1. 16 Dec, 2008 1 commit
    • Jarod Neuner's avatar
      Early TLS Handshake and Verification · 4af68bbd
      Jarod Neuner authored
      tport_type_tls.c:
      * tport_tls_accept():
        - Replaces tport_accept for incoming TLS connections.
      * tport_tls_connect():
        - Replaces tport_base_connect() for outgoing TLS connections.
      
      tport_tls.c:
      * tls_t now use a memory home instead of malloc.
      * removed tls_check_hosts()
      * tls_connect():
        - Replaces tport_base_connect for TLS connection setup.
        - Completes TLS handshake and verifies peer certificates.
        - Destroys suspect TLS connections before sending/receiving payload.
        - Populates a su_strlst_t with subjects from the peer certificate.
      
      tport.c:
      * tport_is_verified()
        - true if peer certificate validated successfully
      * tport_delivered_from_subjects()
        - Certificate subjects listed in the peer certificate.
      
      darcs-hash:20081216221937-2152f-3d6b74d411b57c22230e4840fca133da48c86368.gz
      4af68bbd
  2. 28 Nov, 2008 1 commit
  3. 27 Nov, 2008 1 commit
  4. 26 Nov, 2008 1 commit
    • Paulo Pizarro paulo DOT pizarro AT gmail DOT com's avatar
      tport: new tag TPTAG_TLS_VERIFY_PEER · 0c8aac4a
      With this tag, the verification of certificates can be controlled:
      0: no verify certificates.
      1: on server mode, the certificate returned by client is checked and
         if fail the TLS/SSL handshake is immediately terminated.
      1: on client mode, the server certificate is verified and
         if fail the TLS/SSL handshake is immediately terminated.
      
      I added this tag, because I'd like that my application not connected to a
      server with a untrusted certificate.
      
      darcs-hash:20081126184231-daa5a-26fe2a4f958d2f931d3f7e9b31bc0426e7250a1f.gz
      0c8aac4a
  5. 03 Mar, 2008 1 commit
  6. 29 Nov, 2007 1 commit
  7. 08 Oct, 2007 1 commit
  8. 25 Jul, 2007 1 commit
  9. 28 Jun, 2007 1 commit
  10. 09 May, 2007 1 commit
  11. 07 Feb, 2007 1 commit
    • Michael Jerris's avatar
      Fix gcc build with -stdÉ9 -pedantic-errors (RE-RECORDED) · f9abdf60
      Michael Jerris authored
      It is not possible to cast function pointers to (void *) in C99
      (section 6.2.2.3).
      
      C99 printf formatting expects (void *) for %p argument
      (section 7.13.6.1 p. 335).
      
      darcs-hash:20070207193814-16063-b6f3632e0911cee2ab67a1b184bbf18d3b7bd174.gz
      f9abdf60
  12. 26 Sep, 2006 1 commit
  13. 25 Sep, 2006 1 commit
  14. 21 Sep, 2006 1 commit
  15. 20 Sep, 2006 2 commits
  16. 06 Sep, 2006 1 commit
  17. 30 May, 2006 1 commit
  18. 12 May, 2006 1 commit
  19. 26 Apr, 2006 1 commit
    • Pekka Pessi's avatar
      Updated tport_connect() interface. · 3db6aaa1
      Pekka Pessi authored
      Calling tport_alloc_seconary() when client socket has been created, making
      it possible to set socket options before connecting the socket. Currently,
      this benefits SCTP and TLS.
      
      This change affects tport_internal.h, tport.c, tport_type_sctp.c,
      tport_type_tcp.c, and tport_type_tls.c.
      
      darcs-hash:20060426165300-65a35-6d262b339a4362e16a2b20777e1d580efff33194.gz
      3db6aaa1
  20. 27 Mar, 2006 2 commits
  21. 24 Mar, 2006 2 commits