From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Tue, 12 Apr 2016 18:28:03 +0000 (-0600)
Subject: Fixed SSL server Hello parsing.
X-Git-Tag: SQUID_4_0_11~29^2~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19f85d6d2d6e669045e4588380bac064130366a8;p=thirdparty%2Fsquid.git

Fixed SSL server Hello parsing.

We must parse cipher and compression method before extensions.

Also fixed extensions detection to match RFC 5246 algorithm.
---

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index c978e5430f..b052b8a678 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -417,8 +417,14 @@ Security::HandshakeParser::parseServerHelloHandshakeMessage(const SBuf &raw)
         tkHsk.commit();
         P8String session(tkHsk, "Session ID");
         details->sessionId = session.body;
-        P16String extensions(tkHsk, "Extensions List");
-        parseExtensions(extensions.body);
+        const uint16_t cipher = tkHsk.uint16("cipher");
+        details->ciphers.push_back(cipher);
+        const uint8_t compressionMethod = tkHsk.uint8("Compression method");
+        details->compressMethod = compressionMethod > 0 ? 1 : 0; // Only deflate supported here.
+        if (!tkHsk.atEnd()) { // extensions present
+            P16String extensions(tkHsk, "Extensions List");
+            parseExtensions(extensions.body);
+        }
 #if 0
     }
 #endif