From bf63b36127e910c01af65ffe9cba9dfae4ebc07e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 Apr 2012 20:44:34 +0000 Subject: [PATCH] - Updated comments --- library/ssl_cli.c | 4 +--- library/ssl_srv.c | 6 ++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 19b860742..977684e8c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -616,8 +616,6 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) * ServerDHParams params; * }; */ - /* TODO TLS1.2 Get Hash algorithm from hash and signature extension! */ - switch( hash_id ) { #if defined(POLARSSL_MD5_C) @@ -928,7 +926,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - // TODO TLS1.2 Base on signature algorithm extension received + // TODO TLS1.2 Base on signature algorithm received in Certificate Request ssl->out_msg[4] = SSL_HASH_SHA256; ssl->out_msg[5] = SSL_SIG_RSA; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9ef973162..67fe130aa 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -636,7 +636,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) * ServerDHParams params; * }; */ - /* TODO TLS1.2 Get Hash algorithm from ciphersuite! */ + /* TODO TLS1.2 Get a supported hash algorithm from the + * signature_algorithms extension, Otherwise SHA1 + RSA! + */ sha1_starts( &sha1 ); sha1_update( &sha1, ssl->randbytes, 64 ); @@ -658,7 +660,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - // TODO TLS1.2 Base on signature algorithm extension received + // TODO TLS1.2 Base on selection above (SHA1 + RSA is default choice) ssl->out_msg[4 + n] = SSL_HASH_SHA1; ssl->out_msg[5 + n] = SSL_SIG_RSA;