aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Doxygen commentslloyd2012-07-067-11/+133
|
* Add wikipedia extlinks target. Warn about SRP verifier being secretlloyd2012-07-062-2/+18
|
* Disable generating LaTeX Doxygen output as we don't really need it andlloyd2012-07-061-0/+8
| | | | it is very slow to generate.
* More Doxygen commentslloyd2012-07-062-3/+12
|
* Correct Doxygen commentslloyd2012-07-062-5/+5
|
* Outline of docs for SRPlloyd2012-07-062-0/+26
|
* Basic PSK documentationlloyd2012-07-061-3/+15
|
* A bit more OCSP documentationlloyd2012-07-051-3/+8
|
* Record_Writer needs a PRNG for the IV generation. Share the referencelloyd2012-07-056-16/+22
| | | | with the channel object instead of calling the global object.
* Pull the TLS padding checks out to an anon function.lloyd2012-07-051-32/+59
|
* Rename all text files that are actually reStructuredText to .rstlloyd2012-07-01191-5/+3
|
* Add OCSP doc. Rewrite 1.11.0 release notes.lloyd2012-07-013-42/+70
|
* Default to just `g++`. Check GCC version and warn if we are compilinglloyd2012-07-012-1/+7
| | | | under something before 4.7.0
* Single basic TLS test using in-memory handshake.lloyd2012-06-294-5/+276
| | | | Fix compile flags for the NIST tests
* Ignore *.{key,crt,pem,patch}lloyd2012-06-291-0/+2
|
* Use new header for sqlite session managerlloyd2012-06-291-2/+2
|
* Minor doc updateslloyd2012-06-292-4/+9
|
* More discussion of the TLS callbackslloyd2012-06-291-10/+61
|
* Split TLS::Policy::allowed_hashes into allowed_signature_hashes andlloyd2012-06-299-38/+82
| | | | | | | | | | | | | allowed_macs. This allows someone to turn on MD5 for message auth, which is a little sketchy but probably OK, without also (likely unintentionally) enabling MD5 for TLS v1.2 signatures, which would be a big problem. Prioritize RC4 over 3DES in default policy. Disable ECC curves smaller than 224 bits by default. More updates to the TLS policy documentation.
* Fix formatting of Channel docslloyd2012-06-291-28/+34
|
* Improve TLS::Channel documentationlloyd2012-06-291-4/+13
|
* Add TLS::Session_Manager_Noop which just ignores all save requests.lloyd2012-06-299-25/+48
| | | | | | | Rename the sqlite module to sqlite3 as sometimes plain 'sqlite' is used to refer to sqlite2. Reduce the password check bits to 16 which is plenty.
* Document more of the TLS interfacelloyd2012-06-281-44/+412
|
* Clarify availability of the amalgamation buildlloyd2012-06-281-2/+4
|
* Some doc updateslloyd2012-06-263-313/+307
|
* Avoid unused argument warninglloyd2012-06-261-1/+1
|
* Reorder Credentials_Manager with cert stuff first, then SRP, then PSKlloyd2012-06-261-66/+69
|
* Increase default Miller-Rabin nonce to 192 bitslloyd2012-06-261-2/+2
|
* Be explicit about swap template specializationlloyd2012-06-261-1/+1
|
* Set poolsize to zero on failure. Set m_pool to null if mmap failslloyd2012-06-261-0/+6
|
* Add TLS::Policy::minimum_dh_group_size, default 1024. Send anlloyd2012-06-255-2/+30
| | | | | | | | insufficient_security alert if the server tries to give us a DH group smaller than that. Also check to make sure the key isn't obviously bogus (<=1 || >= p-1), though as the key is purely ephemeral it doesn't seem like a small subgroup attack would provide much advantage anyway.
* Include FAQ and dl links in contents. Rearrange download linkslloyd2012-06-213-82/+38
|
* Only use Disqus if the Sphinx tag is set.lloyd2012-06-2011-57/+58
| | | | | | | | | Use extlinks extension for download links, bug reports, and mailing list archives. Disable devel mode on Disqus. Fix some broken links detected with Sphinx's linkcheck target.
* Hooks for Disqus commentslloyd2012-06-203-5/+44
|
* Split log.txt into individual release notes. Integrate most of thelloyd2012-06-20175-2318/+2635
| | | | | | | | relevant contents from the pyblosxom news site into said relnotes. DRY suggests having only one form of release notes, and having it in the public source repo. Also some updates for the allocator changes.
* Return existing certs fast if there is a matchlloyd2012-06-201-0/+15
|
* Allow configurable # of threads, useful for scale testinglloyd2012-06-201-2/+4
|
* Doc updateslloyd2012-06-204-19/+28
|
* Update docs for new secure_vectorlloyd2012-06-201-73/+23
|
* Add missing headers, triggered errors under minimal buildslloyd2012-06-192-0/+2
|
* Remove BOTAN_MEM_POOL_CHUNK_SIZE macro from build.h, no longer used.lloyd2012-06-192-10/+12
| | | | | Move Karatsuba cutoffs to mp_karat.cpp as that is the only place that uses them and I doubt these get tweaked much (ever).
* In Karatsuba multiplication, we would avoid recursing in cases wherelloyd2012-06-191-48/+10
| | | | | | | | | we know one of the sub values was going to be zero. Avoid doing this as it exposes a timing channel. Some bn_asm code was manually inlined into the Karatsuba for doing additions. Just call the normal functions - if these are too slow that should be fixed.
* Make TLS::Channel::send non-virtual as neither Client nor Serverlloyd2012-06-189-21/+58
| | | | | | | | | | | | | | | | | | | needed to derive from it. Add a new overload of send taking a std::string for convenience (eg client.send("GET / HTTP/1.0\n\r")). Let Channel::renegotiatate's force_full_renegotiation argument default to false. Fix a bug where if we negotiated TLS v1.2 and our Policy was configured to only use MD5 we would send an empty allowed signatures which is maybe bogus or maybe just ambigious (RFC is unclear, though we reject in this case). To fix this, support putting MD5 in the signature algorithms extension, and then in choose_sig_format order first by our hash preference, and only allow hashes that are allowed by policy. Thus is a client claims to support both SHA-2 and MD5 we'll choose SHA-2 even if the client put MD5 first (some versions of GnuTLS ordered the list backwards due to a bug, so this is actually a useful behavior).
* Update links for 1.10.2lloyd2012-06-171-11/+11
|
* Port in 1.10.2 change noteslloyd2012-06-171-5/+10
|
* Patch name changedlloyd2012-06-172-46/+15
|
* Update to rev 924b482d25 from https://github.com/OlivierJG/botansqlite3lloyd2012-06-174-24/+28
|
* Use the extended Euclidean algorithm for computing the inverse forlloyd2012-06-171-10/+57
| | | | | | | Montgomery exponentiation as except for the very first division all operands are single words and thus we can assume we have a relatively fast division operation (and additionally working only with words avoids dynamic allocation).
* Commented out entry for anon in default policy:lloyd2012-06-171-0/+1
|
* We would never negotiate anon DH/ECDH even if policy allowed it andlloyd2012-06-171-1/+1
| | | | | the client requested because we wouldn't have a cert chain set for anon.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 15:04:23 +0000