409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
807f2facd0
Request a TLS client certificate even if no peer identity is given
...
This allows a peer to perform client authentication if it wants, but skip
it if not.
2013-02-28 16:46:08 +01:00
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
7bbf7aa97a
Send TLS close notify if application returns SUCCESS
2013-01-15 17:43:05 +01:00
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
1407a0026f
Added missing break when building TLS cipher suites
2012-09-28 18:55:40 +02:00
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
02cabd0f26
Check if TLS handshake received Finished before processing application data
2012-08-09 12:10:41 +02:00
2df12b4c57
Fix tls_prf bug introduced with bc474883
2012-07-17 11:33:05 +02:00
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
ce73fc19db
Add a return value to crypter_t.set_key()
2012-07-16 14:53:38 +02:00
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
bb5eb15ccc
Check rng return value when generating TLS session identifiers
2012-07-16 14:53:37 +02:00
126eb2af59
Check rng return value when generating secrets and IVs in libtls
2012-07-16 14:53:37 +02:00
f3ca96b2bf
Add a return value to prf_t.set_key()
2012-07-16 14:53:34 +02:00
bc47488323
Add a return value to prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
e7d98b8c99
Add a return value to tls_prf_t.set_key()
2012-07-16 14:53:33 +02:00
97b30b93b0
Add a return value to tls_prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
9020f7d0b9
Add a return value to tls_crypto_t.derive_secrets()
2012-07-16 14:53:33 +02:00
2e96de60a8
Add a return value to signer_t.get_signature()
2012-07-16 14:53:33 +02:00
cbfbba7d86
Add a return value to signer_t.allocate_signature()
2012-07-16 14:53:32 +02:00
6245edf37e
eliminate message length field in EAP-TNC
2012-07-11 17:09:05 +02:00
c36680962c
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
2012-07-11 17:09:04 +02:00
dfe82160e4
some tls_eap optimizations
2012-07-11 17:09:04 +02:00
3bd452f8f3
max_message_count = 0 disables limit
2012-07-11 17:09:04 +02:00
da67c37d65
log invalid TLS packet length
2012-07-11 17:09:04 +02:00
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
2a6bcbbdee
Install libtls development headers
2012-07-11 10:51:01 +02:00
ae10ee6d0b
Double check if a cached suite is available, overwrite any old suite state
2012-02-07 11:42:57 +01:00
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00
Tobias Brunner