Name Description Size
asio
credentials_manager.cpp unused 5887
credentials_manager.h Interface for a credentials manager. A type is a fairly static value that represents the general nature of the transaction occurring. Currently used values are "tls-client" and "tls-server". Context represents a hostname, email address, username, or other identifier. 14775
info.txt 909
msg_cert_req.cpp Create a new Certificate Request message 4182
msg_cert_verify.cpp Create a new Certificate Verify message for TLS 1.2 7726
msg_client_hello.cpp Version-agnostic internal client hello data container that allows parsing Client_Hello messages without prior knowledge of the contained protocol version. 41576
msg_finished.cpp Compute the verify_data for TLS 1.2 2840
msg_server_hello.cpp Version-agnostic internal server hello data container that allows parsing Server_Hello messages without prior knowledge of the contained protocol version. 33446
msg_session_ticket.cpp 4874
sessions_sql
sessions_sqlite3
tls.h 683
tls_alert.cpp 3929
tls_alert.h Type codes for TLS alerts The enumeration value matches the wire encoding 3535
tls_algos.cpp 11659
tls_algos.h Matches with wire encoding 8591
tls_callbacks.cpp unused 16124
tls_callbacks.h Encapsulates the callbacks that a TLS channel will make which are due to channel specific operations. 29880
tls_channel.h Generic interface for TLS endpoint 6519
tls_channel_impl.h Inject TLS traffic received from counterparty @return a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary) 9847
tls_ciphersuite.cpp 5424
tls_ciphersuite.h Ciphersuite Information 5282
tls_client.cpp TLS Client Constructor 4887
tls_client.h SSL/TLS Client 5049
tls_exceptn.h TLS Exception Base Class 1071
tls_extensions.cpp 34127
tls_extensions.h Base class representing a TLS extension of some kind 33896
tls_extensions_cert_status_req.cpp ocsp 7164
tls_external_psk.cpp 506
tls_external_psk.h This is an externally provided PreSharedKey along with its identity, master secret and (in case of TLS 1.3) a pre-provisioned Pseudo Random Function. 1956
tls_handshake_msg.h TLS Handshake Message Base Class 1473
tls_handshake_transitions.cpp We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition check will always fail which is what we want. 5411
tls_handshake_transitions.h Manages the expectations for incoming handshake messages in both TLS 1.2 and 1.3. This does not bear any knowledge about the actual state machine but is a mere helper to implement state transition validation. 1891
tls_magic.h Protocol Constants for SSL/TLS TODO: this should not be an enum 2238
tls_messages.h DTLS Hello Verify Request 38803
tls_policy.cpp SHA-256 is preferred because the Lucky13 countermeasure works somewhat better for SHA-256 vs SHA-384: https://github.com/randombit/botan/pull/675 20594
tls_policy.h TLS Policy Base Class Inherit and overload as desired to suit local policy concerns 30066
tls_reader.h Helper class for decoding TLS protocol messages 6613
tls_server.cpp TLS Server Constructor 4039
tls_server.h TLS Server 4432
tls_server_info.h Represents information known about a TLS server. 2625
tls_session.cpp 20588
tls_session.h @brief Helper class to embody a session handle in all protocol versions Sessions in TLS 1.2 are identified by an arbitrary and unique ID of up to 32 bytes or by a self-contained arbitrary-length ticket (RFC 5077). TLS 1.3 does not distinct between the two and handles both as tickets. Also a TLS 1.3 server can issue multiple tickets in one connection and the resumption mechanism is compatible with the PSK establishment. Concrete implementations of Session_Manager use this helper to distinguish the different states and manage sessions for TLS 1.2 and 1.3 connections. Note that all information stored in a Session_Handle might be transmitted in unprotected form. Hence, it should not contain any confidential information. 18538
tls_session_manager.cpp 10389
tls_session_manager.h Session_Manager is an interface to systems which can save session parameters for supporting session resumption. Saving sessions is done on a best-effort basis; an implementation is allowed to drop sessions due to space constraints or other issues. Implementations should strive to be thread safe. This base class provides a recursive mutex (via Session_Manager::mutex()). Derived classes may simply reuse this for their own locking. 12285
tls_session_manager_hybrid.cpp always allow tickets 3454
tls_session_manager_hybrid.h A combination of the Session_Manager_Stateless and an arbitrary stateful Session_Manager. This extends any stateful session manager to provide TLS 1.2 session ticket support. Session_Handle objects may either be a Session_Ticket or Session_ID when working with TLS 1.2 servers and depending on the peer's capability to support session tickets. For TLS 1.3 sessions it will provide one of both, depending on the preference defined in the class' constructor. For applications that implement a TLS server that allows handshakes with both TLS 1.2 and TLS 1.3 clients, this is typically a good default option. Combine it with the Session_Manager_SQLite or Session_Manager_In_Memory as needed. 3999
tls_session_manager_memory.cpp 4898
tls_session_manager_memory.h A thread-safe Session_Manager that stores TLS sessions in memory. The Session_Handle objects emitted by this manager when establishing a new session (i.e in the TLS server) will never contain a Session_Ticket but only a Session_ID. Storing received sessions (i.e. in the TLS client) under either a Session_ID or a Session_Ticket will however echo them back. In other words, this manager _will_ support ticket-based resumption in a TLS client but it won't issue tickets on a TLS server. For applications that implement a TLS client and that do not want to persist sessions to non-volatile memory, this is typically a good default option. 2432
tls_session_manager_noop.cpp 402
tls_session_manager_noop.h An implementation of Session_Manager that does not save sessions at all, preventing session resumption. For applications that do not want to support session resumption at all, this is typically a good choice. 1411
tls_session_manager_stateless.cpp 2549
tls_session_manager_stateless.h A Session_Manager that emits Session_Handle objects with a Session_Ticket. This is useful for servers that do not want to hold any state about resumable sessions. Using this implementation in a TLS client won't make sense. Returned Session_Handle objects won't contain a Session_ID. Retrieving sessions via Session_ID will never return a session. Neither will searching sessions by server information yield any result. 2422
tls_signature_scheme.cpp This is ordered in some approximate order of preference 9837
tls_signature_scheme.h Matches with wire encoding Note that this is intentionally left as a bare enum. It emulates the Botan 2 API where `Signature_Scheme` was an enum class with associated free-standing functions. Leaving it as a bare enum resembles the legacy user-facing API. 3017
tls_suite_info.cpp 17339
tls_text_policy.cpp 11069
tls_version.cpp 2517
tls_version.h TLS Protocol Version 4311
tls12
tls13
tls13_pqc