Marten Seemann
|
2377b3a111
|
fix detection when the QUIC version is negotiated
|
2017-01-14 18:54:18 +07:00 |
|
Marten Seemann
|
099e01f410
|
implement a basic request writer
|
2017-01-14 18:54:18 +07:00 |
|
Marten Seemann
|
16da08a440
|
add client functionality to the streamsMap
|
2017-01-14 18:54:15 +07:00 |
|
Marten Seemann
|
6cb48aad71
|
send correct version number in PublicHeader
|
2017-01-14 18:52:25 +07:00 |
|
Marten Seemann
|
a0bdf79b5b
|
create an aeadChanged channel in the client crypto setup
|
2017-01-14 18:52:25 +07:00 |
|
Marten Seemann
|
9fc9522539
|
implement a HandshakeComplete method in the client crypto setup
|
2017-01-14 18:52:24 +07:00 |
|
Marten Seemann
|
f72fbc57a9
|
send connection parameters in CHLO
|
2017-01-14 18:52:24 +07:00 |
|
Marten Seemann
|
1ad3a85f5c
|
fix flaky client tests
|
2017-01-14 18:52:24 +07:00 |
|
Marten Seemann
|
05c870ff6f
|
ignore delayed version negotiation packets
|
2017-01-14 18:52:24 +07:00 |
|
Marten Seemann
|
1a830dbdb7
|
implement basic version negotiation
|
2017-01-14 18:52:24 +07:00 |
|
Marten Seemann
|
4b112c325a
|
add tests for the Client
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
dde5ce465c
|
enforce presence of version list in SHLO
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
2589a6eff9
|
reject unencrypted SHLOs
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
e19416a43b
|
use server nonce in key derivation for initial encryption, if available
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
b8e11d6e67
|
improve tests for key derivation
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
fdd0fdf90d
|
send KEXS and AEAD value in full client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
63f2faec85
|
send common certificate sets in the client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
44303fcd4b
|
don’t panic if the certificate chain contains cached entries
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
a3dcac8239
|
implement certificate decompressing using common certificate sets
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
86da7dce81
|
send leaf certificate hash (XLCT) in client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
11cb69d2ce
|
optimize reading of diversification nonces from the PublicHeader
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
4a88422d9f
|
add workaround for incorrect public flag values sent by Google servers
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
420f5abcd7
|
log when certificate or server proof verification fails
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
46678abfa6
|
error on malformed version negotiation packets
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
d37380b7a5
|
detect unsupported versions when parsing version negotiation packet
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
5b97f0550c
|
implement a function to find the highest supported version
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
1154d22218
|
parse version negotiation packets
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
7fa93c56af
|
implement a proper Close method for the Client
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
de168addd5
|
don’t panic after sending a ConnectionClose
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
2131e8fa6d
|
don’t send more than 3 CHLOs
makes sure that the server allows the client to make progress in the handshake
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
7f2e706908
|
increase CryptoParameterMaxLength
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
8161e1f4a1
|
simplify server proof verification function signature
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
6f5b2d308d
|
simplify certificate verification in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
865aed07d8
|
verify certificate chain when receiving it, return correct errors
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
41c66f9a60
|
save parsed certificate chain in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
014315d3c7
|
parse hostname from address and pass it to the client cryptoSetup
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
4b8508c017
|
verify certificate chain in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
6913f5ae75
|
add tests for certChain, simplify constructor
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
bb1af0db1e
|
move server proof verification to crypto package
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
0535491f30
|
rename crypto.Signer to crypto.CertChain
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
c8b3189caf
|
validate server config signature, for ECDSA certificates
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
3063cab7cc
|
only escalate crypto when the server config has been verified
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
58b905e636
|
validate server config signature, for RSA certificates
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
5aae3fbafe
|
save the proof in client CryptoSetup
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
a388d6bf6a
|
fix error code for invalid certificate chains
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
52ba2ce9f8
|
prevent int64 overflow when reading the expiry date of the server config
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
f9013edb77
|
check if the received server config is expired
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
0b736b2cce
|
create forwardSecureAEAD after receiving all necessary values
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
2e0eae1a1d
|
calculate required padding size in CHLOs
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
8bcad17297
|
create secureAEAD after receiving all necessary values
|
2017-01-14 18:52:16 +07:00 |
|