botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add encryption for the SQLite sessions database	lloyd	2012-03-22	4	-54/+163
\|
*	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-22	16	-57/+456
\|\ \| \| \| \| \| \| \| \| \| \|	6bcbae3d22e4d873a8e941d0325ad666482ac4da) to branch 'net.randombit.botan.tls-session-ticket' (head 9048722b5d18b39cf21f8542942dab94a9bd4e6b)
\| *	Server side handling of session tickets, though currently with a	lloyd	2012-03-22	7	-33/+106
\| \| \| \| \| \| \| \|	hard-coded key.
\| *	Working client-side session tickets. Tested against gmail.com and	lloyd	2012-03-22	6	-17/+37
\| \| \| \| \| \| \| \|	OpenSSL 1.0.1-beta2 running on localhost.
\| *	Correct ticket decoding/encoding	lloyd	2012-03-22	1	-5/+6
\| \|
\| *	Add missing source file for New_Session_Ticket msg	lloyd	2012-03-22	1	-0/+39
\| \|
\| *	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-22	5	-3/+313
\| \|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	f761c340d4390c232d1a9896f3fde5c9dec7858b) to branch 'net.randombit.botan.tls-session-ticket' (head bf9feb245aa7185e22948a21a3099acac7237b44)
\| * \|	Basic protocol message flow for session tickets	lloyd	2012-03-20	11	-64/+120
\| \| \|
\| * \|	Small fixes, cleanups	lloyd	2012-03-19	5	-9/+22
\| \| \|
\| * \|	Various merge fixups.	lloyd	2012-03-16	5	-47/+58
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Use AES-256 so we don't encrypt session tickets with a weaker algo than the ciphersuites.
\| * \|	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-16	7	-4/+190
\| \|\ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	9a12f28252f9b0a051a85c4647679a715161d06c) to branch 'net.randombit.botan.tls-session-ticket' (head ebf45d24a44fb4d1e66e59fe8abefe6f8a53cf02)
\| \| * \	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-16	83	-2328/+4962
\| \| \|\ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	c24b5d6b012131b177d38bddb8b06d73f81f70c4) to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
\| \| * \| \|	Build fixes	lloyd	2012-01-11	4	-11/+20
\| \| \| \| \|
\| \| * \| \|	Outline of RFC 5077 session tickets	lloyd	2012-01-11	5	-3/+170
\| \| \| \| \|
* \| \| \| \|	Add some helper functions for data access	lloyd	2012-03-22	1	-22/+33
\| \|_\|_\|/ \|/\| \| \|
* \| \| \|	Reorder schema and make the session id a primary key since it should	lloyd	2012-03-22	1	-7/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	not only be unique but fast searches on it are likely useful. Not bothering to put an index on the (hostname,hostport) tuple as it's only used by clients on initial connection, and even at a 10K rows that search wouldn't take long at all.
* \| \| \|	Oops, libsqlite is sqlite2, link to libsqlite3	lloyd	2012-03-22	1	-1/+1
\| \| \| \|
* \| \| \|	Expire old sessions and limit the cache size in the sqlite session manager.	lloyd	2012-03-22	2	-16/+62
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Also when pulling a session via host info, try the most recent session first (rather than the oldest!).
* \| \| \|	First rev at a SQLite TLS session manager. Should be encrypting the	lloyd	2012-03-22	3	-0/+265
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	sessions; will defer until session ticket support lands. Also currently isn't handling session expiry or limiting the number of stored sessions.
* \| \| \|	Remove extra BER_Decoder object	lloyd	2012-03-22	1	-2/+0
\| \| \| \|
* \| \| \|	Off by one in decode_constrained_integer, broke Session DER decoding	lloyd	2012-03-22	1	-1/+2
\|/ / /
* \| /	Add missing source for DTLS hello verify	lloyd	2012-03-16	1	-0/+61
\| \|/ \|/\|
* \|	Add SecureQueue::empty	lloyd	2012-03-07	9	-27/+56
\| \| \| \| \| \| \| \| \| \| \| \|	Hide the handshake reader behind a function. Add pieces for DTLS hello verify request message
* \|	Add an abstraction for reading handshake messages (as DTLS handles it	lloyd	2012-03-05	14	-91/+215
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	quite differently). Avoid using a queue for reading certificates. Hide the version code in the handshake state with a getter and setter.
* \|	Move the handshake serialization code to Record_Writer	lloyd	2012-03-03	11	-39/+44
\| \|
* \|	Move min_version and pref_version to the source file so they can be	lloyd	2012-03-02	2	-4/+12
\| \| \| \| \| \| \| \| \| \|	overridden easily in a new release without changing binaries linked against an earlier version.
* \|	Bad conditional	lloyd	2012-02-28	1	-1/+1
\| \|
* \|	We would call the handshake callback twice on session resumption:	lloyd	2012-02-28	1	-20/+19
\| \| \| \| \| \| \| \|	misplaced braces.
* \|	Add makefile dependency on credentials.h. Use 1024 bit keys for	lloyd	2012-02-27	3	-11/+19
\| \| \| \| \| \| \| \|	RSA/DSA. Add function for choosing thread count.
* \|	Indentation	lloyd	2012-02-27	6	-38/+38
\| \|
* \|	Create and save certs on the fly for hostnames as they are asked for	lloyd	2012-02-03	1	-17/+89
\| \|
* \|	Actually check CA signatures in Credentials_Manager. This area needs a	lloyd	2012-02-01	6	-18/+55
\| \| \| \| \| \| \| \|	lot more work before this can be deployed.
* \|	Support getting ciphersuites by name as well as suite ID	lloyd	2012-01-28	6	-10/+29
\| \|
* \|	Add Camellia ciphersuites from RFC 4132.	lloyd	2012-01-28	3	-5/+40
\| \| \| \| \| \| \| \| \| \| \| \|	Fix Ciphersuite_Preference_Ordering which treated two ciphersuites with the same algos but different keylengths as equivalent, causing them to be lost. Always prefer the longer key.
* \|	propagate from branch 'net.randombit.botan' (head ↵	lloyd	2012-01-28	104	-4792/+9200
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	3f6b267bc00d2da1b5d36ca2215c3e1b6a40e796) to branch 'net.randombit.botan.tls-state-machine' (head 7df407e6678bd51328c348fd2a665f20fb22d62d)
\| * \|	Add anon SRP ciphersuites to the list, add missing _CBC on the	lloyd	2012-01-28	2	-12/+27
\| \| \| \| \| \| \| \| \| \| \| \|	existing enum values.
\| * \|	Support alternate PRF hashes in TLS 1.2. Add support for the SHA-384	lloyd	2012-01-28	8	-74/+90
\| \| \| \| \| \| \| \| \| \| \| \|	ciphersuites.
\| * \|	Fix inverted conditional	lloyd	2012-01-27	1	-2/+2
\| \| \|
\| * \|	Change naming convention to match RFCs	lloyd	2012-01-27	5	-30/+26
\| \| \|
\| * \|	Remove debug output	lloyd	2012-01-27	1	-11/+0
\| \| \|
\| * \|	Server side PSK	lloyd	2012-01-27	4	-101/+124
\| \| \|
\| * \|	Working though somewhat clumsy DHE_PSK and ECDHE_PSK. Tested against GnuTLS	lloyd	2012-01-27	5	-24/+100
\| \| \|
\| * \|	Somewhat cleaner PSK handling	lloyd	2012-01-27	3	-27/+34
\| \| \|
\| * \|	Server side PSK kex	lloyd	2012-01-27	4	-13/+37
\| \| \|
\| * \|	Split up the psk function as the server also wants to be able to look	lloyd	2012-01-27	4	-22/+51
\| \| \| \| \| \| \| \| \| \| \| \|	up a PSK from an identity.
\| * \|	Credentials hooks for PSK	lloyd	2012-01-27	2	-2/+27
\| \| \|
\| * \|	Add client-side support for PSK kex. Tested against OpenSSL.	lloyd	2012-01-27	8	-14/+97
\| \| \|
\| * \|	Use boost::asio instead of standalone asio as it's more commonly	lloyd	2012-01-27	3	-44/+49
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	available. If an error occurs in loading a certificate, etc then simply ignore it.
\| * \|	First attempt to get certificates matching the name the client sent in	lloyd	2012-01-27	1	-3/+27
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	the SNI extension. If we can't find anything, send an unrecognized_name alert and then retry with the requested server name as "" (ie default).
\| * \|	Remove Alert::Level enum, replace with bool	lloyd	2012-01-26	5	-14/+10
\| \| \|