aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_server.c
Commit message (Collapse)AuthorAgeFilesLines
* credential-manager: Make online revocation checks optional for public key ↵Tobias Brunner2016-03-101-1/+1
| | | | enumerator
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-141-1/+1
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-1/+6
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-1/+5
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-231-1/+1
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* libtls: Add getters for TLS handshake authentication detailsMartin Willi2015-03-031-0/+7
|
* libtls: Merge trustchain auth verification details done during TLS handhsakeMartin Willi2015-03-031-0/+1
|
* If TLS peer authentication not required, the client does nonetheless, allow ↵Martin Willi2013-03-061-4/+19
| | | | it to fail
* Request a TLS client certificate even if no peer identity is givenMartin Willi2013-02-281-5/+1
| | | | | This allows a peer to perform client authentication if it wants, but skip it if not.
* Delegate tls_t.get_{peer,server}_id to handshake layerMartin Willi2013-02-281-2/+23
| | | | | This allows to get updated peer identities if the peer can't authenticate, or does when it is optional.
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Check rng return value when generating TLS session identifiersMartin Willi2012-07-161-3/+3
|
* Check rng return value when generating secrets and IVs in libtlsTobias Brunner2012-07-161-6/+8
|
* Add a return value to tls_crypto_t.derive_secrets()Martin Willi2012-07-161-8/+17
|
* Implemented TLS session resumption both as client and as serverMartin Willi2011-12-311-39/+81
|
* Separated cipherspec checking and switching, allowing us to defer the secondMartin Willi2011-12-311-12/+19
|
* Be less verbose about TLS extensionsMartin Willi2011-12-241-1/+1
|
* renamed tls_reader|writer to bio_* and moved to libstrongswanAndreas Steffen2011-05-311-28/+28
|
* Read the compression type byte for EC groups, onlyMartin Willi2010-09-081-6/+10
|
* Renamed ecp_format to ansi_format, as point formats in TLS use different ↵Martin Willi2010-09-061-3/+3
| | | | identifiers
* Prepend point format to ECDH public keyMartin Willi2010-09-061-4/+14
|
* Log the selected (EC)DH groupMartin Willi2010-09-061-0/+2
|
* Parse unsupported TLS Hello extensions properlyMartin Willi2010-09-061-10/+6
|
* Use a dynamic curve enumerator to list/convert TLS named curvesMartin Willi2010-09-031-39/+37
|
* Use ECDH group check where appropriateMartin Willi2010-09-031-42/+25
|
* Select private key based on received cipher suitesMartin Willi2010-09-031-12/+54
|
* Support for EC curve Hello extension, EC curve fallbackMartin Willi2010-09-031-21/+109
|
* Added server support for ECDHE key exchangeMartin Willi2010-09-031-14/+60
|
* fixed typoAndreas Steffen2010-09-031-1/+1
|
* Added TLS server side support for DHE suitesMartin Willi2010-09-021-3/+116
|
* Implemented "signature algorithm" hello extensionMartin Willi2010-09-021-1/+37
|
* Added generic TLS data sign/verify, hash/sig algorithm constructionMartin Willi2010-09-021-63/+9
|
* Continue with a randomized premaster if decryption failed / version mismatchesMartin Willi2010-09-021-9/+41
|
* Support different hash/sig algorithms in handshake signing, including ECDSAMartin Willi2010-09-021-7/+64
|
* Send TLS alerts for errors in TLS handshake buildingMartin Willi2010-08-251-0/+3
|
* Pass NULL peer identity to omit TLS peer authentication, added ↵Martin Willi2010-08-241-22/+6
| | | | eap-ttls.request_peer_auth option
* removed some redundant debug outputAndreas Steffen2010-08-241-2/+0
|
* Added generic TLS purposesMartin Willi2010-08-241-0/+2
|
* Added a TLS purpose for EAP-TTLS with client authenticationMartin Willi2010-08-231-0/+1
|
* Implemented TLS Alert handlingMartin Willi2010-08-231-15/+39
|
* Verify negotiated TLS versionMartin Willi2010-08-231-3/+4
|
* Introducing a dedicated debug message group for libtlsMartin Willi2010-08-231-23/+23
|
* Streamlined TLS debugging outputMartin Willi2010-08-231-5/+6
|
* Introducing simple purposes for the TLS stack, switches various optionsMartin Willi2010-08-201-3/+9
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-181-7/+9
|
* Only include certificates with CA flag in TLS cert requestMartin Willi2010-08-161-2/+8
|
* optional certificate-based peer authentication on TLS server sideAndreas Steffen2010-08-151-7/+30
|
* added generic TLS application data handler and specific EAP-TTLS instantiationAndreas Steffen2010-08-121-0/+7
|
* Added support for different encryption schemes to private/public keysMartin Willi2010-08-101-1/+2
|
* added some more TLS debug outputAndreas Steffen2010-08-051-2/+15
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 00:24:32 +0000