1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 07:47:35 +00:00

LibTLS: Make the TLS connection options user-configurable

The user may now request specific cipher suites, the use of SNI, and
whether we should validate certificates (not that we're doing a good job
of that).
This commit is contained in:
AnotherTest 2021-02-07 07:21:32 +03:30 committed by Andreas Kling
parent b5f24c84e4
commit 2020176f0f
7 changed files with 60 additions and 29 deletions

View file

@ -61,7 +61,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
if (packet[0] == (u8)MessageType::Handshake && packet.size() > header_size) {
u8 handshake_type = packet[header_size];
if (handshake_type != HandshakeType::HelloRequest && handshake_type != HandshakeType::HelloVerifyRequest) {
update_hash(packet.bytes().slice(header_size, packet.size() - header_size));
update_hash(packet.bytes(), header_size);
}
}
if (m_context.cipher_spec_set && m_context.crypto.created) {
@ -190,9 +190,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
++m_context.local_sequence_number;
}
void TLSv12::update_hash(ReadonlyBytes message)
void TLSv12::update_hash(ReadonlyBytes message, size_t header_size)
{
m_context.handshake_hash.update(message);
dbgln("Update hash with message of size {}", message.size());
m_context.handshake_hash.update(message.slice(header_size));
}
ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local)