Martin Willi
|
a777155ffe
|
diffie-hellman: Add a bool return value to set_other_public_value()
|
2015-03-23 17:54:03 +01:00 |
Martin Willi
|
42431690e0
|
diffie-hellman: Add a bool return value to get_my_public_value()
|
2015-03-23 17:54:03 +01:00 |
Martin Willi
|
bace1d6479
|
diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
|
2015-03-23 17:54:02 +01:00 |
Martin Willi
|
666c552381
|
libtls: Add getters for TLS handshake authentication details
|
2015-03-03 14:08:00 +01:00 |
Martin Willi
|
aba5b76ce1
|
libtls: Merge trustchain auth verification details done during TLS handhsake
|
2015-03-03 14:08:00 +01:00 |
Martin Willi
|
1db6bf2f3f
|
If TLS peer authentication not required, the client does nonetheless, allow it to fail
|
2013-03-06 15:53:12 +01:00 |
Martin Willi
|
807f2facd0
|
Request a TLS client certificate even if no peer identity is given
This allows a peer to perform client authentication if it wants, but skip
it if not.
|
2013-02-28 16:46:08 +01:00 |
Martin Willi
|
2de481e32b
|
Delegate tls_t.get_{peer,server}_id to handshake layer
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
|
2013-02-28 16:46:08 +01:00 |
Tobias Brunner
|
f05b427265
|
Moved debug.[ch] to utils folder
|
2012-10-24 16:00:51 +02:00 |
Martin Willi
|
bb5eb15ccc
|
Check rng return value when generating TLS session identifiers
|
2012-07-16 14:53:37 +02:00 |
Tobias Brunner
|
126eb2af59
|
Check rng return value when generating secrets and IVs in libtls
|
2012-07-16 14:53:37 +02:00 |
Martin Willi
|
9020f7d0b9
|
Add a return value to tls_crypto_t.derive_secrets()
|
2012-07-16 14:53:33 +02:00 |
Martin Willi
|
6a5c86b7ad
|
Implemented TLS session resumption both as client and as server
|
2011-12-31 13:14:49 +01:00 |
Martin Willi
|
4caa380625
|
Separated cipherspec checking and switching, allowing us to defer the second
|
2011-12-31 13:14:49 +01:00 |
Martin Willi
|
84da59f609
|
Be less verbose about TLS extensions
|
2011-12-24 14:14:25 +01:00 |
Andreas Steffen
|
7e432eff6b
|
renamed tls_reader|writer to bio_* and moved to libstrongswan
|
2011-05-31 15:46:51 +02:00 |
Martin Willi
|
7b3c01845f
|
Read the compression type byte for EC groups, only
|
2010-09-08 10:35:29 +02:00 |
Martin Willi
|
ec7d4e70d3
|
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
|
2010-09-06 18:37:24 +02:00 |
Martin Willi
|
e6cce7ff0d
|
Prepend point format to ECDH public key
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
e4fd2bb428
|
Log the selected (EC)DH group
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
0f89143b84
|
Parse unsupported TLS Hello extensions properly
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
Martin Willi
|
f4c98ae664
|
Use ECDH group check where appropriate
|
2010-09-03 16:53:36 +02:00 |
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
141d7f7abd
|
Added server support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
Andreas Steffen
|
1972102e1e
|
fixed typo
|
2010-09-03 13:30:40 +02:00 |
Martin Willi
|
f14358a9b5
|
Added TLS server side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
06109c4717
|
Implemented "signature algorithm" hello extension
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
d29a82a9d4
|
Added generic TLS data sign/verify, hash/sig algorithm construction
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
60c4b3b545
|
Continue with a randomized premaster if decryption failed / version mismatches
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
dbb7c0306c
|
Support different hash/sig algorithms in handshake signing, including ECDSA
|
2010-09-02 13:07:25 +02:00 |
Martin Willi
|
a596006e3f
|
Send TLS alerts for errors in TLS handshake building
|
2010-08-25 18:24:27 +02:00 |
Martin Willi
|
69e8bb2e8d
|
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
|
2010-08-24 11:34:43 +02:00 |
Andreas Steffen
|
c1a929daa7
|
removed some redundant debug output
|
2010-08-24 09:02:51 +02:00 |
Martin Willi
|
bda7d9d940
|
Added generic TLS purposes
|
2010-08-24 08:45:49 +02:00 |
Martin Willi
|
c310881a11
|
Added a TLS purpose for EAP-TTLS with client authentication
|
2010-08-23 15:13:48 +02:00 |
Martin Willi
|
e6f3ef1330
|
Implemented TLS Alert handling
|
2010-08-23 15:13:37 +02:00 |
Martin Willi
|
f154e30431
|
Verify negotiated TLS version
|
2010-08-23 09:47:03 +02:00 |
Martin Willi
|
3c19b3461f
|
Introducing a dedicated debug message group for libtls
|
2010-08-23 09:47:03 +02:00 |
Martin Willi
|
0bcef5fe7a
|
Streamlined TLS debugging output
|
2010-08-23 09:45:33 +02:00 |
Martin Willi
|
96b2fbcc2c
|
Introducing simple purposes for the TLS stack, switches various options
|
2010-08-20 15:09:08 +02:00 |
Martin Willi
|
ba31fe1fd6
|
Use a seperate section for each nested struct member in INIT macro
|
2010-08-18 12:15:03 +02:00 |
Martin Willi
|
714d0bfd37
|
Only include certificates with CA flag in TLS cert request
|
2010-08-16 09:20:19 +02:00 |
Andreas Steffen
|
b51ac45c48
|
optional certificate-based peer authentication on TLS server side
|
2010-08-15 13:02:57 +02:00 |
Andreas Steffen
|
1327839da8
|
added generic TLS application data handler and specific EAP-TTLS instantiation
|
2010-08-12 23:58:54 +02:00 |
Martin Willi
|
33ddaaabec
|
Added support for different encryption schemes to private/public keys
|
2010-08-10 18:46:30 +02:00 |
Andreas Steffen
|
7ea87db00d
|
added some more TLS debug output
|
2010-08-05 09:51:05 +02:00 |
Martin Willi
|
0f82a47063
|
Moved TLS stack to its own library
|
2010-08-03 15:39:26 +02:00 |