Tobias Brunner
11a4687930
libtls: Add control flags and replace GENERIC_NULLOK purpose with one
2021-02-18 15:10:29 +01:00
Tobias Brunner
27360d3407
tls-socket: Change how EOF of the underlying socket is handled
...
With the previous code, there was an issue when replying to TLS 1.3
post-handshake messages. In this case, SUCCESS is eventually returned
from build(), however, no actual data has been received so in_done is 0.
This was interpreted as EOF, plain_eof was set to TRUE and no further data
was read from the socket afterwards.
Returning SUCCESS from build() if the exchange is initiated by
write_(), as is the case with the finished reply, never was a problem
because there the return value of 0 is not interpreted as EOF.
2021-02-12 11:45:44 +01:00
Tobias Brunner
09fbaad6bd
tls-socket: Don't fail reading if sending data failed
...
If data is processed that eventually includes a TLS close notify, build()
will fail after a close notify has been sent in turn. However, propagating
that error immediately when reading prevented ever returning the data
already processed before the close notify was received.
2021-02-12 11:45:44 +01:00
Tobias Brunner
a7f2818832
tls-socket: Allow configuring both minimum and maximum TLS versions
2021-02-12 11:45:44 +01:00
Tobias Brunner
c4576a1f57
tls: Allow setting both minimum and maximum TLS versions
...
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
2021-02-12 11:45:44 +01:00
Tobias Brunner
479c85d569
libtls: Remove unused variable in TLS socket implementation
...
Not used anymore since c43e8fdec4
("Block TLS read when sending data,
but have to wait for the handshake data first").
2020-03-06 10:30:16 +01:00
Martin Willi
4ef819a379
libtls: Catch POLLHUP/NVAL in TLS socket splicing
...
If one of the sockets gets disconnected, some systems return POLLHUP. Signal
the socket as ready to let the read/write call fail properly.
2014-11-28 15:53:50 +01:00
Martin Willi
10743ac9d6
libtls: Use poll(2) instead of select() in tls_socket
2014-11-21 12:02:07 +01:00
Martin Willi
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
Martin Willi
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
Andreas Steffen
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
Andreas Steffen
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
Tobias Brunner
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
Martin Willi
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
Martin Willi
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
Martin Willi
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
Martin Willi
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Martin Willi
3a87c89b1b
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
2011-12-31 13:14:49 +01:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Martin Willi
6b01216422
Added a getter for the tls_socket file descriptor
2011-12-24 12:42:25 +01:00
Andreas Steffen
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00