Martin Willi
|
4caa380625
|
Separated cipherspec checking and switching, allowing us to defer the second
|
2011-12-31 13:14:49 +01:00 |
Andreas Steffen
|
7e432eff6b
|
renamed tls_reader|writer to bio_* and moved to libstrongswan
|
2011-05-31 15:46:51 +02:00 |
Martin Willi
|
2db8b58f62
|
Continue without client authentication if no matching certificate found
|
2011-04-14 20:02:12 +02:00 |
Martin Willi
|
6a8f1a578f
|
Ignore TLS certificate requests as peer if peer authentication disabled
|
2011-04-14 20:02:12 +02:00 |
Martin Willi
|
1c21f47a06
|
Send TLS Server Name Indication as peer if server identity is a FQDN
|
2011-04-14 20:02:12 +02:00 |
Martin Willi
|
31c65eb362
|
Include ec_point_format extension in ClientHello
|
2010-09-06 18:51:38 +02:00 |
Martin Willi
|
ec7d4e70d3
|
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
|
2010-09-06 18:37:24 +02:00 |
Martin Willi
|
e6cce7ff0d
|
Prepend point format to ECDH public key
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
Martin Willi
|
f4c98ae664
|
Use ECDH group check where appropriate
|
2010-09-03 16:53:36 +02:00 |
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
5fc7297e38
|
Added client support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
da3f4a9fd0
|
Added TLS client side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
06109c4717
|
Implemented "signature algorithm" hello extension
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
dbb7c0306c
|
Support different hash/sig algorithms in handshake signing, including ECDSA
|
2010-09-02 13:07:25 +02:00 |
Martin Willi
|
c811479986
|
Strictly check if the server certificate matches the TLS server identity
|
2010-08-31 18:10:23 +02:00 |
Martin Willi
|
a596006e3f
|
Send TLS alerts for errors in TLS handshake building
|
2010-08-25 18:24:27 +02:00 |
Martin Willi
|
69e8bb2e8d
|
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
|
2010-08-24 11:34:43 +02:00 |
Andreas Steffen
|
c1a929daa7
|
removed some redundant debug output
|
2010-08-24 09:02:51 +02:00 |
Martin Willi
|
e6f3ef1330
|
Implemented TLS Alert handling
|
2010-08-23 15:13:37 +02:00 |
Martin Willi
|
f154e30431
|
Verify negotiated TLS version
|
2010-08-23 09:47:03 +02:00 |
Martin Willi
|
3c19b3461f
|
Introducing a dedicated debug message group for libtls
|
2010-08-23 09:47:03 +02:00 |
Martin Willi
|
0bcef5fe7a
|
Streamlined TLS debugging output
|
2010-08-23 09:45:33 +02:00 |
Martin Willi
|
ba31fe1fd6
|
Use a seperate section for each nested struct member in INIT macro
|
2010-08-18 12:15:03 +02:00 |
Andreas Steffen
|
1327839da8
|
added generic TLS application data handler and specific EAP-TTLS instantiation
|
2010-08-12 23:58:54 +02:00 |
Martin Willi
|
33ddaaabec
|
Added support for different encryption schemes to private/public keys
|
2010-08-10 18:46:30 +02:00 |
Andreas Steffen
|
b4d30a425e
|
support server authentication only for EAP-TTLS
|
2010-08-07 11:26:04 +02:00 |
Martin Willi
|
e85bca7f22
|
Use certificate subject to get a public key of the TLS server
|
2010-08-05 13:13:45 +02:00 |
Andreas Steffen
|
7ea87db00d
|
added some more TLS debug output
|
2010-08-05 09:51:05 +02:00 |
Andreas Steffen
|
4657b3a42a
|
log selected TLS version and cipher suite
|
2010-08-05 01:21:59 +02:00 |
Martin Willi
|
0f82a47063
|
Moved TLS stack to its own library
|
2010-08-03 15:39:26 +02:00 |