Vincent Hanquez
85f436afe6
add a system to filter cipher that we can't use because we don't have the right credentials loaded.
2013-12-28 15:25:13 +00:00
Vincent Hanquez
acf9708199
use the new credentials system to be able to handle RSA and DSS certificate at the same time.
2013-12-28 15:24:20 +00:00
Vincent Hanquez
02dd7b8aa7
add support for DHE (only with RSA signing so far)
2013-12-11 16:39:25 +08:00
Vincent Hanquez
2a09d51ba5
cleanup imports
2013-12-11 16:36:16 +08:00
Vincent Hanquez
64d2ba9cd7
add better methods for making DigitallySigned data structure and veryfying them
2013-12-11 16:34:45 +08:00
Vincent Hanquez
1e62ddd53f
properly account for difference of methods in key exchange.
...
still only RSA supported.
2013-12-11 16:01:07 +08:00
Vincent Hanquez
50b56ff2cf
use the new digitallySigned structure for CertVerify.
2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac
abstract signature creation/verification
2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523
cleanup CertificateVerify signature data generation
2013-12-07 13:10:17 +08:00
Vincent Hanquez
ef92b6c96f
Fix version usage related to downgrading
...
* properly chose the highest version supported on the server, instead of
chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
is done after the server chose the version.
2013-12-03 15:17:27 +08:00
Vincent Hanquez
30fe1a8fb6
make the error message a bit more precise related to which side it happen.
2013-11-29 18:44:44 +08:00
Vincent Hanquez
5ff812b3fa
provide a helper for catching exception without doing a catchall.
...
As a side effect, let AsyncException propagate
2013-11-27 15:08:22 +08:00
Vincent Hanquez
5836669878
remove unnecessary MonadIO parametrization
2013-08-01 07:52:42 +00:00
Vincent Hanquez
d69c9190b5
push down the context to key operation
2013-08-01 07:35:42 +00:00
Vincent Hanquez
7eaf8c316e
move more context in processHandshake
2013-07-30 06:14:09 +01:00
Vincent Hanquez
a7724353f4
move handshake stuff in Handshake layer.
2013-07-28 09:19:28 +01:00
Vincent Hanquez
e2d5170af7
Separate tx/rx state from a single RecordState
...
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
2013-07-25 21:53:32 +01:00
Vincent Hanquez
4a337378d8
remove commented import
2013-07-24 06:40:08 +00:00
Vincent Hanquez
f59804f459
move processServerHello in Handshake
2013-07-24 05:50:56 +00:00
Vincent Hanquez
37ef6af6e8
use more Role type instead of Bool
2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e
more cleanup / separation with handshake state.
2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4
remove getMasterSecret accessor
2013-07-23 05:51:44 +00:00
Vincent Hanquez
0e11f63033
move pending cipher and compression in the handshake state
...
adjust code to cope
2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec
explicitly pass role and version to setMasterSecret and derivative
2013-07-22 07:54:35 +01:00
Vincent Hanquez
199de057c3
separate more handshake state from other state.
...
reorganize pending state in record state.
2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6
move more stuff in the HandshakeM
2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea
move some handshake function to HandshakeM
2013-07-19 07:47:54 +01:00
Vincent Hanquez
8f99c325fb
separate tx/rx compression and pending compression.
...
Fix issue with compression being turn on for tx and rx at the same time,
and also at too early at the hello message instead of change cipher.
2013-07-18 07:18:38 +01:00
Vincent Hanquez
c132b4cb8b
first stab at separating record state from other state.
2013-07-11 09:03:33 +01:00
Vincent Hanquez
6d4b167864
re-indent
2013-07-10 08:04:47 +01:00
Vincent Hanquez
0b170e624d
proper separation of NPN callback in server and client params.
...
need further cleanup for client/server role separation instead of
the getClientParams and getServerParams.
fix #34 .
2013-06-03 08:37:56 +01:00
Vincent Hanquez
fc9c6a407d
update for x509
2013-05-19 08:05:46 +01:00
Vincent Hanquez
a14b37d528
use new crypto-pubkey
2012-12-30 15:31:13 +00:00
Vincent Hanquez
cfa2c2e1dc
Merge branch 'SSLv2Hello'
2012-12-04 08:33:02 +00:00
Vincent Hanquez
3e82cc744a
fix issue when re-handshaking with a different cipher.
...
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.
Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
2012-11-19 09:39:35 +00:00
notogawa
a4f06256fe
accept SSLv2 format 'ClientHello' Handshake message.
2012-11-10 19:34:37 +09:00
Vincent Hanquez
957a005664
move all tls into a core directory.
2012-09-05 06:27:06 +01:00