- Updated comments

2025-11-04 04:32:24 -05:00 · 2012-04-12 20:44:34 +00:00 · 2012-04-12 20:44:34 +00:00 · bf63b36127
commit bf63b36127
parent c3f177a77b
2 changed files with 5 additions and 5 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -616,8 +616,6 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
         *     ServerDHParams params;
         * };
         */
-        /* TODO TLS1.2 Get Hash algorithm from hash and signature extension! */
-
        switch( hash_id )
        {
 #if defined(POLARSSL_MD5_C)
@ -928,7 +926,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )

    if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
    {
-        // TODO TLS1.2 Base on signature algorithm extension received
+        // TODO TLS1.2 Base on signature algorithm received in Certificate Request
        ssl->out_msg[4] = SSL_HASH_SHA256;
        ssl->out_msg[5] = SSL_SIG_RSA;

--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -636,7 +636,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
         *     ServerDHParams params;
         * };
         */
-        /* TODO TLS1.2 Get Hash algorithm from ciphersuite! */
+        /* TODO TLS1.2 Get a supported hash algorithm from the
+         * signature_algorithms extension, Otherwise SHA1 + RSA!
+         */
     
        sha1_starts( &sha1 );
        sha1_update( &sha1, ssl->randbytes, 64 );
@ -658,7 +660,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )

    if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
    {
-        // TODO TLS1.2 Base on signature algorithm extension received
+        // TODO TLS1.2 Base on selection above (SHA1 + RSA is default choice)
        ssl->out_msg[4 + n] = SSL_HASH_SHA1;
        ssl->out_msg[5 + n] = SSL_SIG_RSA;