aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl/hello.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Last u32bit->size_t for ssllloyd2010-10-151-25/+25
|
* Require a TLS_Policylloyd2010-09-171-8/+11
|
* Add a helper function for encoding TLS values with length tagginglloyd2010-09-151-18/+4
|
* Hide a number of the internal SSL headers from the user, you can stilllloyd2010-09-151-1/+1
| | | | see too much but better than before.
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-151-20/+22
|
* More vector->pointer conversion removals.lloyd2010-09-131-5/+3
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-071-1/+1
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* If we couldn't agree on a suite, fail immediatelylloyd2010-04-201-0/+5
|
* Add support for reading SSLv2 client helloslloyd2010-04-171-0/+34
|
* Instead of just discarding the extension size, confirm that thelloyd2010-03-301-1/+4
| | | | | claimed length matches the length of the data left in the client hello packet.
* Support TLS Extensions, specifically SNIlloyd2010-03-301-35/+29
|
* Add a class that knows how to decode a (very small subset of) TLS datalloyd2010-03-301-45/+76
| | | | | | formatting. Particularly useful in the ClientHello, but generally helps centralize the offset handling, which was particularly unreadable in the hello messages.
* Don't fail simply because the client sent a version code that we don'tlloyd2010-03-301-6/+0
| | | | | | | | know about; just continue and the server will choose either whatever the client supports, if it knows about it, or else the latest version it supports. So for instance if a client attempts to negotiate TLS 1.2, we'll not know about that version and return a ServerHello for 1.1 instead.
* Fix server handshake.lloyd2010-03-301-4/+6
| | | | Support TLS 1.1 servers
* Add support for TLS v1.1's per-record random IV. Tested against GnuTLS server.lloyd2010-03-301-1/+5
|
* Remove use of old PKCS8_ and X509_ typedefslloyd2010-02-161-1/+1
|
* Rename Policy to TLS_Policy.lloyd2010-02-161-2/+2
| | | | Put TLS_ in all the header guards to reduce the odds of conflicts.
* Various minor SSL fixeslloyd2010-02-141-2/+0
|
* Import latest version of Ajisai into src/ssl; once this hits mainlinelloyd2010-01-111-0/+267
I'll officially kill off Ajisai (instead of it just lingering as a zombine as it is currently). Apparently I broke something (or multiple things) during the import process; servers crash and clients gets MAC errors on connect.