ref: 0c36c79e9b58b5131d4911b05ede987ce0bb8bde
parent: 74d1f67b0547aa1b32648a2364f3cd6739d3e60a
author: cinap_lenrek <[email protected]>
date: Sat Aug 15 13:51:55 EDT 2015
libsec: TLS1.1 support (needs new devtls)
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -163,10 +163,11 @@
enum {
- TLSVersion = 0x0301,
- SSL3Version = 0x0300,
- ProtocolVersion = 0x0301, // maximum version we speak
- MinProtoVersion = 0x0300, // limits on version we accept
+ SSL3Version = 0x0300,
+ TLS10Version = 0x0301,
+ TLS11Version = 0x0302,
+ ProtocolVersion = TLS11Version, // maximum version we speak
+ MinProtoVersion = 0x0300, // limits on version we accept
MaxProtoVersion = 0x03ff,
};
@@ -591,9 +592,8 @@
tlsError(c, EUnexpectedMessage, "expected a client hello");
goto Err;
}
- c->clientVersion = m.u.clientHello.version;
if(trace)
- trace("ClientHello version %x\n", c->clientVersion);
+ trace("ClientHello version %x\n", m.u.clientHello.version);
if(setVersion(c, m.u.clientHello.version) < 0) {
tlsError(c, EIllegalParameter, "incompatible version");
goto Err;
@@ -970,7 +970,6 @@
c->sec = tlsSecInitc(c->clientVersion, c->crandom);
if(c->sec == nil)
goto Err;
-
/* client hello */
memset(&m, 0, sizeof(m));
m.tag = HClientHello;
@@ -1932,11 +1931,10 @@
if(version == SSL3Version) {
c->version = version;
c->finished.n = SSL3FinishedLen;
- }else if(version == TLSVersion){
+ }else {
c->version = version;
c->finished.n = TLSFinishedLen;
- }else
- return -1;
+ }
c->verset = 1;
return fprint(c->ctl, "version 0x%x", version);
}
@@ -2416,13 +2414,10 @@
sec->setFinished = sslSetFinished;
sec->nfin = SSL3FinishedLen;
sec->prf = sslPRF;
- }else if(v == TLSVersion){
+ }else{
sec->setFinished = tlsSetFinished;
sec->nfin = TLSFinishedLen;
sec->prf = tlsPRF;
- }else{
- werrstr("invalid version");
- return -1;
}
sec->vers = v;
return 0;