Vincent Hanquez
957a005664
move all tls into a core directory.
2012-09-05 06:27:06 +01:00
Vincent Hanquez
41f7c9c71b
update to certificate 1.2.6
2012-09-01 15:25:04 +01:00
Vincent Hanquez
e2eb3ba95c
use the new getList
2012-08-27 15:05:23 +01:00
Vincent Hanquez
d49bff619b
move comment marker at the same level of code.
2012-08-27 14:22:53 +01:00
Vincent Hanquez
fcec7b70e4
use liftM instead of handrolled version
2012-08-27 14:21:19 +01:00
Vincent Hanquez
4250a3e2d9
add a comment so that we remember why it's there.
2012-08-27 14:20:54 +01:00
Vincent Hanquez
b64813edac
fixup for merge.
...
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
2012-08-05 07:15:32 +01:00
Martin Grabmueller
0102d23017
Improve testability with a newtype.
2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a
Add client cert support for SSL3.
2012-07-28 14:22:16 +02:00
Martin Grabmueller
12a1632739
Add initial support for client certificates with TLS 1.2.
2012-07-21 23:24:47 +02:00
Martin Grabmueller
c799b18c4c
Fix encoding of CertRequest, so that encoding and decoding are inverses.
2012-07-17 17:33:11 +02:00
Martin Grabmueller
325c9be4c7
Use getOpaque16 and check for valid DN length.
2012-07-14 16:56:04 +02:00
Martin Grabmueller
224f9d4e2c
Add proper types for certificate request/verify messages.
2012-07-13 17:20:10 +02:00
Vincent Hanquez
b57ef66d28
move extension decoding and encoding in a separate file.
2012-05-14 06:39:20 +01:00
Vincent Hanquez
d8b37f7fb9
move runGetErr and add runGetMaybe
2012-05-14 06:36:17 +01:00
Vincent Hanquez
5844120e4c
rename NextProtocolNegotiation as HsNextProtocolNegotiation
2012-05-14 06:35:55 +01:00
Vincent Hanquez
8509d7dbc1
rename Extension in ExtensionRaw.
2012-05-14 04:41:50 +01:00
Vincent Hanquez
9da6b9c8c8
expand tabs.
2012-03-27 08:57:51 +01:00
Vincent Hanquez
3b4baf2f91
move encoding and decoding of NPN packet from Wire to Packet
2012-03-16 08:06:55 +00:00
Lennart Kolmodin
1bd53d9790
Spell 'negotiation' as in the spec.
2012-02-13 22:54:04 +04:00
Vincent Hanquez
c17aa30599
prepare source for NPN.
2012-02-07 21:24:30 +00:00
Vincent Hanquez
8f706d8a56
only import necessary bits from X509.
2012-02-07 20:39:46 +00:00
Vincent Hanquez
64202c2748
refined wire helper function to support TLS opaque types directly.
...
opaque type are length prefix bytestring and are used everywhere.
the helper simplify their marshalling/unmarshalling and make it less
error prone and semantically better.
2012-02-07 07:48:11 +00:00
Vincent Hanquez
e1fea031af
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
2011-12-01 08:41:01 +00:00
Vincent Hanquez
7a1c6808b7
add some cases and cleanup a bit the server key exchange message parsing.
2011-11-13 09:16:52 +00:00
Vincent Hanquez
ba942d0c24
separate the function to get one from multiple signature hash
2011-08-17 20:47:36 +01:00
Vincent Hanquez
6d5585c74a
switch to one hashctx that can contains 2 hashctx, and add a special updateSSL for SSL3.
2011-08-14 16:18:09 +01:00
Vincent Hanquez
68be94060e
update hash interface to hide the state through typeclass and existentialquantification.
2011-08-14 14:34:34 +01:00
Vincent Hanquez
d5ebf32b7f
in the SSL3 case, we hardcode SHA1.hash and MD5.hash instead of using the hash abstraction.
2011-08-14 14:33:26 +01:00
Vincent Hanquez
394381a2f5
define more stuff for TLS1.2 related to PRF.
2011-08-14 12:21:54 +01:00
Vincent Hanquez
e4a4d99528
add some TLS12 prf related defs
2011-08-12 21:57:30 +01:00
Vincent Hanquez
58e758a1ab
misc cleanup
2011-08-12 20:59:14 +01:00
Vincent Hanquez
c27fc6187d
properly encode/decode secure renegotiation extension
2011-06-13 08:33:14 +01:00
Vincent Hanquez
6945147122
add label to serialize get operations
2011-06-12 21:38:42 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41
add more handling of server key xchg and dh_anon
2011-06-07 08:59:20 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
03c07ce173
hello extensions can be present since SSL3
2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0
simplify decoding by just getting the remaining content
2011-06-06 07:55:09 +01:00
Vincent Hanquez
0710d44f3d
code alignment
2011-06-06 07:54:40 +01:00
Vincent Hanquez
8ee6f728bd
add signature
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b
add a structure to parametrize decoding encoding related to version, key exchange type, ...
2011-05-12 09:13:53 +01:00
Vincent Hanquez
9f3714dd1c
simplify parsing of packets
...
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
2011-04-24 09:44:18 +01:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
863c09e0d4
put the throwError inside the runGet instead of outside.
...
related to a monad either overlapping report.
2010-11-03 23:06:04 +00:00
Vincent Hanquez
0d342a68f7
use monads-fd instead of mtl
2010-10-24 12:02:45 +01:00
Vincent Hanquez
cfff801bd9
properly finish SSL3 digest computation.
...
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
2010-10-06 09:07:48 +01:00
Vincent Hanquez
3c2ebe5c08
more generation of SSL block/finished values.
2010-10-05 18:48:28 +01:00
Vincent Hanquez
5a6ff3abe8
take in account that we can receive multiple handshakes in the same tls fragment.
2010-10-02 10:58:41 +01:00