From 455b42743d3a3458f7c23926607e53c0b2906e5e Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Sat, 12 Sep 2015 13:04:47 +0200
Subject: libsec: handle TLS 1.2 changes in CertificateRequest message

---
 sys/src/libsec/port/tlshand.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index bf63312e7..e2f495a9d 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -1614,6 +1614,19 @@ msgRecv(TlsConnection *c, Msg *m)
 		m->u.certificateRequest.types = makebytes(p, nn);
 		p += nn;
 		n -= nn;
+		if(c->version >= TLS12Version){
+			/* skip supported_signature_algorithms */
+			if(n < 2)
+				goto Short;
+			nn = get16(p);
+			p += 2;
+			n -= 2;
+			if(nn > n)
+				goto Short;
+			p += nn;
+			n -= nn;
+
+		}
 		if(n < 2)
 			goto Short;
 		nn = get16(p);
-- 
cgit v1.2.3