aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/info.txt
Commit message (Collapse)AuthorAgeFilesLines
* Move Certificate message to it's own file.lloyd2012-08-061-0/+1
| | | | Remove ~Extensions declaration, not used anymore.
* Rename all the message source files to msg_lloyd2012-08-031-10/+10
|
* Combine Handshake_Writer and Handshake_Reader into Handshake_IO.lloyd2012-08-031-4/+2
| | | | | | | | This is mostly just a minor code savings for TLS, but it actually seems important for DTLS because getting a handshake message can be a trigger for retransmitting previously sent handshake messages in some circumstances. Having the reading and writing all in one layer makes it a bit easier to accomplish that.
* Add a class that handles writing handshake messages instead of pushinglloyd2012-07-161-0/+2
| | | | that task to Record_Writer. Needed for DTLS work.
* Update cms, cvc, zlib, bzip2, openssl, and gnump modules for the newlloyd2012-06-071-2/+2
| | | | | | | | allocator interface. The compression filters now just use malloc/free with a memset. Add a new info.txt field <warning>, like comment but warns. Use for CMS which is pretty broken (doesn't even compile anymore), and for TLS.
* propagate from branch 'net.randombit.botan.x509-path-validation' (head ↵lloyd2012-05-251-1/+1
| | | | | | 63b5a20eab129ca13287fda33d2d02eec329708f) to branch 'net.randombit.botan' (head 8b8150f09c55184f028f2929c4e7f7cd0d46d96e)
* propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-04-251-3/+11
|\ | | | | | | | | | | a4741cd07f50a9e1b29b0dd97c6fb8697c038ade) to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
| * Various dependency/amalgamation fixeslloyd2012-04-191-0/+2
| |
| * Add support for TLS heartbeats (RFC 6520). Heartbeat initiations fromlloyd2012-04-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | the peer are automatically responded to. TLS::Channel::heartbeat can initiate a new heartbeat if the peer allows it. Heartbeat replies are passed back to the application processing function with an Alert value of HEARTBEAT_PAYLOAD (a 'fake' value, 256, which is out of range of the valid TLS alert space), along with the sent payload. The RFC requires us to have no more than one heartbeat 'in flight' at a time, ie without getting a response (or a timeout in the case of DTLS). Currently we do not prevent an application from requesting more.
| * Re-enable TLS (was disabled by trunk merge), and require the srp6 modulelloyd2012-04-051-1/+2
| | | | | | | | | | | | | | | | | | | | Initial outline of server side SRP support. Need to figure out how to transfer the v, b, B params from the server key exchange message to the client key exchange. The DH variants do this by passing a Private_Key via server_kex_key call, but wrapping SRP params in a Private_Key really doesn't feel right. Not sure what to do here. Possibly both SRP and DH should return a Key_Exchange_Material* that a client key exchange knows how to dynamic cast on.
| * propagate from branch 'net.randombit.botan' (head ↵lloyd2012-04-051-0/+2
| | | | | | | | | | | | 91305e3daaae9ea8a1786daf058d961991c68251) to branch 'net.randombit.botan.tls-state-machine' (head 474a00b316f5b21a4e56033d4d990d87d9d3eed6)
| * Remove the Ciphersuite_Code enum and move all ciphersuitelloyd2012-03-301-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | integer->info mapping to tls_suite_info.cpp which is mostly autogenerated by a Python script from the IANA parameters file. The SRP method now uses kex "SRP_SHA" which is what the RFC calls it. (And hypothetically, SRP_SHA256 might be defined at some point and we'd need to be able to distinguish them). Remove IDEA ciphersuite; we don't want to require IDEA be available due to the European patent still being valid (IIRC), but I didn't want to have to hand-edit the autogenerated switch with an #if check. Not a huge issue though as most sites don't support it anyway.
* | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-03-301-0/+6
|\| | | | | | | | | | | 63b88a65b699c95ef839bc18336bceccfbfabd2e) to branch 'net.randombit.botan.cxx11' (head 1adcc46808b403b8f6bf1669f022e65f9c30e8ea)
| * Fix depslloyd2012-03-231-0/+2
| |
| * Basic protocol message flow for session ticketslloyd2012-03-201-0/+1
| |
| * Add SecureQueue::emptylloyd2012-03-071-0/+1
| | | | | | | | | | | | Hide the handshake reader behind a function. Add pieces for DTLS hello verify request message
| * Add an abstraction for reading handshake messages (as DTLS handles itlloyd2012-03-051-0/+2
| | | | | | | | | | | | | | | | quite differently). Avoid using a queue for reading certificates. Hide the version code in the handshake state with a getter and setter.
* | Enable TLS again (bad merge)lloyd2012-02-201-2/+0
| | | | | | | | | | | | | | Fixes for examples. Remove locking from session manager in the asio example, now done by default in the lib.
* | propagate from branch 'net.randombit.botan' (head ↵lloyd2012-02-201-0/+2
| | | | | | | | | | | | c247a55e7c0bcd239fcfc672139b59ef63d7ee84) to branch 'net.randombit.botan.cxx11' (head 16d7756c6b8933d0d543ebdda9c7e8f4908a4a33)
* | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-02-201-2/+0
|/ | | | | | 0ceb9cde62a2b3614901ae85a53546d9fc641326) to branch 'net.randombit.botan.cxx11' (head 777e65950ef3706a82e5df20dcca7fcc999ca533)
* Make Alert a first class object ala Version. Move the alert codes intolloyd2012-01-261-1/+2
| | | | the Alert class for namespacing.
* s/tls_suites/tls_ciphersuite/lloyd2012-01-241-2/+2
|
* Require ECDH and ECDSA modules for TLS. This is slightly non-optimallloyd2012-01-241-0/+2
| | | | | | | in that RedHat doesn't want to ship ECC of any kind, which would prevent shipping TLS as well, but actually IIRC they'll want to physically strip out the code anyway (just #if 0 wasn't good enough), so they can just patch the whole thing out if they want.
* Make the version number a proper class, makes many things much easierlloyd2012-01-231-0/+2
| | | | for such a minor change.
* Read only support for signature_algorithms extension used in TLS 1.2lloyd2012-01-181-0/+2
|
* Change TLS feature macro, major API changes. Start documentinglloyd2012-01-161-2/+2
|
* Split hello.cpp into c_hello.cpp and s_hello.cpplloyd2012-01-041-8/+9
| | | | | | Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter.
* Add support for next protocol negotiation. Client only currently;lloyd2012-01-041-0/+1
| | | | tested with google.com:443
* Rename the session type to 'TLS_Session'. Split the manager out intolloyd2011-12-301-4/+6
| | | | its own file. Rename tls_state to tls_handshake_state.
* Add support for sending server name indicator in client hellolloyd2011-12-291-0/+2
| | | | | | | | Add support for sending and reading the SRP identifier extension. Add some helper classes for managing TLS extensions Add ciphersuite codes for SRP key exchange.
* Make tls_session_key.h an internal headerlloyd2011-12-271-1/+1
|
* Half of session serializationlloyd2011-12-271-0/+1
|
* Initial hooks for session resumptionlloyd2011-12-231-0/+1
|
* Centralize a lot of the handshaking and message parsing in TLS_Channellloyd2011-12-231-0/+2
| | | | Also delete the obsolete/never worked CMS examples
* Rename ssl module to tlslloyd2011-12-231-0/+66
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 15:40:03 +0000