Vincent Hanquez
|
ad47dcdcc0
|
add debuggability of the server side too.
|
2011-06-12 19:23:17 +01:00 |
|
Vincent Hanquez
|
a93bd26770
|
check handshake return value
|
2011-06-12 19:22:32 +01:00 |
|
Vincent Hanquez
|
1b342d8223
|
use the handshake returns value to know if we need to carry on.
|
2011-06-11 11:49:44 +01:00 |
|
Vincent Hanquez
|
ecaee55802
|
fixup related to tls refactoring of the record layer.
|
2011-06-10 21:25:56 +01:00 |
|
Vincent Hanquez
|
5207a41a57
|
reflect the fact in types that the record layer record returns list of same header type.
|
2011-06-10 21:24:46 +01:00 |
|
Vincent Hanquez
|
206205091b
|
put secure renegotiation as a quickcheck parameter.
|
2011-06-08 08:39:16 +01:00 |
|
Vincent Hanquez
|
1fff2eb2f6
|
update for new TLS 0.7
|
2011-06-08 07:47:37 +01:00 |
|
Vincent Hanquez
|
ee6b0ad97a
|
update LICENSE
|
2011-06-08 07:47:32 +01:00 |
|
Vincent Hanquez
|
f56f5d6e41
|
add more handling of server key xchg and dh_anon
|
2011-06-07 08:59:20 +01:00 |
|
Vincent Hanquez
|
2e6c963ace
|
update TODO
|
2011-06-07 08:30:49 +01:00 |
|
Vincent Hanquez
|
32e81622e5
|
update LICENSE
|
2011-06-07 08:28:49 +01:00 |
|
Vincent Hanquez
|
8329187394
|
fill the server hello in the server and check the return value in the client.
|
2011-06-07 08:28:02 +01:00 |
|
Vincent Hanquez
|
96e6979ed4
|
misc change and start to trickle through the support for secure renegotiation
|
2011-06-07 08:13:43 +01:00 |
|
Vincent Hanquez
|
d3de5de4cd
|
add way to store verified data and to activate/deactivate the feature
|
2011-06-07 07:41:31 +01:00 |
|
Vincent Hanquez
|
093cd2c9fb
|
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
|
2011-06-06 08:16:24 +01:00 |
|
Vincent Hanquez
|
cead67c558
|
add secure renegociation flag in state
|
2011-06-06 08:03:18 +01:00 |
|
Vincent Hanquez
|
03c07ce173
|
hello extensions can be present since SSL3
|
2011-06-06 07:56:10 +01:00 |
|
Vincent Hanquez
|
a2059de7c0
|
simplify decoding by just getting the remaining content
|
2011-06-06 07:55:09 +01:00 |
|
Vincent Hanquez
|
0710d44f3d
|
code alignment
|
2011-06-06 07:54:40 +01:00 |
|
Vincent Hanquez
|
5789a2cd22
|
fix certificateVerifyChain to not assume there's a chain.
|
2011-05-31 21:38:45 +01:00 |
|
Vincent Hanquez
|
6462d8069b
|
add self signed functions
|
2011-05-31 21:37:46 +01:00 |
|
Vincent Hanquez
|
8df0b64b9d
|
adding some documentation
|
2011-05-31 21:36:56 +01:00 |
|
Vincent Hanquez
|
a0ef8b36b3
|
remove commented code
|
2011-05-31 21:36:38 +01:00 |
|
Vincent Hanquez
|
cb41a771c3
|
fixup tls 0.7 new certificate callback usage
|
2011-05-14 09:12:30 +01:00 |
|
Vincent Hanquez
|
688bc7b951
|
rename CipherKeyExchangeRSA
|
2011-05-13 21:42:57 +01:00 |
|
Vincent Hanquez
|
283a1a8831
|
bump tls dependency to 0.7.0
|
2011-05-13 21:42:47 +01:00 |
|
Vincent Hanquez
|
ad5ed604f9
|
bump tls-extra
|
2011-05-13 21:42:37 +01:00 |
|
Vincent Hanquez
|
f74626e065
|
throw proper error if we receive an unexpected transition.
|
2011-05-13 21:40:11 +01:00 |
|
Vincent Hanquez
|
dd1ab24f10
|
bump version to 0.7.0
|
2011-05-13 21:05:44 +01:00 |
|
Vincent Hanquez
|
9cd0ed0515
|
handle exception in handshake and report to the user if the handshake has been successful or not.
|
2011-05-13 08:39:15 +01:00 |
|
Vincent Hanquez
|
6eef56c60f
|
[SECURITY] fix TLS1.1 block cipher IV usage.
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
|
2011-05-13 08:10:13 +01:00 |
|
Vincent Hanquez
|
432639688f
|
properly handle the mvar to put the st back if an exception happens.
|
2011-05-13 07:12:54 +01:00 |
|
Vincent Hanquez
|
8434cb24e2
|
use proper protocol error in the server during clienthello
|
2011-05-13 07:08:27 +01:00 |
|
Vincent Hanquez
|
f7ed7f541a
|
throw a proper protocol error in case the version is not supported
|
2011-05-13 07:03:16 +01:00 |
|
Vincent Hanquez
|
f140e1c579
|
change onRecvCertificate callback to be able to track the reason of rejection, and returns the proper alert to the other side.
|
2011-05-13 07:02:44 +01:00 |
|
Vincent Hanquez
|
f1222ece5d
|
add placeholder code to handle alerts during recvData.
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
fa384d87c7
|
raise a proper HandshakeFailure if no cipher works
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
3b76a3ed7c
|
raise a ProtocolVersion error if version negociated is SSL2
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
eac638bc27
|
if we received a packet too big, raise a RecordOverflow error
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
f569440782
|
add throw IO ability to core
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
0582234934
|
cleanup for not having to use fromJust
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
9db7ccbfca
|
throw proper error for bad record mac
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
a435a9add1
|
remove unnecessary import
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
bdba471ebe
|
define a more generic protocol error, and remove the digest error
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
e4f40cf55e
|
comment
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
277e39b931
|
define TLSError as Exception material
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
8ee6f728bd
|
add signature
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
f464927a0b
|
add a structure to parametrize decoding encoding related to version, key exchange type, ...
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
4b5812529b
|
derive Show and Eq from CipherKeyExchangeType
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
1e294bbbff
|
rename cipherkeyexchange types
|
2011-05-12 09:13:49 +01:00 |
|