yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
644 commits 1 branch 11 tags 1.7 MiB
Commit graph

644 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Grabmueller
c772ee22d5 Start client certificate support for TLS1.2. 
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
 2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7 Add documentation. 2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457 Fix broken negotiation by separating active from pending crypt/mac states. 2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659 Clean up and simplify code. 2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209 Fix missing digest update in server for CertVerify message. 2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813 Experimental debug output. 2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c Fix encoding of CertRequest, so that encoding and decoding are inverses. 2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e Separate finish from certificate verify digests. Will make it easier to support TLS1.2. 2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4 Add comments. 2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5 Integrate client certificate settings into RoleParams, 
remember client cert chain for use after handshake has
finished.
 2012-07-16 14:36:44 +02:00
Martin Grabmueller
4d53898c5c Fix verification/signing. 2012-07-15 22:18:27 +02:00
Martin Grabmueller
325c9be4c7 Use getOpaque16 and check for valid DN length. 2012-07-14 16:56:04 +02:00
Martin Grabmueller
74f1bf79ea Use subject instead of issuer for certificate request. 2012-07-14 16:50:48 +02:00
Martin Grabmueller
f08eb43055 Add comments and FIXMEs. 2012-07-14 16:49:46 +02:00
Martin Grabmueller
9e710b5e88 Accept empty client certificate list. Will error on verification. 2012-07-13 22:29:36 +02:00
Martin Grabmueller
f5972a4818 Implement client certificate support in handshake. 2012-07-13 22:04:23 +02:00
Martin Grabmueller
a2825c31ac Pull out common functionality for client and server handshake. 2012-07-13 21:48:37 +02:00
Martin Grabmueller
6483e954f4 Add abstractions for accessing client certificate state. 2012-07-13 21:44:19 +02:00
Martin Grabmueller
e617a1bbec Store public key from client certificate in server mode. 2012-07-13 21:33:45 +02:00
Martin Grabmueller
ef90cda757 Ensure that the same handshake packets are included 
in the handshake digest for sending and receiving.
 2012-07-13 21:23:01 +02:00
Martin Grabmueller
2b101b6fa7 Add function for retrieving certificate verify digest. 2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2 Extend state to hold information about ongoing client certificate exchange. 2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4 Extend state to hold client private/public keys and add 
functions for signing and verifying with these keys.
 2012-07-13 21:08:23 +02:00
Martin Grabmueller
224f9d4e2c Add proper types for certificate request/verify messages. 2012-07-13 17:20:10 +02:00
Martin Grabmueller
8b7b2ff1bf Add parameter structures for client certificates (both server and client versions). 2012-07-13 16:47:58 +02:00
Martin Grabmueller
58beee4f9f Add functions for signing/verifying with private/public keys. 2012-07-13 16:33:12 +02:00
Vincent Hanquez
ff14e0b988 fixing new API breakage related to RoleParam and SessionManager change 2012-07-12 09:04:50 +01:00
Vincent Hanquez
ce3f724564 add usual header. 2012-07-12 09:03:48 +01:00
Vincent Hanquez
e47501736b add usual header 2012-07-12 09:03:24 +01:00
Vincent Hanquez
12104f612e documentation fixup. 2012-07-12 09:02:38 +01:00
Vincent Hanquez
b140b61012 upgrade cabal-version and fixup problems related to the upgrade. 2012-07-12 09:02:27 +01:00
Vincent Hanquez
4179ceba82 start using Client and Server distinction for want client cert and session resume with 2012-07-12 09:02:10 +01:00
Vincent Hanquez
c8d9f0677b switch session related callback to a new SessionManager class. 
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
 2012-07-12 08:59:59 +01:00
Vincent Hanquez
9c3177a16a split some common types from struct and move them to types. 2012-07-12 08:56:16 +01:00
Vincent Hanquez
1048815206 expose more context role related helpers and types. 2012-07-12 08:54:34 +01:00
Vincent Hanquez
593f1affbb fixes to run on tls 1.0 2012-07-10 07:58:01 +01:00
Vincent Hanquez
d0d48bb476 export SessionID and SessionData. 2012-07-08 10:14:09 +01:00
Vincent Hanquez
6ae20f4125 remove npnId and use Extension's proper definition 2012-07-05 05:36:28 +01:00
Martin Grabmueller
3d629acaf1 Add missing module Network.TLS.Handshake to .cabal file. 2012-07-04 22:15:19 +02:00
Vincent Hanquez
e1bc9db398 bump version to 0.9.6 2012-07-03 07:18:10 +01:00
Vincent Hanquez
daa5fd42a4 export clientWith and serverWith 2012-07-03 07:14:28 +01:00
Vincent Hanquez
b57ef66d28 move extension decoding and encoding in a separate file. 2012-05-14 06:39:20 +01:00
Vincent Hanquez
d8b37f7fb9 move runGetErr and add runGetMaybe 2012-05-14 06:36:17 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
d0481f76a3 remove the need to have same length arguments in bytesEq. bail early in case strings have different size. 2012-05-14 06:32:47 +01:00
Vincent Hanquez
9b32e6d5f4 [SECURITY] use constant equality testing to prevent timing determination of the expected value. 
it doesn't seems to be in an usable context though.
 2012-05-14 06:32:14 +01:00
Vincent Hanquez
8509d7dbc1 rename Extension in ExtensionRaw. 2012-05-14 04:41:50 +01:00
Vincent Hanquez
e1ea61bafa factorize npn extension ID. 2012-05-14 04:41:09 +01:00
Vincent Hanquez
e6f4f9a688 add some header comment for Handshake 2012-04-27 07:29:35 +01:00
Vincent Hanquez
d8d049726d move Handshake into its own module 2012-04-27 07:28:17 +01:00