aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Let TLS serialization know which side we are sending asJack Lloyd2019-05-245-59/+56
| | | | Since this matters for some extensions
* Add support for supported versions extension from TLS 1.3Jack Lloyd2019-05-248-30/+174
|
* Allow servers to prohibit renegotiation with fatal alertJack Lloyd2019-05-241-1/+4
|
* Add script for running TLS fuzzerJack Lloyd2019-05-243-1/+8
| | | | Fix a few minor issues found thereby
* Avoid unnecessary copies during TLS handshakeJack Lloyd2019-05-243-24/+28
|
* Ignore large DTLS ciphertextsJack Lloyd2019-05-231-2/+6
|
* Fix bugs when DTLS initial handshake messages are replayedJack Lloyd2019-05-233-0/+13
|
* Fix some issues with DTLS version intoleranceJack Lloyd2019-05-233-7/+21
|
* Verify contents of DTLS CCS messageJack Lloyd2019-05-231-0/+3
|
* Merge GH #1968 Document TLS::StreamJack Lloyd2019-05-231-1/+1
|\
| * fix Stream::async_handshake documentationHannes Rantzsch2019-05-231-1/+1
| |
* | Clean up extension decodingJack Lloyd2019-05-222-27/+11
| | | | | | | | TLS_Reader handles the offset checks for us
* | Shorten callback nameJack Lloyd2019-05-222-3/+3
| |
* | Add BoGo tests and fix resumption caseJack Lloyd2019-05-222-5/+8
| |
* | Formatting and post-rebase fixesJack Lloyd2019-05-224-34/+40
| |
* | added status_request extension and cert chain to the stapling-reponse ↵Falko Strenzke2019-05-224-14/+56
| | | | | | | | generating callback's signature
* | implemented ocsp stapling (code not yet formatted properly)Falko Strenzke2019-05-224-2/+36
| |
* | Fix more BoGo testsJack Lloyd2019-05-221-0/+3
|/ | | | | Now all tests either pass or are known to fail for some reason. Disable -allow-unimplemented
* Fix DTLS MTU splittingJack Lloyd2019-05-211-19/+5
| | | | We could/would send packets somewhat larger than MTU
* Fix TLS CBC in DTLS when a bad packet is received.Jack Lloyd2019-05-213-11/+25
| | | | | | The Lucky13 countermeasure causes the mac state to become corrupted, due to the extra inputs. Then the next packet fails its mac check. This causes the Lucky13 countermeasure to go off again, ...
* Fix various issues in TLS found using BoGoJack Lloyd2019-05-2027-187/+469
| | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* make template friends compile on clang and MSVCHannes Rantzsch2019-05-032-4/+4
|
* review: buffer accessors visibility, ignore ALERT::CLOSE_NOTIFY, docsHannes Rantzsch2019-04-292-72/+74
|
* simplify read_some and shutdownHannes Rantzsch2019-04-261-36/+23
|
* simplify error_code handling for handshake and writeHannes Rantzsch2019-04-261-39/+16
|
* Further cleanup of asio stream header filesHannes Rantzsch2019-04-269-600/+473
| | | | | | | * all async ops are now collected in one header and moved to the detail namespace * error categories are no longer a detail, as they are visible to the user * more documentation in asio_stream.h * remove asio_includes.h helper header
* tidy up StreamCore as an implementation detail of StreamHannes Rantzsch2019-04-264-132/+131
|
* start restructuring asio stream headersHannes Rantzsch2019-04-247-319/+176
| | | | | | | | | | | | | | | StreamCore is now a nested class of Stream and will soon be hidden from the public interface. The goal is to offer buffer-handling methods (like CopyReceivedData) directly in Steam and have StreamCore be responsible for Botan::TLS::Callbacks implementation only. This will remove the need to provide StreamCore as a parameter for Async Ops construction. StreamBase has been removed. Stream no longer decides whether it is a Client or a Server when constructed, but when performing the handshake. This resembles the interface of boost::asio::ssl::stream and hides the implementation detail from the user. In order to allow testing with mocked TLS::Channels anyways, we use SPHINAE to setup either a real channel or a mocked channel.
* remove convertException entirelyHannes Rantzsch2019-04-234-36/+73
|
* use ErrorType instead of TLS::error and remove convert_exceptions headerHannes Rantzsch2019-04-237-232/+43
|
* use existing TLS::Connection_Side instead of handshake_typeHannes Rantzsch2019-04-232-31/+24
|
* use class instead of structHannes Rantzsch2019-04-235-5/+10
|
* remove superfluous #ifdef guardsHannes Rantzsch2019-04-2310-30/+0
|
* review: low hanging fruitsHannes Rantzsch2019-04-165-26/+30
|
* Apply comment suggestions from code reviewRené Meusel2019-04-164-5/+8
| | | Co-Authored-By: hrantzsch <[email protected]>
* include build.h in all headers to make sure definitions are availableHannes Rantzsch2019-04-1611-0/+22
|
* documentation and minor fixes for async opsHannes Rantzsch2019-04-167-80/+149
|
* fix: require boost 1.66Hannes Rantzsch2019-04-1610-10/+10
|
* FIX: async_base immediate completionHannes Rantzsch2019-04-161-1/+1
| | | | see boostorg/beast#1557
* FIX: do not block when reading into zero-sized bufferHannes Rantzsch2019-04-161-3/+6
|
* use boost::beast::flat_buffer instead of our own buffer type in coreHannes Rantzsch2019-04-161-25/+16
|
* handle exceptions directly where native_handle is usedHannes Rantzsch2019-04-161-42/+33
|
* improve constructor interface of StreamHannes Rantzsch2019-04-165-38/+64
|
* add docs for asio_stream.h pulblic functionsTim Oesterreich2019-04-161-0/+128
|
* async_write_some returns amount of bytes commited to the core, instead of ↵Tim Oesterreich2019-04-163-4/+12
| | | | bytes sent on the wire; do not use boost::asio::async_read/write
* async ops will now call operator() from their constructor -> initiating ↵Tim Oesterreich2019-04-165-32/+25
| | | | functions do not have to call async_read/write anymore
* do not call completion_handler directly; allow async ops to be constructed ↵Tim Oesterreich2019-04-164-25/+35
| | | | with optional error_code
* don't pass int to size_tTim Oesterreich2019-04-161-3/+3
|
* factor out template-independent codeTim Oesterreich2019-04-161-37/+47
|
* properly handle iterator accessTim Oesterreich2019-04-161-5/+7
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 05:10:15 +0000