yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
666 commits 1 branch 11 tags 1.7 MiB
Commit graph

666 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
9baf74e3db bump version 2012-08-15 22:13:03 +01:00
Vincent Hanquez
7c061a44fa Merge pull request #16 from joeyadams/fix-for-ghc-7.6 
Fix build for GHC 7.6
 2012-08-15 14:10:48 -07:00
Joey Adams
dcecf7e3f5 Fix build for GHC 7.6 
In base 4.6, Prelude no longer exports 'catch'.

Also, removed a redundant "import Data.Maybe" in TLS.Context .
This does not break the build on GHC 7.0.3 and 7.4.2 .
 2012-08-12 22:17:08 -04:00
Vincent Hanquez
b64813edac fixup for merge. 
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
 2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee Merge remote-tracking branch 'mgrabmueller/client-certificate' into next 
Conflicts:
	Network/TLS/Context.hs
 2012-08-05 07:12:07 +01:00
Vincent Hanquez
53570020f9 Use cipher-aes on linux / x86. 
cipher-aes only received extensive testing on i386/x86_64 and linux,
for other platform fallback to a more tested version in cryptocipher.
 2012-08-04 22:31:38 +01:00
Vincent Hanquez
3613061131 stylistic adjustments 2012-08-04 16:51:12 +01:00
Martin Grabmueller
fa3e2aec1c Add client cert handshake messages to tests. 2012-07-28 14:40:37 +02:00
Martin Grabmueller
0102d23017 Improve testability with a newtype. 2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a Add client cert support for SSL3. 2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c Merge remote-tracking branch 'upstream/next' into client-certificate 
Conflicts:
	Network/TLS/Context.hs
	Network/TLS/Record/Disengage.hs
 2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66 Small optimization. 2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638 Harmonize code for pre-1.2 and 1.2 versions. 2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c Use correct version number, simplify code. 2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4 add callback on server to choose cipher according to version. 
default to previous behavior: choosing the first cipher that match
 2012-07-23 21:53:59 +01:00
Vincent Hanquez
cf585d95c3 bump version to 0.9.8 2012-07-23 21:29:31 +01:00
Vincent Hanquez
720e98df78 export SessionID and SessionData 2012-07-23 21:24:51 +01:00
Vincent Hanquez
7518af2f38 bump version to 0.9.7 2012-07-23 09:23:21 +01:00
Vincent Hanquez
c686d8d382 [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.

Conflicts:

	Network/TLS/IO.hs
	Network/TLS/State.hs
 2012-07-23 09:23:02 +01:00
Vincent Hanquez
4d91e67750 harden packet record chunking. 
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
 2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
 2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739 Add initial support for client certificates with TLS 1.2. 2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5 Start client certificate support for TLS1.2. 
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
 2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7 Add documentation. 2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457 Fix broken negotiation by separating active from pending crypt/mac states. 2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659 Clean up and simplify code. 2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209 Fix missing digest update in server for CertVerify message. 2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813 Experimental debug output. 2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c Fix encoding of CertRequest, so that encoding and decoding are inverses. 2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e Separate finish from certificate verify digests. Will make it easier to support TLS1.2. 2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4 Add comments. 2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5 Integrate client certificate settings into RoleParams, 
remember client cert chain for use after handshake has
finished.
 2012-07-16 14:36:44 +02:00
Martin Grabmueller
4d53898c5c Fix verification/signing. 2012-07-15 22:18:27 +02:00
Martin Grabmueller
325c9be4c7 Use getOpaque16 and check for valid DN length. 2012-07-14 16:56:04 +02:00
Martin Grabmueller
74f1bf79ea Use subject instead of issuer for certificate request. 2012-07-14 16:50:48 +02:00
Martin Grabmueller
f08eb43055 Add comments and FIXMEs. 2012-07-14 16:49:46 +02:00
Martin Grabmueller
9e710b5e88 Accept empty client certificate list. Will error on verification. 2012-07-13 22:29:36 +02:00
Martin Grabmueller
f5972a4818 Implement client certificate support in handshake. 2012-07-13 22:04:23 +02:00
Martin Grabmueller
a2825c31ac Pull out common functionality for client and server handshake. 2012-07-13 21:48:37 +02:00
Martin Grabmueller
6483e954f4 Add abstractions for accessing client certificate state. 2012-07-13 21:44:19 +02:00
Martin Grabmueller
e617a1bbec Store public key from client certificate in server mode. 2012-07-13 21:33:45 +02:00
Martin Grabmueller
ef90cda757 Ensure that the same handshake packets are included 
in the handshake digest for sending and receiving.
 2012-07-13 21:23:01 +02:00
Martin Grabmueller
2b101b6fa7 Add function for retrieving certificate verify digest. 2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2 Extend state to hold information about ongoing client certificate exchange. 2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4 Extend state to hold client private/public keys and add 
functions for signing and verifying with these keys.
 2012-07-13 21:08:23 +02:00
Martin Grabmueller
224f9d4e2c Add proper types for certificate request/verify messages. 2012-07-13 17:20:10 +02:00
Martin Grabmueller
8b7b2ff1bf Add parameter structures for client certificates (both server and client versions). 2012-07-13 16:47:58 +02:00
Martin Grabmueller
58beee4f9f Add functions for signing/verifying with private/public keys. 2012-07-13 16:33:12 +02:00
Vincent Hanquez
ff14e0b988 fixing new API breakage related to RoleParam and SessionManager change 2012-07-12 09:04:50 +01:00
Vincent Hanquez
ce3f724564 add usual header. 2012-07-12 09:03:48 +01:00