3
0

support hypercorn server_names against dns rebind attacks, add cookie sessions to flash messages

This commit is contained in:
2022-04-06 18:59:07 +02:00
parent d1050d2ee4
commit 4ef792e97d
9 changed files with 71 additions and 30 deletions

View File

@ -339,7 +339,7 @@ class Hub:
await trio.sleep_forever()
def _calc_authentication(self, ssl_binding: bytes, server_side: bool) -> bytes:
m = hmac.new(self._config.secret.encode('utf8'), digestmod=hashlib.sha256)
m = hmac.new(self._config.comm_secret.encode('utf8'), digestmod=hashlib.sha256)
if server_side:
m.update(b'server$')
else: