Merge pull request #910 from dcooper16/hrr_socket

Don't open new socket for second ClientHello
This commit is contained in:
Dirk Wetter 2017-11-29 19:39:15 +01:00 committed by GitHub
commit 34f4a8cb4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -9556,9 +9556,11 @@ generate_key_share_extension() {
# "ephemeralkey" - extract the server's ephemeral key (if any) # "ephemeralkey" - extract the server's ephemeral key (if any)
# ARG4: (optional) additional request extensions # ARG4: (optional) additional request extensions
# ARG5: (optional): "true" if ClientHello should advertise compression methods other than "NULL" # ARG5: (optional): "true" if ClientHello should advertise compression methods other than "NULL"
# ARG6: (optional): "false" if socksend_tls_clienthello() should not open a new socket
socksend_tls_clienthello() { socksend_tls_clienthello() {
local tls_low_byte="$1" tls_legacy_version="$1" local tls_low_byte="$1" tls_legacy_version="$1"
local process_full="$3" local process_full="$3"
local new_socket=true
local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3 local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3
local servername_hexstr len_servername len_servername_hex local servername_hexstr len_servername len_servername_hex
local hexdump_format_str part1 part2 local hexdump_format_str part1 part2
@ -9577,6 +9579,7 @@ socksend_tls_clienthello() {
# TLSv1.3 ClientHello messages MUST specify only the NULL compression method. # TLSv1.3 ClientHello messages MUST specify only the NULL compression method.
[[ "$5" == "true" ]] && [[ "0x$tls_low_byte" -le "0x03" ]] && offer_compression=true [[ "$5" == "true" ]] && [[ "0x$tls_low_byte" -le "0x03" ]] && offer_compression=true
[[ "$6" == "false" ]] && new_socket=false
cipher_suites="$2" # we don't have the leading \x here so string length is two byte less, see next cipher_suites="$2" # we don't have the leading \x here so string length is two byte less, see next
len_ciph_suites_byte=${#cipher_suites} len_ciph_suites_byte=${#cipher_suites}
@ -9887,7 +9890,9 @@ socksend_tls_clienthello() {
,$cipher_suites ,$cipher_suites
,$compression_methods" ,$compression_methods"
if "$new_socket"; then
fd_socket 5 || return 6 fd_socket 5 || return 6
fi
code2network "$TLS_CLIENT_HELLO$all_extensions" code2network "$TLS_CLIENT_HELLO$all_extensions"
data="$NW_STR" data="$NW_STR"
@ -10057,7 +10062,7 @@ resend_if_hello_retry_request() {
done done
debugme echo -en "\nsending second client hello... " debugme echo -en "\nsending second client hello... "
socksend_tls_clienthello "$tls_low_byte" "$cipher_list_2send" "$process_full" "$new_extra_extns" socksend_tls_clienthello "$tls_low_byte" "$cipher_list_2send" "$process_full" "$new_extra_extns" "" "false"
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
debugme echo "stuck on sending: $ret" debugme echo "stuck on sending: $ret"
return 6 return 6