Vincent Hanquez
9c3177a16a
split some common types from struct and move them to types.
2012-07-12 08:56:16 +01:00
Vincent Hanquez
5844120e4c
rename NextProtocolNegotiation as HsNextProtocolNegotiation
2012-05-14 06:35:55 +01:00
Vincent Hanquez
8509d7dbc1
rename Extension in ExtensionRaw.
2012-05-14 04:41:50 +01:00
Vincent Hanquez
9da6b9c8c8
expand tabs.
2012-03-27 08:57:51 +01:00
Lennart Kolmodin
1bd53d9790
Spell 'negotiation' as in the spec.
2012-02-13 22:54:04 +04:00
Lennart Kolmodin
e3e7e3c02a
Partial, but working, implementation of serverside NPN.
2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599
prepare source for NPN.
2012-02-07 21:24:30 +00:00
Vincent Hanquez
a3890e959d
add a sessionData type to bundle everything required for a session.
2011-12-12 08:25:45 +00:00
Vincent Hanquez
eb8a00ef67
add a session ID type.
2011-12-12 08:25:21 +00:00
Vincent Hanquez
dace1096cf
remove old comment
2011-12-12 08:24:39 +00:00
Vincent Hanquez
9ec505a59a
Merge branch 'hsm'
...
Conflicts:
Network/TLS/Core.hs
2011-12-01 08:55:44 +00:00
Vincent Hanquez
e1fea031af
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
2011-12-01 08:41:01 +00:00
Vincent Hanquez
297f0d351b
Check handshake policy on server during a new client handshake.
...
It allows server to detect clients that want to abuse single handledly
the server resources by issuing handshakes.
The callback get some measurements on the number of bytes received and sent
since last handshake and also the number of handshake on this context.
2011-11-12 11:05:12 +00:00
Vincent Hanquez
98ded9d6f4
only import X509 from the X509 module.
2011-10-11 05:36:15 +01:00
Vincent Hanquez
3c02e9acfc
Create a record type to help type safety
2011-08-12 18:41:49 +01:00
Vincent Hanquez
06baeecea7
remove space.
2011-08-12 18:33:43 +01:00
Vincent Hanquez
d2e6235410
throw proper error with partial packets and EOF
2011-06-13 08:19:29 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41
add more handling of server key xchg and dh_anon
2011-06-07 08:59:20 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
bdba471ebe
define a more generic protocol error, and remove the digest error
2011-05-12 09:13:53 +01:00
Vincent Hanquez
e4f40cf55e
comment
2011-05-12 09:13:53 +01:00
Vincent Hanquez
277e39b931
define TLSError as Exception material
2011-05-12 09:13:53 +01:00
Vincent Hanquez
c111389b30
capitalize DH
2011-05-11 07:34:15 +01:00
Vincent Hanquez
9f3714dd1c
simplify parsing of packets
...
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4
set the error instance of TLSError with the definition of TLSError. prevent orphan instance
2011-04-24 09:32:49 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
5ab032b3c9
add more haddock related stuff
2011-03-02 08:43:05 +00:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
65942b945f
massive change on the RNG and add support for CryptoRandomGen
...
use an inline AES counter system to generate random data.
2010-11-04 19:05:36 +00:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
f033a0d973
reorganize the way we decrypt data to be nicer.
...
as a bonus, finally check if padding is valid.
2010-09-26 20:56:51 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
f4f4968a82
change clientkeyxchg data to be a specific type
2010-09-13 21:10:25 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00