Commit graph

329 commits

Author SHA1 Message Date
Vincent Hanquez
b9261fd551 add extensions alerts 2012-08-27 16:25:35 +01:00
Vincent Hanquez
7c04e7f186 add servername extension encoding/decoding 2012-08-27 15:11:29 +01:00
Vincent Hanquez
7ae078c1ce add comments 2012-08-27 15:11:17 +01:00
Vincent Hanquez
7036d4becd rename fields to use the new type alias HashAndSignatureAlgorithm. 2012-08-27 15:05:53 +01:00
Vincent Hanquez
e2eb3ba95c use the new getList 2012-08-27 15:05:23 +01:00
Vincent Hanquez
d49bff619b move comment marker at the same level of code. 2012-08-27 14:22:53 +01:00
Vincent Hanquez
fcec7b70e4 use liftM instead of handrolled version 2012-08-27 14:21:19 +01:00
Vincent Hanquez
4250a3e2d9 add a comment so that we remember why it's there. 2012-08-27 14:20:54 +01:00
Vincent Hanquez
419c96c935 add a getList to get multiple elements 2012-08-27 14:20:04 +01:00
Vincent Hanquez
b591b821f7 use ExtensionID instead of raw Word16 in extension class signature 2012-08-27 14:18:04 +01:00
Vincent Hanquez
0e22ae7db4 check that we didn't receive any extensions from the server that we didn't sent.
In case that happens, fail the handshake with an unsupported extension alert.
2012-08-27 08:25:08 +01:00
Vincent Hanquez
7cc0c6c43f define unsupported extension from tls1.2 2012-08-27 08:25:08 +01:00
Vincent Hanquez
fa662c4d0e add extensionID and move extension id definition in struct 2012-08-27 08:25:08 +01:00
Vincent Hanquez
7640a90d2f introduce a hashandsignaturealgorithm alias. 2012-08-27 08:25:02 +01:00
Vincent Hanquez
727f1af076 unbind ver from the where body and use pConnectVersion when needed.
prevent mixup with which version is actually in use.
2012-08-20 07:38:42 +01:00
Vincent Hanquez
60ea0ab89f use the server returned value for version instead of using the one we sent.
fix a bug when server downgrade/upgrade the protocol version.
2012-08-20 07:37:54 +01:00
Vincent Hanquez
7edf5014b3 move client data sent to its own function. 2012-08-19 23:14:58 +01:00
Vincent Hanquez
96567891e5 use pattern match in function parameter bindings to remove couple of lines 2012-08-19 22:32:43 +01:00
Vincent Hanquez
8445c8ea7d factor RSA signature verification. 2012-08-19 17:50:35 +01:00
Vincent Hanquez
296b5dfab6 reindent to 4 spaces, and cosmetic adjustment 2012-08-19 16:56:36 +01:00
Vincent Hanquez
0ea05e0939 split recvClientData from the handshakeServerWith function. 2012-08-19 16:52:16 +01:00
Vincent Hanquez
a4a07ccd8f add documentation and move things around. 2012-08-19 14:37:05 +01:00
Vincent Hanquez
ab0e1c3843 add headers 2012-08-19 08:48:05 +01:00
Vincent Hanquez
6c3519e15f split server from handshake. 2012-08-18 23:13:13 +01:00
Vincent Hanquez
9d4e4aa818 split client handshake from handshake. 2012-08-18 23:05:56 +01:00
Vincent Hanquez
975fc32889 split signature apart from handshake 2012-08-18 23:05:37 +01:00
Vincent Hanquez
4e5c2e8c1d split apart certificate stuff from handshake.
at the moment it's mostly a stub, but will host all handling of
client&server certificates.
2012-08-18 22:57:58 +01:00
Vincent Hanquez
07d0d70c70 Split handshake module. preparation step, removing common functions. 2012-08-18 22:46:53 +01:00
Vincent Hanquez
b64813edac fixup for merge.
requires certificate-1.2.4, so that no one uses client certificate with the sorting DN decode and report weird bugs.
2012-08-05 07:15:32 +01:00
Vincent Hanquez
37b32686ee Merge remote-tracking branch 'mgrabmueller/client-certificate' into next
Conflicts:
	Network/TLS/Context.hs
2012-08-05 07:12:07 +01:00
Vincent Hanquez
3613061131 stylistic adjustments 2012-08-04 16:51:12 +01:00
Martin Grabmueller
0102d23017 Improve testability with a newtype. 2012-07-28 14:40:11 +02:00
Martin Grabmueller
6f1b13fc5a Add client cert support for SSL3. 2012-07-28 14:22:16 +02:00
Martin Grabmueller
a285eb345c Merge remote-tracking branch 'upstream/next' into client-certificate
Conflicts:
	Network/TLS/Context.hs
	Network/TLS/Record/Disengage.hs
2012-07-26 23:17:08 +02:00
Martin Grabmueller
8c18de4e66 Small optimization. 2012-07-26 23:08:31 +02:00
Martin Grabmueller
7182653638 Harmonize code for pre-1.2 and 1.2 versions. 2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c Use correct version number, simplify code. 2012-07-26 22:46:59 +02:00
Vincent Hanquez
4e9fd480c4 add callback on server to choose cipher according to version.
default to previous behavior: choosing the first cipher that match
2012-07-23 21:53:59 +01:00
Vincent Hanquez
4d91e67750 harden packet record chunking.
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
2012-07-23 08:54:25 +01:00
Martin Grabmueller
12a1632739 Add initial support for client certificates with TLS 1.2. 2012-07-21 23:24:47 +02:00
Martin Grabmueller
c772ee22d5 Start client certificate support for TLS1.2.
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
2012-07-18 22:19:11 +02:00
Martin Grabmueller
4c84e3ffc7 Add documentation. 2012-07-18 21:34:18 +02:00
Martin Grabmueller
92686e1457 Fix broken negotiation by separating active from pending crypt/mac states. 2012-07-18 17:32:26 +02:00
Martin Grabmueller
a348a56659 Clean up and simplify code. 2012-07-18 16:35:48 +02:00
Martin Grabmueller
1e02f92209 Fix missing digest update in server for CertVerify message. 2012-07-17 23:27:32 +02:00
Martin Grabmueller
90273cc813 Experimental debug output. 2012-07-17 17:42:12 +02:00
Martin Grabmueller
c799b18c4c Fix encoding of CertRequest, so that encoding and decoding are inverses. 2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e Separate finish from certificate verify digests. Will make it easier to support TLS1.2. 2012-07-16 16:19:48 +02:00
Martin Grabmueller
2ca69771a4 Add comments. 2012-07-16 14:40:37 +02:00