Vincent Hanquez
7c04e7f186
add servername extension encoding/decoding
2012-08-27 15:11:29 +01:00
Vincent Hanquez
7ae078c1ce
add comments
2012-08-27 15:11:17 +01:00
Vincent Hanquez
7036d4becd
rename fields to use the new type alias HashAndSignatureAlgorithm.
2012-08-27 15:05:53 +01:00
Vincent Hanquez
e2eb3ba95c
use the new getList
2012-08-27 15:05:23 +01:00
Vincent Hanquez
d49bff619b
move comment marker at the same level of code.
2012-08-27 14:22:53 +01:00
Vincent Hanquez
fcec7b70e4
use liftM instead of handrolled version
2012-08-27 14:21:19 +01:00
Vincent Hanquez
4250a3e2d9
add a comment so that we remember why it's there.
2012-08-27 14:20:54 +01:00
Vincent Hanquez
419c96c935
add a getList to get multiple elements
2012-08-27 14:20:04 +01:00
Vincent Hanquez
b591b821f7
use ExtensionID instead of raw Word16 in extension class signature
2012-08-27 14:18:04 +01:00
Vincent Hanquez
0e22ae7db4
check that we didn't receive any extensions from the server that we didn't sent.
...
In case that happens, fail the handshake with an unsupported extension alert.
2012-08-27 08:25:08 +01:00
Vincent Hanquez
7cc0c6c43f
define unsupported extension from tls1.2
2012-08-27 08:25:08 +01:00
Vincent Hanquez
fa662c4d0e
add extensionID and move extension id definition in struct
2012-08-27 08:25:08 +01:00
Vincent Hanquez
7640a90d2f
introduce a hashandsignaturealgorithm alias.
2012-08-27 08:25:02 +01:00
Vincent Hanquez
727f1af076
unbind ver from the where body and use pConnectVersion when needed.
...
prevent mixup with which version is actually in use.
2012-08-20 07:38:42 +01:00
Vincent Hanquez
60ea0ab89f
use the server returned value for version instead of using the one we sent.
...
fix a bug when server downgrade/upgrade the protocol version.
2012-08-20 07:37:54 +01:00
Vincent Hanquez
7edf5014b3
move client data sent to its own function.
2012-08-19 23:14:58 +01:00
Vincent Hanquez
96567891e5
use pattern match in function parameter bindings to remove couple of lines
2012-08-19 22:32:43 +01:00
Vincent Hanquez
8445c8ea7d
factor RSA signature verification.
2012-08-19 17:50:35 +01:00
Vincent Hanquez
296b5dfab6
reindent to 4 spaces, and cosmetic adjustment
2012-08-19 16:56:36 +01:00
Vincent Hanquez
0ea05e0939
split recvClientData from the handshakeServerWith function.
2012-08-19 16:52:16 +01:00
Vincent Hanquez
a4a07ccd8f
add documentation and move things around.
2012-08-19 14:37:05 +01:00
Vincent Hanquez
ab0e1c3843
add headers
2012-08-19 08:48:05 +01:00
Vincent Hanquez
6c3519e15f
split server from handshake.
2012-08-18 23:13:13 +01:00
Vincent Hanquez
9d4e4aa818
split client handshake from handshake.
2012-08-18 23:05:56 +01:00
Vincent Hanquez
975fc32889
split signature apart from handshake
2012-08-18 23:05:37 +01:00
Vincent Hanquez
4e5c2e8c1d
split apart certificate stuff from handshake.
...
at the moment it's mostly a stub, but will host all handling of
client&server certificates.
2012-08-18 22:57:58 +01:00
Vincent Hanquez
07d0d70c70
Split handshake module. preparation step, removing common functions.
2012-08-18 22:46:53 +01:00
Vincent Hanquez
b64813edac
fixup for merge.
...
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee
Merge remote-tracking branch 'mgrabmueller/client-certificate' into next
...
Conflicts:
Network/TLS/Context.hs
2012-08-05 07:12:07 +01:00
Vincent Hanquez
3613061131
stylistic adjustments
2012-08-04 16:51:12 +01:00
Martin Grabmueller
0102d23017
Improve testability with a newtype.
2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a
Add client cert support for SSL3.
2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c
Merge remote-tracking branch 'upstream/next' into client-certificate
...
Conflicts:
Network/TLS/Context.hs
Network/TLS/Record/Disengage.hs
2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66
Small optimization.
2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638
Harmonize code for pre-1.2 and 1.2 versions.
2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c
Use correct version number, simplify code.
2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4
add callback on server to choose cipher according to version.
...
default to previous behavior: choosing the first cipher that match
2012-07-23 21:53:59 +01:00
Vincent Hanquez
4d91e67750
harden packet record chunking.
...
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e
[SECURITY] add empty TLS packets before appdata
...
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739
Add initial support for client certificates with TLS 1.2.
2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5
Start client certificate support for TLS1.2.
...
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7
Add documentation.
2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457
Fix broken negotiation by separating active from pending crypt/mac states.
2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659
Clean up and simplify code.
2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209
Fix missing digest update in server for CertVerify message.
2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813
Experimental debug output.
2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c
Fix encoding of CertRequest, so that encoding and decoding are inverses.
2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e
Separate finish from certificate verify digests. Will make it easier to support TLS1.2.
2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4
Add comments.
2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5
Integrate client certificate settings into RoleParams,
...
remember client cert chain for use after handshake has
finished.
2012-07-16 14:36:44 +02:00