libsec: TLS1.1 support (needs new devtls)
This commit is contained in:
cinap_lenrek
parent
74d1f67b05
commit
0c36c79e9b
1 changed files with 9 additions and 14 deletions
|
|
@ -163,9 +163,10 @@ typedef struct TlsSec{
|
||||||
|
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
TLSVersion = 0x0301,
|
|
||||||
SSL3Version = 0x0300,
|
SSL3Version = 0x0300,
|
||||||
ProtocolVersion = 0x0301, // maximum version we speak
|
TLS10Version = 0x0301,
|
||||||
|
TLS11Version = 0x0302,
|
||||||
|
ProtocolVersion = TLS11Version, // maximum version we speak
|
||||||
MinProtoVersion = 0x0300, // limits on version we accept
|
MinProtoVersion = 0x0300, // limits on version we accept
|
||||||
MaxProtoVersion = 0x03ff,
|
MaxProtoVersion = 0x03ff,
|
||||||
};
|
};
|
||||||
|
|
@ -591,9 +592,8 @@ tlsServer2(int ctl, int hand, uchar *cert, int certlen, int (*trace)(char*fmt, .
|
||||||
tlsError(c, EUnexpectedMessage, "expected a client hello");
|
tlsError(c, EUnexpectedMessage, "expected a client hello");
|
||||||
goto Err;
|
goto Err;
|
||||||
}
|
}
|
||||||
c->clientVersion = m.u.clientHello.version;
|
|
||||||
if(trace)
|
if(trace)
|
||||||
trace("ClientHello version %x\n", c->clientVersion);
|
trace("ClientHello version %x\n", m.u.clientHello.version);
|
||||||
if(setVersion(c, m.u.clientHello.version) < 0) {
|
if(setVersion(c, m.u.clientHello.version) < 0) {
|
||||||
tlsError(c, EIllegalParameter, "incompatible version");
|
tlsError(c, EIllegalParameter, "incompatible version");
|
||||||
goto Err;
|
goto Err;
|
||||||
|
|
@ -970,7 +970,6 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen,
|
||||||
c->sec = tlsSecInitc(c->clientVersion, c->crandom);
|
c->sec = tlsSecInitc(c->clientVersion, c->crandom);
|
||||||
if(c->sec == nil)
|
if(c->sec == nil)
|
||||||
goto Err;
|
goto Err;
|
||||||
|
|
||||||
/* client hello */
|
/* client hello */
|
||||||
memset(&m, 0, sizeof(m));
|
memset(&m, 0, sizeof(m));
|
||||||
m.tag = HClientHello;
|
m.tag = HClientHello;
|
||||||
|
|
@ -1932,11 +1931,10 @@ setVersion(TlsConnection *c, int version)
|
||||||
if(version == SSL3Version) {
|
if(version == SSL3Version) {
|
||||||
c->version = version;
|
c->version = version;
|
||||||
c->finished.n = SSL3FinishedLen;
|
c->finished.n = SSL3FinishedLen;
|
||||||
}else if(version == TLSVersion){
|
}else {
|
||||||
c->version = version;
|
c->version = version;
|
||||||
c->finished.n = TLSFinishedLen;
|
c->finished.n = TLSFinishedLen;
|
||||||
}else
|
}
|
||||||
return -1;
|
|
||||||
c->verset = 1;
|
c->verset = 1;
|
||||||
return fprint(c->ctl, "version 0x%x", version);
|
return fprint(c->ctl, "version 0x%x", version);
|
||||||
}
|
}
|
||||||
|
|
@ -2416,13 +2414,10 @@ setVers(TlsSec *sec, int v)
|
||||||
sec->setFinished = sslSetFinished;
|
sec->setFinished = sslSetFinished;
|
||||||
sec->nfin = SSL3FinishedLen;
|
sec->nfin = SSL3FinishedLen;
|
||||||
sec->prf = sslPRF;
|
sec->prf = sslPRF;
|
||||||
}else if(v == TLSVersion){
|
}else{
|
||||||
sec->setFinished = tlsSetFinished;
|
sec->setFinished = tlsSetFinished;
|
||||||
sec->nfin = TLSFinishedLen;
|
sec->nfin = TLSFinishedLen;
|
||||||
sec->prf = tlsPRF;
|
sec->prf = tlsPRF;
|
||||||
}else{
|
|
||||||
werrstr("invalid version");
|
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
sec->vers = v;
|
sec->vers = v;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue