botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Revert the session_ticket callback in credentials manager. If a PSK	lloyd	2012-03-23	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \|	manager is being used, it could be easily used for session tickets as well, and if it's not the generate-on-first-call technique is easy to write. Avoid offering the session ticket extension if we know we don't have a key. For one thing it will cause us to avoid using stateful sessions, but additionally OpenSSL 1.0.1 is very intolerant of empty NewSessionTicket messages so definitely worth avoiding when we can.
*	Server side handling of session tickets, though currently with a	lloyd	2012-03-22	1	-2/+8
\| \| \| \|	hard-coded key.
*	Basic protocol message flow for session tickets	lloyd	2012-03-20	1	-0/+8
\|
*	Move the handshake serialization code to Record_Writer	lloyd	2012-03-03	1	-3/+3
\|
*	Make Alert a first class object ala Version. Move the alert codes into	lloyd	2012-01-26	1	-2/+2
\| \| \| \|	the Alert class for namespacing.
*	We can now actually handle multiple certificate types in the server	lloyd	2012-01-24	1	-14/+3
\| \| \| \| \|	and will choose one depending on which ciphersuites the client offered.
*	Send the supported elliptic curves extension. Instead of hardcoding	lloyd	2012-01-24	1	-3/+4
\| \| \| \| \| \| \|	the values let policy specify them. Also choose an ECC curve for server kex from the client hello. Choice is via policy, default implementation is to choose the first curve the client supports out of the server's preference list.
*	Get the list of supported ECC curves out of the client hello, and	lloyd	2012-01-24	1	-1/+3
\| \| \| \| \|	avoid negotiating an ECDH key exchange if the client didn't send any curves that we know about.
*	Make the version number a proper class, makes many things much easier	lloyd	2012-01-23	1	-9/+12
\| \| \| \|	for such a minor change.
*	Since this branch is hugely API breaking already, go ahead and put	lloyd	2012-01-23	1	-7/+11
\| \| \| \| \|	everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
*	Many fixes for TLS 1.2 though some things in particular client auth	lloyd	2012-01-20	1	-21/+13
\| \| \| \| \| \|	remain broken. New interface for querying the TLS extensions, much cleaner.
*	Various and sundry bug fixes	lloyd	2012-01-19	1	-3/+0
\|
*	Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a	lloyd	2012-01-19	1	-1/+11
\| \| \| \| \| \| \| \|	basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
*	Remove Handshake_Message::deserialize which was an unnecessary hook.	lloyd	2012-01-19	1	-42/+42
\| \| \| \| \| \|	Instead deserialize directly in the constructors that are passed the raw message data. This makes it easier to pass contextual information needed for decoding (eg, version numbers) where necessary.
*	As someone pointed out on the TLS list, NPN isn't really a negotiation	lloyd	2012-01-04	1	-2/+2
\| \| \| \|	per-se, it's a notification by the client. Rename accordingly.
*	The first 4 bytes of the client and server randoms are supposed to be	lloyd	2012-01-04	1	-2/+2
\| \| \| \| \| \|	a timestamp. Instead we used random values for all, but hypothetically it would be useful for the timestamp to be correct in case someone decides to interpret that field. Which they hopefully won't.
*	Split hello.cpp into c_hello.cpp and s_hello.cpp	lloyd	2012-01-04	1	-0/+201
	Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter.