| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
cipher_suite_entry_st
That, in addition to simplifying the contents, it allows faster access
to ciphersuite's properties.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
Previously we were using a rough calculation of the max recv size
based on maximum values. Now we calculate the exact maximum value once
the epoch is initialized and enforce it throughout the session.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This eliminates all the back and forth loops in the previous code
while keeping the same ciphersuite selection checks in place.
The ciphersuite selection tests that were kept:
* Check if key exchange supports the server public key and key usage flags
* Check if DH or other parameters required for the ciphersuite are present
* Find appropriate certificate for the credentials and ciphersuite
* Check whether a curve is negotiated for the ECDH ciphersuites
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
They are not required for TLS 1.3, and are deprecated for TLS 1.2.
We eliminate them in order to reduce the complexity in the record
packet handling.
Resolves #212
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This function is unused since long ago, let's drop it.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
| |
Only update compression method if all internal check succeed and next
epoch will use this it. Also while we are at at, actually check for
_gnutls_set_compression() return value.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
| |
Only update cipher_suite if all internal check succeed and next epoch
will use this ciphe suite. Also while we are at at, actually check for
_gnutls_set_cipher_suite() return value.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
| |
Instead of spreading checks all over the GnuTLS, cache used PRF after
setting the cipher suite and reference the value later. Like in
_gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
This simplifies the current code, and reduces the memory needed.
|
|
|
|
| |
This patch makes conditional several more SSL 3.0-only parts of codebase.
|
|
|
|
|
|
|
| |
This allows to completely remove SSL 3.0 support by calling configure
with the '--disable-ssl3' option.
Resolves #93
|
| |
|
|
|