yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
695 commits 1 branch 11 tags 1.7 MiB
Commit graph

695 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
b9261fd551 add extensions alerts 2012-08-27 16:25:35 +01:00
Vincent Hanquez
7c04e7f186 add servername extension encoding/decoding 2012-08-27 15:11:29 +01:00
Vincent Hanquez
7ae078c1ce add comments 2012-08-27 15:11:17 +01:00
Vincent Hanquez
7036d4becd rename fields to use the new type alias HashAndSignatureAlgorithm. 2012-08-27 15:05:53 +01:00
Vincent Hanquez
e2eb3ba95c use the new getList 2012-08-27 15:05:23 +01:00
Vincent Hanquez
d49bff619b move comment marker at the same level of code. 2012-08-27 14:22:53 +01:00
Vincent Hanquez
fcec7b70e4 use liftM instead of handrolled version 2012-08-27 14:21:19 +01:00
Vincent Hanquez
4250a3e2d9 add a comment so that we remember why it's there. 2012-08-27 14:20:54 +01:00
Vincent Hanquez
419c96c935 add a getList to get multiple elements 2012-08-27 14:20:04 +01:00
Vincent Hanquez
b591b821f7 use ExtensionID instead of raw Word16 in extension class signature 2012-08-27 14:18:04 +01:00
Vincent Hanquez
13acc4f91c filter out .mix 2012-08-27 08:25:08 +01:00
Vincent Hanquez
0e22ae7db4 check that we didn't receive any extensions from the server that we didn't sent. 
In case that happens, fail the handshake with an unsupported extension alert.
 2012-08-27 08:25:08 +01:00
Vincent Hanquez
7cc0c6c43f define unsupported extension from tls1.2 2012-08-27 08:25:08 +01:00
Vincent Hanquez
fa662c4d0e add extensionID and move extension id definition in struct 2012-08-27 08:25:08 +01:00
Vincent Hanquez
7640a90d2f introduce a hashandsignaturealgorithm alias. 2012-08-27 08:25:02 +01:00
Vincent Hanquez
727f1af076 unbind ver from the where body and use pConnectVersion when needed. 
prevent mixup with which version is actually in use.
 2012-08-20 07:38:42 +01:00
Vincent Hanquez
60ea0ab89f use the server returned value for version instead of using the one we sent. 
fix a bug when server downgrade/upgrade the protocol version.
 2012-08-20 07:37:54 +01:00
Vincent Hanquez
7edf5014b3 move client data sent to its own function. 2012-08-19 23:14:58 +01:00
Vincent Hanquez
96567891e5 use pattern match in function parameter bindings to remove couple of lines 2012-08-19 22:32:43 +01:00
Vincent Hanquez
8445c8ea7d factor RSA signature verification. 2012-08-19 17:50:35 +01:00
Vincent Hanquez
296b5dfab6 reindent to 4 spaces, and cosmetic adjustment 2012-08-19 16:56:36 +01:00
Vincent Hanquez
0ea05e0939 split recvClientData from the handshakeServerWith function. 2012-08-19 16:52:16 +01:00
Vincent Hanquez
a4a07ccd8f add documentation and move things around. 2012-08-19 14:37:05 +01:00
Vincent Hanquez
ab0e1c3843 add headers 2012-08-19 08:48:05 +01:00
Vincent Hanquez
6c3519e15f split server from handshake. 2012-08-18 23:13:13 +01:00
Vincent Hanquez
9d4e4aa818 split client handshake from handshake. 2012-08-18 23:05:56 +01:00
Vincent Hanquez
975fc32889 split signature apart from handshake 2012-08-18 23:05:37 +01:00
Vincent Hanquez
4e5c2e8c1d split apart certificate stuff from handshake. 
at the moment it's mostly a stub, but will host all handling of
client&server certificates.
 2012-08-18 22:57:58 +01:00
Vincent Hanquez
07d0d70c70 Split handshake module. preparation step, removing common functions. 2012-08-18 22:46:53 +01:00
Vincent Hanquez
9baf74e3db bump version 2012-08-15 22:13:03 +01:00
Vincent Hanquez
7c061a44fa Merge pull request #16 from joeyadams/fix-for-ghc-7.6 
Fix build for GHC 7.6
 2012-08-15 14:10:48 -07:00
Joey Adams
dcecf7e3f5 Fix build for GHC 7.6 
In base 4.6, Prelude no longer exports 'catch'.

Also, removed a redundant "import Data.Maybe" in TLS.Context .
This does not break the build on GHC 7.0.3 and 7.4.2 .
 2012-08-12 22:17:08 -04:00
Vincent Hanquez
b64813edac fixup for merge. 
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
 2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee Merge remote-tracking branch 'mgrabmueller/client-certificate' into next 
Conflicts:
	Network/TLS/Context.hs
 2012-08-05 07:12:07 +01:00
Vincent Hanquez
53570020f9 Use cipher-aes on linux / x86. 
cipher-aes only received extensive testing on i386/x86_64 and linux,
for other platform fallback to a more tested version in cryptocipher.
 2012-08-04 22:31:38 +01:00
Vincent Hanquez
3613061131 stylistic adjustments 2012-08-04 16:51:12 +01:00
Martin Grabmueller
fa3e2aec1c Add client cert handshake messages to tests. 2012-07-28 14:40:37 +02:00
Martin Grabmueller
0102d23017 Improve testability with a newtype. 2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a Add client cert support for SSL3. 2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c Merge remote-tracking branch 'upstream/next' into client-certificate 
Conflicts:
	Network/TLS/Context.hs
	Network/TLS/Record/Disengage.hs
 2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66 Small optimization. 2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638 Harmonize code for pre-1.2 and 1.2 versions. 2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c Use correct version number, simplify code. 2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4 add callback on server to choose cipher according to version. 
default to previous behavior: choosing the first cipher that match
 2012-07-23 21:53:59 +01:00
Vincent Hanquez
cf585d95c3 bump version to 0.9.8 2012-07-23 21:29:31 +01:00
Vincent Hanquez
720e98df78 export SessionID and SessionData 2012-07-23 21:24:51 +01:00
Vincent Hanquez
7518af2f38 bump version to 0.9.7 2012-07-23 09:23:21 +01:00
Vincent Hanquez
c686d8d382 [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.

Conflicts:

	Network/TLS/IO.hs
	Network/TLS/State.hs
 2012-07-23 09:23:02 +01:00
Vincent Hanquez
4d91e67750 harden packet record chunking. 
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
 2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
 2012-07-23 08:54:25 +01:00