Branch: Tag:

2019-12-04

2019-12-04 21:10:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ServerConnection: Session tickets (RFC 4507 and RFC 5077).

Server side support for session tickets.

Note that the default ticket encoding is to use the session_id,
it thus uses server side state. The ticket encoding can be changed
by overriding {en,de}code_ticket() in SSL.Context.

Implementation verified against OpenSSL's s_client.

Backported from 372b2a05d05fa0d0e052e6634d2acf8d03629ed4 by Tobias
Josefowitz.

2019-10-06

2019-10-06 17:46:51 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Initialize cipher_suite to SSL_invalid_suite.

This makes it easy to see whether the handshake has completed
successfully.

2019-10-06 17:45:06 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Initialize cipher_suite to SSL_invalid_suite.

This makes it easy to see whether the handshake has completed
successfully.

2019-06-07

2019-06-07 11:05:27 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Improved support for Ed25519 certificates.

2019-05-28

2019-05-28 13:38:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Missed one place.

2019-05-28 11:38:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Use SignatureScheme instead of array({Hash,Signature}Algorithm).

2019-03-19

2019-03-19 12:33:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '722771973bd' into patches/lyslyskom22891031

* commit '722771973bd': (6177 commits)
Verify that callablep responses are aligned with reality.
...

2019-03-14

2019-03-14 10:39:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '2470270f500c728d10b8895314d8d8b07016e37b' into grubba/typechecker-automap

* commit '2470270f500c728d10b8895314d8d8b07016e37b': (18681 commits)
Removed the old typechecker.
...

2018-11-04

2018-11-04 16:11:11 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/master' into new_utf8

2018-11-03

2018-11-03 14:21:37 by Marcus Comstedt <marcus@mc.pp.se>

Merge remote-tracking branch 'origin/8.1' into gobject-introspection

2017-09-22

2017-09-22 10:39:18 by Chris Angelico <rosuav@gmail.com>

Improve function signature in debug mode (eliminates warning)

2016-08-28

2016-08-28 13:45:10 by Martin Nilsson <nilsson@fastmail.com>

Use sprintf %x some more.

2016-07-13

2016-07-13 12:18:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ServerConnection: Session tickets (RFC 4507 and RFC 5077).

Server side support for session tickets.

Note that the default ticket encoding is to use the session_id,
it thus uses server side state. The ticket encoding can be changed
by overriding {en,de}code_ticket() in SSL.Context.

Implementation verified against OpenSSL's s_client.

2016-04-14

2016-04-14 22:01:00 by Martin Nilsson <nilsson@fastmail.com>

Don't use ECC whith unknown point format.

2016-04-14 21:56:05 by Martin Nilsson <nilsson@fastmail.com>

Null ciphers are still allowed, just not SSL_null_with_null_null.

2015-12-01

2015-12-01 18:16:24 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support compression on the client.

For some reason this piece of code was missing.

2015-12-01 18:16:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support compression on the client.

For some reason this piece of code was missing.

2015-11-27

2015-11-27 14:34:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: TLS 1.1 and before don't support hashes other than md5 and sha1.

Improves interoperation with some versions of OpenSSL.

2015-11-27 14:27:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: TLS 1.1 and before don't support hashes other than md5 and sha1.

Improves interoperation with some versions of OpenSSL.

2015-11-04

2015-11-04 10:47:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Fixed some warnings.

2015-11-04 10:45:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Fixed some warnings.

2015-11-03

2015-11-03 03:21:08 by Martin Nilsson <nilsson@fastmail.com>

Removed fixme. Size enforcement already implemented in Packet.pike

2015-11-02

2015-11-02 19:46:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Revert "We can just use Gz.compress and Gz.uncompress as we are not streaming."

This reverts commit e4ce863fc0554af603453bf980f321ff21584976.

Unfortunately we are streaming...

COMPRESSION_deflate now interoperates again.

2015-11-02 19:44:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Revert "We can just use Gz.compress and Gz.uncompress as we are not streaming."

This reverts commit e4ce863fc0554af603453bf980f321ff21584976.

Unfortunately we are streaming...

COMPRESSION_deflate now interoperates again.

2015-11-01

2015-11-01 17:56:56 by Martin Nilsson <nilsson@fastmail.com>

Rename HASH_sha to HASH_sha1.

2015-10-31

2015-10-31 16:03:25 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more SSL3_DEBUG_CRYPT.

2015-09-25

2015-09-25 19:37:00 by Martin Nilsson <nilsson@fastmail.com>

Fixed shift type update issues.

2015-08-22

2015-08-22 18:54:15 by Martin Nilsson <nilsson@fastmail.com>

Support linking direct to RFC anchor.

2015-08-21

2015-08-21 23:56:32 by Martin Nilsson <nilsson@fastmail.com>

Use @rfc{@} autodoc syntax.

2015-04-22

2015-04-22 15:04:58 by Martin Nilsson <nilsson@opera.com>

Keep track of Session activity, so they can be removed when inactive, not just old.

2015-04-09

2015-04-09 16:42:57 by Martin Nilsson <nilsson@opera.com>

ECDHE PSK doesn't require certificates.

2015-04-05

2015-04-05 03:13:52 by Martin Nilsson <nilsson@opera.com>

The identity needs to be null when not set to work with the session cache properly. This wasn't a problem in practice.

2015-04-04

2015-04-04 13:56:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Updated some documentation.

2015-03-10

2015-03-10 17:53:04 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Improved diagnostics.

2015-02-27

2015-02-27 14:29:22 by Martin Nilsson <nilsson@opera.com>

Remove trailing white spaces.

2015-02-26

2015-02-26 16:00:08 by Martin Nilsson <nilsson@opera.com>

Move certificate selection to a different function.

2015-02-25

2015-02-25 00:53:49 by Martin Nilsson <nilsson@opera.com>

Moved common preprocesor defines to tls.h

2015-02-23

2015-02-23 17:30:31 by Martin Nilsson <nilsson@opera.com>

Use the full ECC mask for the post filtering of certificate chains.

2015-02-23 16:50:52 by Martin Nilsson <nilsson@opera.com>

Null ciphers are still allowed in TLS 1.1, it's just null_with_null_null that is forbidden.

2015-02-23 13:54:12 by Martin Nilsson <nilsson@opera.com>

Fix so that it is possible to connect with PSK and DHE PSK to a server with certificates.

2015-02-23 13:04:49 by Martin Nilsson <nilsson@opera.com>

Remove all ECC from KE mask when no common curves were found.

2015-02-23 12:41:19 by Martin Nilsson <nilsson@opera.com>

We already filter out ECC suites in Session, so no need to do that in ServerConnection as well. Moved point format check.

2015-02-22

2015-02-22 18:37:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented EXTENSION_extended_master_secret.

2015-02-20

2015-02-20 16:28:04 by Martin Nilsson <nilsson@opera.com>

Stop after finding the first compatible cipher suite. No need to validate all of them.

2015-02-18

2015-02-18 16:57:02 by Martin Nilsson <nilsson@opera.com>

Fixed so that anonymous mode actually works.

2015-02-06

2015-02-06 13:20:17 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: reusable_as() now looks at ffdhe_groups too.

2015-01-25

2015-01-25 01:33:56 by Martin Nilsson <nilsson@opera.com>

Changed curve() into get_curve() to be consistent with the other methods, and to properly mask the get_curve() in Nettle.ECC_Curve.ECDSA.

2015-01-25 01:31:10 by Martin Nilsson <nilsson@opera.com>

Changed curve() into get_curve() to be consistent with the other methods, and to properly mask the get_curve() in Nettle.ECC_Curve.ECDSA.

2015-01-17

2015-01-17 12:49:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Filter suites unsupported in TLS 1.3.

2014-12-15

2014-12-15 21:10:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the Negotiated FF-DHE Parameters draft.

NB: This draft has been incorporated into the TLS 1.3 draft.

2014-11-29

2014-11-29 16:37:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Default to creation with empty id.

This is useful for client-side SSL, where there typically isn't
a useful sessionid at start.

2014-11-29 16:37:19 by Martin Nilsson <nilsson@opera.com>

OO more.

2014-11-29 10:21:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Default to creation with empty id.

This is useful for client-side SSL, where there typically isn't
a useful sessionid at start.

2014-11-25

2014-11-25 11:28:42 by Martin Nilsson <nilsson@opera.com>

OO more.

2014-11-21

2014-11-21 12:44:59 by Martin Nilsson <nilsson@opera.com>

Stdio.Buffer instead of ADT.struct

2014-10-15

2014-10-15 20:52:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Survive the client asking for ECC without curves.

2014-10-15 20:35:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Survive the client asking for ECC without curves.

2014-09-30

2014-09-30 16:20:55 by Martin Nilsson <nilsson@opera.com>

this_program:: -> this::

2014-09-11

2014-09-11 22:04:32 by Martin Nilsson <nilsson@opera.com>

Don't allow the GNU TLS workaround to remove all certificates.

2014-09-04

2014-09-04 15:57:43 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/8.0' into string_alloc

Conflicts:
src/stralloc.c

2014-09-04 15:00:26 by Martin Nilsson <nilsson@opera.com>

Don't crash on missing certificates.

2014-08-23

2014-08-23 16:31:17 by Martin Nilsson <nilsson@opera.com>

Wrap some comments.

2014-08-14

2014-08-14 14:51:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated to the new Crypto.Sign API.

2014-08-12

2014-08-12 19:33:38 by Martin Nilsson <nilsson@opera.com>

OO a bit more.

2014-08-06

2014-08-06 15:41:19 by Martin Nilsson <nilsson@opera.com>

ke_method isn't used outside the select_cipher_suite function.

2014-08-06 15:04:55 by Martin Nilsson <nilsson@opera.com>

Move ke_factory to CipherSpec.

2014-08-06 14:48:31 by Martin Nilsson <nilsson@opera.com>

Fixed documentation and trimmed code of set_compression_method.

2014-08-06 14:24:27 by Martin Nilsson <nilsson@opera.com>

Fixed type

2014-08-05

2014-08-05 17:19:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Keep track of the protocol version.

SSL.Cipher.CipherSpec::verify() needs the version in the session
object to be up to date (or it will break with TLS 1.2 or higher).

Fixes interoperability with https://google.com/.

2014-08-05 14:24:32 by Martin Nilsson <nilsson@opera.com>

We can just use Gz.compress and Gz.uncompress as we are not streaming.

2014-08-04

2014-08-04 15:24:46 by Martin Nilsson <nilsson@opera.com>

Debug cleanup.

2014-07-31

2014-07-31 22:11:41 by Martin Nilsson <nilsson@opera.com>

We are typically only calling sign/verify once a connection, so just do the implementation selection during that call.

2014-07-29

2014-07-29 15:55:59 by Martin Nilsson <nilsson@opera.com>

Updated documentation for set_cipher_suite

2014-07-20

2014-07-20 10:28:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Fixed some warnings.

2014-07-19

2014-07-19 09:31:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Session: Improve interoperation with GnuTLS.

GnuTLS doesn't like certificates for SHA256 signing being used with
suites (in TLS 1.1 and earlier) using SHA1. We now filter such certs.

2014-07-16

2014-07-16 11:16:14 by Martin Nilsson <nilsson@opera.com>

Since Session doesn't know about Context, do the CertificatePairs lookup in the caller to avoid ugly type casts.

2014-07-15

2014-07-15 21:33:56 by Martin Nilsson <nilsson@opera.com>

Refactored certificate lookup.

2014-07-07

2014-07-07 15:20:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: Added get_signature_algorithms().

Also extends the documentation for the signature_algorithms
variable a bit.

2014-06-29

2014-06-29 14:58:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support EXTENSION_encrypt_then_mac.

This draft extension improves security for old CBC suites by
hashing the encrypted data including the padding. This works
around the various TLS padding attacks.

2014-06-09

2014-06-09 14:56:46 by Martin Nilsson <nilsson@opera.com>

RFC 6066 only allows one host DN in SNI.

2014-05-19

2014-05-19 22:31:40 by Martin Nilsson <nilsson@opera.com>

For compat: SHA1 yes, MD5 no. We should probably make a signature_algorithms in Context and use that instead of this for clients.

2014-05-19 21:38:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Revert "Allow SHA224, SHA256, SHA384 and SHA512 for RSA and ECDSA signatures."

This reverts commit 78838d2ba6a1f75a985a073479a66b6c473d54f2.

This commit violated RFC 5246 7.4.1.4.1:

If the client does not send the signature_algorithms extension, the
server MUST do the following:

- If the negotiated key exchange algorithm is one of (RSA, DHE_RSA,
DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had
sent the value {sha1,rsa}.

- If the negotiated key exchange algorithm is one of (DHE_DSS,
DH_DSS), behave as if the client had sent the value {sha1,dsa}.

- If the negotiated key exchange algorithm is one of (ECDH_ECDSA,
ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}.

2014-05-19 21:18:15 by Martin Nilsson <nilsson@opera.com>

Allow SHA224, SHA256, SHA384 and SHA512 for RSA and ECDSA signatures.

2014-05-16

2014-05-16 21:01:17 by Martin Nilsson <nilsson@opera.com>

Documentation and debug updates.

2014-05-16 12:06:08 by Martin Nilsson <nilsson@opera.com>

Tidy up curve debug messages.

2014-05-16 11:22:00 by Martin Nilsson <nilsson@opera.com>

Don't assume zlib.

2014-05-15

2014-05-15 23:20:23 by Martin Nilsson <nilsson@opera.com>

0..255 -> 8bit

2014-05-15 21:19:59 by Martin Nilsson <nilsson@opera.com>

import .

2014-05-15 19:57:24 by Martin Nilsson <nilsson@opera.com>

Renamed session to Session.