aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Create and save certs on the fly for hostnames as they are asked forlloyd2012-02-031-17/+89
|
* Actually check CA signatures in Credentials_Manager. This area needs alloyd2012-02-016-18/+55
| | | | lot more work before this can be deployed.
* Support getting ciphersuites by name as well as suite IDlloyd2012-01-286-10/+29
|
* Add Camellia ciphersuites from RFC 4132.lloyd2012-01-283-5/+40
| | | | | | Fix Ciphersuite_Preference_Ordering which treated two ciphersuites with the same algos but different keylengths as equivalent, causing them to be lost. Always prefer the longer key.
* propagate from branch 'net.randombit.botan' (head ↵lloyd2012-01-28104-4792/+9200
|\ | | | | | | | | | | 3f6b267bc00d2da1b5d36ca2215c3e1b6a40e796) to branch 'net.randombit.botan.tls-state-machine' (head 7df407e6678bd51328c348fd2a665f20fb22d62d)
| * Add anon SRP ciphersuites to the list, add missing _CBC on thelloyd2012-01-282-12/+27
| | | | | | | | existing enum values.
| * Support alternate PRF hashes in TLS 1.2. Add support for the SHA-384lloyd2012-01-288-74/+90
| | | | | | | | ciphersuites.
| * Fix inverted conditionallloyd2012-01-271-2/+2
| |
| * Change naming convention to match RFCslloyd2012-01-275-30/+26
| |
| * Remove debug outputlloyd2012-01-271-11/+0
| |
| * Server side PSKlloyd2012-01-274-101/+124
| |
| * Working though somewhat clumsy DHE_PSK and ECDHE_PSK. Tested against GnuTLSlloyd2012-01-275-24/+100
| |
| * Somewhat cleaner PSK handlinglloyd2012-01-273-27/+34
| |
| * Server side PSK kexlloyd2012-01-274-13/+37
| |
| * Split up the psk function as the server also wants to be able to looklloyd2012-01-274-22/+51
| | | | | | | | up a PSK from an identity.
| * Credentials hooks for PSKlloyd2012-01-272-2/+27
| |
| * Add client-side support for PSK kex. Tested against OpenSSL.lloyd2012-01-278-14/+97
| |
| * Use boost::asio instead of standalone asio as it's more commonlylloyd2012-01-273-44/+49
| | | | | | | | | | available. If an error occurs in loading a certificate, etc then simply ignore it.
| * First attempt to get certificates matching the name the client sent inlloyd2012-01-271-3/+27
| | | | | | | | | | the SNI extension. If we can't find anything, send an unrecognized_name alert and then retry with the requested server name as "" (ie default).
| * Remove Alert::Level enum, replace with boollloyd2012-01-265-14/+10
| |
| * Change callback interface to pass the Alert object itself insteadlloyd2012-01-2611-31/+100
| | | | | | | | | | | | of just the type code. Implement Alert::type_string
| * Make Alert a first class object ala Version. Move the alert codes intolloyd2012-01-2623-177/+224
| | | | | | | | the Alert class for namespacing.
| * Need boost_thread for asio example nowlloyd2012-01-261-0/+3
| |
| * Use multiple threads in asio example serverlloyd2012-01-261-13/+74
| |
| * Deleting the return of private_key_for in the TLS server forces thelloyd2012-01-264-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | credentials server to return a new copy each time which is slow and mostly pointless. Instead, specify that the key remains owned by the credentials manager. This is theoretically an issue if you have thousands of keys to manage; the credentials server doesn't actually know when they have gone out of scope until its destructor runs. So it could be forced to use a lot of memory in the meantime. I'm not sure that this is a case worth optimizing for, at least until someone comes along who actually has this as a problem.
| * Clean up record writer a bitlloyd2012-01-251-55/+60
| |
| * Move around the order of arguments to activate() and add thelloyd2012-01-255-14/+30
| | | | | | | | | | compression method (currently we just ensure that no compression was negotiated)
| * In earlier versions, key exchange == "RSA" meant export-stylelloyd2012-01-255-20/+22
| | | | | | | | | | | | | | | | | | | | | | | | ephemeral RSA, and key exchange == "" meant RSA via the key in the server certificate. However we don't support any of the export suites anymore (and in fact that code probably never worked), so use kex algo == "RSA" to represent the server cert case as it's much easier to read the code and to understand from a policy configuration perspective. Also fix the default policy, "TripleDES" != "3DES" so we would not offer (as a client) and would reject (as a server) any 3DES ciphersuites.
| * Move all key exchange mechanism code (eg DH/ECDH/SRP) out of thelloyd2012-01-256-95/+143
| | | | | | | | | | server handshake flow and into the server and client key exchange message types. It already was hidden from the client handshake code.
| * Fix printing PSK ciphersuites. Better assert msg.lloyd2012-01-252-14/+17
| |
| * Convenience methodlloyd2012-01-251-0/+2
| |
| * Go back to choosing the ciphersuite based on the server's preferences.lloyd2012-01-255-25/+57
| | | | | | | | | | | | | | | | | | The client can constrain their offering if they want to. Add identifiers for PSK suites (not implemented) Rename hide_unknown_srp_users to hide_unknown_users as it can be used for PSK as well.
| * Hiding SRP users or not is policy. Not sure what the default should be for thislloyd2012-01-251-2/+10
| |
| * Storing the version as a single u16bit makes compares simplerlloyd2012-01-241-27/+14
| |
| * Move extension type here, no need to make it visible to appslloyd2012-01-242-20/+20
| |
| * s/tls_suites/tls_ciphersuite/lloyd2012-01-248-13/+14
| |
| * Require ECDH and ECDSA modules for TLS. This is slightly non-optimallloyd2012-01-241-0/+2
| | | | | | | | | | | | | | in that RedHat doesn't want to ship ECC of any kind, which would prevent shipping TLS as well, but actually IIRC they'll want to physically strip out the code anyway (just #if 0 wasn't good enough), so they can just patch the whole thing out if they want.
| * Add support for the IDEA ciphersuite, though don't require it to belloyd2012-01-243-1/+13
| | | | | | | | | | compiled in for TLS as IIRC it's still patented in Europe for another year or two.
| * Fix ECC curve negotiation on the server side.lloyd2012-01-242-35/+34
| | | | | | | | | | | | | | | | | | | | Avoid accidentally negotiating SRP. Fix TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 which was marked as an ECDSA suite. Tested to work with OpenSSL 1.0.1 beta. Remove SHA-384 suites for now so we won't negotiate them as the right hooks for the PRF do not exist yet.
| * We can now actually handle multiple certificate types in the serverlloyd2012-01-249-62/+112
| | | | | | | | | | and will choose one depending on which ciphersuites the client offered.
| * Remove Certificate_Type enumlloyd2012-01-243-16/+52
| |
| * ECDSA support. Only client side testedlloyd2012-01-242-4/+4
| |
| * Send the supported elliptic curves extension. Instead of hardcodinglloyd2012-01-248-23/+66
| | | | | | | | | | | | | | the values let policy specify them. Also choose an ECC curve for server kex from the client hello. Choice is via policy, default implementation is to choose the first curve the client supports out of the server's preference list.
| * Get the list of supported ECC curves out of the client hello, andlloyd2012-01-245-4/+17
| | | | | | | | | | avoid negotiating an ECDH key exchange if the client didn't send any curves that we know about.
| * Forgot to check in server side ECDH key genlloyd2012-01-241-3/+11
| |
| * Allow ECDH negotiation by defaultlloyd2012-01-241-4/+1
| |
| * For ECDH you don't strip leading zeros. Bikeshedding: 1 Consistency: 0lloyd2012-01-241-3/+5
| |
| * Read ECDH client key exchange messageslloyd2012-01-241-25/+26
| |
| * Working ECDH key exchange. Only tested on client side but seems goodlloyd2012-01-243-37/+95
| | | | | | | | | | | | | | there. Only named curves supported, likely won't ever support explicit curves cause that's just asking for problems.
| * Cleanuplloyd2012-01-241-10/+10
| |