Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a

basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
author: lloyd <[email protected]> 2012-01-19 18:14:20 +0000
committer: lloyd <[email protected]> 2012-01-19 18:14:20 +0000
commit: 265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch)
tree: 4532f1435286ad17cc3752ba77b71e59af622bbf /src/tls/tls_handshake_state.h
parent: 239241568d4d3ff14d2d1994e5829f3d548f2078 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index e58a83f3e..1beaf74b3 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -47,7 +47,9 @@ class TLS_Handshake_State
       void set_expected_next(Handshake_Type handshake_msg);
 
       std::pair<std::string, Signature_Format>
-         choose_sig_format(const Public_Key* key, bool for_client_auth);
+         choose_sig_format(const Public_Key* key,
+                           TLS_Ciphersuite_Algos hash_algo,
+                           bool for_client_auth);
 
       Version_Code version;
author	lloyd <[email protected]>	2012-01-19 18:14:20 +0000
committer	lloyd <[email protected]>	2012-01-19 18:14:20 +0000
commit	265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch)
tree	4532f1435286ad17cc3752ba77b71e59af622bbf /src/tls/tls_handshake_state.h
parent	239241568d4d3ff14d2d1994e5829f3d548f2078 (diff)