From b28b42074e37043c2ab8910dbca12356128ee1d0 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 7 Jan 2019 20:48:50 +0100 Subject: [PATCH] lib: do not require ciphersuites sent by the client to be a proper set. this fixes interoperability with (at least) android 4.4 devices --- lib/handshake_common.ml | 2 ++ pkg/pkg.ml | 1 + 2 files changed, 3 insertions(+) diff --git a/lib/handshake_common.ml b/lib/handshake_common.ml index 0676bff4..66976365 100644 --- a/lib/handshake_common.ml +++ b/lib/handshake_common.ml @@ -125,8 +125,10 @@ let client_hello_valid ch = not (empty ch.ciphersuites) && + (* android 4.4 and davdroid do not send proper sets! (List_set.is_proper_set ch.ciphersuites) && + *) (* TODO: if ecc ciphersuite, require ellipticcurves and ecpointformats extensions! *) List_set.is_proper_set (extension_types to_client_ext_type ch.extensions) diff --git a/pkg/pkg.ml b/pkg/pkg.ml index 8ba711fd..47e68095 100755 --- a/pkg/pkg.ml +++ b/pkg/pkg.ml @@ -30,4 +30,5 @@ let () = Pkg.test ~run:false ~cond:lwt "lwt/examples/echo_client_alpn" ; Pkg.test ~run:false ~cond:lwt "lwt/examples/test_server" ; Pkg.test ~run:false ~cond:lwt "lwt/examples/test_client" ; + Pkg.test ~run:false ~cond:lwt "lwt/examples/http_client" ; ]