1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-28 05:37:44 +00:00

LibTLS: Make the TLS connection options user-configurable

The user may now request specific cipher suites, the use of SNI, and
whether we should validate certificates (not that we're doing a good job
of that).
This commit is contained in:
AnotherTest 2021-02-07 07:21:32 +03:30 committed by Andreas Kling
parent b5f24c84e4
commit 2020176f0f
7 changed files with 60 additions and 29 deletions

View file

@ -195,6 +195,27 @@ enum ClientVerificationStaus {
VerificationNeeded,
};
struct Options {
#define OPTION_WITH_DEFAULTS(typ, name, ...) \
static typ default_##name() { return typ { __VA_ARGS__ }; } \
typ name = default_##name();
OPTION_WITH_DEFAULTS(Vector<CipherSuite>, usable_cipher_suites,
CipherSuite::RSA_WITH_AES_128_CBC_SHA256,
CipherSuite::RSA_WITH_AES_256_CBC_SHA256,
CipherSuite::RSA_WITH_AES_128_CBC_SHA,
CipherSuite::RSA_WITH_AES_256_CBC_SHA,
CipherSuite::RSA_WITH_AES_128_GCM_SHA256)
OPTION_WITH_DEFAULTS(Version, version, Version::V12)
OPTION_WITH_DEFAULTS(bool, use_sni, true)
OPTION_WITH_DEFAULTS(bool, use_compression, false)
OPTION_WITH_DEFAULTS(bool, validate_certificates, true)
#undef OPTION_WITH_DEFAULTS
};
struct Context {
String to_string() const;
bool verify() const;
@ -202,12 +223,13 @@ struct Context {
static void print_file(const StringView& fname);
Options options;
u8 remote_random[32];
u8 local_random[32];
u8 session_id[32];
u8 session_id_size { 0 };
CipherSuite cipher;
Version version;
bool is_server { false };
Vector<Certificate> certificates;
Certificate private_key;
@ -334,7 +356,7 @@ public:
Function<void(TLSv12&)> on_tls_certificate_request;
private:
explicit TLSv12(Core::Object* parent, Version version = Version::V12);
explicit TLSv12(Core::Object* parent, Options = {});
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
@ -344,7 +366,7 @@ private:
void ensure_hmac(size_t digest_size, bool local);
void update_packet(ByteBuffer& packet);
void update_hash(ReadonlyBytes in);
void update_hash(ReadonlyBytes in, size_t header_size);
void write_packet(ByteBuffer& packet);