diff options
| author | George Hazan <ghazan@miranda.im> | 2022-08-05 11:59:56 +0300 |
|---|---|---|
| committer | George Hazan <ghazan@miranda.im> | 2022-08-05 12:00:05 +0300 |
| commit | ff9679b7f42879dde78c4f74682eff63ee152e7c (patch) | |
| tree | fb0a769fd04bb176c73b4ce6a075f437b93ef94d /protocols/JabberG | |
| parent | d7092be278f2467a33ef4e275cebeaa05dd0f431 (diff) | |
fixes #3140 (RFC 9266: Channel Bindings for TLS 1.3 support)
Diffstat (limited to 'protocols/JabberG')
| -rw-r--r-- | protocols/JabberG/src/jabber_secur.cpp | 10 | ||||
| -rw-r--r-- | protocols/JabberG/src/jabber_thread.cpp | 10 |
2 files changed, 10 insertions, 10 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index bbd8a7820a..e3a6dbdc34 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -211,14 +211,14 @@ TScramAuth::TScramAuth(ThreadData *info, const char *pszMech, const EVP_MD *pMet priority = iPriority;
if ((iPriority % 10) == 1) {
- bindFlag = "p=tls-unique,,";
-
- int cbLen;
- void *pData = Netlib_GetTlsUnique(info->s, cbLen);
+ int cbLen, tlsVer;
+ void *pData = Netlib_GetTlsUnique(info->s, cbLen, tlsVer);
if (pData == nullptr)
bIsValid = false;
- else
+ else {
+ bindFlag = (tlsVer == 13) ? "p=tls-exporter,," : "p=tls-unique,,";
bindData.append(pData, cbLen);
+ }
}
else bindFlag = "n,,";
}
diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp index ce3c613013..6f2fb75278 100644 --- a/protocols/JabberG/src/jabber_thread.cpp +++ b/protocols/JabberG/src/jabber_thread.cpp @@ -653,23 +653,23 @@ void CJabberProto::OnProcessFeatures(const TiXmlElement *node, ThreadData *info) else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1"))
pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 500);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1-PLUS"))
- pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 600);
+ pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 601);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224"))
pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 510);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224-PLUS"))
- pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 610);
+ pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 611);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256"))
pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 520);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256-PLUS"))
- pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 620);
+ pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 621);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384"))
pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 530);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384-PLUS"))
- pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 630);
+ pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 631);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512"))
pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 540);
else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512-PLUS"))
- pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 640);
+ pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 641);
else if (!mir_strcmp(szMechanism, "NTLM") || !mir_strcmp(szMechanism, "GSS-SPNEGO") || !mir_strcmp(szMechanism, "GSSAPI"))
pAuth = new TNtlmAuth(info, szMechanism);
else {
|