AstralTransRocketries/ClassiCube
1
0
Fork 0
mirror of https://github.com/ClassiCube/ClassiCube.git synced 2025-09-14 01:55:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

BearSSL: Force classicube.net signin to be done over TLS 1.2, fix https-verify=false not working, bump min RTC time to August 1 2024

Browse Source
This commit is contained in:
UnknownShadow200 2024-08-12 18:20:25 +10:00
parent d48a14f9c9
commit 9f7a7bcfb5
1 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/SSL.c
View File

@ -411,6 +411,13 @@ cc_result SSL_Free(void* ctx_) {
// https://github.com/unkaktus/bearssl/blob/master/samples/client_basic.c#L283
#define SSL_ERROR_SHIFT 0xB5510000
static unsigned fake_minimal_end_chain(const br_x509_class** ctx) {
unsigned r = br_x509_minimal_vtable.end_chain(ctx);
if (r == BR_ERR_X509_NOT_TRUSTED) r = 0;
if (r == BR_ERR_X509_EXPIRED) r = 0;
return r;
}
typedef struct SSLContext {
br_ssl_client_context sc;
br_x509_minimal_context xc;
@ -460,12 +467,12 @@ static void InjectEntropy(SSLContext* ctx) {
static void SetCurrentTime(SSLContext* ctx) {
cc_uint64 cur = DateTime_CurrentUTC();
/* clamp min system time from RTC to start of 2024 */
/* Times earlier than that usually mean an improperly calibrated RTC */
if (cur < 63839664000ull) cur = 63839664000ull;
uint32_t days = (uint32_t)(cur / 86400) + 366;
uint32_t secs = (uint32_t)(cur % 86400);
/* clamp min system time from RTC to start of August 2024 */
/* Times earlier than that usually mean an improperly calibrated RTC */
if (days < 739464) days = 739464;
br_x509_minimal_set_time(&ctx->xc, days, secs);
/* This matches bearssl's default time calculation
@ -503,10 +510,6 @@ cc_result SSL_Init(cc_socket socket, const cc_string* host_, void** out_ctx) {
*out_ctx = (void*)ctx;
br_ssl_client_init_full(&ctx->sc, &ctx->xc, TAs, TAs_NUM);
/*if (!_verify_certs) {
br_x509_minimal_set_rsa(&ctx->xc, &br_rsa_i31_pkcs1_vrfy);
br_x509_minimal_set_ecdsa(&ctx->xc, &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
}*/
InjectEntropy(ctx);
SetCurrentTime(ctx);
ctx->socket = socket;
@ -514,6 +517,19 @@ cc_result SSL_Init(cc_socket socket, const cc_string* host_, void** out_ctx) {
br_ssl_engine_set_buffer(&ctx->sc.eng, ctx->iobuf, sizeof(ctx->iobuf), 1);
br_ssl_client_reset(&ctx->sc, host, 0);
/* Account login must be done over TLS 1.2 */
if (String_CaselessEqualsConst(host_, "www.classicube.net")) {
br_ssl_engine_set_versions(&ctx->sc.eng, BR_TLS12, BR_TLS12);
}
/* Override default certificate chain validation */
if (!_verifyCerts) {
static br_x509_class fake_minimal_vtable;
fake_minimal_vtable = br_x509_minimal_vtable;
fake_minimal_vtable.end_chain = fake_minimal_end_chain;
ctx->xc.vtable = &fake_minimal_vtable;
}
br_sslio_init(&ctx->ioc, &ctx->sc.eng,
sock_read, ctx,
sock_write, ctx);