yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
834 commits 1 branch 11 tags 1.7 MiB
Commit graph

834 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
0e22ae7db4 check that we didn't receive any extensions from the server that we didn't sent. 
In case that happens, fail the handshake with an unsupported extension alert.
 2012-08-27 08:25:08 +01:00
Vincent Hanquez
7cc0c6c43f define unsupported extension from tls1.2 2012-08-27 08:25:08 +01:00
Vincent Hanquez
fa662c4d0e add extensionID and move extension id definition in struct 2012-08-27 08:25:08 +01:00
Vincent Hanquez
7640a90d2f introduce a hashandsignaturealgorithm alias. 2012-08-27 08:25:02 +01:00
Vincent Hanquez
727f1af076 unbind ver from the where body and use pConnectVersion when needed. 
prevent mixup with which version is actually in use.
 2012-08-20 07:38:42 +01:00
Vincent Hanquez
60ea0ab89f use the server returned value for version instead of using the one we sent. 
fix a bug when server downgrade/upgrade the protocol version.
 2012-08-20 07:37:54 +01:00
Vincent Hanquez
7edf5014b3 move client data sent to its own function. 2012-08-19 23:14:58 +01:00
Vincent Hanquez
96567891e5 use pattern match in function parameter bindings to remove couple of lines 2012-08-19 22:32:43 +01:00
Vincent Hanquez
8445c8ea7d factor RSA signature verification. 2012-08-19 17:50:35 +01:00
Vincent Hanquez
296b5dfab6 reindent to 4 spaces, and cosmetic adjustment 2012-08-19 16:56:36 +01:00
Vincent Hanquez
0ea05e0939 split recvClientData from the handshakeServerWith function. 2012-08-19 16:52:16 +01:00
Vincent Hanquez
a4a07ccd8f add documentation and move things around. 2012-08-19 14:37:05 +01:00
Vincent Hanquez
ab0e1c3843 add headers 2012-08-19 08:48:05 +01:00
Vincent Hanquez
6c3519e15f split server from handshake. 2012-08-18 23:13:13 +01:00
Vincent Hanquez
9d4e4aa818 split client handshake from handshake. 2012-08-18 23:05:56 +01:00
Vincent Hanquez
975fc32889 split signature apart from handshake 2012-08-18 23:05:37 +01:00
Vincent Hanquez
4e5c2e8c1d split apart certificate stuff from handshake. 
at the moment it's mostly a stub, but will host all handling of
client&server certificates.
 2012-08-18 22:57:58 +01:00
Vincent Hanquez
07d0d70c70 Split handshake module. preparation step, removing common functions. 2012-08-18 22:46:53 +01:00
Vincent Hanquez
9baf74e3db bump version 2012-08-15 22:13:03 +01:00
Vincent Hanquez
7c061a44fa Merge pull request #16 from joeyadams/fix-for-ghc-7.6 
Fix build for GHC 7.6
 2012-08-15 14:10:48 -07:00
Joey Adams
dcecf7e3f5 Fix build for GHC 7.6 
In base 4.6, Prelude no longer exports 'catch'.

Also, removed a redundant "import Data.Maybe" in TLS.Context .
This does not break the build on GHC 7.0.3 and 7.4.2 .
 2012-08-12 22:17:08 -04:00
Vincent Hanquez
b64813edac fixup for merge. 
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
 2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee Merge remote-tracking branch 'mgrabmueller/client-certificate' into next 
Conflicts:
	Network/TLS/Context.hs
 2012-08-05 07:12:07 +01:00
Vincent Hanquez
53570020f9 Use cipher-aes on linux / x86. 
cipher-aes only received extensive testing on i386/x86_64 and linux,
for other platform fallback to a more tested version in cryptocipher.
 2012-08-04 22:31:38 +01:00
Vincent Hanquez
3613061131 stylistic adjustments 2012-08-04 16:51:12 +01:00
Martin Grabmueller
fa3e2aec1c Add client cert handshake messages to tests. 2012-07-28 14:40:37 +02:00
Martin Grabmueller
0102d23017 Improve testability with a newtype. 2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a Add client cert support for SSL3. 2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c Merge remote-tracking branch 'upstream/next' into client-certificate 
Conflicts:
	Network/TLS/Context.hs
	Network/TLS/Record/Disengage.hs
 2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66 Small optimization. 2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638 Harmonize code for pre-1.2 and 1.2 versions. 2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c Use correct version number, simplify code. 2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4 add callback on server to choose cipher according to version. 
default to previous behavior: choosing the first cipher that match
 2012-07-23 21:53:59 +01:00
Vincent Hanquez
cf585d95c3 bump version to 0.9.8 2012-07-23 21:29:31 +01:00
Vincent Hanquez
720e98df78 export SessionID and SessionData 2012-07-23 21:24:51 +01:00
Vincent Hanquez
7518af2f38 bump version to 0.9.7 2012-07-23 09:23:21 +01:00
Vincent Hanquez
c686d8d382 [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.

Conflicts:

	Network/TLS/IO.hs
	Network/TLS/State.hs
 2012-07-23 09:23:02 +01:00
Vincent Hanquez
4d91e67750 harden packet record chunking. 
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
 2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
 2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739 Add initial support for client certificates with TLS 1.2. 2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5 Start client certificate support for TLS1.2. 
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
 2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7 Add documentation. 2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457 Fix broken negotiation by separating active from pending crypt/mac states. 2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659 Clean up and simplify code. 2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209 Fix missing digest update in server for CertVerify message. 2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813 Experimental debug output. 2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c Fix encoding of CertRequest, so that encoding and decoding are inverses. 2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e Separate finish from certificate verify digests. Will make it easier to support TLS1.2. 2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4 Add comments. 2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5 Integrate client certificate settings into RoleParams, 
remember client cert chain for use after handshake has
finished.
 2012-07-16 14:36:44 +02:00