Work in progress: Sakura master
Misc: Fix incorrect syntax in autodoc
SSL: Stricter types. Fixes multiple warnings.
Added zero as return type on methods containing 'return 0'
Updated types where documentation said 'or zero'.
SSL.Connection: Fixed some warnings.
SSL.Connection: Fix type.
SSL: Fixed multiple warnings about uninitialized variables.
Documentation [SSL]: Fix typo in previous commit.
doc: fixing some autodoc markup
SSL.Connection: Change API of handle_alert() and make it visible. handle_alert() is useful to eg simulate external alerts, so make it easier to use.
Eliminate various type warnings.
SSL.Connection: Fix a few warnings.
Add zero type to uninitialised variables.
SSL.Connection: Fixed typo in comment.
SSL.Connection: Fix warnings
SSL.Connection [DTLS]: Fixed handshake message truncation issue.
SSL.Connection: got_data() now knows about DTLS handshake packets.
SSL.Connection: Fixed some issues with DTLS defragmentation.
SSL.Connection: Added defragmentation helpers for DTLS.
SSL.Connection: Filter duplicate DTLS packets.
SSL.Connection: Added dtls flag.
SSL.Packet: Added seq_num to Packet. This is in preparation for implementing DTLS (#10032).
SSL: Do not let hostname match overwrite verification status. For a little while we allowed successful match of CN/subjectAlternativeName overwrite the overall verification status of a certificate chain, which has undesired side effects.
SSL: Do not accept MD2, MD5 and SHA1 signatures any longer Web browsers and others have distrusted SHA1 a long while ago, MD2 and MD5 are at this point simply dangerous to support. However, we now support configuration of supported signature algorithms via @[SSL.Context] in case any use case simply needs to support older signature algorithms.
SSL.File: Signal errors during handshake via close callback We relatively recently stopped claiming that a connection was peer_closed when in fact we gave up on the SSL connection with a fatal alert. This caused us to signal some errors via the write callback instead. This restores the old signalling behaviour by checking for local_fatal state in some places we only checked for peer_closed before.
SSL: Fix ticket_enabled logic a little bit In practice this ought to have little effect though, as to accept a ticket we also need to be in STATE_wait_for_ticket anyway.
SSL: Only accept wildcards for one level * in CN / SubjectAlternativeName:dNS is supposed to only match one level of the hostname, i.e. *.example.com matches foo.example.com but not www.foo.example.com.
SSL.clientConnection: Session tickets (RFC 4507 and RFC 5077). Client side support for session tickets. Implementation only verified against itself. Backported from 95ad6e4388b6576d7012110efe0edb3479a8422f by Tobias Josefowitz.
SSL.ServerConnection: Session tickets (RFC 4507 and RFC 5077). Server side support for session tickets. Note that the default ticket encoding is to use the session_id, it thus uses server side state. The ticket encoding can be changed by overriding {en,de}code_ticket() in SSL.Context. Implementation verified against OpenSSL's s_client. Backported from 372b2a05d05fa0d0e052e6634d2acf8d03629ed4 by Tobias Josefowitz.
SSL.Connection: Improved diagnostics when handshaking.
SSL.Connection: Only set peer_closed when the peer actually has closed.
SSL: Use SignatureScheme instead of array({Hash,Signature}Algorithm).
SSL: Renumbered HASH_* in preparation for using SignatureScheme.
Merge commit '722771973bd' into patches/lyslyskom22891031 * commit '722771973bd': (6177 commits) Verify that callablep responses are aligned with reality. ...
Merge commit '2470270f500c728d10b8895314d8d8b07016e37b' into grubba/typechecker-automap * commit '2470270f500c728d10b8895314d8d8b07016e37b': (18681 commits) Removed the old typechecker. ...
Merge remote-tracking branch 'origin/master' into new_utf8
Merge remote-tracking branch 'origin/8.1' into gobject-introspection
Improved debug messages.
Merge remote-tracking branch 'origin/8.1' into peter/travis
Sparse list of version support added.
Implemented supported_versions
Remove 1.3 logic, as the handshake is completely overhauled.
SSL.Connection: Partial revert of 6563e11c15b075b0f1152b796eab373a58376792 The Buffer used in SSL.Connection does not support all features of Stdio.Buffer...
Some Stdio.Buffer optimizations.
SSL.ServerConnection: Session tickets (RFC 4507 and RFC 5077). Server side support for session tickets. Note that the default ticket encoding is to use the session_id, it thus uses server side state. The ticket encoding can be changed by overriding {en,de}code_ticket() in SSL.Context. Implementation verified against OpenSSL's s_client.
Type fixes and paranoia.
Fix an issue where EC client certificate would overwrite EC KE on server side.
Paranoia against broken certificate ASN.1
SSL.Context: Deprecated variable require_trust. Setting of this variable is now equivalent to setting the auth_level to AUTHLEVEL_require.
SSL.Connection: Code clean up and improved robustness.
SSL.Connection: Perform a case-insensitive hostname check.
SSL.Connection: Unify the server_name check with cert check.
SSL.Connection: Fixed typo.
SSL.Connection: Added server_name validation against cert. cert_data->server_name_verified will be set to 1 on success, 0 on failure, and be UNDEFINED on unknown (ie server_name not set).
If AUTHLEVEL_none is used, don't perform any checks on the certificates.
Broken ASN.1 would create an exception that closes the connection. Catch it and consider the certificates invalid instead.
Always set the cert_data after verification, even if it fails, as the error codes are listed in the mapping.
SSL.Connection: Fixed issue with hash_messages(). hash_messages() ignored the len argument if used with TLS 1.0 or TLS 1.1. This caused an interop problem with extended master secret and TLS 1.0 or TLS 1.1. Note that there still seems to be more interop issues remaining with extended master secret.
SSL.Context: Added option to disable renegotiation. This is a feature required by HTTP/2 (RFC 7540 9.2.1).
Use @rfc{@} autodoc syntax.
SSL.Connection: Added shutdown().
Use this instead of this_object().
Stricter types.
Hash can work on Stdio.Buffer objects directly.
SSL.ClientConnection: Support ALPN being accepted. Fixes [LysLysKOM 21365565].
Keep track of Session activity, so they can be removed when inactive, not just old.
Simplified handshake_packet a bit.
handshake_messages now use Buffer, and gets a small bit of abstraction also.
Let the packet errors be generated by the recv caller.
Revert "Give less data to the alert_callback to avoid adding new data to buffered data." This reverts commit 8a7572836d757ccdc9b48bb29f85c681fcabbf85.
Streamlined the handling of illegal incoming packets a bit more.
Send copy of current read_buffer to the alert callback.
Put data into the read buffer without abstractions that doesn't make sense anymore. Give alert_callback the raw received data for the current call.
SSL.Connection: Improved handling of close/fail.
Treat deprecated alerts as fatal.
Streamline the KE verification a bit.
Give less data to the alert_callback to avoid adding new data to buffered data.
Don't process any more handshake packages once handshake is completed.
Changed packet parsing to use Stdio.Buffer objects. The Packet factory is still weird and needs some more thought.
Small improvements to SSL3_PROFILING. Less code in hash_messages.
SSL.Connection: Support immediate renegotiation in TLS 1.2 and earlier. In TLS 1.2 and earlier the handshake processing may be restarted to renegotiate the session parameters.
Serialize packets directly into the output buffer.
Change to_write API to return 0 on no data instead of empty string.
Small optimization. Don't serialize chiper change packages for TLS 1.3, since they are not sent.
Change alert_buffer to an Stdio.Buffer object. Improved internal documentation and types.
Check for extra packet data after calling handle_handshake. This will break the code is we are currently incorrectly ignoring any packet data.
Use Buffer objects instead of strings for handle_handshake API.
SSL.Connection: Added missing line break in debug message.
Remove trailing white spaces.
Abstract the fatal alerts a bit.
Moved common preprocesor defines to tls.h
SSL: Implemented EXTENSION_extended_master_secret.
Fixed the fix.
Fixed an alert message.
Use peer_public_key insteand of peer_certificate_chain to determine if we got any certificates.
Always check that the certifiate handshake packet is fully consumed. Don't decode certificates more than once.
Merge common certificate decoding code. No changes in behavior.
SSL.ServerConnection: Reduced code duplication somewhat. All server-side derivation of the master secret is now done by SSL.Connection::derive_master_secret().
Deprecated verify_certificates, as auth_level does the same thing. This breaks some tests that appears to be incomplete, so disable them.
SSL.Connection: Implemented TLS 1.3 draft 4 CertificateVerify.
SSL.Connection: derive_master_secret() now knows about TLS 1.3 draft 4.
SSL.Connection: hash_messages() now takes a length argument. In TLS 1.3 hash_messages() will be used to generate the various master keys, which are longer than 12 bytes.
SSL.Connection: Keep handshake_messages running. In TLS 1.3 multiple ClientHello messages may show up validly in the handshake transcript, so don't truncate the transcript.
SSL.Connection: Support multiple concurrent pending keys. In TLS 1.3 multiple keys will be in use in a short span of time. This change reduces the risk of overwriting not yet used keys due to timing issues.
SSL.Connection: ChangeCipherSpec is not sent on the wire in TLS 1.3.
SSL.Connection: Enforce handshake packet order. All currently supported handshake packets are allocated in order.
SSL.Connection: Clean up CCS handling. expect_change_cipher is now only set by change_cipher_packet(). This is in preparation for TLS 1.3 where CCS won't be on the wire.
SSL.Connection: Added derive_master_secret(). More unification of code in client and server.
SSL.Connection: handshake_packet() now accepts Stdio.Buffer. Also converts some #defines to protected constants to avoid syntax errors.
SSL: Moved certificate_verify_packet() to Connection. In TLS 1.3 this packet will be generated on the server side too.
cert is always set in all callers, and the current code would crash anyay if it wasn't. Remove check.
SSL.Connection: Received fatal alerts now invalidate the session.
Stop sending the protocol version around so much.
Less code.
Zero size fragments are not allowed for handshake, alert and changecipherspec packets.
SSL.Connection: Added lfun::_sprintf().
Alerts messages are printed out when SSL3_DEBUG is enabled. Cut down the redundancy.
SSL.Connection: Added query_write_queue_size(). This provides an easy API to see whether it is meaningful to call to_write().
SSL.Context: Added get_signature_algorithms(). Also extends the documentation for the signature_algorithms variable a bit.
sslfile -> File and sslport -> port
Simplified certificate_packet code.
SSL.Connection: Unified several state variables into one. SSL.Connection()->{closing,dying,handshake_finished} are now unified into SSL.Connection()->state with named states. It also keeps track of some of the stuff in SSL.sslfile()->close_state and SSL.sslfile()->close_packet_send_state, which are likely to be removed soon.
Improved alert debug messages.
Have list of acceptable hash-signature-pairs in context.
SSL.Connection: Added some doc for got_data(). Removed some dead code in got_data() that originated in the old blocking-mode. Also improved a few types.
SSL.Connection: Fixed documentation typo.
Documentation and debug updates.
Fixed some warnings.
0..255 -> 8bit
Rename state to State.
Renamed SSL.context to SSL.Context.
Got rid of the Alert function.
Renamed session to Session.
SSL.Connection: Improved documentation. Updates the documentation to mention {Client,Server}Connection, and adds a few crossreferences.
Divide more mode-specific code between the subclasses.
Fail predicably with a fatal decoding_error on any low level syntax errors.
SSL.Connection: Unified the handshake states. Now that there is separate code for the server and client handshake state-machines, there's no reason for them to have different STATE_* codes. Also splits and moves finished_packet() to {Client,Server}Connection.
SSL.Connection: Moved handle_handshake() to {Server,Client}Connection. Splitted the handshake handling into server and client specific code, and moved it to the respective corresponding module.
Trivially move out hello_request and client_hello.
SSL.ClientConnection: Added some support for resuming sessions.
Type fix
Allow hash_messages to be called multiple times.
SSL.Connection: Interoperability fix. The handshake messages are hashed twice, so avoid zapping them too early. The SSL module now interoperates with other implementations again. FIXME: What about renegotiation?
Allow buffer objects in handshake_packet() and hearbeat_packet().
Narrower.
Refactored send_streaming_data
More OO.
Renamed methods for consistency with Stdio.Buffer
Remove handshake messages once they have been hashed. Saves 1-2k per connection.
Add signature_algorithms as Buffer instead of string.
Mark key exchange packets as 8bit.
Replaced pop_data() with read() or direct buffer usage.
Use SSL.Buffer instead of ADT.struct
Changed a few ADT.struct to Stdio.Buffer
Use Context.random for IV generation.
SSL.Connection: Fixed race condition with alert callbacks. to_write() could get called with the pending alert before the alert callback had determined what to do about the alert. This caused the http to https redirect fallback in Roxen to fail, due to to_write() having closed the stream before the callback could steal it.
SSL.File: Propagate fatal alerts to close and write callbacks. SSL did not call the close_callback on SSL.File()s that connect outgoing and abort the handshake by sending fatal alerts to the server. Fatal alerts generated locally (ie due to broken data from peer) are now signalled on the close and write callbacks with errno set to ECONNABORTED and fatal alerts received from the peer have errno set to ECONNRESET. Thanks to Tobias S. Josefowitz <tobij@tobij.de> for the report. Tentative fix for [LysLysKOM 21005266].
Merge remote-tracking branch 'origin/8.0' into string_alloc Conflicts: src/stralloc.c
SSL: Fix lost close packets. Removed some erroneous code.
SSL: Improved support for renegotiation.
Merge handshake and connection into Connection. Then make that as a base class for ClientConnectio and ServerConnection, that assumes respective role.