aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Consider DTLS v1.0 and v1.2 knownlloyd2012-09-091-2/+3
|
* Expect a cookie field in a DTLS client hellolloyd2012-09-091-0/+3
|
* Rename functionlloyd2012-09-092-16/+16
|
* Remove redundant Channel::m_current_versionlloyd2012-09-094-30/+30
|
* Create the IO in Channel and then pass it down to new_handshake_statelloyd2012-09-097-37/+39
| | | | as the logic is the same for both cases.
* Store the is-SSLv3 flag in the cipher state as the difference is onlylloyd2012-09-092-22/+19
| | | | relevent after we've got a cipher state enabled.
* Clean up includeslloyd2012-09-094-6/+5
|
* Also hide Channel::m_handshake_fnlloyd2012-09-093-5/+5
|
* Hide Channel::m_rng and Channel::m_session_manager, add getterslloyd2012-09-094-23/+28
|
* Small cleanuplloyd2012-09-081-1/+5
|
* Only accept a hello request if an active state currently exists.lloyd2012-09-071-4/+2
| | | | | Remove setting HELLO_REQUEST after we see the finished - we'll never see it in this state object.
* Per Google's spec the client is not supposed to include a NPNlloyd2012-09-071-0/+4
| | | | extension in renegotiations
* This should be inlinelloyd2012-09-071-1/+1
|
* Add support for key material exportlloyd2012-09-073-0/+51
|
* Remove Channel::m_peer_certs, instead retrieve directly from the state.lloyd2012-09-076-12/+45
| | | | | | | | This also very happily avoids a race in renegotiation. If you first negotiated using cert X, then renegotiated with Y, during the period between the certificate message and the finished message, Channel::peer_cert_chain would return Y instead of X. Now, it returns Y only after the finished message has been verified.
* Avoid another instance of pulling the key out of the certificatelloyd2012-09-073-9/+7
|
* Just dynamic_cast once at the start of process_handshake_msglloyd2012-09-072-21/+20
|
* Save the peer public key in the handshake state instead of pulling itlloyd2012-09-076-16/+29
| | | | out of the cert repeatedly.
* Take version from pending state for creating cipher speclloyd2012-09-071-3/+3
|
* This check is boguslloyd2012-09-071-9/+0
|
* Use TLS v1.0 in the initial record version. Given that we're includinglloyd2012-09-071-1/+1
| | | | | | extensions it probably makes more sense, and if something breaks on a TLS v1.0 record version it probably also broke on offering TLS v1.2, or including extensions.
* Inline Secure_Renegotiation_State into Channel as so much of the datelloyd2012-09-074-68/+62
| | | | is rederivable now that we hold both states in memory.
* Channel::heartbeat_support was removedlloyd2012-09-073-8/+0
|
* Pass the current active state as well as the pending state which islloyd2012-09-076-16/+22
| | | | | quite helpful in the server. May also be useful for the renegotiation extension.
* Single predecl of Handshake_State saves some noiselloyd2012-09-073-11/+13
|
* Keep two handshake states around, swap them whenlloyd2012-09-074-68/+69
| | | | Channel::activate_session is called.
* Use initializerslloyd2012-09-071-6/+2
|
* Reindentlloyd2012-09-071-10/+11
|
* Fixes for server record handling, where we don't know the versionlloyd2012-09-071-31/+43
| | | | | | | initially. Partially read the header, figure out the record version, then read the rest of it if needed. Also fix a bug, off by one in CBC decrypt.
* In Channel move some checks to after we've verified needed == 0 tolloyd2012-09-072-18/+16
| | | | | | avoid a conditional. Clean up record checking in the reader.
* Remove bogus forced 64 byte mtu.lloyd2012-09-074-9/+22
| | | | | | | Fix DTLS CCS sequence number reset. Handle (partially) explicit sequence numbers in records. Need to output the record.
* DTLS versions count backwardslloyd2012-09-061-0/+3
|
* Minimize header size dependencies in record readinglloyd2012-09-061-13/+18
|
* Reject a SSLv2 mapped DTLS client hello as serious bogosity.lloyd2012-09-061-0/+4
|
* Avoid secure_vector allocation per block on TLS CBC decryptlloyd2012-09-061-1/+3
|
* Have write_record resize the vector as it goes, thus the return valuelloyd2012-09-063-51/+41
| | | | is not needed. Doesn't actually cause reallocations as we preallocate.
* Move the hostname check last as it's the least 'important' error.lloyd2012-09-061-3/+3
| | | | Only check it if the cert is otherwise valid.
* The checks in renegotiate would prevent initiate_handshake from beinglloyd2012-09-061-1/+1
| | | | | called. Instead call it directly as we know the state is already set up.
* Inline current_protocol_version, fix fragment limit checklloyd2012-09-062-11/+13
|
* Make Channel::m_state privatelloyd2012-09-067-43/+62
|
* Pass process_handshake_msg a reference to the Handshake_Statelloyd2012-09-0611-307/+307
|
* Inline Record_Reader to Channel as welllloyd2012-09-067-194/+56
|
* Inline Record_Writer to Channellloyd2012-09-066-210/+101
|
* Add Channel::send_recordlloyd2012-09-064-8/+18
|
* Add more functions to Channel, hiding Record_Reader entirely and mostlloyd2012-09-064-47/+68
| | | | of Record_Writer.
* Make a number of members of Channel private instead of protectedlloyd2012-09-066-48/+40
|
* Record_Reader::m_macbuf no longer usedlloyd2012-09-062-5/+0
|
* Hoist m_rng to Channellloyd2012-09-066-4/+2
|
* Move record reading also to a stand alone functionlloyd2012-09-063-268/+315
|
* Move the actual creation of new TLS records to TLS::write_record whichlloyd2012-09-063-116/+142
| | | | is side effect free (besides updating CBC state).
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 07:32:04 +0000