LibTLS: Add references to RFC5246 for the verify procedure

Author: https://github.com/msvisser Commit: 331092d25a Pull-request: https://github.com/SerenityOS/serenity/pull/12739 Reviewed-by: https://github.com/alimpfard
2025-06-11 18:20:43 +09:00 · 2022-02-22 13:48:52 +01:00 · 2022-02-22 13:48:52 +01:00 · 331092d25a · 2024-07-17 22:09:47 +09:00
commit 331092d25a
parent d78813d902
3 changed files with 8 additions and 0 deletions
--- a/Userland/Libraries/LibTLS/HandshakeServer.cpp
+++ b/Userland/Libraries/LibTLS/HandshakeServer.cpp
@ -359,6 +359,7 @@ ssize_t TLSv12::verify_rsa_server_key_exchange(ReadonlyBytes server_key_info_buf
        dbgln("verify_rsa_server_key_exchange failed: Attempting to verify signature without certificates");
        return (i8)Error::NotSafe;
    }
+    // RFC5246 section 7.4.2: The sender's certificate MUST come first in the list.
    auto certificate_public_key = m_context.certificates.first().public_key;
    Crypto::PK::RSAPrivateKey dummy_private_key;
    auto rsa = Crypto::PK::RSA(certificate_public_key, dummy_private_key);