Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
cead67c558
add secure renegociation flag in state
2011-06-06 08:03:18 +01:00
Vincent Hanquez
03c07ce173
hello extensions can be present since SSL3
2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0
simplify decoding by just getting the remaining content
2011-06-06 07:55:09 +01:00
Vincent Hanquez
0710d44f3d
code alignment
2011-06-06 07:54:40 +01:00
Vincent Hanquez
f74626e065
throw proper error if we receive an unexpected transition.
2011-05-13 21:40:11 +01:00
Vincent Hanquez
dd1ab24f10
bump version to 0.7.0
2011-05-13 21:05:44 +01:00
Vincent Hanquez
9cd0ed0515
handle exception in handshake and report to the user if the handshake has been successful or not.
2011-05-13 08:39:15 +01:00
Vincent Hanquez
6eef56c60f
[SECURITY] fix TLS1.1 block cipher IV usage.
...
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
2011-05-13 08:10:13 +01:00
Vincent Hanquez
432639688f
properly handle the mvar to put the st back if an exception happens.
2011-05-13 07:12:54 +01:00
Vincent Hanquez
8434cb24e2
use proper protocol error in the server during clienthello
2011-05-13 07:08:27 +01:00
Vincent Hanquez
f7ed7f541a
throw a proper protocol error in case the version is not supported
2011-05-13 07:03:16 +01:00
Vincent Hanquez
f140e1c579
change onRecvCertificate callback to be able to track the reason of rejection, and returns the proper alert to the other side.
2011-05-13 07:02:44 +01:00
Vincent Hanquez
f1222ece5d
add placeholder code to handle alerts during recvData.
2011-05-12 09:13:53 +01:00
Vincent Hanquez
fa384d87c7
raise a proper HandshakeFailure if no cipher works
2011-05-12 09:13:53 +01:00
Vincent Hanquez
3b76a3ed7c
raise a ProtocolVersion error if version negociated is SSL2
2011-05-12 09:13:53 +01:00
Vincent Hanquez
eac638bc27
if we received a packet too big, raise a RecordOverflow error
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f569440782
add throw IO ability to core
2011-05-12 09:13:53 +01:00
Vincent Hanquez
0582234934
cleanup for not having to use fromJust
2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca
throw proper error for bad record mac
2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1
remove unnecessary import
2011-05-12 09:13:53 +01:00
Vincent Hanquez
bdba471ebe
define a more generic protocol error, and remove the digest error
2011-05-12 09:13:53 +01:00
Vincent Hanquez
e4f40cf55e
comment
2011-05-12 09:13:53 +01:00
Vincent Hanquez
277e39b931
define TLSError as Exception material
2011-05-12 09:13:53 +01:00
Vincent Hanquez
8ee6f728bd
add signature
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b
add a structure to parametrize decoding encoding related to version, key exchange type, ...
2011-05-12 09:13:53 +01:00
Vincent Hanquez
4b5812529b
derive Show and Eq from CipherKeyExchangeType
2011-05-12 09:13:53 +01:00
Vincent Hanquez
1e294bbbff
rename cipherkeyexchange types
2011-05-12 09:13:49 +01:00
Vincent Hanquez
893bb92cbf
fix tests
2011-05-12 08:16:38 +01:00
Vincent Hanquez
7401c8c5a2
add gitignore file
2011-05-11 08:24:13 +01:00
Vincent Hanquez
6eb08d9c22
bump TLS version to 0.6.4
2011-05-11 08:12:43 +01:00
Vincent Hanquez
56d9de4b1d
bump certificate to 0.9.0
...
side effect: comment quickcheck code linked to certificate
2011-05-11 08:12:30 +01:00
Vincent Hanquez
c111389b30
capitalize DH
2011-05-11 07:34:15 +01:00
Vincent Hanquez
259691e4d5
bump tls version to 0.6.3
2011-05-09 09:15:41 +01:00
Vincent Hanquez
969a62b79a
bump certificate version to 0.8.1
2011-05-09 09:15:36 +01:00
Vincent Hanquez
41ad7fe39b
bump version to 0.6.2
2011-05-04 08:42:10 +01:00
Vincent Hanquez
7f6f511839
Add a way to show packet sent and received at the protocol level. very useful for debugging.
2011-05-04 08:41:16 +01:00
Vincent Hanquez
cc84a9452c
bump version to 0.6.1
2011-04-26 07:12:45 +01:00
Vincent Hanquez
69d3604a64
do not call new variable state. it's already defined by the state module.
2011-04-24 13:43:57 +01:00
Vincent Hanquez
ad226f7fb9
usless import in wire module
2011-04-24 13:43:27 +01:00
Vincent Hanquez
4a84e9415f
comment fixup
2011-04-24 13:43:18 +01:00
Vincent Hanquez
d983d4ebc8
remove now useless extension
2011-04-24 13:43:08 +01:00
Vincent Hanquez
7cce3fca0c
use functor's <$> instead of a return construct
2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673
refactor processclientkeyxchg
2011-04-24 11:34:11 +01:00
Vincent Hanquez
9f3714dd1c
simplify parsing of packets
...
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4
set the error instance of TLSError with the definition of TLSError. prevent orphan instance
2011-04-24 09:32:49 +01:00
Vincent Hanquez
d4f8a18e02
bump version to 0.6.0
2011-04-11 20:02:57 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
4b5ee43a92
remove commented tests that were moved to tls-extra
2011-04-11 19:47:51 +01:00
Vincent Hanquez
0157d72d54
bump version to 0.5.1
2011-03-23 21:49:12 +00:00