LibTLS: Make the TLS connection options user-configurable

The user may now request specific cipher suites, the use of SNI, and whether we should validate certificates (not that we're doing a good job of that).
2025-07-28 05:37:44 +00:00 · 2021-02-07 07:21:32 +03:30 · 2021-02-07 07:21:32 +03:30 · 2020176f0f
commit 2020176f0f
parent b5f24c84e4
7 changed files with 60 additions and 29 deletions
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@ -195,6 +195,27 @@ enum ClientVerificationStaus {
    VerificationNeeded,
 };

+struct Options {
+#define OPTION_WITH_DEFAULTS(typ, name, ...)                    \
+    static typ default_##name() { return typ { __VA_ARGS__ }; } \
+    typ name = default_##name();
+
+    OPTION_WITH_DEFAULTS(Vector<CipherSuite>, usable_cipher_suites,
+        CipherSuite::RSA_WITH_AES_128_CBC_SHA256,
+        CipherSuite::RSA_WITH_AES_256_CBC_SHA256,
+        CipherSuite::RSA_WITH_AES_128_CBC_SHA,
+        CipherSuite::RSA_WITH_AES_256_CBC_SHA,
+        CipherSuite::RSA_WITH_AES_128_GCM_SHA256)
+
+    OPTION_WITH_DEFAULTS(Version, version, Version::V12)
+
+    OPTION_WITH_DEFAULTS(bool, use_sni, true)
+    OPTION_WITH_DEFAULTS(bool, use_compression, false)
+    OPTION_WITH_DEFAULTS(bool, validate_certificates, true)
+
+#undef OPTION_WITH_DEFAULTS
+};
+
 struct Context {
    String to_string() const;
    bool verify() const;
@ -202,12 +223,13 @@ struct Context {

    static void print_file(const StringView& fname);

+    Options options;
+
    u8 remote_random[32];
    u8 local_random[32];
    u8 session_id[32];
    u8 session_id_size { 0 };
    CipherSuite cipher;
-    Version version;
    bool is_server { false };
    Vector<Certificate> certificates;
    Certificate private_key;
@ -334,7 +356,7 @@ public:
    Function<void(TLSv12&)> on_tls_certificate_request;

 private:
-    explicit TLSv12(Core::Object* parent, Version version = Version::V12);
+    explicit TLSv12(Core::Object* parent, Options = {});

    virtual bool common_connect(const struct sockaddr*, socklen_t) override;

@ -344,7 +366,7 @@ private:
    void ensure_hmac(size_t digest_size, bool local);

    void update_packet(ByteBuffer& packet);
-    void update_hash(ReadonlyBytes in);
+    void update_hash(ReadonlyBytes in, size_t header_size);

    void write_packet(ByteBuffer& packet);