yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
444 commits 1 branch 11 tags 1.7 MiB
Commit graph

107 commits

Author SHA1 Message Date
Vincent Hanquez
2a685b2601 remove the state machine is favor of a straightforward pattern matching state machine. 
simplify code massively and make it easy to support other packet flow later.
 2011-11-29 08:59:41 +00:00
Vincent Hanquez
0f4c6a0c47 refactor to be able to modify state machine mechanism 2011-11-28 08:01:19 +00:00
Vincent Hanquez
23113e3d3b separate code path on client to be able to handle session resume 2011-11-13 11:12:26 +00:00
Vincent Hanquez
63110fb5ce add a wrapper to recvPacket to only receive handshake types. 2011-11-13 11:11:39 +00:00
Vincent Hanquez
0f4c448bf2 move comment where it should be. 2011-11-13 08:53:00 +00:00
Vincent Hanquez
ba4a2de730 separate code path on server when doing a session resume. 2011-11-12 16:15:05 +00:00
Vincent Hanquez
297f0d351b Check handshake policy on server during a new client handshake. 
It allows server to detect clients that want to abuse single handledly
the server resources by issuing handshakes.

The callback get some measurements on the number of bytes received and sent
since last handshake and also the number of handshake on this context.
 2011-11-12 11:05:12 +00:00
Vincent Hanquez
63fabf9956 add some measurements of bytes received/sent and number of handshakes per context. 2011-11-11 19:05:17 +00:00
Vincent Hanquez
905aff7564 fix typo in error message 2011-10-08 09:41:09 +01:00
Vincent Hanquez
273d5285c2 allow definition of client and server with different connection/operations type 2011-09-29 09:22:27 +01:00
Vincent Hanquez
dff8e03476 curry the connection 2011-09-29 09:14:02 +01:00
Vincent Hanquez
9b099fd0ff vectorized the actual connection type, so one could use Socket or Fd as long as handles. 2011-09-29 08:29:28 +01:00
Vincent Hanquez
7d6116c20b put TLS12 in default allowed versions 2011-09-29 08:27:55 +01:00
Vincent Hanquez
b6a1b3ed14 misc cleanup 2011-08-13 07:56:17 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
abc571223a Change compression API to work properly. 
- distinguish compression from decompression
- add a context
- move from a record structure to typeclass + wrapping data for hiding the existential quantification.
 2011-08-12 18:31:58 +01:00
Vincent Hanquez
28e04f8849 Use the encode function to encode the secure renegotiation extension. 
fix a bug on the client side when secure renegotiation is enabled on client and server.
 2011-06-19 21:23:01 +01:00
Vincent Hanquez
c27fc6187d properly encode/decode secure renegotiation extension 2011-06-13 08:33:14 +01:00
Vincent Hanquez
d2e6235410 throw proper error with partial packets and EOF 2011-06-13 08:19:29 +01:00
Vincent Hanquez
1b8474d388 create a sendClientKeyXchg 2011-06-12 21:55:22 +01:00
Vincent Hanquez
02f77a1225 set server and client parameter directly in core, not in the sending processing layer. 2011-06-12 21:42:55 +01:00
Vincent Hanquez
2d33ea3fad separate the IO operation from the decoding. 2011-06-12 21:40:02 +01:00
Vincent Hanquez
69a40eb656 use throwCore instead of error 2011-06-12 21:39:34 +01:00
Vincent Hanquez
30d52f0398 fix comment 2011-06-12 21:39:17 +01:00
Vincent Hanquez
1358a2ef56 throw error if recvPacket errors instead of ignoring it. 2011-06-12 21:38:18 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
8329187394 fill the server hello in the server and check the return value in the client. 2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
9cd0ed0515 handle exception in handshake and report to the user if the handshake has been successful or not. 2011-05-13 08:39:15 +01:00
Vincent Hanquez
432639688f properly handle the mvar to put the st back if an exception happens. 2011-05-13 07:12:54 +01:00
Vincent Hanquez
8434cb24e2 use proper protocol error in the server during clienthello 2011-05-13 07:08:27 +01:00
Vincent Hanquez
f7ed7f541a throw a proper protocol error in case the version is not supported 2011-05-13 07:03:16 +01:00
Vincent Hanquez
f140e1c579 change onRecvCertificate callback to be able to track the reason of rejection, and returns the proper alert to the other side. 2011-05-13 07:02:44 +01:00
Vincent Hanquez
f1222ece5d add placeholder code to handle alerts during recvData. 2011-05-12 09:13:53 +01:00
Vincent Hanquez
fa384d87c7 raise a proper HandshakeFailure if no cipher works 2011-05-12 09:13:53 +01:00
Vincent Hanquez
3b76a3ed7c raise a ProtocolVersion error if version negociated is SSL2 2011-05-12 09:13:53 +01:00
Vincent Hanquez
eac638bc27 if we received a packet too big, raise a RecordOverflow error 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f569440782 add throw IO ability to core 2011-05-12 09:13:53 +01:00
Vincent Hanquez
7f6f511839 Add a way to show packet sent and received at the protocol level. very useful for debugging. 2011-05-04 08:41:16 +01:00
Vincent Hanquez
69d3604a64 do not call new variable state. it's already defined by the state module. 2011-04-24 13:43:57 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
55b7490102 a packet can contain multiple appdata, process it as such. 2011-03-23 21:48:58 +00:00
Vincent Hanquez
74633cd68f add internal module as backdoor for hidden function/definition. 
also export core sendPacket/recvPacket
 2011-03-19 21:45:43 +00:00
Vincent Hanquez
da6e72ba7e correct comment 2011-03-19 08:37:47 +00:00
Vincent Hanquez
5ab032b3c9 add more haddock related stuff 2011-03-02 08:43:05 +00:00
Vincent Hanquez
14f635cf3e Fix documentation and cleanup remaining bits 2011-03-02 07:56:37 +00:00
Vincent Hanquez
a8d1e05179 fold remaining bit of client/server in core. cleanup 2011-03-02 07:41:59 +00:00
Vincent Hanquez
7237bec83e fold handshake stuff from server to core. 2011-03-02 07:35:25 +00:00
Vincent Hanquez
73979e9db4 move initiate into handshake in core. 2011-03-01 23:09:17 +00:00
Vincent Hanquez
c1a20efe74 move sendData to core 2011-03-01 20:01:40 +00:00
Vincent Hanquez
353783abdf put server/client in core 2011-03-01 20:01:40 +00:00
Vincent Hanquez
f4cc8999db move 'close' api to core and rename to 'bye' to avoid a meaning conflict with unix close. 2011-03-01 20:01:40 +00:00
Vincent Hanquez
f260c5b9cf modify client API to be like the server API. 2011-03-01 20:01:40 +00:00
Vincent Hanquez
5e8d2fa776 move server to the new split API and have the server function in a monadIO monad. 
the state mvar is for now mostly useless, although completly harmeless; it will
be useful to be able to use the ctx in a threaded context.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
9586b05395 unify clientparams and serverparams 2011-03-01 20:01:40 +00:00