yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
991 commits 1 branch 11 tags 1.7 MiB
Commit graph

224 commits

Author SHA1 Message Date
Vincent Hanquez
8653d49a42 catch Error_EOF exception and return empty data. 2014-03-23 10:55:39 +00:00
Vincent Hanquez
beb4e7c67d fix socket backend to stop looping when not receiving data 
a endless loop would occur when empty of data is received
 2014-03-23 10:55:03 +00:00
Vincent Hanquez
ffd061ef95 Add a way to delay interpreting the SKX structure until actually needed. 
In some case, with efficient servers, we end up parsing the SKX structure
without having yet set the pending cipher. The cipher key exchange type
being unknown at this stage, lead to not knowing how to parse the SKX
structure.

Fix it by keeping the byte un-interpreted when the cipher key exchange
is not known, and properly parse later on.

Fix #53.
 2014-03-23 07:08:43 +00:00
Vincent Hanquez
410bc95951 Enable SSL3 protocol version by default. 2014-03-23 06:16:16 +00:00
Vincent Hanquez
14eb3c686c Accept non-fatal UnrecognizedName alert after ClientHello. 
Misconfigured servers send an "Unrecognized Name" warning in the SSL
handshake which is ignored by most clients. Some stack would fail the same
way (i.e. Java 7 with SNI enabled).

Improve state machine slightly.

Fix #53.
 2014-03-23 06:07:25 +00:00
Vincent Hanquez
7d0e1d5267 Allow handshake records to be split across records. 
* Store continuations in record state
* parse handshake records one by one.
 2014-03-22 06:54:37 +00:00
Vincent Hanquez
14c3325c75 put the type of the handshake for the parsing of handshake message. 2014-03-22 05:51:51 +00:00
Vincent Hanquez
8088d3e265 Export the partial capability and wrap it in a easier layer. 
now runGet has the ability to return partial result and unparsed bytes.
 2014-03-22 05:50:09 +00:00
Vincent Hanquez
53d028d208 remove old code commented 2014-03-21 11:16:07 +00:00
Vincent Hanquez
cacab68840 use byteable to get a -> Bytestring function. 2014-03-21 11:09:12 +00:00
Reto Hablützel
53a09a45a3 Fixed typos in documentation 2014-02-21 10:50:54 +01:00
Vincent Hanquez
331651b0ca add a way to get credentials from memory instead of from files. 2014-01-29 04:41:47 +00:00
Vincent Hanquez
a59f8b334a clarify the documentation on what's expected from LoadX509 2014-01-29 04:41:18 +00:00
Vincent Hanquez
47c7243385 When the KeyUsage extension is not here, no restrictions apply on the key 2014-01-27 09:56:51 +00:00
Vincent Hanquez
f6ecbf82c6 export some extra validation data types 2014-01-27 04:17:30 +00:00
Vincent Hanquez
8b03b9ca86 add Network.TLS.Extra for best compatibility with tls-extra removal 2014-01-27 04:03:26 +00:00
Vincent Hanquez
182ef6a096 fold tls-extra ciphers in tls. 2014-01-27 03:51:02 +00:00
Vincent Hanquez
c6117b96f3 misc realignement 2014-01-27 03:50:20 +00:00
Vincent Hanquez
ad6ed6beac add some Show and Eq instances 2014-01-27 03:50:04 +00:00
Vincent Hanquez
51d9c999f0 align properly 2014-01-26 14:15:30 +00:00
Vincent Hanquez
86375aaa57 move onHandshake to a serverHooks, and remove CommonHooks everywhere. 
export modifyHooks as contextModifyHooks
 2014-01-26 07:02:43 +00:00
Vincent Hanquez
251a0b2193 move logging into dynamic hooks 2014-01-26 06:50:47 +00:00
Vincent Hanquez
8dccb7d7bd document hooks 2014-01-26 06:38:53 +00:00
Vincent Hanquez
11575711bc add dynamic recv certificate hook and remove the static one. 2014-01-26 06:37:17 +00:00
Vincent Hanquez
4e5ff7f53d Change the way parameters are created. 
This is still WIP and this commit is truly horrific. Sadly, it's just
too much effort to do clean commit with this, and it doesn't mix with
experimentation either.
 2014-01-25 16:51:51 +00:00
Vincent Hanquez
8e128a0412 export information and related. 2014-01-17 08:49:16 +00:00
Vincent Hanquez
68594044c7 remove connectVersion. 2014-01-17 07:11:07 +00:00
Vincent Hanquez
f0bc03863b add a way to get information about a context. 
WIP need to include certificate information.
 2014-01-17 07:10:28 +00:00
Vincent Hanquez
2d1aeb76c2 make compression an instance of Eq. 2014-01-17 07:09:50 +00:00
Vincent Hanquez
439ea6ba85 use the backend class completely and mark contextNewOnX symbols as deprecated 2014-01-17 06:55:33 +00:00
Vincent Hanquez
eb90d5be00 define failOnEitherError 2014-01-16 10:48:47 +00:00
Vincent Hanquez
aa8856c68a remove connectVersion as it should be the maximum of allowedVersions 2014-01-12 07:15:16 +00:00
Vincent Hanquez
50797bae50 cleanup import 2014-01-10 08:30:30 +00:00
Vincent Hanquez
453fab50ed split Backend and introduce a new HasBackend class 
the HasBackend class allow to not have multiples contextNewOnX calls,
but instead will favor only one contextNew that can take all HasBackend types.
 2014-01-10 07:01:34 +00:00
Vincent Hanquez
614b5b4c6b split parameters from context 2014-01-05 11:14:17 +00:00
Vincent Hanquez
8a05317d40 slightly better error when no ciphers are available 2014-01-02 06:09:09 +00:00
Vincent Hanquez
323fb95fbe consistent style in record structure. 2013-12-28 15:26:33 +00:00
Vincent Hanquez
85f436afe6 add a system to filter cipher that we can't use because we don't have the right credentials loaded. 2013-12-28 15:25:13 +00:00
Vincent Hanquez
acf9708199 use the new credentials system to be able to handle RSA and DSS certificate at the same time. 2013-12-28 15:24:20 +00:00
Vincent Hanquez
9a05ac9553 limit the X509 import list of what we need 2013-12-28 15:20:07 +00:00
Vincent Hanquez
f72293d32f properly do DSS/RSA in DHE methods. 2013-12-28 15:19:39 +00:00
Vincent Hanquez
a111d703a4 simplify the handshake key state. 
we don't need to differentiate client/server, as a remote key will always be public and
the private key always local.
 2013-12-28 15:17:42 +00:00
Vincent Hanquez
64946c8fb8 error in serverKeyXchg with RSA. 2013-12-28 15:15:06 +00:00
Vincent Hanquez
761ba1ac5c add support for DSS signature. 2013-12-28 15:14:09 +00:00
Vincent Hanquez
b3068deec8 add support for DSA signing and verification. 2013-12-28 15:13:43 +00:00
Vincent Hanquez
8e6a6d9456 add a credentials module 2013-12-28 15:12:14 +00:00
Vincent Hanquez
08997c96f0 default the version if not set which allow to report very early error (e.g. no cipher in common) properly 2013-12-28 15:09:25 +00:00
Vincent Hanquez
891cf168ac add simple method to get the certificate leaf. 2013-12-28 15:07:20 +00:00
Vincent Hanquez
02dd7b8aa7 add support for DHE (only with RSA signing so far) 2013-12-11 16:39:25 +08:00
Vincent Hanquez
a223673eed make HandshakeM an instance of Applicative. 2013-12-11 16:36:35 +08:00