yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
728 commits 1 branch 11 tags 1.7 MiB
Commit graph

68 commits

Author SHA1 Message Date
Vincent Hanquez
fc9c6a407d update for x509 2013-05-19 08:05:46 +01:00
Vincent Hanquez
83c1e247e6 add extra check for minimum size and being a blocksize multiple for block ciphers. 2013-02-09 16:57:22 +00:00
Vincent Hanquez
66cf59c054 remove BulkNoneF which only duplicate case for no reason. 2013-02-09 16:56:47 +00:00
Vincent Hanquez
339d2ca33a reorganize the disengage decryptData function for further change. 2013-02-09 08:10:13 +00:00
Vincent Hanquez
0e628cf2c1 bump tls version 2013-01-27 16:09:49 +00:00
Vincent Hanquez
5afd866070 add SNI extension if it has been specified in the ClientUseServerName 2013-01-27 16:09:08 +00:00
Vincent Hanquez
510dcdd752 fix encoding of ServerName extension. 2013-01-27 16:08:39 +00:00
Vincent Hanquez
8553074677 bump version 2013-01-13 06:54:06 +00:00
Vincent Hanquez
a1815c8fb2 remove -fhpc by default in cabal file. 2013-01-13 06:54:03 +00:00
Vincent Hanquez
dab21da9d0 remove cryptocipher dependency 2013-01-06 09:41:40 +00:00
Vincent Hanquez
8c9bff15e3 remove old definition 2013-01-04 09:01:12 +00:00
Vincent Hanquez
5a4b194848 bump version to crypto-random-api 0.2 2013-01-04 08:38:11 +00:00
Vincent Hanquez
0f0471a0d5 in a nice closing alert, we try to reply as well before closing connections 2012-12-31 15:55:22 +00:00
Vincent Hanquez
a2355f33ee handle early termination and bad remote side more effectively. 
mark the session has invalid and also try to
reply to the other side that we're closing the connection.

Finally a new terminated exception is raised to userspace to notify
the failure.
 2012-12-31 15:49:34 +00:00
Vincent Hanquez
fd922e90d3 define a new Terminated exception 2012-12-31 15:48:04 +00:00
Vincent Hanquez
6f5804bb2d typo 2012-12-31 14:43:15 +00:00
Vincent Hanquez
17c5de82b3 spring cleanup errors that are not used anymore 2012-12-31 14:42:41 +00:00
Vincent Hanquez
02a50fc142 reorganize the recvData function to be nicer. 2012-12-31 14:08:51 +00:00
Vincent Hanquez
7c6815b738 only send packet if we are in the client context. 2012-12-31 13:37:33 +00:00
Vincent Hanquez
ea06a793b7 add SHA1 and remove unneeded import 2012-12-31 13:37:19 +00:00
Vincent Hanquez
f80f2e5dec re-indent 2012-12-31 13:37:03 +00:00
Vincent Hanquez
0dd4a97d29 bump core version 2012-12-30 15:31:25 +00:00
Vincent Hanquez
a14b37d528 use new crypto-pubkey 2012-12-30 15:31:13 +00:00
Vincent Hanquez
141e6fc491 use the {decrypt,sign}Safer alternative. 2012-12-05 08:22:47 +00:00
Vincent Hanquez
68e45d829f use a CPRG when signing with RSA. 2012-12-05 08:19:40 +00:00
Vincent Hanquez
bd2883683b use a CPRG when using decrypt RSA. 2012-12-05 08:16:32 +00:00
Vincent Hanquez
7a03dc1834 create a test-suite that use tls as a library instead of using directly. 
use the secret Network.TLS.Internal module, and as a result,
compile tls modules once now instead of twice each.
 2012-12-05 07:57:13 +00:00
Vincent Hanquez
cedd5b2c86 switch to CPRG instead of CryptoRandomGen 2012-12-05 07:48:11 +00:00
Vincent Hanquez
3282b61e02 bump version 2012-12-04 08:58:14 +00:00
Vincent Hanquez
d614eb09e2 requires cprng-aes >= 0.3.0 and fix api change. 2012-12-04 08:35:21 +00:00
Vincent Hanquez
cfa2c2e1dc Merge branch 'SSLv2Hello' 2012-12-04 08:33:02 +00:00
Vincent Hanquez
1e690cf8fb add a SSLv2 compat flag to enable reception of compat Client Hello only 
for the first packet received in a server context.

The client side never try to use the compat code.
 2012-12-04 08:31:22 +00:00
Vincent Hanquez
cf63849c9d add the SSLv2_COMPATIBLE flag to the tests. 
add flag default to true.
 2012-12-04 08:13:54 +00:00
Vincent Hanquez
c048a97d1b Add a flag to recvRecord to enable SSLv2 compat reception. 2012-12-03 18:56:14 +00:00
Vincent Hanquez
b8e3000ef9 remove warning for useless binding 2012-12-03 18:55:30 +00:00
Vincent Hanquez
db1232aea8 remove warnings, add some more #ifdef. 2012-12-03 17:26:50 +00:00
Vincent Hanquez
ee92845b03 bump version 2012-11-19 09:55:07 +00:00
Vincent Hanquez
3e82cc744a fix issue when re-handshaking with a different cipher. 
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.

Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
 2012-11-19 09:39:35 +00:00
notogawa
1605c4bd00 add flag to reject SSLv2 compatible handshake. 2012-11-17 01:01:41 +09:00
notogawa
d41c53f6b5 reject SSLv2 re-handshaking message. 2012-11-17 00:37:05 +09:00
notogawa
a4f06256fe accept SSLv2 format 'ClientHello' Handshake message. 2012-11-10 19:34:37 +09:00
Vincent Hanquez
9bc41f62c4 bump version 2012-10-30 04:52:32 +00:00
Vincent Hanquez
513d13029f use gets where possible and make thing nicer 2012-10-30 04:46:19 +00:00
Vincent Hanquez
0eb95ab9a7 do not returns empty app data to the user as it might be confused with EOF. 2012-10-29 21:23:44 +00:00
Vincent Hanquez
1c90962e9a tweak how things are exported. simplify code. 
use correct type alias
 2012-10-21 20:35:32 +01:00
Vincent Hanquez
60f7197b0a export everything required. 2012-10-21 18:32:07 +01:00
Vincent Hanquez
78a0e36397 remove semicolon and useless parens 2012-10-20 09:00:55 +01:00
Vincent Hanquez
8b665c05fd define new fields in the client structure for max fragment length and server name 2012-10-20 09:00:30 +01:00
Vincent Hanquez
1b8696ddbf properly define the server name extension to be a variant type. 
This allow to have a better high level type and simplify the user side.
 2012-10-20 08:59:39 +01:00
Vincent Hanquez
88d373165c do not use a put monad as the encoding is a single byte bytestring 2012-10-20 08:58:36 +01:00