aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/tls_client.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Avoid leaking address info in the case of a connection failureJack Lloyd2017-09-031-2/+2
| | | | | | Not really a problem since we're exiting shortly afterwards. [ci skip]
* Avoid using std::cout and std::cerr within cli codeJack Lloyd2017-09-021-2/+2
| | | | Prevents redirection using --output and --error-output
* Add support for Windows sockets to http_utilRené Korthaus2017-08-041-2/+50
| | | | | | Based on the work by @slicer4ever, adds support for Windows sockets to http_util. As a bonus, we get Windows support for tls_client and tls_server CLI.
* Reformat code with astyle + fix code styleTomasz Frydrych2017-05-011-31/+50
|
* tls_client must not pass an IP address as server informationAlexander Bluhm2017-03-251-1/+11
| | | | | | | | | RFC 6066 section 3 says: Literal IPv4 and IPv6 addresses are not permitted in "HostName". But if a user passes an IP address to botan tls_client as connect address, this is also used for SNI. Some TLS server like libtls from the LibreSSL project check that a provided hostname is a DNS name. The TLS connection attempt from botan is rejected with a fatal alert.
* Add support for reaching IPv6 hosts in the tls_client CLIRené Korthaus2017-03-211-20/+26
|
* Document TLS::Policy::require_cert_revocation_infoJack Lloyd2016-11-281-1/+2
|
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-2/+5
|
* Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-251-2/+3
| | | | | | Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
* Report OCSP status in tls_clientJack Lloyd2016-11-231-0/+7
|
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-231-0/+26
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Fix TLS client next protocol handlingJack Lloyd2016-11-161-1/+2
| | | | [ci skip]
* Remove remaining old style casts.Jack Lloyd2016-11-091-3/+2
| | | | | | Still not a hard error even in maintainer mode because sometimes system headers pull in C style casts via macros (eg MAP_FAILED). But, it not being a hard error makes it easy to backslide.
* Initialize member variable (Coverity find)Jack Lloyd2016-10-221-1/+1
|
* Maintainer mode fixesJack Lloyd2016-08-311-2/+2
|
* Fix another unused variable warningJack Lloyd2016-08-311-1/+1
|
* Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-22/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
* Removed TLS::Session::PropertiesMatthias Gierlings2016-06-191-4/+3
| | | | | - Removed proposed wrapper class to logically group TLS session properties.
* Added virtual Callback InterfaceMatthias Gierlings2016-06-191-1/+1
| | | | | | | | | - extracted inner class TLS::Channel::Callbacks to stand-alone class TLS::Callbacks. - provided default implementations for TLS::Callbacks members executing calls to std::function members for backward compatibility. - applied changes to cli, tests and TLS::Channel related classes to be compatible with new interface.
* Implemented Feedback on GH #457Matthias Gierlings2016-06-191-2/+2
| | | | | | - Removed deprecated TLS-Alert-Callback parameters. - Fixed improper naming of accessor for ALPN-Strings in tls_client.h - Fixed erroneous indentation on Ciphersuite Constructor.
* Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-191-7/+10
| | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* TLS client featuresJack Lloyd2016-03-161-9/+52
| | | | | | Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2 Update todo
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-2/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Add final attribute to many classesJack Lloyd2016-01-101-1/+1
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Avoid having Command* objects be created until requested.Jack Lloyd2015-12-301-1/+1
| | | | Avoids various static init and destruction hassles.
* Add Command::rng()Jack Lloyd2015-12-271-5/+3
| | | | | | | for when a command wants an RNG but doesn't much care what kind. This adds a place where a future --rng-type= option can be consulted to eg use the system RNG or a user seeded DRBG.
* Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-191-6/+6
| | | | See GH #340 and 6b9a3a5 for background
* CLI rewriteJack Lloyd2015-12-191-201/+199
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Rename cmd/app -> cliSimon Warta2015-12-091-0/+294