Vincent Hanquez
9d4e4aa818
split client handshake from handshake.
2012-08-18 23:05:56 +01:00
Vincent Hanquez
975fc32889
split signature apart from handshake
2012-08-18 23:05:37 +01:00
Vincent Hanquez
4e5c2e8c1d
split apart certificate stuff from handshake.
...
at the moment it's mostly a stub, but will host all handling of
client&server certificates.
2012-08-18 22:57:58 +01:00
Vincent Hanquez
07d0d70c70
Split handshake module. preparation step, removing common functions.
2012-08-18 22:46:53 +01:00
Vincent Hanquez
9baf74e3db
bump version
2012-08-15 22:13:03 +01:00
Vincent Hanquez
7c061a44fa
Merge pull request #16 from joeyadams/fix-for-ghc-7.6
...
Fix build for GHC 7.6
2012-08-15 14:10:48 -07:00
Joey Adams
dcecf7e3f5
Fix build for GHC 7.6
...
In base 4.6, Prelude no longer exports 'catch'.
Also, removed a redundant "import Data.Maybe" in TLS.Context .
This does not break the build on GHC 7.0.3 and 7.4.2 .
2012-08-12 22:17:08 -04:00
Vincent Hanquez
b64813edac
fixup for merge.
...
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee
Merge remote-tracking branch 'mgrabmueller/client-certificate' into next
...
Conflicts:
Network/TLS/Context.hs
2012-08-05 07:12:07 +01:00
Vincent Hanquez
53570020f9
Use cipher-aes on linux / x86.
...
cipher-aes only received extensive testing on i386/x86_64 and linux,
for other platform fallback to a more tested version in cryptocipher.
2012-08-04 22:31:38 +01:00
Vincent Hanquez
3613061131
stylistic adjustments
2012-08-04 16:51:12 +01:00
Martin Grabmueller
fa3e2aec1c
Add client cert handshake messages to tests.
2012-07-28 14:40:37 +02:00
Martin Grabmueller
0102d23017
Improve testability with a newtype.
2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a
Add client cert support for SSL3.
2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c
Merge remote-tracking branch 'upstream/next' into client-certificate
...
Conflicts:
Network/TLS/Context.hs
Network/TLS/Record/Disengage.hs
2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66
Small optimization.
2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638
Harmonize code for pre-1.2 and 1.2 versions.
2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c
Use correct version number, simplify code.
2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4
add callback on server to choose cipher according to version.
...
default to previous behavior: choosing the first cipher that match
2012-07-23 21:53:59 +01:00
Vincent Hanquez
cf585d95c3
bump version to 0.9.8
2012-07-23 21:29:31 +01:00
Vincent Hanquez
720e98df78
export SessionID and SessionData
2012-07-23 21:24:51 +01:00
Vincent Hanquez
7518af2f38
bump version to 0.9.7
2012-07-23 09:23:21 +01:00
Vincent Hanquez
c686d8d382
[SECURITY] add empty TLS packets before appdata
...
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
Conflicts:
Network/TLS/IO.hs
Network/TLS/State.hs
2012-07-23 09:23:02 +01:00
Vincent Hanquez
4d91e67750
harden packet record chunking.
...
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e
[SECURITY] add empty TLS packets before appdata
...
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739
Add initial support for client certificates with TLS 1.2.
2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5
Start client certificate support for TLS1.2.
...
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7
Add documentation.
2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457
Fix broken negotiation by separating active from pending crypt/mac states.
2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659
Clean up and simplify code.
2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209
Fix missing digest update in server for CertVerify message.
2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813
Experimental debug output.
2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c
Fix encoding of CertRequest, so that encoding and decoding are inverses.
2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e
Separate finish from certificate verify digests. Will make it easier to support TLS1.2.
2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4
Add comments.
2012-07-16 14:40:37 +02:00
Martin Grabmueller
3c46042ce5
Integrate client certificate settings into RoleParams,
...
remember client cert chain for use after handshake has
finished.
2012-07-16 14:36:44 +02:00
Martin Grabmueller
4d53898c5c
Fix verification/signing.
2012-07-15 22:18:27 +02:00
Martin Grabmueller
325c9be4c7
Use getOpaque16 and check for valid DN length.
2012-07-14 16:56:04 +02:00
Martin Grabmueller
74f1bf79ea
Use subject instead of issuer for certificate request.
2012-07-14 16:50:48 +02:00
Martin Grabmueller
f08eb43055
Add comments and FIXMEs.
2012-07-14 16:49:46 +02:00
Martin Grabmueller
9e710b5e88
Accept empty client certificate list. Will error on verification.
2012-07-13 22:29:36 +02:00
Martin Grabmueller
f5972a4818
Implement client certificate support in handshake.
2012-07-13 22:04:23 +02:00
Martin Grabmueller
a2825c31ac
Pull out common functionality for client and server handshake.
2012-07-13 21:48:37 +02:00
Martin Grabmueller
6483e954f4
Add abstractions for accessing client certificate state.
2012-07-13 21:44:19 +02:00
Martin Grabmueller
e617a1bbec
Store public key from client certificate in server mode.
2012-07-13 21:33:45 +02:00
Martin Grabmueller
ef90cda757
Ensure that the same handshake packets are included
...
in the handshake digest for sending and receiving.
2012-07-13 21:23:01 +02:00
Martin Grabmueller
2b101b6fa7
Add function for retrieving certificate verify digest.
2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2
Extend state to hold information about ongoing client certificate exchange.
2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4
Extend state to hold client private/public keys and add
...
functions for signing and verifying with these keys.
2012-07-13 21:08:23 +02:00
Martin Grabmueller
224f9d4e2c
Add proper types for certificate request/verify messages.
2012-07-13 17:20:10 +02:00