tls 2.0.0 → 2.0.1
raw patch · 6 files changed
+21/−9 lines, 6 filesdep ~bytestringdep ~network
Dependency ranges changed: bytestring, network
Files
- CHANGELOG.md +4/−0
- Network/TLS/Context/Internal.hs +2/−0
- Network/TLS/Core.hs +6/−3
- Network/TLS/Handshake/Client.hs +1/−0
- Network/TLS/Handshake/Client/TLS13.hs +7/−5
- tls.cabal +1/−1
CHANGELOG.md view
@@ -1,3 +1,7 @@+## Version 2.0.1++* Fix a leak of pending data to be sent.+ ## Version 2.0.0 * `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
Network/TLS/Context/Internal.hs view
@@ -194,6 +194,7 @@ , tls13stPendingRecvData :: Maybe ByteString -- client , tls13stPendingSentData :: [ByteString] -> [ByteString] -- client , tls13stRTT :: Millisecond+ , tls13st0RTT :: Bool -- client , tls13st0RTTAccepted :: Bool -- client , tls13stClientExtensions :: [ExtensionRaw] -- client , tls13stChoice :: ~CipherChoice -- client@@ -213,6 +214,7 @@ , tls13stPendingRecvData = Nothing , tls13stPendingSentData = id , tls13stRTT = 0+ , tls13st0RTT = False , tls13st0RTTAccepted = False , tls13stClientExtensions = [] , tls13stChoice = undefined
Network/TLS/Core.hs view
@@ -69,9 +69,10 @@ handshake_ ctx -- Trying to receive an alert of client authentication failure liftIO $ do+ role <- usingState_ ctx getRole tls13 <- tls13orLater ctx sentClientCert <- tls13stSentClientCert <$> getTLS13State ctx- when (tls13 && sentClientCert) $ do+ when (role == ClientRole && tls13 && sentClientCert) $ do rtt <- getRTT ctx mdat <- timeout rtt $ recvData ctx case mdat of@@ -156,11 +157,13 @@ sendData _ "" = return () sendData ctx dataToSend = liftIO $ do tls13 <- tls13orLater ctx- sentCF <- tls13stSentCF <$> getTLS13State ctx let sendP bs | tls13 = do sendPacket13 ctx $ AppData13 bs- unless sentCF $+ role <- usingState_ ctx getRole+ sentCF <- tls13stSentCF <$> getTLS13State ctx+ rtt0 <- tls13st0RTT <$> getTLS13State ctx+ when (role == ClientRole && rtt0 && not sentCF) $ modifyTLS13State ctx $ \st -> st{tls13stPendingSentData = tls13stPendingSentData st . (bs :)} | otherwise = sendPacket12 ctx $ AppData bs
Network/TLS/Handshake/Client.hs view
@@ -62,6 +62,7 @@ -------------------------------- -- Sending ClientHello pskinfo@(_, _, rtt0) <- getPreSharedKeyInfo cparams ctx+ when rtt0 $ modifyTLS13State ctx $ \st -> st{tls13st0RTT = True} let async = rtt0 && not (ctxQUICMode ctx) when async $ do chSentTime <- getCurrentTimeFromBase
Network/TLS/Handshake/Client/TLS13.hs view
@@ -278,11 +278,13 @@ contextSync ctx $ SendClientFinished eexts appSecInfo modifyTLS13State ctx $ \st -> st{tls13stHsKey = Nothing} handshakeDone13 ctx- builder <- tls13stPendingSentData <$> getTLS13State ctx- modifyTLS13State ctx $ \st -> st{tls13stPendingSentData = id}- unless rtt0accepted $- mapM_ (sendPacket13 ctx . AppData13) $- builder []+ rtt0 <- tls13st0RTT <$> getTLS13State ctx+ when rtt0 $ do+ builder <- tls13stPendingSentData <$> getTLS13State ctx+ modifyTLS13State ctx $ \st -> st{tls13stPendingSentData = id}+ unless rtt0accepted $+ mapM_ (sendPacket13 ctx . AppData13) $+ builder [] where usedCipher = cCipher choice usedHash = cHash choice
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.0.0+version: 2.0.1 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>