summaryrefslogtreecommitdiff
path: root/lib/session.c
Commit message (Collapse)AuthorAgeFilesLines
* gnutls_session_get_data2: fix operation without a timeout callbackNikos Mavrogiannopoulos2019-09-261-4/+17
| | | | | | | | | | | | | When TLS1.3 was introduced, gnutls_session_get_data2 was modified to assume that the callbacks set included the timeout one which was not previously necessary except for some special cases. This corrects that issue and makes sure that gnutls_session_get_data2() does not fail (but not necessarily succeed), if that timeout callback is not set. Resolves: #823 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_desc: avoid printing a NULL valuetmp-fix-descNikos Mavrogiannopoulos2019-06-291-4/+4
| | | | | | | | | | When gnutls_session_set_premaster() is used (under openconnect), it is possible that gnutls_session_get_desc will print a string like this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)" With this change we ensure that we do not print null values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_session_set_data(): Check for allocation errorTim Rühsen2019-05-281-1/+5
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Improved estimation of wait in gnutls_session_get_data2tmp-improve-session-resumptionNikos Mavrogiannopoulos2019-03-191-4/+12
| | | | | | | | | | | | | Previously we would wait an arbitrary value of 50ms for the server to send session tickets. This change makes the client wait for the estimated single trip time + 60 ms for the server to calculate the session tickets. This improves the chance to obtain tickets from internet servers during the call of gnutls_session_get_data2(). Resolves: #706 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Implemented support for raw public-key functionality (RFC7250).Tom Vrancken2018-12-151-7/+6
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Fix session description info printingNikos Mavrogiannopoulos2018-11-271-1/+1
| | | | | | | | This fixes a truncation issue in session description information printing for certain ciphersuites, and adds a limited testing of expected description strings for certain ciphersuites. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Implemented RFC7250 certificate type negotiation extensions.Tom Vrancken2018-08-201-12/+24
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Fix two typos (overriden/guarranteed)Andreas Metzler2018-08-161-2/+2
| | | | Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* resume: keep persistent session identifiersNikos Mavrogiannopoulos2018-08-071-22/+34
| | | | | | | | | | | | With the introduction of session ticket support (TLS1.2) and TLS1.3, session identifiers have no persistency on server or client side. Improve the situation by introducing persistent session identifiers on server side in a backwards compatible way. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_desc: fixed desc printing of custom groupsNikos Mavrogiannopoulos2018-06-261-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_session_get_id: document restrictionsNikos Mavrogiannopoulos2018-06-201-0/+12
| | | | | | | | | This documents the fact that a TLS session ID cannot be relied to be unique or to even have a meaningful value. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_data2: harmonize documentation with practiceNikos Mavrogiannopoulos2018-06-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS 1.3: Introduced TLS 1.3 session resumptionAnder Juaristi2018-05-261-15/+56
| | | | | | | | | | | | | | | | | This introduces session resumption under TLS 1.3. For that, it enables the psk_ke_modes extension when we enable session tickets. It enables sending session tickets in addition to PSK usernames. The detection of resumption vs pure PSK is done by comparing the indexes sent with the index received by the server. TLS 1.3 session tickets are always sent to the peer unless the GNUTLS_NO_TICKETS is specified. Resolves #290 Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Added support for out-of-band Pre-shared keys under TLS1.3Ander Juaristi2018-04-061-2/+13
| | | | | | | | | | | That adds support for pre-shared keys with and without Diffie-Hellman key exchange. That's a modified version of initial Ander's patch. Resolves #414 Resolves #125 Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>
* gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuitesNikos Mavrogiannopoulos2018-02-191-5/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: ease access to group information by keeping pointer to itNikos Mavrogiannopoulos2017-08-021-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: simplified contents by keeping pointer to ↵Nikos Mavrogiannopoulos2017-08-021-1/+1
| | | | | | | | | cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS: introduced support for RFC7919 groupsNikos Mavrogiannopoulos2017-08-011-15/+13
| | | | | | | | | | | That replaces the EC curve extension negotiation with the negotiated groups extensions, introduces handling for groups as priority strings, as well as using and checking of RFC7919 DH parameters once negotiated. Resolves: #37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_desc: improved ciphersuite descriptionNikos Mavrogiannopoulos2017-06-071-13/+34
| | | | | | | That is, separated the key exchange from the signature algorithm used by the server, and list them in different fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* corrected typoNikos Mavrogiannopoulos2016-10-211-2/+1
|
* doc: gnutls_session_set_id: added sinceNikos Mavrogiannopoulos2016-07-271-0/+2
|
* doc: mention that the session data functions will fail prior to handshake ↵Nikos Mavrogiannopoulos2016-07-221-1/+10
| | | | completion
* session resumption: lift the limitation of calling ↵Nikos Mavrogiannopoulos2016-03-311-12/+15
| | | | | | | | | | gnutls_session_get_data*() on non-resumed sessions This allows of obtaining the session data required for proper session resumption from any available session. This brings the API in par with expectations of its users. Resolves #79
* split session info functions from ui.cNikos Mavrogiannopoulos2015-12-311-0/+127
|
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-0/+240
View Lorry Controller Status