yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
193 commits 1 branch 11 tags 1.7 MiB
Commit graph

123 commits

Author SHA1 Message Date
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
cead67c558 add secure renegociation flag in state 2011-06-06 08:03:18 +01:00
Vincent Hanquez
03c07ce173 hello extensions can be present since SSL3 2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0 simplify decoding by just getting the remaining content 2011-06-06 07:55:09 +01:00
Vincent Hanquez
0710d44f3d code alignment 2011-06-06 07:54:40 +01:00
Vincent Hanquez
f74626e065 throw proper error if we receive an unexpected transition. 2011-05-13 21:40:11 +01:00
Vincent Hanquez
9cd0ed0515 handle exception in handshake and report to the user if the handshake has been successful or not. 2011-05-13 08:39:15 +01:00
Vincent Hanquez
6eef56c60f [SECURITY] fix TLS1.1 block cipher IV usage. 
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
 2011-05-13 08:10:13 +01:00
Vincent Hanquez
432639688f properly handle the mvar to put the st back if an exception happens. 2011-05-13 07:12:54 +01:00
Vincent Hanquez
8434cb24e2 use proper protocol error in the server during clienthello 2011-05-13 07:08:27 +01:00
Vincent Hanquez
f7ed7f541a throw a proper protocol error in case the version is not supported 2011-05-13 07:03:16 +01:00
Vincent Hanquez
f140e1c579 change onRecvCertificate callback to be able to track the reason of rejection, and returns the proper alert to the other side. 2011-05-13 07:02:44 +01:00
Vincent Hanquez
f1222ece5d add placeholder code to handle alerts during recvData. 2011-05-12 09:13:53 +01:00
Vincent Hanquez
fa384d87c7 raise a proper HandshakeFailure if no cipher works 2011-05-12 09:13:53 +01:00
Vincent Hanquez
3b76a3ed7c raise a ProtocolVersion error if version negociated is SSL2 2011-05-12 09:13:53 +01:00
Vincent Hanquez
eac638bc27 if we received a packet too big, raise a RecordOverflow error 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f569440782 add throw IO ability to core 2011-05-12 09:13:53 +01:00
Vincent Hanquez
0582234934 cleanup for not having to use fromJust 2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca throw proper error for bad record mac 2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1 remove unnecessary import 2011-05-12 09:13:53 +01:00
Vincent Hanquez
bdba471ebe define a more generic protocol error, and remove the digest error 2011-05-12 09:13:53 +01:00
Vincent Hanquez
e4f40cf55e comment 2011-05-12 09:13:53 +01:00
Vincent Hanquez
277e39b931 define TLSError as Exception material 2011-05-12 09:13:53 +01:00
Vincent Hanquez
8ee6f728bd add signature 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b add a structure to parametrize decoding encoding related to version, key exchange type, ... 2011-05-12 09:13:53 +01:00
Vincent Hanquez
4b5812529b derive Show and Eq from CipherKeyExchangeType 2011-05-12 09:13:53 +01:00
Vincent Hanquez
1e294bbbff rename cipherkeyexchange types 2011-05-12 09:13:49 +01:00
Vincent Hanquez
c111389b30 capitalize DH 2011-05-11 07:34:15 +01:00
Vincent Hanquez
969a62b79a bump certificate version to 0.8.1 2011-05-09 09:15:36 +01:00
Vincent Hanquez
7f6f511839 Add a way to show packet sent and received at the protocol level. very useful for debugging. 2011-05-04 08:41:16 +01:00
Vincent Hanquez
69d3604a64 do not call new variable state. it's already defined by the state module. 2011-04-24 13:43:57 +01:00
Vincent Hanquez
ad226f7fb9 usless import in wire module 2011-04-24 13:43:27 +01:00
Vincent Hanquez
4a84e9415f comment fixup 2011-04-24 13:43:18 +01:00
Vincent Hanquez
d983d4ebc8 remove now useless extension 2011-04-24 13:43:08 +01:00
Vincent Hanquez
7cce3fca0c use functor's <$> instead of a return construct 2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673 refactor processclientkeyxchg 2011-04-24 11:34:11 +01:00
Vincent Hanquez
9f3714dd1c simplify parsing of packets 
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
 2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4 set the error instance of TLSError with the definition of TLSError. prevent orphan instance 2011-04-24 09:32:49 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
55b7490102 a packet can contain multiple appdata, process it as such. 2011-03-23 21:48:58 +00:00
Vincent Hanquez
74633cd68f add internal module as backdoor for hidden function/definition. 
also export core sendPacket/recvPacket
 2011-03-19 21:45:43 +00:00
Vincent Hanquez
476b0a8f82 remove commented description of ciphers 2011-03-19 21:42:59 +00:00
Vincent Hanquez
a4b4d54821 move default ciphers to tls-extra 2011-03-19 09:22:12 +00:00
Vincent Hanquez
da6e72ba7e correct comment 2011-03-19 08:37:47 +00:00
Vincent Hanquez
5ab032b3c9 add more haddock related stuff 2011-03-02 08:43:05 +00:00
Vincent Hanquez
14f635cf3e Fix documentation and cleanup remaining bits 2011-03-02 07:56:37 +00:00
Vincent Hanquez
a8d1e05179 fold remaining bit of client/server in core. cleanup 2011-03-02 07:41:59 +00:00
Vincent Hanquez
7237bec83e fold handshake stuff from server to core. 2011-03-02 07:35:25 +00:00