aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Expand)AuthorAgeFilesLines
* Use shared representation of EC_GroupJack Lloyd2018-01-311-1/+1
* Move generic TLS tests to test_tls.cppJack Lloyd2018-01-282-5/+7
* Reorder signature scheme listJack Lloyd2018-01-281-12/+20
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-2822-716/+1144
* Avoid resuming a session if policy doesn't allow itJack Lloyd2018-01-282-3/+4
* For TLS client auth add callback giving list of trusted CA namesJack Lloyd2018-01-274-5/+40
* Fix a few warningsJack Lloyd2018-01-271-2/+2
* Make it possible to test custom extensionsJack Lloyd2018-01-273-13/+59
* Add an examine callback alsoJack Lloyd2018-01-277-11/+45
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-279-1/+56
* Remove vestigial support for TLS compressionJack Lloyd2018-01-2111-118/+60
* Avoid saving a resumed session multiple timesJack Lloyd2017-12-071-1/+3
* Handle #1303 on the server sideJack Lloyd2017-12-071-1/+13
* On resuming a client session, save the certificates that were used.Jack Lloyd2017-12-073-3/+17
* Fix formatting in TLS server code [ci skip]Jack Lloyd2017-12-071-193/+179
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-0413-0/+13
* Move TLS signature and key exchange code into callbacksHarry Reimann2017-12-047-96/+237
* Make support for certificate status messages optional via policyHarry Reimann2017-12-046-10/+40
* Merge GH #1316 Various TLS fixesJack Lloyd2017-11-284-9/+24
|\
| * Add an explicit catch for a server trying to negotiate SSLv3Jack Lloyd2017-11-281-1/+7
| * Correct version selection logic in TLS serverJack Lloyd2017-11-281-0/+5
| * Tighten up checks on signature key exchange messageJack Lloyd2017-11-281-1/+1
| * Return correct alert type on malformed DH/ECDH messages.Jack Lloyd2017-11-281-7/+11
* | Run TLS hello random fields through SHA-256Jack Lloyd2017-11-281-1/+7
|/
* Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.Jack Lloyd2017-11-261-0/+3
* Fix errors caught with tlsfuzzerJack Lloyd2017-11-263-10/+5
* Add <functional> include to TLS headers which use std::functionJack Lloyd2017-11-142-0/+2
* Remove final on TLS policy objects (GH #1292)Jack Lloyd2017-11-131-4/+4
* Add support for ARIA GCM ciphersuitesJack Lloyd2017-11-032-1/+19
* Avoid saving a session to SQL database with empty hostnameJack Lloyd2017-11-021-0/+3
* Merge GH #1275 Avoid needless throw/catch during TLS handshakeJack Lloyd2017-10-261-1/+2
|\
| * Added missing include.Frank Schoenmann2017-10-251-0/+1
| * Perform OIDS lookup before to prevent a guaranteed exception in EC_Group.Frank Schoenmann2017-10-251-1/+1
* | Avoid sending OCSP status request on resumption client helloJack Lloyd2017-10-251-2/+0
|/
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
* Merge GH #1263 Support FFDHE negotiation in TLSJack Lloyd2017-10-229-28/+206
|\
| * Remove check for negotiated DH group in TLS clientRené Korthaus2017-10-201-29/+0
| * Fall back to default group if client does not send any DH groupsRené Korthaus2017-10-202-2/+19
| * Add allowed values for allowed groupsRené Korthaus2017-10-181-3/+13
| * Add supported groups TLS extension (RFC 7919)René Korthaus2017-10-1710-27/+207
* | Remove redundant checkJack Lloyd2017-10-201-3/+0
* | Use base CBC modes to implement TLS CBC ciphersuitesJack Lloyd2017-10-193-49/+36
|/
* Additional final annotationsJack Lloyd2017-10-151-2/+2
* Add comments explaining why its ok to rely on deprecated features here.Jack Lloyd2017-10-092-0/+8
* Add a special Compat_Callbacks constructor to silence deprecation warnings.Jack Lloyd2017-10-093-7/+24
* Address various GCC warningsJack Lloyd2017-10-062-5/+5
* Avoid empty methods, use =default or add a commentJack Lloyd2017-10-033-3/+3
* Add wrappers for reinterpret_cast between char* and uint8_t*Jack Lloyd2017-10-033-8/+6
* Remove redundant parensJack Lloyd2017-10-031-1/+1
* Remove various unused variablesJack Lloyd2017-10-021-2/+0