Martin Grabmueller
3c46042ce5
Integrate client certificate settings into RoleParams,
...
remember client cert chain for use after handshake has
finished.
2012-07-16 14:36:44 +02:00
Martin Grabmueller
4d53898c5c
Fix verification/signing.
2012-07-15 22:18:27 +02:00
Martin Grabmueller
325c9be4c7
Use getOpaque16 and check for valid DN length.
2012-07-14 16:56:04 +02:00
Martin Grabmueller
74f1bf79ea
Use subject instead of issuer for certificate request.
2012-07-14 16:50:48 +02:00
Martin Grabmueller
f08eb43055
Add comments and FIXMEs.
2012-07-14 16:49:46 +02:00
Martin Grabmueller
9e710b5e88
Accept empty client certificate list. Will error on verification.
2012-07-13 22:29:36 +02:00
Martin Grabmueller
f5972a4818
Implement client certificate support in handshake.
2012-07-13 22:04:23 +02:00
Martin Grabmueller
a2825c31ac
Pull out common functionality for client and server handshake.
2012-07-13 21:48:37 +02:00
Martin Grabmueller
6483e954f4
Add abstractions for accessing client certificate state.
2012-07-13 21:44:19 +02:00
Martin Grabmueller
e617a1bbec
Store public key from client certificate in server mode.
2012-07-13 21:33:45 +02:00
Martin Grabmueller
ef90cda757
Ensure that the same handshake packets are included
...
in the handshake digest for sending and receiving.
2012-07-13 21:23:01 +02:00
Martin Grabmueller
2b101b6fa7
Add function for retrieving certificate verify digest.
2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2
Extend state to hold information about ongoing client certificate exchange.
2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4
Extend state to hold client private/public keys and add
...
functions for signing and verifying with these keys.
2012-07-13 21:08:23 +02:00
Martin Grabmueller
224f9d4e2c
Add proper types for certificate request/verify messages.
2012-07-13 17:20:10 +02:00
Martin Grabmueller
8b7b2ff1bf
Add parameter structures for client certificates (both server and client versions).
2012-07-13 16:47:58 +02:00
Martin Grabmueller
58beee4f9f
Add functions for signing/verifying with private/public keys.
2012-07-13 16:33:12 +02:00
Vincent Hanquez
ff14e0b988
fixing new API breakage related to RoleParam and SessionManager change
2012-07-12 09:04:50 +01:00
Vincent Hanquez
ce3f724564
add usual header.
2012-07-12 09:03:48 +01:00
Vincent Hanquez
e47501736b
add usual header
2012-07-12 09:03:24 +01:00
Vincent Hanquez
12104f612e
documentation fixup.
2012-07-12 09:02:38 +01:00
Vincent Hanquez
b140b61012
upgrade cabal-version and fixup problems related to the upgrade.
2012-07-12 09:02:27 +01:00
Vincent Hanquez
4179ceba82
start using Client and Server distinction for want client cert and session resume with
2012-07-12 09:02:10 +01:00
Vincent Hanquez
c8d9f0677b
switch session related callback to a new SessionManager class.
...
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
2012-07-12 08:59:59 +01:00
Vincent Hanquez
9c3177a16a
split some common types from struct and move them to types.
2012-07-12 08:56:16 +01:00
Vincent Hanquez
1048815206
expose more context role related helpers and types.
2012-07-12 08:54:34 +01:00
Vincent Hanquez
593f1affbb
fixes to run on tls 1.0
2012-07-10 07:58:01 +01:00
Vincent Hanquez
d0d48bb476
export SessionID and SessionData.
2012-07-08 10:14:09 +01:00
Vincent Hanquez
6ae20f4125
remove npnId and use Extension's proper definition
2012-07-05 05:36:28 +01:00
Martin Grabmueller
3d629acaf1
Add missing module Network.TLS.Handshake to .cabal file.
2012-07-04 22:15:19 +02:00
Vincent Hanquez
e1bc9db398
bump version to 0.9.6
2012-07-03 07:18:10 +01:00
Vincent Hanquez
daa5fd42a4
export clientWith and serverWith
2012-07-03 07:14:28 +01:00
Vincent Hanquez
b57ef66d28
move extension decoding and encoding in a separate file.
2012-05-14 06:39:20 +01:00
Vincent Hanquez
d8b37f7fb9
move runGetErr and add runGetMaybe
2012-05-14 06:36:17 +01:00
Vincent Hanquez
5844120e4c
rename NextProtocolNegotiation as HsNextProtocolNegotiation
2012-05-14 06:35:55 +01:00
Vincent Hanquez
d0481f76a3
remove the need to have same length arguments in bytesEq. bail early in case strings have different size.
2012-05-14 06:32:47 +01:00
Vincent Hanquez
9b32e6d5f4
[SECURITY] use constant equality testing to prevent timing determination of the expected value.
...
it doesn't seems to be in an usable context though.
2012-05-14 06:32:14 +01:00
Vincent Hanquez
8509d7dbc1
rename Extension in ExtensionRaw.
2012-05-14 04:41:50 +01:00
Vincent Hanquez
e1ea61bafa
factorize npn extension ID.
2012-05-14 04:41:09 +01:00
Vincent Hanquez
e6f4f9a688
add some header comment for Handshake
2012-04-27 07:29:35 +01:00
Vincent Hanquez
d8d049726d
move Handshake into its own module
2012-04-27 07:28:17 +01:00
Vincent Hanquez
f93312b50f
separate lowlevel IO operation in its own module.
2012-04-27 07:21:29 +01:00
Vincent Hanquez
2adf07cf38
Include all test files in the cabal package.
...
Reported-by: Alexander Vershilov
2012-04-22 20:18:47 +01:00
Vincent Hanquez
b5280cdde8
fix compilation related to merge of master branch in next.
2012-04-20 22:23:10 +01:00
Vincent Hanquez
2379dea770
Merge branch 'master' into next
...
Conflicts:
Examples/CheckCiphers.hs
Examples/RetrieveCertificate.hs
Examples/SimpleClient.hs
Examples/Stunnel.hs
Network/TLS/Extra/Certificate.hs
tls-extra.cabal
2012-04-20 21:12:38 +01:00
Felipe Lessa
cb0cb14732
Define 'state' only for mtl >= 2.1.
...
Conflicts:
Network/TLS/State.hs
2012-04-20 21:08:53 +01:00
Felipe Lessa
3f280e2d70
Define MonadState TLSSt's state function.
...
For some reason that I still don't know, when using state's
default definition with libraries
base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
certificate-1.2.1-c61f160cdafc328081aeb08858403878
crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
mtl-2.1-e90c46af21f3870cee46f6218510d29d
I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state'). In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients. For example,
$ tls-simpleclient graph.facebook.com 443
tls-simpleclient: <<loop>>
This commit fixes this bug.
(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)
Conflicts:
Network/TLS/State.hs
2012-04-20 21:07:08 +01:00
Vincent Hanquez
9dddf3660a
put a high bound for cryptocipher
2012-04-20 21:06:21 +01:00
Vincent Hanquez
bf2f276c0c
add some debug info
2012-04-20 21:05:46 +01:00
Vincent Hanquez
0871e47909
bump certificate version to > 1.1
2012-04-20 21:05:28 +01:00