Comments (2)
penybai
commented on August 16, 2024
I added a function for client to build certificate verify message after ClientKeyExchange. Related codes:
struct TLSPacket *tls_build_certificate_verify_ex(struct TLSContext *context) {
if (context->is_server) {
DEBUG_PRINT("CANNOT BUILD CERTIFICATE VERIFY MESSAGE FOR SERVERS\n");
return NULL;
}
struct TLSPacket *packet = tls_create_packet(context, TLS_HANDSHAKE, context->version, 0);
tls_packet_uint8(packet, 0x0F);
unsigned char dummy[3];
tls_packet_append(packet, dummy, 3);
if (context->dtls)
_private_dtls_handshake_data(context, packet, 0);
int start_len = packet->len;
if (context->cached_handshake) {
unsigned char out[TLS_MAX_RSA_KEY];
unsigned long out_len = TLS_MAX_RSA_KEY;
int hash_algorithm;
if ((context->version != TLS_V13) && (context->version != DTLS_V13) && (context->version != TLS_V12) && (context->version != DTLS_V12)) {
hash_algorithm = _md5_sha1;
} else {
if ((context->version == TLS_V13) || (context->version == DTLS_V13) || (context->version == TLS_V12) || (context->version == DTLS_V12))
hash_algorithm = sha256;
else
hash_algorithm = sha1;
#ifdef TLS_ECDSA_SUPPORTED
if (tls_is_ecdsa(context)) {
if ((context->version == TLS_V13) || (context->version == DTLS_V13) || (context->version == TLS_V12) || (context->version == DTLS_V12))
hash_algorithm = sha512;
tls_packet_uint8(packet, hash_algorithm);
tls_packet_uint8(packet, ecdsa);
} else
#endif
{
tls_packet_uint8(packet, hash_algorithm);
tls_packet_uint8(packet, rsa_sign);
}
}
#ifdef TLS_ECDSA_SUPPORTED
if (tls_is_ecdsa(context)) {
if (_private_tls_sign_ecdsa(context, hash_algorithm, context->cached_handshake, context->cached_handshake_len, out, &out_len) == 1) {
DEBUG_PRINT("Signing OK! (ECDSA, length %lu)\n", out_len);
tls_packet_uint16(packet, out_len);
tls_packet_append(packet, out, out_len);
}
} else
#endif
if (_private_tls_sign_rsa(context, hash_algorithm, context->cached_handshake, context->cached_handshake_len, out, &out_len) == 1) {
DEBUG_PRINT("Signing OK! (length %lu)\n", out_len);
tls_packet_uint16(packet, out_len);
tls_packet_append(packet, out, out_len);
}
}
if ((!packet->broken) && (packet->buf)) {
int remaining = packet->len - start_len;
int payload_pos = 6;
if (context->dtls)
payload_pos = 14;
packet->buf[payload_pos] = remaining / 0x10000;
remaining %= 0x10000;
packet->buf[payload_pos + 1] = remaining / 0x100;
remaining %= 0x100;
packet->buf[payload_pos + 2] = remaining;
if (context->dtls) {
_private_dtls_handshake_copyframesize(packet);
context->dtls_seq++;
}
}
tls_packet_update(packet);
return packet;
}
from tlse.
eduardsui
commented on August 16, 2024
Thanks, can you create a PR?
from tlse.
Related Issues (20)
- certificate_verify() is not called when using a TSL 1.3 client HOT 1
- Connect (to wikipedia) with V13 succeeds, but cannot read data. V12 works HOT 4
- Failure to connect to SMTP server with STARTTLS HOT 1
- Failure to notice incorrect handshake on SSL_connect
- TLS 1.3 server incompatible with openssl
- LTC_ARGCHK 'b != NULL' HOT 3
- Support for latest libtomcrypt HOT 5
- SSL_read function strange behavior vs openssl's SSL_read HOT 1
- Merge into tomcrypt HOT 2
- what is "for semantic compatibility" means? HOT 1
- Examples expects testcert folder. HOT 1
- HTTPS Server wont respond when using ECDHE-RSA-AES256GCM-SHA384 cipher HOT 1
- Growtopia wont respond when using TLSe HOT 14
- Async sockets. HOT 5
- Tomcrypt version HOT 2
- Is its possible to make HTTPS Proxy using TLSe? HOT 3
- A website using Cloudflare is giving me 403 when using test client code, but works with Chrome, why? HOT 5
- TLSE fails to contact Cloudflare server, where curl works fine, I eliminated every cause I could think of HOT 8
- How do i set TLSe Client Cipher? HOT 2
- TLS 1.3: Early data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlse.