClientContext TLSSt (DeprecatedRecord -> (Version, Role, DeprecatedRecord))
-> TLSSt DeprecatedRecord
-> TLSSt (Version, Role, DeprecatedRecord)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
<*> Int -> TLSSt DeprecatedRecord
genRandom Int
48
    Either KxError DeprecatedRecord
ePremaster <- Context -> DeprecatedRecord -> IO (Either KxError DeprecatedRecord)
decryptRSA Context
ctx DeprecatedRecord
encryptedPremaster
    DeprecatedRecord
masterSecret <- Context -> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx (HandshakeM DeprecatedRecord -> IO DeprecatedRecord)
-> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall a b. (a -> b) -> a -> b
$ do
        Version
expectedVer <- (HandshakeState -> Version) -> HandshakeM Version
forall s (m :: * -> *) a. MonadState s m => (s -> a) -> m a
gets HandshakeState -> Version
hstClientVersion
        case Either KxError DeprecatedRecord
ePremaster of
            Left KxError
_          -> Version -> Role -> DeprecatedRecord -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role DeprecatedRecord
random
            Right DeprecatedRecord
premaster -> case DeprecatedRecord -> Either TLSError (Version, DeprecatedRecord)
decodePreMasterSecret DeprecatedRecord
premaster of
                Left TLSError
_                   -> Version -> Role -> DeprecatedRecord -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role DeprecatedRecord
random
                Right (Version
ver, DeprecatedRecord
_)
                    | Version
ver Version -> Version -> Bool
forall a. Eq a => a -> a -> Bool
/= Version
expectedVer -> Version -> Role -> DeprecatedRecord -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role DeprecatedRecord
random
                    | Bool
otherwise          -> Version -> Role -> DeprecatedRecord -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role DeprecatedRecord
premaster
    IO () -> IO ()
forall (m :: * -> *) a. MonadIO m => IO a -> m a
liftIO (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> MasterSecret -> IO ()
forall a. LogLabel a => Context -> a -> IO ()
logKey Context
ctx (DeprecatedRecord -> MasterSecret
MasterSecret DeprecatedRecord
masterSecret)

processClientKeyXchg Context
ctx (CKX_DH DHPublic
clientDHValue) = do
    Version
rver <- Context -> TLSSt Version -> IO Version
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Version
getVersion
    Role
role <- Context -> TLSSt Role -> IO Role
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Role
isClientContext

    ServerDHParams
serverParams <- Context -> HandshakeM ServerDHParams -> IO ServerDHParams
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx HandshakeM ServerDHParams
getServerDHParams
    let params :: DHParams
params = ServerDHParams -> DHParams
serverDHParamsToParams ServerDHParams
serverParams
    Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
unless (DHParams -> Integer -> Bool
dhValid DHParams
params (Integer -> Bool) -> Integer -> Bool
forall a b. (a -> b) -> a -> b
$ DHPublic -> Integer
dhUnwrapPublic DHPublic
clientDHValue) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$
        TLSError -> IO ()
forall (m :: * -> *) a. MonadIO m => TLSError -> m a
throwCore (TLSError -> IO ()) -> TLSError -> IO ()
forall a b. (a -> b) -> a -> b
$ (String, Bool, AlertDescription) -> TLSError
Error_Protocol (String
"invalid client public key", Bool
True, AlertDescription
IllegalParameter)

    DHPrivate
dhpriv       <- Context -> HandshakeM DHPrivate -> IO DHPrivate
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx HandshakeM DHPrivate
getDHPrivate
    let premaster :: DHKey
premaster = DHParams -> DHPrivate -> DHPublic -> DHKey
dhGetShared DHParams
params DHPrivate
dhpriv DHPublic
clientDHValue
    DeprecatedRecord
masterSecret <- Context -> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx (HandshakeM DeprecatedRecord -> IO DeprecatedRecord)
-> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall a b. (a -> b) -> a -> b
$ Version -> Role -> DHKey -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role DHKey
premaster
    IO () -> IO ()
forall (m :: * -> *) a. MonadIO m => IO a -> m a
liftIO (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> MasterSecret -> IO ()
forall a. LogLabel a => Context -> a -> IO ()
logKey Context
ctx (DeprecatedRecord -> MasterSecret
MasterSecret DeprecatedRecord
masterSecret)

processClientKeyXchg Context
ctx (CKX_ECDH DeprecatedRecord
bytes) = do
    ServerECDHParams Group
grp GroupPublic
_ <- Context -> HandshakeM ServerECDHParams -> IO ServerECDHParams
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx HandshakeM ServerECDHParams
getServerECDHParams
    case Group -> DeprecatedRecord -> Either CryptoError GroupPublic
decodeGroupPublic Group
grp DeprecatedRecord
bytes of
      Left CryptoError
_ -> TLSError -> IO ()
forall (m :: * -> *) a. MonadIO m => TLSError -> m a
throwCore (TLSError -> IO ()) -> TLSError -> IO ()
forall a b. (a -> b) -> a -> b
$ (String, Bool, AlertDescription) -> TLSError
Error_Protocol (String
"client public key cannot be decoded", Bool
True, AlertDescription
IllegalParameter)
      Right GroupPublic
clipub -> do
          GroupPrivate
srvpri <- Context -> HandshakeM GroupPrivate -> IO GroupPrivate
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx HandshakeM GroupPrivate
getGroupPrivate
          case GroupPublic -> GroupPrivate -> Maybe GroupKey
groupGetShared GroupPublic
clipub GroupPrivate
srvpri of
              Just GroupKey
premaster -> do
                  Version
rver <- Context -> TLSSt Version -> IO Version
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Version
getVersion
                  Role
role <- Context -> TLSSt Role -> IO Role
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx TLSSt Role
isClientContext
                  DeprecatedRecord
masterSecret <- Context -> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx (HandshakeM DeprecatedRecord -> IO DeprecatedRecord)
-> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall a b. (a -> b) -> a -> b
$ Version -> Role -> GroupKey -> HandshakeM DeprecatedRecord
forall preMaster.
ByteArrayAccess preMaster =>
Version -> Role -> preMaster -> HandshakeM DeprecatedRecord
setMasterSecretFromPre Version
rver Role
role GroupKey
premaster
                  IO () -> IO ()
forall (m :: * -> *) a. MonadIO m => IO a -> m a
liftIO (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ Context -> MasterSecret -> IO ()
forall a. LogLabel a => Context -> a -> IO ()
logKey Context
ctx (DeprecatedRecord -> MasterSecret
MasterSecret DeprecatedRecord
masterSecret)
              Maybe GroupKey
Nothing -> TLSError -> IO ()
forall (m :: * -> *) a. MonadIO m => TLSError -> m a
throwCore (TLSError -> IO ()) -> TLSError -> IO ()
forall a b. (a -> b) -> a -> b
$ (String, Bool, AlertDescription) -> TLSError
Error_Protocol (String
"cannot generate a shared secret on ECDH", Bool
True, AlertDescription
IllegalParameter)

processClientFinished :: Context -> FinishedData -> IO ()
processClientFinished :: Context -> DeprecatedRecord -> IO ()
processClientFinished Context
ctx DeprecatedRecord
fdata = do
    (Role
cc,Version
ver) <- Context -> TLSSt (Role, Version) -> IO (Role, Version)
forall a. Context -> TLSSt a -> IO a
usingState_ Context
ctx (TLSSt (Role, Version) -> IO (Role, Version))
-> TLSSt (Role, Version) -> IO (Role, Version)
forall a b. (a -> b) -> a -> b
$ (,) (Role -> Version -> (Role, Version))
-> TLSSt Role -> TLSSt (Version -> (Role, Version))
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> TLSSt Role
isClientContext TLSSt (Version -> (Role, Version))
-> TLSSt Version -> TLSSt (Role, Version)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
<*> TLSSt Version
getVersion
    DeprecatedRecord
expected <- Context -> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall (m :: * -> *) a. MonadIO m => Context -> HandshakeM a -> m a
usingHState Context
ctx (HandshakeM DeprecatedRecord -> IO DeprecatedRecord)
-> HandshakeM DeprecatedRecord -> IO DeprecatedRecord
forall a b. (a -> b) -> a -> b
$ Version -> Role -> HandshakeM DeprecatedRecord
getHandshakeDigest Version
ver (Role -> HandshakeM DeprecatedRecord)
-> Role -> HandshakeM DeprecatedRecord
forall a b. (a -> b) -> a -> b
$ Role -> Role
invertRole Role
cc
    Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (DeprecatedRecord
expected DeprecatedRecord -> DeprecatedRecord -> Bool
forall a. Eq a => a -> a -> Bool
/= DeprecatedRecord
fdata) (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ String -> IO ()
forall (m :: * -> *) a. MonadIO m => String -> m a
decryptError String
"cannot verify finished"
    IORef (Maybe DeprecatedRecord) -> Maybe DeprecatedRecord -> IO ()
forall a. IORef a -> a -> IO ()
writeIORef (Context -> IORef (Maybe DeprecatedRecord)
ctxPeerFinished Context
ctx) (Maybe DeprecatedRecord -> IO ())
-> Maybe DeprecatedRecord -> IO ()
forall a b. (a -> b) -> a -> b
$ DeprecatedRecord -> Maybe DeprecatedRecord
forall a. a -> Maybe a
Just DeprecatedRecord
fdata

-- initialize a new Handshake context (initial handshake or renegotiations)
startHandshake :: Context -> Version -> ClientRandom -> IO ()
startHandshake :: Context -> Version -> ClientRandom -> IO ()
startHandshake Context
ctx Version
ver ClientRandom
crand =
    let hs :: Maybe HandshakeState
hs = HandshakeState -> Maybe HandshakeState
forall a. a -> Maybe a
Just (HandshakeState -> Maybe HandshakeState)
-> HandshakeState -> Maybe HandshakeState
forall a b. (a -> b) -> a -> b
$ Version -> ClientRandom -> HandshakeState
newEmptyHandshake Version
ver ClientRandom
crand
    in IO () -> IO ()
forall (m :: * -> *) a. MonadIO m => IO a -> m a
liftIO (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$ IO (Maybe HandshakeState) -> IO ()
forall (f :: * -> *) a. Functor f => f a -> f ()
void (IO (Maybe HandshakeState) -> IO ())
-> IO (Maybe HandshakeState) -> IO ()
forall a b. (a -> b) -> a -> b
$ MVar (Maybe HandshakeState)
-> Maybe HandshakeState -> IO (Maybe HandshakeState)
forall a. MVar a -> a -> IO a
swapMVar (Context -> MVar (Maybe HandshakeState)
ctxHandshake Context
ctx) Maybe HandshakeState
hs