Martin Grabmueller
|
92686e1457
|
Fix broken negotiation by separating active from pending crypt/mac states.
|
2012-07-18 17:32:26 +02:00 |
|
Martin Grabmueller
|
a348a56659
|
Clean up and simplify code.
|
2012-07-18 16:35:48 +02:00 |
|
Martin Grabmueller
|
1e02f92209
|
Fix missing digest update in server for CertVerify message.
|
2012-07-17 23:27:32 +02:00 |
|
Martin Grabmueller
|
90273cc813
|
Experimental debug output.
|
2012-07-17 17:42:12 +02:00 |
|
Martin Grabmueller
|
c799b18c4c
|
Fix encoding of CertRequest, so that encoding and decoding are inverses.
|
2012-07-17 17:33:11 +02:00 |
|
Martin Grabmueller
|
039c7d254e
|
Separate finish from certificate verify digests. Will make it easier to support TLS1.2.
|
2012-07-16 16:19:48 +02:00 |
|
Martin Grabmueller
|
2ca69771a4
|
Add comments.
|
2012-07-16 14:40:37 +02:00 |
|
Martin Grabmueller
|
3c46042ce5
|
Integrate client certificate settings into RoleParams,
remember client cert chain for use after handshake has
finished.
|
2012-07-16 14:36:44 +02:00 |
|
Martin Grabmueller
|
4d53898c5c
|
Fix verification/signing.
|
2012-07-15 22:18:27 +02:00 |
|
Martin Grabmueller
|
325c9be4c7
|
Use getOpaque16 and check for valid DN length.
|
2012-07-14 16:56:04 +02:00 |
|
Martin Grabmueller
|
74f1bf79ea
|
Use subject instead of issuer for certificate request.
|
2012-07-14 16:50:48 +02:00 |
|
Martin Grabmueller
|
f08eb43055
|
Add comments and FIXMEs.
|
2012-07-14 16:49:46 +02:00 |
|
Martin Grabmueller
|
9e710b5e88
|
Accept empty client certificate list. Will error on verification.
|
2012-07-13 22:29:36 +02:00 |
|
Martin Grabmueller
|
f5972a4818
|
Implement client certificate support in handshake.
|
2012-07-13 22:04:23 +02:00 |
|
Martin Grabmueller
|
a2825c31ac
|
Pull out common functionality for client and server handshake.
|
2012-07-13 21:48:37 +02:00 |
|
Martin Grabmueller
|
6483e954f4
|
Add abstractions for accessing client certificate state.
|
2012-07-13 21:44:19 +02:00 |
|
Martin Grabmueller
|
e617a1bbec
|
Store public key from client certificate in server mode.
|
2012-07-13 21:33:45 +02:00 |
|
Martin Grabmueller
|
ef90cda757
|
Ensure that the same handshake packets are included
in the handshake digest for sending and receiving.
|
2012-07-13 21:23:01 +02:00 |
|
Martin Grabmueller
|
2b101b6fa7
|
Add function for retrieving certificate verify digest.
|
2012-07-13 21:18:05 +02:00 |
|
Martin Grabmueller
|
e9abea6cb2
|
Extend state to hold information about ongoing client certificate exchange.
|
2012-07-13 21:16:46 +02:00 |
|
Martin Grabmueller
|
797f7822e4
|
Extend state to hold client private/public keys and add
functions for signing and verifying with these keys.
|
2012-07-13 21:08:23 +02:00 |
|
Martin Grabmueller
|
224f9d4e2c
|
Add proper types for certificate request/verify messages.
|
2012-07-13 17:20:10 +02:00 |
|
Martin Grabmueller
|
8b7b2ff1bf
|
Add parameter structures for client certificates (both server and client versions).
|
2012-07-13 16:47:58 +02:00 |
|
Martin Grabmueller
|
58beee4f9f
|
Add functions for signing/verifying with private/public keys.
|
2012-07-13 16:33:12 +02:00 |
|
Vincent Hanquez
|
ff14e0b988
|
fixing new API breakage related to RoleParam and SessionManager change
|
2012-07-12 09:04:50 +01:00 |
|
Vincent Hanquez
|
ce3f724564
|
add usual header.
|
2012-07-12 09:03:48 +01:00 |
|
Vincent Hanquez
|
e47501736b
|
add usual header
|
2012-07-12 09:03:24 +01:00 |
|
Vincent Hanquez
|
12104f612e
|
documentation fixup.
|
2012-07-12 09:02:38 +01:00 |
|
Vincent Hanquez
|
b140b61012
|
upgrade cabal-version and fixup problems related to the upgrade.
|
2012-07-12 09:02:27 +01:00 |
|
Vincent Hanquez
|
4179ceba82
|
start using Client and Server distinction for want client cert and session resume with
|
2012-07-12 09:02:10 +01:00 |
|
Vincent Hanquez
|
c8d9f0677b
|
switch session related callback to a new SessionManager class.
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
|
2012-07-12 08:59:59 +01:00 |
|
Vincent Hanquez
|
9c3177a16a
|
split some common types from struct and move them to types.
|
2012-07-12 08:56:16 +01:00 |
|
Vincent Hanquez
|
1048815206
|
expose more context role related helpers and types.
|
2012-07-12 08:54:34 +01:00 |
|
Vincent Hanquez
|
593f1affbb
|
fixes to run on tls 1.0
|
2012-07-10 07:58:01 +01:00 |
|
Vincent Hanquez
|
d0d48bb476
|
export SessionID and SessionData.
|
2012-07-08 10:14:09 +01:00 |
|
Vincent Hanquez
|
6ae20f4125
|
remove npnId and use Extension's proper definition
|
2012-07-05 05:36:28 +01:00 |
|
Martin Grabmueller
|
3d629acaf1
|
Add missing module Network.TLS.Handshake to .cabal file.
|
2012-07-04 22:15:19 +02:00 |
|
Vincent Hanquez
|
e1bc9db398
|
bump version to 0.9.6
|
2012-07-03 07:18:10 +01:00 |
|
Vincent Hanquez
|
daa5fd42a4
|
export clientWith and serverWith
|
2012-07-03 07:14:28 +01:00 |
|
Vincent Hanquez
|
b57ef66d28
|
move extension decoding and encoding in a separate file.
|
2012-05-14 06:39:20 +01:00 |
|
Vincent Hanquez
|
d8b37f7fb9
|
move runGetErr and add runGetMaybe
|
2012-05-14 06:36:17 +01:00 |
|
Vincent Hanquez
|
5844120e4c
|
rename NextProtocolNegotiation as HsNextProtocolNegotiation
|
2012-05-14 06:35:55 +01:00 |
|
Vincent Hanquez
|
d0481f76a3
|
remove the need to have same length arguments in bytesEq. bail early in case strings have different size.
|
2012-05-14 06:32:47 +01:00 |
|
Vincent Hanquez
|
9b32e6d5f4
|
[SECURITY] use constant equality testing to prevent timing determination of the expected value.
it doesn't seems to be in an usable context though.
|
2012-05-14 06:32:14 +01:00 |
|
Vincent Hanquez
|
8509d7dbc1
|
rename Extension in ExtensionRaw.
|
2012-05-14 04:41:50 +01:00 |
|
Vincent Hanquez
|
e1ea61bafa
|
factorize npn extension ID.
|
2012-05-14 04:41:09 +01:00 |
|
Vincent Hanquez
|
e6f4f9a688
|
add some header comment for Handshake
|
2012-04-27 07:29:35 +01:00 |
|
Vincent Hanquez
|
d8d049726d
|
move Handshake into its own module
|
2012-04-27 07:28:17 +01:00 |
|
Vincent Hanquez
|
f93312b50f
|
separate lowlevel IO operation in its own module.
|
2012-04-27 07:21:29 +01:00 |
|
Vincent Hanquez
|
2adf07cf38
|
Include all test files in the cabal package.
Reported-by: Alexander Vershilov
|
2012-04-22 20:18:47 +01:00 |
|