diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index 0d690aff1..5ebd3d4e5 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -343,9 +343,8 @@ tlsServer(int fd, TLSconn *conn) close(fd); close(hand); close(ctl); - if(data < 0){ + if(data < 0) return -1; - } if(tls == nil){ close(data); return -1; @@ -393,13 +392,16 @@ tlsClient(int fd, TLSconn *conn) } sprint(dname, "#a/tls/%s/data", buf); data = open(dname, ORDWR); - if(data < 0) + if(data < 0){ + close(hand); + close(ctl); return -1; + } fprint(ctl, "fd %d 0x%x", fd, ProtocolVersion); tls = tlsClient2(ctl, hand, conn->sessionID, conn->sessionIDlen, conn->trace); - close(fd); close(hand); close(ctl); + close(fd); if(tls == nil){ close(data); return -1; @@ -702,7 +704,7 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, int (*trace)(char*fmt, ... if(tlsSecSecretc(c->sec, c->sid->data, c->sid->len, c->srandom, c->cert->data, c->cert->len, c->version, &epm, &nepm, kd, c->nsecret) < 0){ - tlsError(c, EBadCertificate, "invalid x509/rsa certificate"); + tlsError(c, EBadCertificate, "bad certificate: %r"); goto Err; } secrets = (char*)emalloc(2*c->nsecret); diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c index 9888015ff..103ab2933 100644 --- a/sys/src/libsec/port/x509.c +++ b/sys/src/libsec/port/x509.c @@ -1582,6 +1582,7 @@ enum { ALG_md5WithRSAEncryption, ALG_sha1WithRSAEncryption, ALG_sha1WithRSAEncryptionOiw, + ALG_sha256WithRSAEncryption, ALG_md5, NUMALGS }; @@ -1595,6 +1596,7 @@ static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 }; static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 }; static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 }; static Ints7 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 }; +static Ints7 oid_sha256WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 11 }; static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 }; static Ints *alg_oid_tab[NUMALGS+1] = { (Ints*)&oid_rsaEncryption, @@ -1603,10 +1605,13 @@ static Ints *alg_oid_tab[NUMALGS+1] = { (Ints*)&oid_md5WithRSAEncryption, (Ints*)&oid_sha1WithRSAEncryption, (Ints*)&oid_sha1WithRSAEncryptionOiw, + (Ints*)&oid_sha256WithRSAEncryption, (Ints*)&oid_md5, nil }; -static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, sha1, md5, nil }; +static DigestFun digestalg[NUMALGS+1] = { + md5, md5, md5, md5, sha1, sha1, sha2_256, md5, nil +}; static void freecert(CertX509* c)