aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_channel.h
Commit message (Collapse)AuthorAgeFilesLines
* Shuffle things around. Add NIST X.509 test to build.lloyd2014-01-011-259/+0
|
* Split TLS callbacks into a data callback and an alert callback.lloyd2013-11-051-6/+15
| | | | | In practice applications treated these two cases completely differently, so there was no reason to combine them into a single callback.
* merge of 'a25b72d98eb3f88fcf577fabfcd430ef0758debc'lloyd2013-07-291-1/+10
|\ | | | | | | and 'e94f646a2b2fe793b40067b09c95a5871e52a43a'
| * Add sending std::vector to TLS::Channellloyd2013-07-011-1/+10
| |
* | Change default policy to prohibit DTLS to minimize surprise.lloyd2013-07-101-18/+21
|/ | | | | | | | | | Allow applications to send arbirary alert messages. Add a new optional parameter to Channel which specifies how large to make the IO buffers by default. Add Channel::reset_state, and reset the IO buffers and cipher specs after a fatal alert.
* Add Channel::send_warning_alert and send_fatal_alertlloyd2013-05-301-1/+11
|
* Mark Channel IO buffers for zeroinglloyd2013-04-101-2/+2
|
* Changes so DTLS handshake can send messages under different epochs, eglloyd2012-11-121-1/+5
| | | | for retransmitting a flight.
* Remove Channel::m_max_fragment. Instead derive it from the serverlloyd2012-11-071-11/+8
| | | | | | hello. This also fixes a bug where a client which sent the fragment limit would enforce it even for servers which did not support the extension.
* Remove Channel::m_connection_closed, instead deriving it from other statelloyd2012-11-071-2/+0
|
* Pass read_record a callback mapping epoch to cipher state so it canlloyd2012-11-061-6/+0
| | | | read out of order messages in DTLS.
* Add Channel::pending_state and Channel::active_state, use where possiblelloyd2012-11-061-0/+4
|
* Store cipher states in Channel instead of Handshake_State. Keep alllloyd2012-11-061-1/+18
| | | | | around by default, expiring them as they are no longer needed. Expiration logic for DTLS needs some work.
* Move Channel::is_{active,closed} to source filelloyd2012-11-011-2/+2
|
* Inline Channel::{read,write}_cipher_state, only one caller eachlloyd2012-09-141-4/+0
|
* Expose to public in TLS::Channel peer_supports_heartbeats,lloyd2012-09-131-6/+16
| | | | heartbeat_sending_allowed, and secure_renegotiation_supported.
* Store the cipher states in the handshake state object as shared_ptrs.lloyd2012-09-131-7/+12
| | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS).
* Remove Channel::m_secure_renegotiation, instead derive from current state.lloyd2012-09-121-1/+0
|
* Set m_readbuf_pos == m_readbuf.size(), resizing the vector as neededlloyd2012-09-111-1/+0
| | | | rather than preallocating the maximum possible size.
* The write buffer is cleared and rewritten by write_record, so we don'tlloyd2012-09-111-5/+5
| | | | | | need to pre-size it. Reorganize Channel members a bit
* New logic for DTLS replay detection. Abstracts the sequence handlinglloyd2012-09-101-4/+5
| | | | out a bit. Handling of initial server record is pretty nasty.
* Remove redundant Channel::m_current_versionlloyd2012-09-091-6/+0
|
* Create the IO in Channel and then pass it down to new_handshake_statelloyd2012-09-091-5/+6
| | | | as the logic is the same for both cases.
* Also hide Channel::m_handshake_fnlloyd2012-09-091-2/+2
|
* Hide Channel::m_rng and Channel::m_session_manager, add getterslloyd2012-09-091-3/+8
|
* Add support for key material exportlloyd2012-09-071-0/+11
|
* Remove Channel::m_peer_certs, instead retrieve directly from the state.lloyd2012-09-071-3/+4
| | | | | | | | This also very happily avoids a race in renegotiation. If you first negotiated using cert X, then renegotiated with Y, during the period between the certificate message and the finished message, Channel::peer_cert_chain would return Y instead of X. Now, it returns Y only after the finished message has been verified.
* Inline Secure_Renegotiation_State into Channel as so much of the datelloyd2012-09-071-30/+11
| | | | is rederivable now that we hold both states in memory.
* Channel::heartbeat_support was removedlloyd2012-09-071-2/+0
|
* Pass the current active state as well as the pending state which islloyd2012-09-071-1/+2
| | | | | quite helpful in the server. May also be useful for the renegotiation extension.
* Single predecl of Handshake_State saves some noiselloyd2012-09-071-6/+8
|
* Keep two handshake states around, swap them whenlloyd2012-09-071-8/+8
| | | | Channel::activate_session is called.
* Use initializerslloyd2012-09-071-6/+2
|
* Inline current_protocol_version, fix fragment limit checklloyd2012-09-061-1/+2
|
* Make Channel::m_state privatelloyd2012-09-061-3/+8
|
* Pass process_handshake_msg a reference to the Handshake_Statelloyd2012-09-061-5/+6
|
* Inline Record_Reader to Channel as welllloyd2012-09-061-5/+12
|
* Inline Record_Writer to Channellloyd2012-09-061-1/+11
|
* Add Channel::send_recordlloyd2012-09-061-2/+3
|
* Add more functions to Channel, hiding Record_Reader entirely and mostlloyd2012-09-061-0/+12
| | | | of Record_Writer.
* Make a number of members of Channel private instead of protectedlloyd2012-09-061-7/+12
|
* Hoist m_rng to Channellloyd2012-09-061-0/+1
|
* Have all the TLS handshake messages stored in unique_ptrs with onlylloyd2012-08-061-4/+4
| | | | const access after setting them. Fix some const issues.
* Remove Channel::read_handshake. Have the server set expected next msglloyd2012-08-051-3/+0
| | | | in new_handshake_state.
* Use unique_ptr for handshake state, avoid lots of delete+nullptr assignlloyd2012-07-291-1/+2
|
* Add a class that handles writing handshake messages instead of pushinglloyd2012-07-161-1/+1
| | | | that task to Record_Writer. Needed for DTLS work.
* Hook creating just the handshake reader vs the entire statelloyd2012-07-121-1/+1
|
* Add deleted copy constructors/assignment operators where appropriate.lloyd2012-07-101-0/+4
| | | | | Replace C++98 style private copy constructors/assignment ops with ones annotated with delete.
* Add TLS::Channel::new_handshake_state which abstracts creating thelloyd2012-07-091-0/+2
| | | | handshaking state.
* Correct Doxygen commentslloyd2012-07-061-5/+4
|