yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
922 commits 1 branch 11 tags 1.7 MiB
Commit graph

37 commits

Author SHA1 Message Date
Vincent Hanquez
85f436afe6 add a system to filter cipher that we can't use because we don't have the right credentials loaded. 2013-12-28 15:25:13 +00:00
Vincent Hanquez
acf9708199 use the new credentials system to be able to handle RSA and DSS certificate at the same time. 2013-12-28 15:24:20 +00:00
Vincent Hanquez
02dd7b8aa7 add support for DHE (only with RSA signing so far) 2013-12-11 16:39:25 +08:00
Vincent Hanquez
2a09d51ba5 cleanup imports 2013-12-11 16:36:16 +08:00
Vincent Hanquez
64d2ba9cd7 add better methods for making DigitallySigned data structure and veryfying them 2013-12-11 16:34:45 +08:00
Vincent Hanquez
1e62ddd53f properly account for difference of methods in key exchange. 
still only RSA supported.
 2013-12-11 16:01:07 +08:00
Vincent Hanquez
50b56ff2cf use the new digitallySigned structure for CertVerify. 2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac abstract signature creation/verification 2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523 cleanup CertificateVerify signature data generation 2013-12-07 13:10:17 +08:00
Vincent Hanquez
ef92b6c96f Fix version usage related to downgrading 
* properly chose the highest version supported on the server, instead of
  chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
  is done after the server chose the version.
 2013-12-03 15:17:27 +08:00
Vincent Hanquez
30fe1a8fb6 make the error message a bit more precise related to which side it happen. 2013-11-29 18:44:44 +08:00
Vincent Hanquez
5ff812b3fa provide a helper for catching exception without doing a catchall. 
As a side effect, let AsyncException propagate
 2013-11-27 15:08:22 +08:00
Vincent Hanquez
5836669878 remove unnecessary MonadIO parametrization 2013-08-01 07:52:42 +00:00
Vincent Hanquez
d69c9190b5 push down the context to key operation 2013-08-01 07:35:42 +00:00
Vincent Hanquez
7eaf8c316e move more context in processHandshake 2013-07-30 06:14:09 +01:00
Vincent Hanquez
a7724353f4 move handshake stuff in Handshake layer. 2013-07-28 09:19:28 +01:00
Vincent Hanquez
e2d5170af7 Separate tx/rx state from a single RecordState 
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
 2013-07-25 21:53:32 +01:00
Vincent Hanquez
4a337378d8 remove commented import 2013-07-24 06:40:08 +00:00
Vincent Hanquez
f59804f459 move processServerHello in Handshake 2013-07-24 05:50:56 +00:00
Vincent Hanquez
37ef6af6e8 use more Role type instead of Bool 2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e more cleanup / separation with handshake state. 2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4 remove getMasterSecret accessor 2013-07-23 05:51:44 +00:00
Vincent Hanquez
0e11f63033 move pending cipher and compression in the handshake state 
adjust code to cope
 2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec explicitly pass role and version to setMasterSecret and derivative 2013-07-22 07:54:35 +01:00
Vincent Hanquez
199de057c3 separate more handshake state from other state. 
reorganize pending state in record state.
 2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6 move more stuff in the HandshakeM 2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea move some handshake function to HandshakeM 2013-07-19 07:47:54 +01:00
Vincent Hanquez
8f99c325fb separate tx/rx compression and pending compression. 
Fix issue with compression being turn on for tx and rx at the same time,
and also at too early at the hello message instead of change cipher.
 2013-07-18 07:18:38 +01:00
Vincent Hanquez
c132b4cb8b first stab at separating record state from other state. 2013-07-11 09:03:33 +01:00
Vincent Hanquez
6d4b167864 re-indent 2013-07-10 08:04:47 +01:00
Vincent Hanquez
0b170e624d proper separation of NPN callback in server and client params. 
need further cleanup for client/server role separation instead of
the getClientParams and getServerParams.

fix #34.
 2013-06-03 08:37:56 +01:00
Vincent Hanquez
fc9c6a407d update for x509 2013-05-19 08:05:46 +01:00
Vincent Hanquez
a14b37d528 use new crypto-pubkey 2012-12-30 15:31:13 +00:00
Vincent Hanquez
cfa2c2e1dc Merge branch 'SSLv2Hello' 2012-12-04 08:33:02 +00:00
Vincent Hanquez
3e82cc744a fix issue when re-handshaking with a different cipher. 
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.

Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
 2012-11-19 09:39:35 +00:00
notogawa
a4f06256fe accept SSLv2 format 'ClientHello' Handshake message. 2012-11-10 19:34:37 +09:00
Vincent Hanquez
957a005664 move all tls into a core directory. 2012-09-05 06:27:06 +01:00
Renamed from Network/TLS/Handshake/Server.hs (Browse further)