ref: 169bfb46102ceb254e180e0b8265382aab7ef7f0
parent: bb81a10687c31919f7792540b5ec6d0f014e0468
author: cinap_lenrek <[email protected]>
date: Tue Mar 1 06:30:01 EST 2016
libsec: fix verifyDHparams() for version <= TLS1.1 for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange message and the signature digest algorithm is fixed to md5+sha1 and we only support RSA signatures (TLS1.1 doesnt know about ECDSA).
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -1035,6 +1035,7 @@
digestlen = MD5dlen + SHA1dlen;
md5(blob->data, blob->len, digest, nil);
sha1(blob->data, blob->len, digest+MD5dlen, nil);
+ sigalg = 1; // only RSA signatures supported for version <= TLS1.1
} else {int hashalg = (sigalg>>8) & 0xFF;
digestlen = -1;