Kyle Raftogianis
347ebdaaf1
Rename nullSessionManager to noSessionManager
2013-06-01 23:52:38 -07:00
Vincent Hanquez
b3e3a2d648
fix compilation
2013-06-02 07:12:26 +01:00
Vincent Hanquez
8468556fe8
use x509 public key and private key instead of defining our own in tls.
2013-05-30 07:21:25 +01:00
Vincent Hanquez
b1478dd618
some exporting deprecated aliases.
2013-05-26 08:02:20 +01:00
Vincent Hanquez
02b2f01515
move certificate stuff in x509 module.
2013-05-26 08:02:06 +01:00
Vincent Hanquez
af29b3dc3f
prepare for 1.2 branch
2013-05-26 07:24:02 +01:00
Vincent Hanquez
59d61067b0
add X509 file.
2013-05-26 07:19:59 +01:00
Vincent Hanquez
fc9c6a407d
update for x509
2013-05-19 08:05:46 +01:00
Kyle Raftogianis
2c9fa01197
Replace existential session manager with concrete data type
2013-05-14 22:42:09 -07:00
Vincent Hanquez
83c1e247e6
add extra check for minimum size and being a blocksize multiple for block ciphers.
2013-02-09 16:57:22 +00:00
Vincent Hanquez
66cf59c054
remove BulkNoneF which only duplicate case for no reason.
2013-02-09 16:56:47 +00:00
Vincent Hanquez
339d2ca33a
reorganize the disengage decryptData function for further change.
2013-02-09 08:10:13 +00:00
Vincent Hanquez
0e628cf2c1
bump tls version
2013-01-27 16:09:49 +00:00
Vincent Hanquez
5afd866070
add SNI extension if it has been specified in the ClientUseServerName
2013-01-27 16:09:08 +00:00
Vincent Hanquez
510dcdd752
fix encoding of ServerName extension.
2013-01-27 16:08:39 +00:00
Vincent Hanquez
8553074677
bump version
2013-01-13 06:54:06 +00:00
Vincent Hanquez
a1815c8fb2
remove -fhpc by default in cabal file.
2013-01-13 06:54:03 +00:00
Vincent Hanquez
dab21da9d0
remove cryptocipher dependency
2013-01-06 09:41:40 +00:00
Vincent Hanquez
8c9bff15e3
remove old definition
2013-01-04 09:01:12 +00:00
Vincent Hanquez
5a4b194848
bump version to crypto-random-api 0.2
2013-01-04 08:38:11 +00:00
Vincent Hanquez
0f0471a0d5
in a nice closing alert, we try to reply as well before closing connections
2012-12-31 15:55:22 +00:00
Vincent Hanquez
a2355f33ee
handle early termination and bad remote side more effectively.
...
mark the session has invalid and also try to
reply to the other side that we're closing the connection.
Finally a new terminated exception is raised to userspace to notify
the failure.
2012-12-31 15:49:34 +00:00
Vincent Hanquez
fd922e90d3
define a new Terminated exception
2012-12-31 15:48:04 +00:00
Vincent Hanquez
6f5804bb2d
typo
2012-12-31 14:43:15 +00:00
Vincent Hanquez
17c5de82b3
spring cleanup errors that are not used anymore
2012-12-31 14:42:41 +00:00
Vincent Hanquez
02a50fc142
reorganize the recvData function to be nicer.
2012-12-31 14:08:51 +00:00
Vincent Hanquez
7c6815b738
only send packet if we are in the client context.
2012-12-31 13:37:33 +00:00
Vincent Hanquez
ea06a793b7
add SHA1 and remove unneeded import
2012-12-31 13:37:19 +00:00
Vincent Hanquez
f80f2e5dec
re-indent
2012-12-31 13:37:03 +00:00
Vincent Hanquez
0dd4a97d29
bump core version
2012-12-30 15:31:25 +00:00
Vincent Hanquez
a14b37d528
use new crypto-pubkey
2012-12-30 15:31:13 +00:00
Vincent Hanquez
141e6fc491
use the {decrypt,sign}Safer alternative.
2012-12-05 08:22:47 +00:00
Vincent Hanquez
68e45d829f
use a CPRG when signing with RSA.
2012-12-05 08:19:40 +00:00
Vincent Hanquez
bd2883683b
use a CPRG when using decrypt RSA.
2012-12-05 08:16:32 +00:00
Vincent Hanquez
7a03dc1834
create a test-suite that use tls as a library instead of using directly.
...
use the secret Network.TLS.Internal module, and as a result,
compile tls modules once now instead of twice each.
2012-12-05 07:57:13 +00:00
Vincent Hanquez
cedd5b2c86
switch to CPRG instead of CryptoRandomGen
2012-12-05 07:48:11 +00:00
Vincent Hanquez
3282b61e02
bump version
2012-12-04 08:58:14 +00:00
Vincent Hanquez
d614eb09e2
requires cprng-aes >= 0.3.0 and fix api change.
2012-12-04 08:35:21 +00:00
Vincent Hanquez
cfa2c2e1dc
Merge branch 'SSLv2Hello'
2012-12-04 08:33:02 +00:00
Vincent Hanquez
1e690cf8fb
add a SSLv2 compat flag to enable reception of compat Client Hello only
...
for the first packet received in a server context.
The client side never try to use the compat code.
2012-12-04 08:31:22 +00:00
Vincent Hanquez
cf63849c9d
add the SSLv2_COMPATIBLE flag to the tests.
...
add flag default to true.
2012-12-04 08:13:54 +00:00
Vincent Hanquez
c048a97d1b
Add a flag to recvRecord to enable SSLv2 compat reception.
2012-12-03 18:56:14 +00:00
Vincent Hanquez
b8e3000ef9
remove warning for useless binding
2012-12-03 18:55:30 +00:00
Vincent Hanquez
db1232aea8
remove warnings, add some more #ifdef.
2012-12-03 17:26:50 +00:00
Vincent Hanquez
ee92845b03
bump version
2012-11-19 09:55:07 +00:00
Vincent Hanquez
3e82cc744a
fix issue when re-handshaking with a different cipher.
...
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.
Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
2012-11-19 09:39:35 +00:00
notogawa
1605c4bd00
add flag to reject SSLv2 compatible handshake.
2012-11-17 01:01:41 +09:00
notogawa
d41c53f6b5
reject SSLv2 re-handshaking message.
2012-11-17 00:37:05 +09:00
notogawa
a4f06256fe
accept SSLv2 format 'ClientHello' Handshake message.
2012-11-10 19:34:37 +09:00
Vincent Hanquez
9bc41f62c4
bump version
2012-10-30 04:52:32 +00:00
Vincent Hanquez
513d13029f
use gets where possible and make thing nicer
2012-10-30 04:46:19 +00:00
Vincent Hanquez
0eb95ab9a7
do not returns empty app data to the user as it might be confused with EOF.
2012-10-29 21:23:44 +00:00
Vincent Hanquez
1c90962e9a
tweak how things are exported. simplify code.
...
use correct type alias
2012-10-21 20:35:32 +01:00
Vincent Hanquez
60f7197b0a
export everything required.
2012-10-21 18:32:07 +01:00
Vincent Hanquez
78a0e36397
remove semicolon and useless parens
2012-10-20 09:00:55 +01:00
Vincent Hanquez
8b665c05fd
define new fields in the client structure for max fragment length and server name
2012-10-20 09:00:30 +01:00
Vincent Hanquez
1b8696ddbf
properly define the server name extension to be a variant type.
...
This allow to have a better high level type and simplify the user side.
2012-10-20 08:59:39 +01:00
Vincent Hanquez
88d373165c
do not use a put monad as the encoding is a single byte bytestring
2012-10-20 08:58:36 +01:00
Vincent Hanquez
10e0a22950
properly set the type of maxfragmentlength
2012-10-20 08:58:14 +01:00
Vincent Hanquez
325cfd1eab
bind n so that we can report the error in decoding maxfragmentlength
2012-10-20 08:57:53 +01:00
Vincent Hanquez
8dae53a2ef
correct a typo.
2012-10-20 08:57:28 +01:00
Vincent Hanquez
aa910bfd9c
reindent
2012-10-20 08:56:53 +01:00
Vincent Hanquez
5627e3ddf9
add some spaces
2012-10-20 08:56:39 +01:00
Vincent Hanquez
acc4ef5ca5
add MaxFragmentLength extension
2012-10-17 07:30:41 +01:00
Vincent Hanquez
b0849b0785
export ServerName
2012-10-17 07:30:26 +01:00
Vincent Hanquez
d33a3df303
define the ServerName's extensionID
2012-10-17 07:30:07 +01:00
Vincent Hanquez
676608b017
make server name description more precise
2012-10-17 07:28:35 +01:00
Vincent Hanquez
b125a04215
bump certificate version
2012-10-16 08:03:00 +01:00
Vincent Hanquez
7d55744060
remove useless symbols. fixes warnings.
2012-10-16 08:02:44 +01:00
Vincent Hanquez
2132dd91c3
repair Core's tests.
2012-10-16 08:02:18 +01:00
Vincent Hanquez
a1b735bed1
update LICENSE files and add a root one.
2012-09-30 16:16:58 +01:00
Vincent Hanquez
0794cc3d0b
Disable optimisation for ghc 7.6.1 to workaround the bad record mac problem
...
Temporary fix until the bug is resolved upstream.
see http://hackage.haskell.org/trac/ghc/ticket/7270
2012-09-25 08:09:37 +01:00
Vincent Hanquez
c9dbce0636
realign fields.
2012-09-25 08:04:58 +01:00
Vincent Hanquez
89df5a893f
fix use of catch to make sure it's usuable on ghc-7.6 and older versions.
2012-09-23 22:54:43 +01:00
Vincent Hanquez
670f826f0a
fix link related to the new all in one repository for tls and co.
2012-09-05 06:50:45 +01:00
Vincent Hanquez
957a005664
move all tls into a core directory.
2012-09-05 06:27:06 +01:00