Send local options with authentication
Fixes some obsolete servers requiring cipher keysize.
This commit is contained in:
parent
322242de5c
commit
ad964e2041
@ -86,7 +86,7 @@ extension SessionProxy {
|
|||||||
// MARK: Authentication request
|
// MARK: Authentication request
|
||||||
|
|
||||||
// Ruby: on_tls_connect
|
// Ruby: on_tls_connect
|
||||||
func putAuth(into: TLSBox) throws {
|
func putAuth(into: TLSBox, options: SessionProxy.Configuration) throws {
|
||||||
let raw = Z(ProtocolMacros.tlsPrefix)
|
let raw = Z(ProtocolMacros.tlsPrefix)
|
||||||
|
|
||||||
// local keys
|
// local keys
|
||||||
@ -94,8 +94,37 @@ extension SessionProxy {
|
|||||||
raw.append(random1)
|
raw.append(random1)
|
||||||
raw.append(random2)
|
raw.append(random2)
|
||||||
|
|
||||||
// opts (empty string)
|
// options string
|
||||||
raw.appendSized(Z(UInt8(0)))
|
var opts = [
|
||||||
|
"V4",
|
||||||
|
"cipher \(options.fallbackCipher.rawValue)",
|
||||||
|
"auth \(options.fallbackDigest.rawValue)",
|
||||||
|
"keysize \(options.fallbackCipher.keySize)"
|
||||||
|
]
|
||||||
|
if let comp = options.compressionFraming {
|
||||||
|
switch comp {
|
||||||
|
case .compLZO:
|
||||||
|
opts.append("comp-lzo")
|
||||||
|
|
||||||
|
case .compress:
|
||||||
|
opts.append("compress")
|
||||||
|
|
||||||
|
default:
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if let strategy = options.tlsWrap?.strategy {
|
||||||
|
switch strategy {
|
||||||
|
case .auth:
|
||||||
|
opts.append("tls-auth")
|
||||||
|
|
||||||
|
case .crypt:
|
||||||
|
opts.append("tls-crypt")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let optsString = opts.joined(separator: ",")
|
||||||
|
log.debug("TLS.auth: Local options: \(optsString)")
|
||||||
|
raw.appendSized(Z(optsString, nullTerminated: true))
|
||||||
|
|
||||||
// credentials
|
// credentials
|
||||||
if let username = username, let password = password {
|
if let username = username, let password = password {
|
||||||
|
@ -85,6 +85,20 @@ extension SessionProxy {
|
|||||||
/// AES encryption with 256-bit key size and GCM.
|
/// AES encryption with 256-bit key size and GCM.
|
||||||
case aes256gcm = "AES-256-GCM"
|
case aes256gcm = "AES-256-GCM"
|
||||||
|
|
||||||
|
/// Returns the key size for this cipher.
|
||||||
|
public var keySize: Int {
|
||||||
|
switch self {
|
||||||
|
case .aes128cbc, .aes128gcm:
|
||||||
|
return 128
|
||||||
|
|
||||||
|
case .aes192cbc, .aes192gcm:
|
||||||
|
return 192
|
||||||
|
|
||||||
|
case .aes256cbc, .aes256gcm:
|
||||||
|
return 256
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Digest should be ignored when this is `true`.
|
/// Digest should be ignored when this is `true`.
|
||||||
public var embedsDigest: Bool {
|
public var embedsDigest: Bool {
|
||||||
return rawValue.hasSuffix("-GCM")
|
return rawValue.hasSuffix("-GCM")
|
||||||
|
@ -671,7 +671,7 @@ public class SessionProxy {
|
|||||||
|
|
||||||
do {
|
do {
|
||||||
authenticator = try Authenticator(credentials?.username, pushReply?.options.authToken ?? credentials?.password)
|
authenticator = try Authenticator(credentials?.username, pushReply?.options.authToken ?? credentials?.password)
|
||||||
try authenticator?.putAuth(into: negotiationKey.tls)
|
try authenticator?.putAuth(into: negotiationKey.tls, options: configuration)
|
||||||
} catch let e {
|
} catch let e {
|
||||||
deferStop(.shutdown, e)
|
deferStop(.shutdown, e)
|
||||||
return
|
return
|
||||||
|
Loading…
Reference in New Issue
Block a user