diff options
| author | AnotherTest <ali.mpfard@gmail.com> | 2021-02-07 07:21:32 +0330 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-04-03 11:22:01 +0200 |
| commit | 2020176f0f8684e7e832988060116b75e1c8503a (patch) | |
| tree | 9475ea290e071a3469cbe1be03fb9b348ec5f6f1 /Userland/Libraries/LibTLS/Handshake.cpp | |
| parent | b5f24c84e450d9bfc794a5c656f9bcf17faf6556 (diff) | |
| download | serenity-2020176f0f8684e7e832988060116b75e1c8503a.zip | |
LibTLS: Make the TLS connection options user-configurable
The user may now request specific cipher suites, the use of SNI, and
whether we should validate certificates (not that we're doing a good job
of that).
Diffstat (limited to 'Userland/Libraries/LibTLS/Handshake.cpp')
| -rw-r--r-- | Userland/Libraries/LibTLS/Handshake.cpp | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/Userland/Libraries/LibTLS/Handshake.cpp b/Userland/Libraries/LibTLS/Handshake.cpp index 623c38e963..06ebd61f17 100644 --- a/Userland/Libraries/LibTLS/Handshake.cpp +++ b/Userland/Libraries/LibTLS/Handshake.cpp @@ -35,8 +35,8 @@ ByteBuffer TLSv12::build_hello() { fill_with_random(&m_context.local_random, 32); - auto packet_version = (u16)m_context.version; - auto version = (u16)m_context.version; + auto packet_version = (u16)m_context.options.version; + auto version = (u16)m_context.options.version; PacketBuilder builder { MessageType::Handshake, packet_version }; builder.append((u8)ClientHello); @@ -73,20 +73,18 @@ ByteBuffer TLSv12::build_hello() } // Ciphers - builder.append((u16)(5 * sizeof(u16))); - builder.append((u16)CipherSuite::RSA_WITH_AES_128_CBC_SHA256); - builder.append((u16)CipherSuite::RSA_WITH_AES_256_CBC_SHA256); - builder.append((u16)CipherSuite::RSA_WITH_AES_128_CBC_SHA); - builder.append((u16)CipherSuite::RSA_WITH_AES_256_CBC_SHA); - builder.append((u16)CipherSuite::RSA_WITH_AES_128_GCM_SHA256); + builder.append((u16)(m_context.options.usable_cipher_suites.size() * sizeof(u16))); + for (auto suite : m_context.options.usable_cipher_suites) + builder.append((u16)suite); // we don't like compression + VERIFY(!m_context.options.use_compression); builder.append((u8)1); - builder.append((u8)0); + builder.append((u8)m_context.options.use_compression); - // set SNI if we have one + // set SNI if we have one, and the user hasn't explicitly asked us to omit it. auto sni_length = 0; - if (!m_context.extensions.SNI.is_null()) + if (!m_context.extensions.SNI.is_null() && m_context.options.use_sni) sni_length = m_context.extensions.SNI.length(); if (sni_length) @@ -130,7 +128,7 @@ ByteBuffer TLSv12::build_hello() ByteBuffer TLSv12::build_alert(bool critical, u8 code) { - PacketBuilder builder(MessageType::Alert, (u16)m_context.version); + PacketBuilder builder(MessageType::Alert, (u16)m_context.options.version); builder.append((u8)(critical ? AlertLevel::Critical : AlertLevel::Warning)); builder.append(code); @@ -145,7 +143,7 @@ ByteBuffer TLSv12::build_alert(bool critical, u8 code) ByteBuffer TLSv12::build_finished() { - PacketBuilder builder { MessageType::Handshake, m_context.version, 12 + 64 }; + PacketBuilder builder { MessageType::Handshake, m_context.options.version, 12 + 64 }; builder.append((u8)HandshakeType::Finished); u32 out_size = 12; |