a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
bace1d6479
diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
...
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
2015-03-23 17:54:02 +01:00
18597950fa
tls-peer: Make sure to use the right trusted public key for peer
...
In case a CA certificate uses the same subject DN as the server the
previous code could end up trying to verify the server's signature with
the CA certificate's public key. By comparing the certificate with the
one sent by the peer we make sure to use the right one.
Fixes #849 .
2015-03-09 15:40:06 +01:00
666c552381
libtls: Add getters for TLS handshake authentication details
2015-03-03 14:08:00 +01:00
aba5b76ce1
libtls: Merge trustchain auth verification details done during TLS handhsake
2015-03-03 14:08:00 +01:00
b37080f8c9
tls: Include TLS version announced in Client Hello in encrypted premaster
...
While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.
2014-03-31 16:07:53 +02:00
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
126eb2af59
Check rng return value when generating secrets and IVs in libtls
2012-07-16 14:53:37 +02:00
9020f7d0b9
Add a return value to tls_crypto_t.derive_secrets()
2012-07-16 14:53:33 +02:00
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
4caa380625
Separated cipherspec checking and switching, allowing us to defer the second
2011-12-31 13:14:49 +01:00
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
2db8b58f62
Continue without client authentication if no matching certificate found
2011-04-14 20:02:12 +02:00
6a8f1a578f
Ignore TLS certificate requests as peer if peer authentication disabled
2011-04-14 20:02:12 +02:00
1c21f47a06
Send TLS Server Name Indication as peer if server identity is a FQDN
2011-04-14 20:02:12 +02:00
31c65eb362
Include ec_point_format extension in ClientHello
2010-09-06 18:51:38 +02:00
ec7d4e70d3
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
2010-09-06 18:37:24 +02:00
e6cce7ff0d
Prepend point format to ECDH public key
2010-09-06 15:37:51 +02:00
3f7bb88ba3
Use a dynamic curve enumerator to list/convert TLS named curves
2010-09-03 17:24:23 +02:00
f4c98ae664
Use ECDH group check where appropriate
2010-09-03 16:53:36 +02:00
4cdade5aae
Select private key based on received cipher suites
2010-09-03 14:54:43 +02:00
37a59a8fbf
Support for EC curve Hello extension, EC curve fallback
2010-09-03 14:54:43 +02:00
5fc7297e38
Added client support for ECDHE key exchange
2010-09-03 14:54:43 +02:00
da3f4a9fd0
Added TLS client side support for DHE suites
2010-09-02 19:33:08 +02:00
06109c4717
Implemented "signature algorithm" hello extension
2010-09-02 19:33:08 +02:00
dbb7c0306c
Support different hash/sig algorithms in handshake signing, including ECDSA
2010-09-02 13:07:25 +02:00
c811479986
Strictly check if the server certificate matches the TLS server identity
2010-08-31 18:10:23 +02:00
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
c1a929daa7
removed some redundant debug output
2010-08-24 09:02:51 +02:00
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
3c19b3461f
Introducing a dedicated debug message group for libtls
2010-08-23 09:47:03 +02:00
0bcef5fe7a
Streamlined TLS debugging output
2010-08-23 09:45:33 +02:00
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
1327839da8
added generic TLS application data handler and specific EAP-TTLS instantiation
2010-08-12 23:58:54 +02:00
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
b4d30a425e
support server authentication only for EAP-TTLS
2010-08-07 11:26:04 +02:00
e85bca7f22
Use certificate subject to get a public key of the TLS server
2010-08-05 13:13:45 +02:00
7ea87db00d
added some more TLS debug output
2010-08-05 09:51:05 +02:00
4657b3a42a
log selected TLS version and cipher suite
2010-08-05 01:21:59 +02:00
0f82a47063
Moved TLS stack to its own library
2010-08-03 15:39:26 +02:00
Martin Willi