| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Fixes #1422
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
Allows cleaning up header includes, also somewhat smaller binaries.
|
| |
|
| |
|
|
|
|
|
|
| |
Not really a problem since we're exiting shortly afterwards.
[ci skip]
|
|
|
|
| |
Prevents redirection using --output and --error-output
|
|
|
|
|
|
| |
Based on the work by @slicer4ever, adds support for
Windows sockets to http_util. As a bonus, we get Windows support
for tls_client and tls_server CLI.
|
| |
|
|
|
|
|
|
|
|
|
| |
RFC 6066 section 3 says: Literal IPv4 and IPv6 addresses are not
permitted in "HostName". But if a user passes an IP address to
botan tls_client as connect address, this is also used for SNI.
Some TLS server like libtls from the LibreSSL project check that a
provided hostname is a DNS name. The TLS connection attempt from
botan is rejected with a fatal alert.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Changes TLS callback API for cert verify to accept Policy&
Sets default signature strength to 110 to force RSA ~2048.
|
| |
|
|
|
|
|
|
| |
It is the only function in C_M which is called on to process session-specific
(and adversarially provided) inputs, rather than passively returning some credential
which is typically not session specific.
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
Still not a hard error even in maintainer mode because sometimes
system headers pull in C style casts via macros (eg MAP_FAILED).
But, it not being a hard error makes it easy to backslide.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
|
|
|
|
| |
- Removed proposed wrapper class to logically group TLS session
properties.
|
|
|
|
|
|
|
|
|
| |
- extracted inner class TLS::Channel::Callbacks to stand-alone class
TLS::Callbacks.
- provided default implementations for TLS::Callbacks members executing
calls to std::function members for backward compatibility.
- applied changes to cli, tests and TLS::Channel related classes to be
compatible with new interface.
|
|
|
|
|
|
| |
- Removed deprecated TLS-Alert-Callback parameters.
- Fixed improper naming of accessor for ALPN-Strings in tls_client.h
- Fixed erroneous indentation on Ciphersuite Constructor.
|
|
|
|
|
|
|
| |
-reduced number of parameters in various methods
-reduced cyclomatic complexity (McCabe-Metric)
-removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover
from heartbeat extension removal?)
|
|
|
|
|
|
| |
Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2
Update todo
|
|
|
|
|
| |
The signature of the alert callback remains unchanged to avoid
breaking applications, though now the buffer parameter is never set.
|
|
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
|
|
|
| |
Avoids various static init and destruction hassles.
|
|
|
|
|
|
|
| |
for when a command wants an RNG but doesn't much care what kind.
This adds a place where a future --rng-type= option can be consulted
to eg use the system RNG or a user seeded DRBG.
|
|
|
|
| |
See GH #340 and 6b9a3a5 for background
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The command line tools' origin as a collection of examples and test
programs glued together led to some unfortunate problems; lots of
hardcoded values, missing parameters, and obsolete crypto.
Adds a small library for writing command line programs of the sort
needed here (cli.h), which cuts the length of many of the commands in
half and makes commands more pleasant to write and extend.
Generalizes a lot of the commands also, eg previously only
signing/verification with DSA/SHA-1 was included!
Removes the fuzzer entry point since that's fairly useless outside of
an instrumented build.
Removes the in-library API for benchmarking.
|
|
|