shithub: riscv

Download patch

ref: 0c36c79e9b58b5131d4911b05ede987ce0bb8bde
parent: 74d1f67b0547aa1b32648a2364f3cd6739d3e60a
author: cinap_lenrek <[email protected]>
date: Sat Aug 15 13:51:55 EDT 2015

libsec: TLS1.1 support (needs new devtls)

--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -163,10 +163,11 @@
 
 
 enum {
-	TLSVersion = 0x0301,
-	SSL3Version = 0x0300,
-	ProtocolVersion = 0x0301,	// maximum version we speak
-	MinProtoVersion = 0x0300,	// limits on version we accept
+	SSL3Version	= 0x0300,
+	TLS10Version	= 0x0301,
+	TLS11Version	= 0x0302,
+	ProtocolVersion	= TLS11Version,	// maximum version we speak
+	MinProtoVersion	= 0x0300,	// limits on version we accept
 	MaxProtoVersion	= 0x03ff,
 };
 
@@ -591,9 +592,8 @@
 		tlsError(c, EUnexpectedMessage, "expected a client hello");
 		goto Err;
 	}
-	c->clientVersion = m.u.clientHello.version;
 	if(trace)
-		trace("ClientHello version %x\n", c->clientVersion);
+		trace("ClientHello version %x\n", m.u.clientHello.version);
 	if(setVersion(c, m.u.clientHello.version) < 0) {
 		tlsError(c, EIllegalParameter, "incompatible version");
 		goto Err;
@@ -970,7 +970,6 @@
 	c->sec = tlsSecInitc(c->clientVersion, c->crandom);
 	if(c->sec == nil)
 		goto Err;
-
 	/* client hello */
 	memset(&m, 0, sizeof(m));
 	m.tag = HClientHello;
@@ -1932,11 +1931,10 @@
 	if(version == SSL3Version) {
 		c->version = version;
 		c->finished.n = SSL3FinishedLen;
-	}else if(version == TLSVersion){
+	}else {
 		c->version = version;
 		c->finished.n = TLSFinishedLen;
-	}else
-		return -1;
+	}
 	c->verset = 1;
 	return fprint(c->ctl, "version 0x%x", version);
 }
@@ -2416,13 +2414,10 @@
 		sec->setFinished = sslSetFinished;
 		sec->nfin = SSL3FinishedLen;
 		sec->prf = sslPRF;
-	}else if(v == TLSVersion){
+	}else{
 		sec->setFinished = tlsSetFinished;
 		sec->nfin = TLSFinishedLen;
 		sec->prf = tlsPRF;
-	}else{
-		werrstr("invalid version");
-		return -1;
 	}
 	sec->vers = v;
 	return 0;