diff options
author | Jack Lloyd <[email protected]> | 2019-05-23 15:36:09 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-05-23 16:03:01 -0400 |
commit | 963ae6228ba0a6306b90b19784e8d2cbef76a13d (patch) | |
tree | 70ad2e9500029054b1f3bf72c89e13e97174c67a | |
parent | ff09135c0fa7910bf59850b0c9fbd9321242e42d (diff) |
Fix DTLS version settings in shim
-rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 16 | ||||
-rw-r--r-- | src/bogo_shim/config.json | 9 |
2 files changed, 8 insertions, 17 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 29331d3cd..2afabfbd0 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -119,6 +119,7 @@ std::string map_to_bogo_error(const std::string& e) { "Message authentication failure", ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" }, { "OS2ECP: Unknown format type 251", ":BAD_ECPOINT:" }, { "Policy forbids all available TLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" }, + { "Policy forbids all available DTLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" }, { "Policy refuses to accept signing with any hash supported by peer", ":NO_COMMON_SIGNATURE_ALGORITHMS:" }, { "Policy requires client send a certificate, but it did not", ":PEER_DID_NOT_RETURN_A_CERTIFICATE:" }, { "Received a record that exceeds maximum size", ":ENCRYPTED_LENGTH_TOO_LONG:" }, @@ -879,27 +880,27 @@ class Shim_Policy final : public Botan::TLS::Policy bool allow_tls10() const override { - return (!m_args.flag_set("no-tls1")); + return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls1"); } bool allow_tls11() const override { - return (!m_args.flag_set("no-tls11")); + return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls11"); } bool allow_tls12() const override { - return (!m_args.flag_set("no-tls12")); + return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls12"); } bool allow_dtls10() const override { - return true; // ??? + return m_args.flag_set("dtls") && !m_args.flag_set("no-tls1"); } bool allow_dtls12() const override { - return true; // ??? + return m_args.flag_set("dtls") && !m_args.flag_set("no-tls12"); } //Botan::TLS::Group_Params default_dh_group() const override; @@ -1490,11 +1491,6 @@ int main(int /*argc*/, char* argv[]) const size_t buf_size = args->get_int_opt_or_else("read-size", 18*1024); - /* - if(is_datagram) - throw Shim_Exception("No support for DTLS yet", 89); - */ - Botan::ChaCha_RNG rng(Botan::secure_vector<uint8_t>(64)); Botan::TLS::Session_Manager_In_Memory session_manager(rng, 1024); Shim_Credentials creds(*args); diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index 5dbd7a470..f22ac5200 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -24,7 +24,7 @@ "ConflictingVersionNegotiation*": "No support for 1.3 version extension", "VersionNegotiationExtension*": "No support for 1.3 version extension", "IgnoreClientVersionOrder": "No support for 1.3 version extension", - "NoSupportedVersions": "No support for 1.3 version extension", + "NoSupportedVersions*": "No support for 1.3 version extension", "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension", @@ -126,17 +126,11 @@ "AppDataAfterChangeCipherSpec-DTLS*": "Needs investigation", "DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation", "DTLS-StrayRetransmitFinished-ServerResume": "Needs investigation", - "DisableEverything-DTLS": "Needs investigation", "LargeCiphertext-DTLS": "Needs investigation", "MajorVersionTolerance-DTLS": "Needs investigation", - "MinimumVersion-Client-TLS12-TLS1-DTLS": "Needs investigation", - "MinimumVersion-Server-TLS12-TLS1-DTLS": "Needs investigation", "MixCompleteMessageWithFragments-DTLS": "Needs investigation", - "NoSupportedVersions-DTLS": "Needs investigation", "ReorderHandshakeFragments-Small-DTLS": "Needs investigation", "SendUnencryptedFinished-DTLS": "Needs investigation", - "VersionNegotiation-Client-TLS1-TLS12-DTLS": "Needs investigation", - "VersionNegotiation-Server-TLS1-TLS12-DTLS": "Needs investigation", "VersionTooLow-DTLS": "Needs investigation", "Shutdown-Shim-ApplicationData*": "Needs investigation", @@ -147,6 +141,7 @@ "MTUExceeded": "BoringSSL splits DTLS handshakes differently", + "MinimumVersion-Client-TLS12-TLS1-DTLS": "Alert problem", "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Alert problem", "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Alert problem", "SendBogusAlertType-DTLS": "Alert problem", |