Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Shuffle things around. Add NIST X.509 test to build. | lloyd | 2014-01-01 | 1 | -259/+0 |
| | |||||
* | Split TLS callbacks into a data callback and an alert callback. | lloyd | 2013-11-05 | 1 | -6/+15 |
| | | | | | In practice applications treated these two cases completely differently, so there was no reason to combine them into a single callback. | ||||
* | merge of 'a25b72d98eb3f88fcf577fabfcd430ef0758debc' | lloyd | 2013-07-29 | 1 | -1/+10 |
|\ | | | | | | | and 'e94f646a2b2fe793b40067b09c95a5871e52a43a' | ||||
| * | Add sending std::vector to TLS::Channel | lloyd | 2013-07-01 | 1 | -1/+10 |
| | | |||||
* | | Change default policy to prohibit DTLS to minimize surprise. | lloyd | 2013-07-10 | 1 | -18/+21 |
|/ | | | | | | | | | | Allow applications to send arbirary alert messages. Add a new optional parameter to Channel which specifies how large to make the IO buffers by default. Add Channel::reset_state, and reset the IO buffers and cipher specs after a fatal alert. | ||||
* | Add Channel::send_warning_alert and send_fatal_alert | lloyd | 2013-05-30 | 1 | -1/+11 |
| | |||||
* | Mark Channel IO buffers for zeroing | lloyd | 2013-04-10 | 1 | -2/+2 |
| | |||||
* | Changes so DTLS handshake can send messages under different epochs, eg | lloyd | 2012-11-12 | 1 | -1/+5 |
| | | | | for retransmitting a flight. | ||||
* | Remove Channel::m_max_fragment. Instead derive it from the server | lloyd | 2012-11-07 | 1 | -11/+8 |
| | | | | | | hello. This also fixes a bug where a client which sent the fragment limit would enforce it even for servers which did not support the extension. | ||||
* | Remove Channel::m_connection_closed, instead deriving it from other state | lloyd | 2012-11-07 | 1 | -2/+0 |
| | |||||
* | Pass read_record a callback mapping epoch to cipher state so it can | lloyd | 2012-11-06 | 1 | -6/+0 |
| | | | | read out of order messages in DTLS. | ||||
* | Add Channel::pending_state and Channel::active_state, use where possible | lloyd | 2012-11-06 | 1 | -0/+4 |
| | |||||
* | Store cipher states in Channel instead of Handshake_State. Keep all | lloyd | 2012-11-06 | 1 | -1/+18 |
| | | | | | around by default, expiring them as they are no longer needed. Expiration logic for DTLS needs some work. | ||||
* | Move Channel::is_{active,closed} to source file | lloyd | 2012-11-01 | 1 | -2/+2 |
| | |||||
* | Inline Channel::{read,write}_cipher_state, only one caller each | lloyd | 2012-09-14 | 1 | -4/+0 |
| | |||||
* | Expose to public in TLS::Channel peer_supports_heartbeats, | lloyd | 2012-09-13 | 1 | -6/+16 |
| | | | | heartbeat_sending_allowed, and secure_renegotiation_supported. | ||||
* | Store the cipher states in the handshake state object as shared_ptrs. | lloyd | 2012-09-13 | 1 | -7/+12 |
| | | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS). | ||||
* | Remove Channel::m_secure_renegotiation, instead derive from current state. | lloyd | 2012-09-12 | 1 | -1/+0 |
| | |||||
* | Set m_readbuf_pos == m_readbuf.size(), resizing the vector as needed | lloyd | 2012-09-11 | 1 | -1/+0 |
| | | | | rather than preallocating the maximum possible size. | ||||
* | The write buffer is cleared and rewritten by write_record, so we don't | lloyd | 2012-09-11 | 1 | -5/+5 |
| | | | | | | need to pre-size it. Reorganize Channel members a bit | ||||
* | New logic for DTLS replay detection. Abstracts the sequence handling | lloyd | 2012-09-10 | 1 | -4/+5 |
| | | | | out a bit. Handling of initial server record is pretty nasty. | ||||
* | Remove redundant Channel::m_current_version | lloyd | 2012-09-09 | 1 | -6/+0 |
| | |||||
* | Create the IO in Channel and then pass it down to new_handshake_state | lloyd | 2012-09-09 | 1 | -5/+6 |
| | | | | as the logic is the same for both cases. | ||||
* | Also hide Channel::m_handshake_fn | lloyd | 2012-09-09 | 1 | -2/+2 |
| | |||||
* | Hide Channel::m_rng and Channel::m_session_manager, add getters | lloyd | 2012-09-09 | 1 | -3/+8 |
| | |||||
* | Add support for key material export | lloyd | 2012-09-07 | 1 | -0/+11 |
| | |||||
* | Remove Channel::m_peer_certs, instead retrieve directly from the state. | lloyd | 2012-09-07 | 1 | -3/+4 |
| | | | | | | | | This also very happily avoids a race in renegotiation. If you first negotiated using cert X, then renegotiated with Y, during the period between the certificate message and the finished message, Channel::peer_cert_chain would return Y instead of X. Now, it returns Y only after the finished message has been verified. | ||||
* | Inline Secure_Renegotiation_State into Channel as so much of the date | lloyd | 2012-09-07 | 1 | -30/+11 |
| | | | | is rederivable now that we hold both states in memory. | ||||
* | Channel::heartbeat_support was removed | lloyd | 2012-09-07 | 1 | -2/+0 |
| | |||||
* | Pass the current active state as well as the pending state which is | lloyd | 2012-09-07 | 1 | -1/+2 |
| | | | | | quite helpful in the server. May also be useful for the renegotiation extension. | ||||
* | Single predecl of Handshake_State saves some noise | lloyd | 2012-09-07 | 1 | -6/+8 |
| | |||||
* | Keep two handshake states around, swap them when | lloyd | 2012-09-07 | 1 | -8/+8 |
| | | | | Channel::activate_session is called. | ||||
* | Use initializers | lloyd | 2012-09-07 | 1 | -6/+2 |
| | |||||
* | Inline current_protocol_version, fix fragment limit check | lloyd | 2012-09-06 | 1 | -1/+2 |
| | |||||
* | Make Channel::m_state private | lloyd | 2012-09-06 | 1 | -3/+8 |
| | |||||
* | Pass process_handshake_msg a reference to the Handshake_State | lloyd | 2012-09-06 | 1 | -5/+6 |
| | |||||
* | Inline Record_Reader to Channel as well | lloyd | 2012-09-06 | 1 | -5/+12 |
| | |||||
* | Inline Record_Writer to Channel | lloyd | 2012-09-06 | 1 | -1/+11 |
| | |||||
* | Add Channel::send_record | lloyd | 2012-09-06 | 1 | -2/+3 |
| | |||||
* | Add more functions to Channel, hiding Record_Reader entirely and most | lloyd | 2012-09-06 | 1 | -0/+12 |
| | | | | of Record_Writer. | ||||
* | Make a number of members of Channel private instead of protected | lloyd | 2012-09-06 | 1 | -7/+12 |
| | |||||
* | Hoist m_rng to Channel | lloyd | 2012-09-06 | 1 | -0/+1 |
| | |||||
* | Have all the TLS handshake messages stored in unique_ptrs with only | lloyd | 2012-08-06 | 1 | -4/+4 |
| | | | | const access after setting them. Fix some const issues. | ||||
* | Remove Channel::read_handshake. Have the server set expected next msg | lloyd | 2012-08-05 | 1 | -3/+0 |
| | | | | in new_handshake_state. | ||||
* | Use unique_ptr for handshake state, avoid lots of delete+nullptr assign | lloyd | 2012-07-29 | 1 | -1/+2 |
| | |||||
* | Add a class that handles writing handshake messages instead of pushing | lloyd | 2012-07-16 | 1 | -1/+1 |
| | | | | that task to Record_Writer. Needed for DTLS work. | ||||
* | Hook creating just the handshake reader vs the entire state | lloyd | 2012-07-12 | 1 | -1/+1 |
| | |||||
* | Add deleted copy constructors/assignment operators where appropriate. | lloyd | 2012-07-10 | 1 | -0/+4 |
| | | | | | Replace C++98 style private copy constructors/assignment ops with ones annotated with delete. | ||||
* | Add TLS::Channel::new_handshake_state which abstracts creating the | lloyd | 2012-07-09 | 1 | -0/+2 |
| | | | | handshaking state. | ||||
* | Correct Doxygen comments | lloyd | 2012-07-06 | 1 | -5/+4 |
| |