Commit `e184b15a66`

Jacob Young <jacobly0@users.noreply.github.com>

2024-11-01 05:11:44

std.crypto.tls: fix fetching https://nginx.org

Note that the removed `error.TlsIllegalParameter` case is still caught below when it is compared to a fixed-length string, but after checking the proper protocol version requirement first.

master

1 parent c2a779a

Changed files (1)

lib

std

crypto

tls

Client.zig

@@ -257,7 +257,7 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In
                 if (handshake_type != .server_hello) return error.TlsUnexpectedMessage;
                 const length = ptd.decode(u24);
                 var hsd = try ptd.sub(length);
-                try hsd.ensure(2 + 32 + 1 + 32 + 2 + 1);
+                try hsd.ensure(2 + 32 + 1);
                 const legacy_version = hsd.decode(u16);
                 @memcpy(&server_hello_rand, hsd.array(32));
                 if (mem.eql(u8, &server_hello_rand, &tls.hello_retry_request_sequence)) {
@@ -266,8 +266,8 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In
                     return error.TlsUnexpectedMessage;
                 }
                 const legacy_session_id_echo_len = hsd.decode(u8);
-                if (legacy_session_id_echo_len != 32) return error.TlsIllegalParameter;
-                const legacy_session_id_echo = hsd.array(32);
+                try hsd.ensure(legacy_session_id_echo_len + 2 + 1);
+                const legacy_session_id_echo = hsd.slice(legacy_session_id_echo_len);
                 cipher_suite_tag = hsd.decode(tls.CipherSuite);
                 hsd.skip(1); // legacy_compression_method
                 var supported_version: ?u16 = null;

Commit e184b15a66

Commit `e184b15a66`