yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
981 commits 1 branch 11 tags 1.7 MiB
Commit graph

981 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
c805734abd use the new Crypto.Random instead of the compat Crypto.Random.API 2013-12-11 15:53:11 +08:00
Vincent Hanquez
96ae52e4cd make clear what we're talking about in the header. 2013-12-11 15:50:35 +08:00
Vincent Hanquez
9ea497adf6 add a function to generate digitally signed structure for DHParams. 2013-12-07 17:51:57 +08:00
Vincent Hanquez
b43ef69988 rename ServerDHParams marshalling functions 2013-12-07 17:51:28 +08:00
Vincent Hanquez
692aaf01a5 add DHE-RSA ciphers and a suite. 2013-12-07 15:11:06 +08:00
Vincent Hanquez
f916fde296 add a test DHE cipher. 2013-12-07 15:10:53 +08:00
Vincent Hanquez
12c32816bc add HashSHA1 for DSS signature for < TLS12. 2013-12-07 14:50:07 +08:00
Vincent Hanquez
d05c7a4be1 comment the reason of the existence of hashUpdateSSL. 2013-12-07 14:49:34 +08:00
Vincent Hanquez
50b56ff2cf use the new digitallySigned structure for CertVerify. 2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac abstract signature creation/verification 2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523 cleanup CertificateVerify signature data generation 2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27 factor some code in client certificate verify message generation. 2013-12-07 12:44:45 +08:00
Vincent Hanquez
14fe8102c8 marshall signature as digitally-signed 2013-12-07 12:10:01 +08:00
Vincent Hanquez
99608782dc misc: remove spaces 2013-12-07 12:09:36 +08:00
Vincent Hanquez
23f4377f31 add the DigitallySigned structure to the list. 
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
 2013-12-07 12:09:13 +08:00
Vincent Hanquez
1ac0cc9485 add putSignatureHashAlgorithm 2013-12-07 12:07:21 +08:00
Vincent Hanquez
887c69b6e5 move getSignatureHashAlgorithm 2013-12-07 12:07:04 +08:00
Vincent Hanquez
7e3077d23c rewrite SKX methods to use getInteger16 and applicative style. 2013-12-07 12:06:34 +08:00
Vincent Hanquez
a03b22024b export getInteger16/putInteger16 to serialize Integer in opaque16. 2013-12-07 12:05:41 +08:00
Vincent Hanquez
dea7eb32cf separate some helpers and add new one. 2013-12-07 12:04:53 +08:00
Vincent Hanquez
1b905f0377 don't unpack signature. use the bytestring representation. 2013-12-05 15:36:52 +08:00
Vincent Hanquez
9ce0da72ce add a helper module for ASN1 2013-12-05 14:51:23 +08:00
Vincent Hanquez
7ef893a45b add some ciphers numbers in comment. 2013-12-03 16:13:11 +08:00
Vincent Hanquez
bcda5611e6 add support for pem 0.2.x 2013-12-03 15:20:56 +08:00
Vincent Hanquez
c9fbe5d58f extend tests to allow for version downgrading by server 2013-12-03 15:20:28 +08:00
Vincent Hanquez
ef92b6c96f Fix version usage related to downgrading 
* properly chose the highest version supported on the server, instead of
  chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
  is done after the server chose the version.
 2013-12-03 15:17:27 +08:00
Vincent Hanquez
c1e67f6015 add some comment about the expected values. 2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6 make the error message a bit more precise related to which side it happen. 2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109 add a helper to check if a cipher is allowed to be used with some version 2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157 report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode. 2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f move single exceptions into a one type to rule them all. 
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
 2013-11-27 15:31:45 +08:00
Vincent Hanquez
5ff812b3fa provide a helper for catching exception without doing a catchall. 
As a side effect, let AsyncException propagate
 2013-11-27 15:08:22 +08:00
Vincent Hanquez
0870189689 add a contextNewWithSocket 2013-10-11 08:01:38 +01:00
Vincent Hanquez
e1d8e026f5 add -fwarn-tabs to tls. 2013-09-18 07:20:48 +01:00
Vincent Hanquez
5b13cfe38a adapt tests to new crypto-random 2013-09-18 07:20:28 +01:00
Vincent Hanquez
bc8c7ce667 bump debug version. 2013-09-03 06:44:02 +01:00
Vincent Hanquez
8ccc2cff6c don't build stunnel on windows. 2013-09-03 06:43:42 +01:00
Vincent Hanquez
5b98d7b870 bump dependencies for cprng-aes 2013-09-01 07:52:27 +01:00
Vincent Hanquez
5529e77fa9 update for latest cipher-aes, crypto-random, cprng-aes 2013-09-01 07:51:49 +01:00
Vincent Hanquez
982a484598 move to crypto-random 2013-09-01 07:42:43 +01:00
Vincent Hanquez
77abffceb3 add some reading and rw locks. 2013-09-01 07:36:08 +01:00
Vincent Hanquez
5836669878 remove unnecessary MonadIO parametrization 2013-08-01 07:52:42 +00:00
Vincent Hanquez
be34ed350e remove unnecessary parametrization 2013-08-01 07:49:20 +00:00
Vincent Hanquez
bd0ad2169e move handshake state out of state 2013-08-01 07:47:40 +00:00
Vincent Hanquez
896832d93d separate state from handshake state 2013-08-01 07:43:48 +00:00
Vincent Hanquez
d69c9190b5 push down the context to key operation 2013-08-01 07:35:42 +00:00
Vincent Hanquez
64f60bb715 repair getSessionData and move to handshake layer 2013-08-01 07:32:27 +00:00
Vincent Hanquez
0b6e6ef0e3 move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00
Vincent Hanquez
e78dccb635 use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00
Vincent Hanquez
0bd12162d3 remove assert and cleanup imports 2013-08-01 08:06:31 +01:00