);
use constant {
+ EXT_SERVER_NAME => 0,
EXT_STATUS_REQUEST => 5,
EXT_SUPPORTED_GROUPS => 10,
+ EXT_EC_POINT_FORMATS => 11,
+ EXT_SRP => 12,
+ EXT_SIG_ALGS => 13,
+ EXT_USE_SRTP => 14,
+ EXT_ALPN => 16,
+ EXT_SCT => 18,
+ EXT_PADDING => 21,
EXT_ENCRYPT_THEN_MAC => 22,
EXT_EXTENDED_MASTER_SECRET => 23,
EXT_SESSION_TICKET => 35,
- EXT_SUPPORTED_VERSIONS => 43,
EXT_KEY_SHARE => 40,
+ EXT_SUPPORTED_VERSIONS => 43,
+ EXT_RENEGOTIATE => 65281,
+ EXT_NPN => 13172,
# This extension is an unofficial extension only ever written by OpenSSL
# (i.e. not read), and even then only when enabled. We use it to test
# handling of duplicate extensions.
EXT_DUPLICATE_EXTENSION => 0xfde8
};
+use constant {
+ CIPHER_ADH_AES_128_SHA => 0x03000034
+};
+
my $payload = "";
my $messlen = -1;
my $mt;
$recoffset += 4;
$payload = "";
- if ($recoffset < $record->decrypt_len) {
+ if ($recoffset <= $record->decrypt_len) {
#Some payload data is present in this record
if ($record->decrypt_len - $recoffset >= $messlen) {
#We can complete the message with this record
[@message_frag_lens]
);
$message->parse();
+ } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
+ $message = TLSProxy::EncryptedExtensions->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
+ } elsif ($mt == MT_CERTIFICATE) {
+ $message = TLSProxy::Certificate->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
+ } elsif ($mt == MT_CERTIFICATE_VERIFY) {
+ $message = TLSProxy::CertificateVerify->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
} elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
$message = TLSProxy::ServerKeyExchange->new(
$server,