aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* No longer a part of session statelloyd2012-09-181-4/+0
|
* 1.10.3 builds OK with Intel C++ 11.1lloyd2012-09-171-0/+2
|
* Document the version checkinglloyd2012-09-172-0/+88
|
* Build the return value of version_string at compile time instead of atlloyd2012-09-141-16/+17
| | | | runtime so it's easy to find in a binary with strings.
* Inline Channel::{read,write}_cipher_state, only one caller eachlloyd2012-09-142-24/+11
|
* secure_renegotiation isn't a session value anymorelloyd2012-09-142-8/+0
|
* Expose to public in TLS::Channel peer_supports_heartbeats,lloyd2012-09-131-6/+16
| | | | heartbeat_sending_allowed, and secure_renegotiation_supported.
* Store the cipher states in the handshake state object as shared_ptrs.lloyd2012-09-134-43/+94
| | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS).
* Update creators of Session to new constructorlloyd2012-09-122-2/+0
|
* It seems other implementations define the secure renegotiation flag tolloyd2012-09-124-20/+11
| | | | | | | | be part of the connection rather than part of the session. That really does make more sense, so go with it. Changes the format of serialized sessions, but we already broke that with the crypto change.
* A quite different approach to extension handling, store both inboundlloyd2012-09-128-282/+233
| | | | | | | | | and outbound extensions in an Extension, and pull out values as requested. This is to some extent just a cleanup but also assures us that the client and the server do agree on what extensions were set. Previously it was possible for extensions to mismatch, eg we set a field in the client hello structure but it didn't make it into an extension.
* Spellinglloyd2012-09-126-18/+17
|
* Duplicated extension checks!lloyd2012-09-121-12/+0
|
* Remove Channel::m_secure_renegotiation, instead derive from current state.lloyd2012-09-122-46/+23
|
* Clarify that this is an incompatible changelloyd2012-09-121-1/+4
|
* CBC overwrote (encrypted) the following block in write_record. Illoyd2012-09-121-1/+4
| | | | | | | | | | | | | | missed it before because the buffer was pre-sized to maximum allowable, thus it just encrypted something we never sent. However after the buffer sizes were set to zero, it would start encrypting ... something ... after the block. This would manifest by strange crashes during a full client renegotiation. The problem was that the buffer was sized up a bit for sending the unencrypted messages (client kex, etc) and so we had some wiggle room. However sending an encrypted client kex took more space than that (due to the MAC, etc) so a full renegotiation would cause values to be overwritten.
* Formattinglloyd2012-09-111-2/+2
|
* Clean up the handling of close notify alerts a bit. Also returnlloyd2012-09-111-6/+7
| | | | | immediately from received_data when we see a fatal alert - we are uninterested in any further data at that point.
* Typolloyd2012-09-111-1/+1
|
* Add helper functionlloyd2012-09-112-7/+8
|
* This buffer size does not need to match TLSlloyd2012-09-111-1/+1
|
* Set m_readbuf_pos == m_readbuf.size(), resizing the vector as neededlloyd2012-09-115-34/+21
| | | | rather than preallocating the maximum possible size.
* The write buffer is cleared and rewritten by write_record, so we don'tlloyd2012-09-112-6/+5
| | | | | | need to pre-size it. Reorganize Channel members a bit
* Pass the record sequence # up to Channellloyd2012-09-113-12/+13
|
* Move the record type checks up to Channel as besides that the recordlloyd2012-09-113-41/+22
| | | | reader doesn't care what the record type is.
* No reason to pass a u16bit by referencelloyd2012-09-103-3/+3
|
* New logic for DTLS replay detection. Abstracts the sequence handlinglloyd2012-09-106-30/+168
| | | | out a bit. Handling of initial server record is pretty nasty.
* This note is accurate nowlloyd2012-09-091-4/+3
|
* Consider DTLS v1.0 and v1.2 knownlloyd2012-09-091-2/+3
|
* Remove debug outputlloyd2012-09-091-1/+1
|
* Support both TLS and DTLS in the tls_server example.lloyd2012-09-092-410/+159
| | | | Drop the fairly bogus socket wrapper layer.
* Expect a cookie field in a DTLS client hellolloyd2012-09-091-0/+3
|
* Support DTLS in tls_client. Support client-initiated close_notify (via 'Q')lloyd2012-09-091-98/+103
|
* Rename functionlloyd2012-09-092-16/+16
|
* Remove redundant Channel::m_current_versionlloyd2012-09-094-30/+30
|
* Create the IO in Channel and then pass it down to new_handshake_statelloyd2012-09-097-37/+39
| | | | as the logic is the same for both cases.
* Store the is-SSLv3 flag in the cipher state as the difference is onlylloyd2012-09-092-22/+19
| | | | relevent after we've got a cipher state enabled.
* Clean up includeslloyd2012-09-094-6/+5
|
* Also hide Channel::m_handshake_fnlloyd2012-09-093-5/+5
|
* Hide Channel::m_rng and Channel::m_session_manager, add getterslloyd2012-09-094-23/+28
|
* Small cleanuplloyd2012-09-081-1/+5
|
* Only accept a hello request if an active state currently exists.lloyd2012-09-071-4/+2
| | | | | Remove setting HELLO_REQUEST after we see the finished - we'll never see it in this state object.
* Per Google's spec the client is not supposed to include a NPNlloyd2012-09-071-0/+4
| | | | extension in renegotiations
* This should be inlinelloyd2012-09-071-1/+1
|
* Small doc tweakslloyd2012-09-071-6/+6
|
* Add support for key material exportlloyd2012-09-075-0/+69
|
* Remove Channel::m_peer_certs, instead retrieve directly from the state.lloyd2012-09-076-12/+45
| | | | | | | | This also very happily avoids a race in renegotiation. If you first negotiated using cert X, then renegotiated with Y, during the period between the certificate message and the finished message, Channel::peer_cert_chain would return Y instead of X. Now, it returns Y only after the finished message has been verified.
* Avoid another instance of pulling the key out of the certificatelloyd2012-09-073-9/+7
|
* Just dynamic_cast once at the start of process_handshake_msglloyd2012-09-072-21/+20
|
* Save the peer public key in the handshake state instead of pulling itlloyd2012-09-076-16/+29
| | | | out of the cert repeatedly.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 01:34:42 +0000