libsec: handle TLS 1.2 changes in CertificateRequest message

author: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-12 13:04:47 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-12 13:04:47 +0200
commit: 455b42743d3a3458f7c23926607e53c0b2906e5e (patch)
tree: 740b9f43fb36d5e90a366f73a74e22e97839ea38 /sys/src/libsec
parent: c06e464ec45dd5880850fa60c850498861c514d3 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index bf63312e7..e2f495a9d 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -1614,6 +1614,19 @@ msgRecv(TlsConnection *c, Msg *m)
 		m->u.certificateRequest.types = makebytes(p, nn);
 		p += nn;
 		n -= nn;
+		if(c->version >= TLS12Version){
+			/* skip supported_signature_algorithms */
+			if(n < 2)
+				goto Short;
+			nn = get16(p);
+			p += 2;
+			n -= 2;
+			if(nn > n)
+				goto Short;
+			p += nn;
+			n -= nn;
+
+		}
 		if(n < 2)
 			goto Short;
 		nn = get16(p);
author	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-12 13:04:47 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-12 13:04:47 +0200
commit	455b42743d3a3458f7c23926607e53c0b2906e5e (patch)
tree	740b9f43fb36d5e90a366f73a74e22e97839ea38 /sys/src/libsec
parent	c06e464ec45dd5880850fa60c850498861c514d3 (diff)