Martin Grabmueller
9aa9675d0c
Use correct version number, simplify code.
2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4
add callback on server to choose cipher according to version.
...
default to previous behavior: choosing the first cipher that match
2012-07-23 21:53:59 +01:00
Vincent Hanquez
cf585d95c3
bump version to 0.9.8
2012-07-23 21:29:31 +01:00
Vincent Hanquez
720e98df78
export SessionID and SessionData
2012-07-23 21:24:51 +01:00
Vincent Hanquez
7518af2f38
bump version to 0.9.7
2012-07-23 09:23:21 +01:00
Vincent Hanquez
c686d8d382
[SECURITY] add empty TLS packets before appdata
...
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
Conflicts:
Network/TLS/IO.hs
Network/TLS/State.hs
2012-07-23 09:23:02 +01:00
Vincent Hanquez
4d91e67750
harden packet record chunking.
...
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e
[SECURITY] add empty TLS packets before appdata
...
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739
Add initial support for client certificates with TLS 1.2.
2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5
Start client certificate support for TLS1.2.
...
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7
Add documentation.
2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457
Fix broken negotiation by separating active from pending crypt/mac states.
2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659
Clean up and simplify code.
2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209
Fix missing digest update in server for CertVerify message.
2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813
Experimental debug output.
2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c
Fix encoding of CertRequest, so that encoding and decoding are inverses.
2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e
Separate finish from certificate verify digests. Will make it easier to support TLS1.2.
2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4
Add comments.
2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5
Integrate client certificate settings into RoleParams,
...
remember client cert chain for use after handshake has
finished.
2012-07-16 14:36:44 +02:00
Martin Grabmueller
4d53898c5c
Fix verification/signing.
2012-07-15 22:18:27 +02:00
Martin Grabmueller
325c9be4c7
Use getOpaque16 and check for valid DN length.
2012-07-14 16:56:04 +02:00
Martin Grabmueller
74f1bf79ea
Use subject instead of issuer for certificate request.
2012-07-14 16:50:48 +02:00
Martin Grabmueller
f08eb43055
Add comments and FIXMEs.
2012-07-14 16:49:46 +02:00
Martin Grabmueller
9e710b5e88
Accept empty client certificate list. Will error on verification.
2012-07-13 22:29:36 +02:00
Martin Grabmueller
f5972a4818
Implement client certificate support in handshake.
2012-07-13 22:04:23 +02:00
Martin Grabmueller
a2825c31ac
Pull out common functionality for client and server handshake.
2012-07-13 21:48:37 +02:00
Martin Grabmueller
6483e954f4
Add abstractions for accessing client certificate state.
2012-07-13 21:44:19 +02:00
Martin Grabmueller
e617a1bbec
Store public key from client certificate in server mode.
2012-07-13 21:33:45 +02:00
Martin Grabmueller
ef90cda757
Ensure that the same handshake packets are included
...
in the handshake digest for sending and receiving.
2012-07-13 21:23:01 +02:00
Martin Grabmueller
2b101b6fa7
Add function for retrieving certificate verify digest.
2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2
Extend state to hold information about ongoing client certificate exchange.
2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4
Extend state to hold client private/public keys and add
...
functions for signing and verifying with these keys.
2012-07-13 21:08:23 +02:00
Martin Grabmueller
224f9d4e2c
Add proper types for certificate request/verify messages.
2012-07-13 17:20:10 +02:00
Martin Grabmueller
8b7b2ff1bf
Add parameter structures for client certificates (both server and client versions).
2012-07-13 16:47:58 +02:00
Martin Grabmueller
58beee4f9f
Add functions for signing/verifying with private/public keys.
2012-07-13 16:33:12 +02:00
Vincent Hanquez
ff14e0b988
fixing new API breakage related to RoleParam and SessionManager change
2012-07-12 09:04:50 +01:00
Vincent Hanquez
ce3f724564
add usual header.
2012-07-12 09:03:48 +01:00
Vincent Hanquez
e47501736b
add usual header
2012-07-12 09:03:24 +01:00
Vincent Hanquez
12104f612e
documentation fixup.
2012-07-12 09:02:38 +01:00
Vincent Hanquez
b140b61012
upgrade cabal-version and fixup problems related to the upgrade.
2012-07-12 09:02:27 +01:00
Vincent Hanquez
4179ceba82
start using Client and Server distinction for want client cert and session resume with
2012-07-12 09:02:10 +01:00
Vincent Hanquez
c8d9f0677b
switch session related callback to a new SessionManager class.
...
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
2012-07-12 08:59:59 +01:00
Vincent Hanquez
9c3177a16a
split some common types from struct and move them to types.
2012-07-12 08:56:16 +01:00
Vincent Hanquez
1048815206
expose more context role related helpers and types.
2012-07-12 08:54:34 +01:00
Vincent Hanquez
593f1affbb
fixes to run on tls 1.0
2012-07-10 07:58:01 +01:00
Vincent Hanquez
d0d48bb476
export SessionID and SessionData.
2012-07-08 10:14:09 +01:00
Vincent Hanquez
6ae20f4125
remove npnId and use Extension's proper definition
2012-07-05 05:36:28 +01:00
Martin Grabmueller
3d629acaf1
Add missing module Network.TLS.Handshake to .cabal file.
2012-07-04 22:15:19 +02:00
Vincent Hanquez
e1bc9db398
bump version to 0.9.6
2012-07-03 07:18:10 +01:00
Vincent Hanquez
daa5fd42a4
export clientWith and serverWith
2012-07-03 07:14:28 +01:00