packages feed

tls 2.0.0 → 2.0.1

raw patch · 6 files changed

+21/−9 lines, 6 filesdep ~bytestringdep ~network

Dependency ranges changed: bytestring, network

Files

CHANGELOG.md view
@@ -1,3 +1,7 @@+## Version 2.0.1++* Fix a leak of pending data to be sent.+ ## Version 2.0.0  * `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
Network/TLS/Context/Internal.hs view
@@ -194,6 +194,7 @@     , tls13stPendingRecvData :: Maybe ByteString -- client     , tls13stPendingSentData :: [ByteString] -> [ByteString] -- client     , tls13stRTT :: Millisecond+    , tls13st0RTT :: Bool -- client     , tls13st0RTTAccepted :: Bool -- client     , tls13stClientExtensions :: [ExtensionRaw] -- client     , tls13stChoice :: ~CipherChoice -- client@@ -213,6 +214,7 @@         , tls13stPendingRecvData = Nothing         , tls13stPendingSentData = id         , tls13stRTT = 0+        , tls13st0RTT = False         , tls13st0RTTAccepted = False         , tls13stClientExtensions = []         , tls13stChoice = undefined
Network/TLS/Core.hs view
@@ -69,9 +69,10 @@     handshake_ ctx     -- Trying to receive an alert of client authentication failure     liftIO $ do+        role <- usingState_ ctx getRole         tls13 <- tls13orLater ctx         sentClientCert <- tls13stSentClientCert <$> getTLS13State ctx-        when (tls13 && sentClientCert) $ do+        when (role == ClientRole && tls13 && sentClientCert) $ do             rtt <- getRTT ctx             mdat <- timeout rtt $ recvData ctx             case mdat of@@ -156,11 +157,13 @@ sendData _ "" = return () sendData ctx dataToSend = liftIO $ do     tls13 <- tls13orLater ctx-    sentCF <- tls13stSentCF <$> getTLS13State ctx     let sendP bs             | tls13 = do                 sendPacket13 ctx $ AppData13 bs-                unless sentCF $+                role <- usingState_ ctx getRole+                sentCF <- tls13stSentCF <$> getTLS13State ctx+                rtt0 <- tls13st0RTT <$> getTLS13State ctx+                when (role == ClientRole && rtt0 && not sentCF) $                     modifyTLS13State ctx $                         \st -> st{tls13stPendingSentData = tls13stPendingSentData st . (bs :)}             | otherwise = sendPacket12 ctx $ AppData bs
Network/TLS/Handshake/Client.hs view
@@ -62,6 +62,7 @@     --------------------------------     -- Sending ClientHello     pskinfo@(_, _, rtt0) <- getPreSharedKeyInfo cparams ctx+    when rtt0 $ modifyTLS13State ctx $ \st -> st{tls13st0RTT = True}     let async = rtt0 && not (ctxQUICMode ctx)     when async $ do         chSentTime <- getCurrentTimeFromBase
Network/TLS/Handshake/Client/TLS13.hs view
@@ -278,11 +278,13 @@     contextSync ctx $ SendClientFinished eexts appSecInfo     modifyTLS13State ctx $ \st -> st{tls13stHsKey = Nothing}     handshakeDone13 ctx-    builder <- tls13stPendingSentData <$> getTLS13State ctx-    modifyTLS13State ctx $ \st -> st{tls13stPendingSentData = id}-    unless rtt0accepted $-        mapM_ (sendPacket13 ctx . AppData13) $-            builder []+    rtt0 <- tls13st0RTT <$> getTLS13State ctx+    when rtt0 $ do+        builder <- tls13stPendingSentData <$> getTLS13State ctx+        modifyTLS13State ctx $ \st -> st{tls13stPendingSentData = id}+        unless rtt0accepted $+            mapM_ (sendPacket13 ctx . AppData13) $+                builder []   where     usedCipher = cCipher choice     usedHash = cHash choice
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version:      >=1.10 name:               tls-version:            2.0.0+version:            2.0.1 license:            BSD3 license-file:       LICENSE copyright:          Vincent Hanquez <vincent@snarc.org>