Vincent Hanquez
73979e9db4
move initiate into handshake in core.
2011-03-01 23:09:17 +00:00
Vincent Hanquez
c1a20efe74
move sendData to core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
353783abdf
put server/client in core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f4cc8999db
move 'close' api to core and rename to 'bye' to avoid a meaning conflict with unix close.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f260c5b9cf
modify client API to be like the server API.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
5e8d2fa776
move server to the new split API and have the server function in a monadIO monad.
...
the state mvar is for now mostly useless, although completly harmeless; it will
be useful to be able to use the ctx in a threaded context.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
9586b05395
unify clientparams and serverparams
2011-03-01 20:01:40 +00:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
e5e331fdf1
move to certificate 0.5
2011-01-02 09:49:21 +00:00
Vincent Hanquez
3020ba5c28
allow SSL3 in stunnel
2010-12-14 23:26:51 +00:00
Vincent Hanquez
c09f90316f
Improve stunnel example to behave more like a stunnel program.
...
The client side is behaving like a real stunnel now, waiting local connection
and relaying it through the TLS connection and back to the local connection.
The server side is improved, however it doesn't properly relay it to the local
port on the server. For now it prints the message to stdout and reply a constant
to a client. it waits for EOF from the client before finishing.
2010-11-30 08:12:49 +00:00
Vincent Hanquez
a2896bce31
add options to bind to unix socket or file descriptor
2010-11-28 11:50:55 +00:00
Vincent Hanquez
95c94749d2
use cmdargs in stunnel instead of GetArgs
...
prepare options for the implementation of an actual stunnel program,
where data are relayed from encrypted to normal connection and vice versa.
2010-11-28 11:37:36 +00:00
Vincent Hanquez
d787160713
rename connect in client module to initiate.
...
add a deprecated pragma for connect and keep it for compatibility
2010-11-28 10:30:05 +00:00
Vincent Hanquez
65942b945f
massive change on the RNG and add support for CryptoRandomGen
...
use an inline AES counter system to generate random data.
2010-11-04 19:05:36 +00:00
Vincent Hanquez
9c4a3a0223
use the AES rng as the TLSState rng, and generate random bytes on demand
...
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.
also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
2010-10-03 11:23:12 +01:00
Vincent Hanquez
10e7329bb5
requires certificate v0.3
2010-10-03 10:32:37 +01:00
Vincent Hanquez
756de301c5
allow TLS1.1 in the stunnel example. however still default to TLS1.0.
2010-09-26 15:02:59 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
2fd8087211
remove the haskell98 dependency and switch to the random package.
2010-09-24 08:30:25 +01:00
Vincent Hanquez
cb850131da
add a server callbacks when receiving Certificates
2010-09-20 08:45:41 +01:00
Vincent Hanquez
3d4c69da9e
tidy up imports
2010-09-19 10:50:37 +01:00
Vincent Hanquez
2fe1d7e99a
use <$> instead of fmap
2010-09-19 10:49:42 +01:00
Vincent Hanquez
8c20758158
use client callback to callback on certificate verification
2010-09-19 10:42:29 +01:00
Vincent Hanquez
03790957d8
obey the port selection with stunnel client.
2010-09-18 11:01:10 +01:00
Vincent Hanquez
5cf0463cef
fix stunnel regarding latest clientkeyxchg data change
2010-09-13 21:11:04 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00