Tobias Brunner
409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Andreas Steffen
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
Tobias Brunner
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
Martin Willi
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
Martin Willi
807f2facd0
Request a TLS client certificate even if no peer identity is given
...
This allows a peer to perform client authentication if it wants, but skip
it if not.
2013-02-28 16:46:08 +01:00
Martin Willi
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
Martin Willi
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
Martin Willi
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
Andreas Steffen
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
Martin Willi
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
Martin Willi
7bbf7aa97a
Send TLS close notify if application returns SUCCESS
2013-01-15 17:43:05 +01:00
Martin Willi
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
Martin Willi
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
Tobias Brunner
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
1407a0026f
Added missing break when building TLS cipher suites
2012-09-28 18:55:40 +02:00
Martin Willi
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
Martin Willi
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
Martin Willi
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
Martin Willi
02cabd0f26
Check if TLS handshake received Finished before processing application data
2012-08-09 12:10:41 +02:00
Martin Willi
2df12b4c57
Fix tls_prf bug introduced with bc474883
2012-07-17 11:33:05 +02:00
Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
ce73fc19db
Add a return value to crypter_t.set_key()
2012-07-16 14:53:38 +02:00
Martin Willi
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
Martin Willi
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
Martin Willi
bb5eb15ccc
Check rng return value when generating TLS session identifiers
2012-07-16 14:53:37 +02:00
Tobias Brunner
126eb2af59
Check rng return value when generating secrets and IVs in libtls
2012-07-16 14:53:37 +02:00
Martin Willi
f3ca96b2bf
Add a return value to prf_t.set_key()
2012-07-16 14:53:34 +02:00
Martin Willi
bc47488323
Add a return value to prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
Martin Willi
e7d98b8c99
Add a return value to tls_prf_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
97b30b93b0
Add a return value to tls_prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
Martin Willi
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
9020f7d0b9
Add a return value to tls_crypto_t.derive_secrets()
2012-07-16 14:53:33 +02:00
Martin Willi
2e96de60a8
Add a return value to signer_t.get_signature()
2012-07-16 14:53:33 +02:00
Martin Willi
cbfbba7d86
Add a return value to signer_t.allocate_signature()
2012-07-16 14:53:32 +02:00
Andreas Steffen
6245edf37e
eliminate message length field in EAP-TNC
2012-07-11 17:09:05 +02:00
Andreas Steffen
c36680962c
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
2012-07-11 17:09:04 +02:00
Andreas Steffen
dfe82160e4
some tls_eap optimizations
2012-07-11 17:09:04 +02:00
Andreas Steffen
3bd452f8f3
max_message_count = 0 disables limit
2012-07-11 17:09:04 +02:00
Andreas Steffen
da67c37d65
log invalid TLS packet length
2012-07-11 17:09:04 +02:00
Martin Willi
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
Martin Willi
2a6bcbbdee
Install libtls development headers
2012-07-11 10:51:01 +02:00
Martin Willi
ae10ee6d0b
Double check if a cached suite is available, overwrite any old suite state
2012-02-07 11:42:57 +01:00
Tobias Brunner
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00