aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_callbacks.h
Commit message (Collapse)AuthorAgeFilesLines
* Make the TLS OCSP callback not const.Jack Lloyd2019-06-291-1/+4
| | | | | As the impl may need to do side-effecting things in order to get the most recent response.
* Add support for HelloVerifyRequest on server sideJack Lloyd2019-06-181-0/+12
| | | | Closes GH #1833
* Shorten callback nameJack Lloyd2019-05-221-2/+2
|
* Formatting and post-rebase fixesJack Lloyd2019-05-221-10/+15
|
* added status_request extension and cert chain to the stapling-reponse ↵Falko Strenzke2019-05-221-1/+3
| | | | generating callback's signature
* implemented ocsp stapling (code not yet formatted properly)Falko Strenzke2019-05-221-0/+12
|
* Correct Doxygen errorsJack Lloyd2018-07-021-2/+2
|
* Fix some warnings new in GCC 8.1Jack Lloyd2018-05-071-15/+18
| | | | | It thinks the typedefs are "locals" that are being conflicted with, which seems wrong to me but whatever.
* Add callback for decoding TLS group paramsJack Lloyd2018-02-131-0/+11
|
* Add an examine callback alsoJack Lloyd2018-01-271-6/+28
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-271-0/+12
| | | | GH #1186
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-041-0/+1
|
* Move TLS signature and key exchange code into callbacksHarry Reimann2017-12-041-0/+85
| | | | | | | Give applications using an external crypto device for signature generation and/or verification and/or (ec)dh key exchange while establishing a TLS session hooks to implement the corresponding functionality.
* Add <functional> include to TLS headers which use std::functionJack Lloyd2017-11-141-0/+1
|
* Add a special Compat_Callbacks constructor to silence deprecation warnings.Jack Lloyd2017-10-091-0/+20
| | | | | | That way we avoid the warning internally even in amalgamation mode. GH #1243
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-2/+2
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Use 3 arg BOTAN_UNUSED in a codepath that is compiled oftenSimon Warta2017-04-171-3/+1
| | | | | just to verify the implementation works fine across platforms and compilers
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-6/+6
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-1/+2
|
* Add missing Doxygen param [ci skip]Jack Lloyd2016-11-251-0/+2
|
* Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-251-1/+3
| | | | | | Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
* Address review comments from @cordneyJack Lloyd2016-11-251-0/+1
| | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
* Add the documented function for OCSP timeoutsJack Lloyd2016-11-231-0/+9
|
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-231-1/+44
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Add new TLS callback for when session is activatedJack Lloyd2016-11-161-0/+6
| | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* Add TLS callbacks for debug and error logging.Jack Lloyd2016-10-281-2/+28
| | | | | Not currently called but leaves us the opening to use them in the future without breaking ABI.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-5/+9
|
* Move some Callback functions to a source file.Jack Lloyd2016-08-311-7/+5
| | | | | | Just to avoid the unused parameter warning (we want the parameter to be named in the header for documentation purposes, but in that case GCC warns that the param is unused).
* Added doxygen function parameter comments to tls_callbacks.hDan Brown2016-08-191-12/+32
|
* Add a Callbacks function for ALPNJack Lloyd2016-08-161-4/+31
|
* Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-30/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
* Compatibility patch for TLS::Callback interfaceMatthias Gierlings2016-06-191-7/+22
| | | | | - Added legacy constructor support for TLS::Channel, TLS::Client, TLS::Server.
* Added virtual Callback InterfaceMatthias Gierlings2016-06-191-0/+97
- extracted inner class TLS::Channel::Callbacks to stand-alone class TLS::Callbacks. - provided default implementations for TLS::Callbacks members executing calls to std::function members for backward compatibility. - applied changes to cli, tests and TLS::Channel related classes to be compatible with new interface.