Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a

basic connection with a GnuTLS server does work. Currently we don't
respect the signature_algorithms extension at all, and using SHA-256
with a 12-byte finished value is hardcoded though the spec is that it
can depend on the ciphersuite (likely relevant for GOST ciphersuites
in particular).

1 files changed, 3 insertions, 3 deletions

diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index d414a979d..9f80744f9 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -288,7 +288,7 @@ TLS_Ciphersuite_Algos Signature_Algorithms::hash_algo_code(byte code)
       case 6:
          return TLS_ALGO_HASH_SHA512;
       default:
-         return TLS_ALGO_UNKNOWN;
+         return TLS_ALGO_NONE;
       }
    }
 
@@ -324,7 +324,7 @@ TLS_Ciphersuite_Algos Signature_Algorithms::sig_algo_code(byte code)
       case 3:
          return TLS_ALGO_SIGNER_ECDSA;
       default:
-         return TLS_ALGO_UNKNOWN;
+         return TLS_ALGO_NONE;
       }
    }
 
@@ -399,7 +399,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
       TLS_Ciphersuite_Algos sig_code = sig_algo_code(reader.get_byte());
 
       // If not something we know, ignore completely
-      if(hash_code == TLS_ALGO_UNKNOWN || sig_code == TLS_ALGO_UNKNOWN)
+      if(hash_code == TLS_ALGO_NONE || sig_code == TLS_ALGO_NONE)
          continue;
 
       m_supported_algos.push_back(std::make_pair(hash_code, sig_code));