mirror of
https://github.com/RGBCube/serenity
synced 2025-07-28 05:37:44 +00:00
LibTLS: Make the TLS connection options user-configurable
The user may now request specific cipher suites, the use of SNI, and whether we should validate certificates (not that we're doing a good job of that).
This commit is contained in:
parent
b5f24c84e4
commit
2020176f0f
7 changed files with 60 additions and 29 deletions
|
@ -195,6 +195,27 @@ enum ClientVerificationStaus {
|
|||
VerificationNeeded,
|
||||
};
|
||||
|
||||
struct Options {
|
||||
#define OPTION_WITH_DEFAULTS(typ, name, ...) \
|
||||
static typ default_##name() { return typ { __VA_ARGS__ }; } \
|
||||
typ name = default_##name();
|
||||
|
||||
OPTION_WITH_DEFAULTS(Vector<CipherSuite>, usable_cipher_suites,
|
||||
CipherSuite::RSA_WITH_AES_128_CBC_SHA256,
|
||||
CipherSuite::RSA_WITH_AES_256_CBC_SHA256,
|
||||
CipherSuite::RSA_WITH_AES_128_CBC_SHA,
|
||||
CipherSuite::RSA_WITH_AES_256_CBC_SHA,
|
||||
CipherSuite::RSA_WITH_AES_128_GCM_SHA256)
|
||||
|
||||
OPTION_WITH_DEFAULTS(Version, version, Version::V12)
|
||||
|
||||
OPTION_WITH_DEFAULTS(bool, use_sni, true)
|
||||
OPTION_WITH_DEFAULTS(bool, use_compression, false)
|
||||
OPTION_WITH_DEFAULTS(bool, validate_certificates, true)
|
||||
|
||||
#undef OPTION_WITH_DEFAULTS
|
||||
};
|
||||
|
||||
struct Context {
|
||||
String to_string() const;
|
||||
bool verify() const;
|
||||
|
@ -202,12 +223,13 @@ struct Context {
|
|||
|
||||
static void print_file(const StringView& fname);
|
||||
|
||||
Options options;
|
||||
|
||||
u8 remote_random[32];
|
||||
u8 local_random[32];
|
||||
u8 session_id[32];
|
||||
u8 session_id_size { 0 };
|
||||
CipherSuite cipher;
|
||||
Version version;
|
||||
bool is_server { false };
|
||||
Vector<Certificate> certificates;
|
||||
Certificate private_key;
|
||||
|
@ -334,7 +356,7 @@ public:
|
|||
Function<void(TLSv12&)> on_tls_certificate_request;
|
||||
|
||||
private:
|
||||
explicit TLSv12(Core::Object* parent, Version version = Version::V12);
|
||||
explicit TLSv12(Core::Object* parent, Options = {});
|
||||
|
||||
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
|
||||
|
||||
|
@ -344,7 +366,7 @@ private:
|
|||
void ensure_hmac(size_t digest_size, bool local);
|
||||
|
||||
void update_packet(ByteBuffer& packet);
|
||||
void update_hash(ReadonlyBytes in);
|
||||
void update_hash(ReadonlyBytes in, size_t header_size);
|
||||
|
||||
void write_packet(ByteBuffer& packet);
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue