asio |
|
|
credentials_manager.cpp |
unused |
5887 |
credentials_manager.h |
Interface for a credentials manager.
A type is a fairly static value that represents the general nature
of the transaction occurring. Currently used values are "tls-client"
and "tls-server". Context represents a hostname, email address,
username, or other identifier.
|
14775 |
info.txt |
|
909 |
msg_cert_req.cpp |
Create a new Certificate Request message
|
4182 |
msg_cert_verify.cpp |
Create a new Certificate Verify message for TLS 1.2
|
7726 |
msg_client_hello.cpp |
Version-agnostic internal client hello data container that allows
parsing Client_Hello messages without prior knowledge of the contained
protocol version.
|
41576 |
msg_finished.cpp |
Compute the verify_data for TLS 1.2
|
2840 |
msg_server_hello.cpp |
Version-agnostic internal server hello data container that allows
parsing Server_Hello messages without prior knowledge of the contained
protocol version.
|
33446 |
msg_session_ticket.cpp |
|
4874 |
sessions_sql |
|
|
sessions_sqlite3 |
|
|
tls.h |
|
683 |
tls_alert.cpp |
|
3929 |
tls_alert.h |
Type codes for TLS alerts
The enumeration value matches the wire encoding
|
3535 |
tls_algos.cpp |
|
11659 |
tls_algos.h |
Matches with wire encoding
|
8591 |
tls_callbacks.cpp |
unused |
16124 |
tls_callbacks.h |
Encapsulates the callbacks that a TLS channel will make which are due to
channel specific operations.
|
29880 |
tls_channel.h |
Generic interface for TLS endpoint
|
6519 |
tls_channel_impl.h |
Inject TLS traffic received from counterparty
@return a hint as the how many more bytes we need to q the
current record (this may be 0 if on a record boundary)
|
9847 |
tls_ciphersuite.cpp |
|
5424 |
tls_ciphersuite.h |
Ciphersuite Information
|
5282 |
tls_client.cpp |
TLS Client Constructor
|
4887 |
tls_client.h |
SSL/TLS Client
|
5049 |
tls_exceptn.h |
TLS Exception Base Class
|
1071 |
tls_extensions.cpp |
|
34127 |
tls_extensions.h |
Base class representing a TLS extension of some kind
|
33896 |
tls_extensions_cert_status_req.cpp |
ocsp |
7164 |
tls_external_psk.cpp |
|
506 |
tls_external_psk.h |
This is an externally provided PreSharedKey along with its identity, master
secret and (in case of TLS 1.3) a pre-provisioned Pseudo Random Function.
|
1956 |
tls_handshake_msg.h |
TLS Handshake Message Base Class
|
1473 |
tls_handshake_transitions.cpp |
We don't know what to expect next, so force a call to
set_expected_next; if it doesn't happen, the next transition
check will always fail which is what we want.
|
5411 |
tls_handshake_transitions.h |
Manages the expectations for incoming handshake messages in both TLS 1.2 and 1.3.
This does not bear any knowledge about the actual state machine but is a mere
helper to implement state transition validation.
|
1891 |
tls_magic.h |
Protocol Constants for SSL/TLS
TODO: this should not be an enum
|
2238 |
tls_messages.h |
DTLS Hello Verify Request
|
38803 |
tls_policy.cpp |
SHA-256 is preferred because the Lucky13 countermeasure works
somewhat better for SHA-256 vs SHA-384:
https://github.com/randombit/botan/pull/675
|
20594 |
tls_policy.h |
TLS Policy Base Class
Inherit and overload as desired to suit local policy concerns
|
30066 |
tls_reader.h |
Helper class for decoding TLS protocol messages
|
6613 |
tls_server.cpp |
TLS Server Constructor
|
4039 |
tls_server.h |
TLS Server
|
4432 |
tls_server_info.h |
Represents information known about a TLS server.
|
2625 |
tls_session.cpp |
|
20588 |
tls_session.h |
@brief Helper class to embody a session handle in all protocol versions
Sessions in TLS 1.2 are identified by an arbitrary and unique ID of up to
32 bytes or by a self-contained arbitrary-length ticket (RFC 5077).
TLS 1.3 does not distinct between the two and handles both as tickets. Also
a TLS 1.3 server can issue multiple tickets in one connection and the
resumption mechanism is compatible with the PSK establishment.
Concrete implementations of Session_Manager use this helper to distinguish
the different states and manage sessions for TLS 1.2 and 1.3 connections.
Note that all information stored in a Session_Handle might be transmitted in
unprotected form. Hence, it should not contain any confidential information.
|
18538 |
tls_session_manager.cpp |
|
10389 |
tls_session_manager.h |
Session_Manager is an interface to systems which can save session parameters
for supporting session resumption.
Saving sessions is done on a best-effort basis; an implementation is
allowed to drop sessions due to space constraints or other issues.
Implementations should strive to be thread safe. This base class provides a
recursive mutex (via Session_Manager::mutex()). Derived classes may simply
reuse this for their own locking.
|
12285 |
tls_session_manager_hybrid.cpp |
always allow tickets |
3454 |
tls_session_manager_hybrid.h |
A combination of the Session_Manager_Stateless and an arbitrary stateful
Session_Manager.
This extends any stateful session manager to provide TLS 1.2 session ticket
support. Session_Handle objects may either be a Session_Ticket or Session_ID
when working with TLS 1.2 servers and depending on the peer's capability to
support session tickets.
For TLS 1.3 sessions it will provide one of both, depending on the preference
defined in the class' constructor.
For applications that implement a TLS server that allows handshakes with both
TLS 1.2 and TLS 1.3 clients, this is typically a good default option. Combine
it with the Session_Manager_SQLite or Session_Manager_In_Memory as needed.
|
3999 |
tls_session_manager_memory.cpp |
|
4898 |
tls_session_manager_memory.h |
A thread-safe Session_Manager that stores TLS sessions in memory.
The Session_Handle objects emitted by this manager when establishing a new
session (i.e in the TLS server) will never contain a Session_Ticket but only a
Session_ID. Storing received sessions (i.e. in the TLS client) under either
a Session_ID or a Session_Ticket will however echo them back.
In other words, this manager _will_ support ticket-based resumption in a
TLS client but it won't issue tickets on a TLS server.
For applications that implement a TLS client and that do not want to persist
sessions to non-volatile memory, this is typically a good default option.
|
2432 |
tls_session_manager_noop.cpp |
|
402 |
tls_session_manager_noop.h |
An implementation of Session_Manager that does not save sessions at all,
preventing session resumption.
For applications that do not want to support session resumption at all,
this is typically a good choice.
|
1411 |
tls_session_manager_stateless.cpp |
|
2549 |
tls_session_manager_stateless.h |
A Session_Manager that emits Session_Handle objects with a Session_Ticket.
This is useful for servers that do not want to hold any state about resumable
sessions. Using this implementation in a TLS client won't make sense.
Returned Session_Handle objects won't contain a Session_ID. Retrieving
sessions via Session_ID will never return a session. Neither will searching
sessions by server information yield any result.
|
2422 |
tls_signature_scheme.cpp |
This is ordered in some approximate order of preference
|
9837 |
tls_signature_scheme.h |
Matches with wire encoding
Note that this is intentionally left as a bare enum. It emulates the Botan 2
API where `Signature_Scheme` was an enum class with associated free-standing
functions. Leaving it as a bare enum resembles the legacy user-facing API.
|
3017 |
tls_suite_info.cpp |
|
17339 |
tls_text_policy.cpp |
|
11069 |
tls_version.cpp |
|
2517 |
tls_version.h |
TLS Protocol Version
|
4311 |
tls12 |
|
|
tls13 |
|
|
tls13_pqc |
|
|