shithub: drawterm

Download patch

ref: bd39efd4932cc805a92240c3f980ff3529f5727c
parent: 6703a4556c348ee8e60b28cebd656e80c79d45fe
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Mar 1 05:30:59 EST 2016

libsec: fix verifyDHparams() for version <= TLS1.1

for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange
message and the signature digest algorithm is fixed to md5+sha1 and we
only support RSA signatures (TLS1.1 doesnt know about ECDSA).

--- a/libsec/tlshand.c	Sun Feb 28 23:00:15 2016
+++ b/libsec/tlshand.c	Tue Mar  1 05:30:59 2016
@@ -1034,6 +1034,7 @@
 		digestlen = MD5dlen + SHA1dlen;
 		md5(blob->data, blob->len, digest, nil);
 		sha1(blob->data, blob->len, digest+MD5dlen, nil);
+		sigalg = 1; // only RSA signatures supported for version <= TLS1.1
 	} else {
 		int hashalg = (sigalg>>8) & 0xFF;
 		digestlen = -1;