aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstate
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-19 18:14:20 +0000
committerlloyd <[email protected]>2012-01-19 18:14:20 +0000
commit265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch)
tree4532f1435286ad17cc3752ba77b71e59af622bbf /src/libstate
parent239241568d4d3ff14d2d1994e5829f3d548f2078 (diff)
Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a
basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
Diffstat (limited to 'src/libstate')
-rw-r--r--src/libstate/get_enc.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/libstate/get_enc.cpp b/src/libstate/get_enc.cpp
index 6a87268e8..6b74f8793 100644
--- a/src/libstate/get_enc.cpp
+++ b/src/libstate/get_enc.cpp
@@ -200,9 +200,14 @@ KDF* get_kdf(const std::string& algo_spec)
return new TLS_PRF;
#endif
-#if defined(BOTAN_HAS_SSL_V3_PRF)
- if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0)
- return new SSL3_PRF;
+#if defined(BOTAN_HAS_TLS_V10_PRF)
+ if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0)
+ return new TLS_PRF;
+#endif
+
+#if defined(BOTAN_HAS_TLS_V12_PRF)
+ if(request.algo_name() == "TLS-12-PRF" && request.arg_count() == 1)
+ return new TLS_12_PRF(af.make_mac("HMAC(" + request.arg(0) + ")"));
#endif
throw Algorithm_Not_Found(algo_spec);