Vincent Hanquez
02dd7b8aa7
add support for DHE (only with RSA signing so far)
2013-12-11 16:39:25 +08:00
Vincent Hanquez
1e62ddd53f
properly account for difference of methods in key exchange.
...
still only RSA supported.
2013-12-11 16:01:07 +08:00
Vincent Hanquez
50b56ff2cf
use the new digitallySigned structure for CertVerify.
2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac
abstract signature creation/verification
2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523
cleanup CertificateVerify signature data generation
2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27
factor some code in client certificate verify message generation.
2013-12-07 12:44:45 +08:00
Vincent Hanquez
ef92b6c96f
Fix version usage related to downgrading
...
* properly chose the highest version supported on the server, instead of
chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
is done after the server chose the version.
2013-12-03 15:17:27 +08:00
Vincent Hanquez
30fe1a8fb6
make the error message a bit more precise related to which side it happen.
2013-11-29 18:44:44 +08:00
Vincent Hanquez
5ff812b3fa
provide a helper for catching exception without doing a catchall.
...
As a side effect, let AsyncException propagate
2013-11-27 15:08:22 +08:00
Vincent Hanquez
5836669878
remove unnecessary MonadIO parametrization
2013-08-01 07:52:42 +00:00
Vincent Hanquez
d69c9190b5
push down the context to key operation
2013-08-01 07:35:42 +00:00
Vincent Hanquez
0b6e6ef0e3
move startHandshake in the handshake layer
2013-08-01 07:24:18 +00:00
Vincent Hanquez
e78dccb635
use HandshakeState directly without grabbing the TLSState
2013-08-01 07:12:54 +00:00
Vincent Hanquez
8735cbba4f
move some functions out of line of handshakeClient
2013-07-29 07:19:13 +01:00
Vincent Hanquez
4b2f07c7fa
simplify the number of usingState call by grouping stuff.
...
also remove pointless and confusing processing helper
2013-07-28 15:22:17 +01:00
Vincent Hanquez
c2aed77413
add comment for onServerHello
2013-07-28 15:07:06 +01:00
Vincent Hanquez
a7724353f4
move handshake stuff in Handshake layer.
2013-07-28 09:19:28 +01:00
Vincent Hanquez
e2d5170af7
Separate tx/rx state from a single RecordState
...
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
2013-07-25 21:53:32 +01:00
Vincent Hanquez
f59804f459
move processServerHello in Handshake
2013-07-24 05:50:56 +00:00
Vincent Hanquez
37ef6af6e8
use more Role type instead of Bool
2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e
more cleanup / separation with handshake state.
2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4
remove getMasterSecret accessor
2013-07-23 05:51:44 +00:00
Vincent Hanquez
0e11f63033
move pending cipher and compression in the handshake state
...
adjust code to cope
2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec
explicitly pass role and version to setMasterSecret and derivative
2013-07-22 07:54:35 +01:00
Vincent Hanquez
199de057c3
separate more handshake state from other state.
...
reorganize pending state in record state.
2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6
move more stuff in the HandshakeM
2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea
move some handshake function to HandshakeM
2013-07-19 07:47:54 +01:00
Vincent Hanquez
4e86ffee28
split record state from state.
2013-07-13 08:03:25 +01:00
Vincent Hanquez
c132b4cb8b
first stab at separating record state from other state.
2013-07-11 09:03:33 +01:00
Vincent Hanquez
02c445a102
re-indent
2013-07-10 07:20:58 +01:00
Vincent Hanquez
0b170e624d
proper separation of NPN callback in server and client params.
...
need further cleanup for client/server role separation instead of
the getClientParams and getServerParams.
fix #34 .
2013-06-03 08:37:56 +01:00
Vincent Hanquez
8468556fe8
use x509 public key and private key instead of defining our own in tls.
2013-05-30 07:21:25 +01:00
Vincent Hanquez
fc9c6a407d
update for x509
2013-05-19 08:05:46 +01:00
Vincent Hanquez
5afd866070
add SNI extension if it has been specified in the ClientUseServerName
2013-01-27 16:09:08 +00:00
Vincent Hanquez
a14b37d528
use new crypto-pubkey
2012-12-30 15:31:13 +00:00
notogawa
a4f06256fe
accept SSLv2 format 'ClientHello' Handshake message.
2012-11-10 19:34:37 +09:00
Vincent Hanquez
aa910bfd9c
reindent
2012-10-20 08:56:53 +01:00
Vincent Hanquez
957a005664
move all tls into a core directory.
2012-09-05 06:27:06 +01:00