#
e1c98cea |
|
22-May-2016 |
Mark Hellegers <mark@firedisk.net> |
Add support for TLS SNI Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
|
#
c9dd7d0d |
|
27-Apr-2016 |
Rene Gollent <rene@gollent.com> |
libbnetapi: Extend socket classes. B{Abstract,Datagram,Secure}Socket: - Add functionality to listen for and accept new connections, thus allowing one to use the socket classes for server functionality as well. BSecureSocket: - Adjust to take into account differences between how SSL needs to be called when accepting an incoming connection vs initiating an outbound one. The handshake on the accepted connection stills fails for unknown reasons at the moment though. Note that these changes break the ABI, and thus any packages making use of them directly will need a rebuild.
|
#
c6149613 |
|
10-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Implement CONNECT pass-through for HTTPS proxy * When using a proxy, HTTPS connexion must still go directly to the target website. The proxy can then act as a TCP stream relay and just transmit the raw SSL stream between the client and website. * For this, we ask the proxy sending an HTTP request with the CONNECT method. If the proxy supports this, we can then send anything as the payload and it will be forwarded. * Untested, as the network here in Dusseldorf doesn't let me use a proxy. ticket : #10973
|
#
c86ad7f9 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
d10ecc2c |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Style fix: add parameter name * As pointed out by Axel.
|
#
c99d7ea4 |
|
21-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Fix double-free crash in BSecureSocket when cert. verification fails * BSecureSocket::CertificateVerificationFailed() took a BCertificate instance by value as parameter. BCertificate deletes internal data in its destructor. Passing an object by value creates a copy, so the copy attempted to delete the internal data again during its destruction. This caused mail_daemon to crash here when it came across a failed certificate. * Fix: pass BCertificate object as reference.
|
#
5ebdc799 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|
#
0e478f5a |
|
21-Nov-2011 |
Axel Dörfler <axeld@pinc-software.de> |
Added experimental version of a Socket API with SSL support. * Each class has a Socket() method to retrieve the underlaying file descriptor to be able to do the more advanced stuff, if necessary. * A server socket is yet missing, but the rest is pretty much covered.
|
#
c86ad7f93b8836113d6e40aa7972614ddbaf7e16 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
d10ecc2c41869f11dc7e5fa25f78fdeab02a7505 |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Style fix: add parameter name * As pointed out by Axel.
|
#
c99d7ea45c5e853a49308dbaa3d1e36681350768 |
|
21-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Fix double-free crash in BSecureSocket when cert. verification fails * BSecureSocket::CertificateVerificationFailed() took a BCertificate instance by value as parameter. BCertificate deletes internal data in its destructor. Passing an object by value creates a copy, so the copy attempted to delete the internal data again during its destruction. This caused mail_daemon to crash here when it came across a failed certificate. * Fix: pass BCertificate object as reference.
|
#
5ebdc79955caf4781dfffd14b57849ce40df2117 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|
#
0e478f5aec9c927e74e335c03cde8a7f623ddc0b |
|
21-Nov-2011 |
Axel Dörfler <axeld@pinc-software.de> |
Added experimental version of a Socket API with SSL support. * Each class has a Socket() method to retrieve the underlaying file descriptor to be able to do the more advanced stuff, if necessary. * A server socket is yet missing, but the rest is pretty much covered.
|