add flag to reject SSLv2 compatible handshake.

2012-11-17 01:01:41 +09:00 · 2012-11-17 01:01:41 +09:00 · 1605c4bd00
commit 1605c4bd00
parent d41c53f6b5
2 changed files with 10 additions and 0 deletions
--- a/core/Network/TLS/IO.hs
+++ b/core/Network/TLS/IO.hs
@ -1,4 +1,5 @@
 {-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE CPP #-}
 -- |
 -- Module      : Network.TLS.IO
 -- License     : BSD-style
@ -52,10 +53,14 @@ readExact ctx sz = do

 recvRecord :: MonadIO m => Context -> m (Either TLSError (Record Plaintext))
 recvRecord ctx = do
+#ifdef SSLV2_COMPATIBLE
        header <- readExact ctx 2
        if B.head header < 0x80
                then readExact ctx 3 >>= either (return . Left) recvLength . decodeHeader . B.append header
                else either (return . Left) recvDeprecatedLength $ decodeDeprecatedHeaderLength header
+#else
+        readExact ctx 5 >>= either (return . Left) recvLength . decodeHeader
+#endif
        where recvLength header@(Header _ _ readlen)
                | readlen > 16384 + 2048 = return $ Left maximumSizeExceeded
                | otherwise              = readExact ctx (fromIntegral readlen) >>= makeRecord ctx header
--- a/core/tls.cabal
+++ b/core/tls.cabal
@ -34,6 +34,9 @@ Flag executable
  Description:       Build the executable
  Default:           False

+Flag compat
+  Description:       Accept SSLv2 compatible handshake
+
 Library
  Build-Depends:     base >= 3 && < 5
                   , mtl
@ -78,6 +81,8 @@ Library
  ghc-options:       -Wall
  if impl(ghc == 7.6.1)
    ghc-options:     -O0
+  if flag(compat)
+    cpp-options:     -DSSLV2_COMPATIBLE

 executable           Tests
  Main-is:           Tests.hs