diff options
author | lloyd <[email protected]> | 2012-01-19 18:14:20 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-19 18:14:20 +0000 |
commit | 265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch) | |
tree | 4532f1435286ad17cc3752ba77b71e59af622bbf /src/libstate | |
parent | 239241568d4d3ff14d2d1994e5829f3d548f2078 (diff) |
Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a
basic connection with a GnuTLS server does work. Currently we don't
respect the signature_algorithms extension at all, and using SHA-256
with a 12-byte finished value is hardcoded though the spec is that it
can depend on the ciphersuite (likely relevant for GOST ciphersuites
in particular).
Diffstat (limited to 'src/libstate')
-rw-r--r-- | src/libstate/get_enc.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/libstate/get_enc.cpp b/src/libstate/get_enc.cpp index 6a87268e8..6b74f8793 100644 --- a/src/libstate/get_enc.cpp +++ b/src/libstate/get_enc.cpp @@ -200,9 +200,14 @@ KDF* get_kdf(const std::string& algo_spec) return new TLS_PRF; #endif -#if defined(BOTAN_HAS_SSL_V3_PRF) - if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0) - return new SSL3_PRF; +#if defined(BOTAN_HAS_TLS_V10_PRF) + if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0) + return new TLS_PRF; +#endif + +#if defined(BOTAN_HAS_TLS_V12_PRF) + if(request.algo_name() == "TLS-12-PRF" && request.arg_count() == 1) + return new TLS_12_PRF(af.make_mac("HMAC(" + request.arg(0) + ")")); #endif throw Algorithm_Not_Found(algo_spec); |