ref: 0c36c79e9b58b5131d4911b05ede987ce0bb8bde
parent: 74d1f67b0547aa1b32648a2364f3cd6739d3e60a
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Aug 15 13:51:55 EDT 2015
libsec: TLS1.1 support (needs new devtls)
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -163,10 +163,11 @@
enum {- TLSVersion = 0x0301,
- SSL3Version = 0x0300,
- ProtocolVersion = 0x0301, // maximum version we speak
- MinProtoVersion = 0x0300, // limits on version we accept
+ SSL3Version = 0x0300,
+ TLS10Version = 0x0301,
+ TLS11Version = 0x0302,
+ ProtocolVersion = TLS11Version, // maximum version we speak
+ MinProtoVersion = 0x0300, // limits on version we accept
MaxProtoVersion = 0x03ff,
};
@@ -591,9 +592,8 @@
tlsError(c, EUnexpectedMessage, "expected a client hello");
goto Err;
}
- c->clientVersion = m.u.clientHello.version;
if(trace)
- trace("ClientHello version %x\n", c->clientVersion);+ trace("ClientHello version %x\n", m.u.clientHello.version); if(setVersion(c, m.u.clientHello.version) < 0) {tlsError(c, EIllegalParameter, "incompatible version");
goto Err;
@@ -970,7 +970,6 @@
c->sec = tlsSecInitc(c->clientVersion, c->crandom);
if(c->sec == nil)
goto Err;
-
/* client hello */
memset(&m, 0, sizeof(m));
m.tag = HClientHello;
@@ -1932,11 +1931,10 @@
if(version == SSL3Version) {c->version = version;
c->finished.n = SSL3FinishedLen;
- }else if(version == TLSVersion){+ }else {c->version = version;
c->finished.n = TLSFinishedLen;
- }else
- return -1;
+ }
c->verset = 1;
return fprint(c->ctl, "version 0x%x", version);
}
@@ -2416,13 +2414,10 @@
sec->setFinished = sslSetFinished;
sec->nfin = SSL3FinishedLen;
sec->prf = sslPRF;
- }else if(v == TLSVersion){+ }else{sec->setFinished = tlsSetFinished;
sec->nfin = TLSFinishedLen;
sec->prf = tlsPRF;
- }else{- werrstr("invalid version");- return -1;
}
sec->vers = v;
return 0;