add flag to reject SSLv2 compatible handshake.
This commit is contained in:
parent
d41c53f6b5
commit
1605c4bd00
2 changed files with 10 additions and 0 deletions
|
@ -1,4 +1,5 @@
|
|||
{-# LANGUAGE DeriveDataTypeable #-}
|
||||
{-# LANGUAGE CPP #-}
|
||||
-- |
|
||||
-- Module : Network.TLS.IO
|
||||
-- License : BSD-style
|
||||
|
@ -52,10 +53,14 @@ readExact ctx sz = do
|
|||
|
||||
recvRecord :: MonadIO m => Context -> m (Either TLSError (Record Plaintext))
|
||||
recvRecord ctx = do
|
||||
#ifdef SSLV2_COMPATIBLE
|
||||
header <- readExact ctx 2
|
||||
if B.head header < 0x80
|
||||
then readExact ctx 3 >>= either (return . Left) recvLength . decodeHeader . B.append header
|
||||
else either (return . Left) recvDeprecatedLength $ decodeDeprecatedHeaderLength header
|
||||
#else
|
||||
readExact ctx 5 >>= either (return . Left) recvLength . decodeHeader
|
||||
#endif
|
||||
where recvLength header@(Header _ _ readlen)
|
||||
| readlen > 16384 + 2048 = return $ Left maximumSizeExceeded
|
||||
| otherwise = readExact ctx (fromIntegral readlen) >>= makeRecord ctx header
|
||||
|
|
|
@ -34,6 +34,9 @@ Flag executable
|
|||
Description: Build the executable
|
||||
Default: False
|
||||
|
||||
Flag compat
|
||||
Description: Accept SSLv2 compatible handshake
|
||||
|
||||
Library
|
||||
Build-Depends: base >= 3 && < 5
|
||||
, mtl
|
||||
|
@ -78,6 +81,8 @@ Library
|
|||
ghc-options: -Wall
|
||||
if impl(ghc == 7.6.1)
|
||||
ghc-options: -O0
|
||||
if flag(compat)
|
||||
cpp-options: -DSSLV2_COMPATIBLE
|
||||
|
||||
executable Tests
|
||||
Main-is: Tests.hs
|
||||
|
|
Loading…
Reference in a new issue