yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
449 commits 1 branch 11 tags 1.7 MiB
Commit graph

42 commits

Author SHA1 Message Date
Vincent Hanquez
7640a90d2f introduce a hashandsignaturealgorithm alias. 2012-08-27 08:25:02 +01:00
Martin Grabmueller
0102d23017 Improve testability with a newtype. 2012-07-28 14:40:11 +02:00
Martin Grabmueller
12a1632739 Add initial support for client certificates with TLS 1.2. 2012-07-21 23:24:47 +02:00
Martin Grabmueller
c799b18c4c Fix encoding of CertRequest, so that encoding and decoding are inverses. 2012-07-17 17:33:11 +02:00
Martin Grabmueller
224f9d4e2c Add proper types for certificate request/verify messages. 2012-07-13 17:20:10 +02:00
Martin Grabmueller
8b7b2ff1bf Add parameter structures for client certificates (both server and client versions). 2012-07-13 16:47:58 +02:00
Vincent Hanquez
9c3177a16a split some common types from struct and move them to types. 2012-07-12 08:56:16 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
8509d7dbc1 rename Extension in ExtensionRaw. 2012-05-14 04:41:50 +01:00
Vincent Hanquez
9da6b9c8c8 expand tabs. 2012-03-27 08:57:51 +01:00
Lennart Kolmodin
1bd53d9790 Spell 'negotiation' as in the spec. 2012-02-13 22:54:04 +04:00
Lennart Kolmodin
e3e7e3c02a Partial, but working, implementation of serverside NPN. 2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599 prepare source for NPN. 2012-02-07 21:24:30 +00:00
Vincent Hanquez
a3890e959d add a sessionData type to bundle everything required for a session. 2011-12-12 08:25:45 +00:00
Vincent Hanquez
eb8a00ef67 add a session ID type. 2011-12-12 08:25:21 +00:00
Vincent Hanquez
dace1096cf remove old comment 2011-12-12 08:24:39 +00:00
Vincent Hanquez
9ec505a59a Merge branch 'hsm' 
Conflicts:
	Network/TLS/Core.hs
 2011-12-01 08:55:44 +00:00
Vincent Hanquez
e1fea031af consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer. 2011-12-01 08:41:01 +00:00
Vincent Hanquez
297f0d351b Check handshake policy on server during a new client handshake. 
It allows server to detect clients that want to abuse single handledly
the server resources by issuing handshakes.

The callback get some measurements on the number of bytes received and sent
since last handshake and also the number of handshake on this context.
 2011-11-12 11:05:12 +00:00
Vincent Hanquez
98ded9d6f4 only import X509 from the X509 module. 2011-10-11 05:36:15 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
06baeecea7 remove space. 2011-08-12 18:33:43 +01:00
Vincent Hanquez
d2e6235410 throw proper error with partial packets and EOF 2011-06-13 08:19:29 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41 add more handling of server key xchg and dh_anon 2011-06-07 08:59:20 +01:00
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
bdba471ebe define a more generic protocol error, and remove the digest error 2011-05-12 09:13:53 +01:00
Vincent Hanquez
e4f40cf55e comment 2011-05-12 09:13:53 +01:00
Vincent Hanquez
277e39b931 define TLSError as Exception material 2011-05-12 09:13:53 +01:00
Vincent Hanquez
c111389b30 capitalize DH 2011-05-11 07:34:15 +01:00
Vincent Hanquez
9f3714dd1c simplify parsing of packets 
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
 2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4 set the error instance of TLSError with the definition of TLSError. prevent orphan instance 2011-04-24 09:32:49 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
5ab032b3c9 add more haddock related stuff 2011-03-02 08:43:05 +00:00
Vincent Hanquez
22ea02ffe4 move to certificate >= 0.6 2011-02-20 08:35:14 +00:00
Vincent Hanquez
65942b945f massive change on the RNG and add support for CryptoRandomGen 
use an inline AES counter system to generate random data.
 2010-11-04 19:05:36 +00:00
Vincent Hanquez
e189f37a67 new state machine 2010-10-02 22:02:37 +01:00
Vincent Hanquez
f033a0d973 reorganize the way we decrypt data to be nicer. 
as a bonus, finally check if padding is valid.
 2010-09-26 20:56:51 +01:00
Vincent Hanquez
8f91009884 use strict bytestring instead of lazy bytestring. 
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
 2010-09-26 10:34:47 +01:00
Vincent Hanquez
f4f4968a82 change clientkeyxchg data to be a specific type 2010-09-13 21:10:25 +01:00
Vincent Hanquez
0b5a0dc548 initial import 2010-09-09 22:47:19 +01:00