Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
325 Commits 3 Branches 69 Tags
5483368640973a4e99abbf17fa3cf41c655d7a67
Commit Graph

242 Commits

Author SHA1 Message Date
Simon Rozman
6077063599 The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure. 2016-08-25 13:08:11 +02:00
Simon Rozman
2857b2edd2 First application data message is now appended piggyback to the last client handshake message 
(Hopefully resolving issue with Radiator)
 2016-08-25 13:00:47 +02:00
Simon Rozman
6760287f0d Duplicate log record of EAP-TLS handshake removed 2016-08-25 12:58:56 +02:00
Simon Rozman
7973a8d59b Handshake log events are a bit more specific now 2016-08-25 12:57:47 +02:00
Simon Rozman
f5d8f653af Texts updated 2016-08-25 10:46:35 +02:00
Simon Rozman
e1600e5aba Configuration GUIDs are not required any more 
This reverts commit 1cb6ca5adb.
 2016-08-24 18:59:59 +02:00
Simon Rozman
d2ff78a613 Credential prompt sometimes displayed in background issue fixed now 2016-08-24 18:39:15 +02:00
Simon Rozman
c6d53cd13c eap::monitor_ui class to prevent multiple launches introduced 2016-08-24 17:45:31 +02:00
Simon Rozman
6f25e4c0ad wxEAPGeneralDialog constructor parameters extended 2016-08-24 17:43:02 +02:00
Simon Rozman
edac93e115 Custom TLS identity is correctly enabled/disabled now. 2016-08-24 15:30:27 +02:00
Simon Rozman
d1c24efcf0 config_method_with_cred renamed to config_connection to describe it better 2016-08-24 11:39:37 +02:00
Simon Rozman
1cb6ca5adb Connection configuration is equipped with GUID now for multiple credential prompt disambiguation later 2016-08-24 11:34:30 +02:00
Simon Rozman
38e1443276 Logging of handshake progress introduced 2016-08-24 11:04:04 +02:00
Simon Rozman
6835f5279c Certificate (TLS) credentials support custom identity now 2016-08-24 11:03:18 +02:00
Simon Rozman
eb9c8a5f7c If configured trusted root CA certificate list is empty, that really means "Trust no one!" now 2016-08-23 23:40:07 +02:00
Simon Rozman
5332b538aa Our own TLS merged back to master and compiles conditionally 2016-08-23 22:46:00 +02:00
Simon Rozman
a9baa07227 Error type detection fixed 2016-08-23 22:41:12 +02:00
Simon Rozman
387a12ab5e Additional cases of invalid certificate caught 2016-08-23 17:41:20 +02:00
Simon Rozman
7b3251a758 Error throwing clean-up 2016-08-23 17:20:04 +02:00
Simon Rozman
ef2042253c When server certificate has no subjectAltName(2), compare host name against Common Name 2016-08-23 14:29:47 +02:00
Simon Rozman
9b997408a1 Switched to Schannel to do the TLS 2016-08-23 13:53:23 +02:00
Simon Rozman
1f1b9b1084 GUI boots with a predefined configuration on new profiles now 
(closes #10)
 2016-08-18 06:31:16 +02:00
Simon Rozman
076c6b77d7 GUI updated to show "<Your Provider>" when provider ID is blank 2016-08-18 06:30:02 +02:00
Simon Rozman
92460c571f Initial focus changed to the first non-mouse-wheel-capturing control to allow initial scrolling of the configuration dialog using mouse wheel 2016-08-17 16:42:19 +02:00
Simon Rozman
b79a2f26f6 Support for read-only lock added to GUI 2016-08-17 16:27:43 +02:00
Simon Rozman
373c83dbbe Provider identity and help-desk is configurable via GUI now 2016-08-17 15:56:11 +02:00
Simon Rozman
543dada025 Provider and method lists are arrays now, to allow random access for configuration dialog coming-up 2016-08-17 14:47:15 +02:00
Simon Rozman
ce22ec3bfa wxEAPCredentialsPanelPassBase >> wxEAPCredentialsPassPanelBase 2016-08-17 13:48:14 +02:00
Simon Rozman
df1d431bd0 - TLS revised (again) 
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
 2016-08-17 11:50:34 +02:00
Simon Rozman
16527c8124 Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now 2016-08-17 09:32:43 +02:00
Simon Rozman
69e6b775f8 Hello requests are no longer included in the handshake hashing (as per RFC) 2016-08-17 09:29:55 +02:00
Simon Rozman
c69316071f Support for encrypted change cipher spec messages added 2016-08-17 09:26:46 +02:00
Simon Rozman
a02d1e7094 Explicit checks on server certificate chain added: 
- Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed
- Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.
 2016-08-17 09:22:38 +02:00
Simon Rozman
078636eb14 make_change_chiper_spec() removed as this message can simply be created using make_message() 2016-08-17 09:09:42 +02:00
Simon Rozman
cabae26e0b Flags describing handshake messages received assembled in a boolean table of flags 2016-08-17 09:01:11 +02:00
Simon Rozman
7376693838 Additional constants 2016-08-17 08:34:25 +02:00
Simon Rozman
a5b3914a09 Comments and some minor clean-up 2016-08-16 22:27:30 +02:00
Simon Rozman
00dd1277c5 Switched to the new key import method, as the old one had issues with PROV_RSA_AES crystallographic provider 2016-08-16 16:55:18 +02:00
Simon Rozman
e9839706b6 TLS clean-up 2016-08-16 16:44:19 +02:00
Simon Rozman
f5b03bc0bf Annotation update 2016-08-16 10:39:42 +02:00
Simon Rozman
db27355e46 Some last compiler warnings resolved 2016-08-16 00:58:22 +02:00
Simon Rozman
85d7c3d4ec Support for TLS 1.2 added 2016-08-16 00:47:47 +02:00
Simon Rozman
d68fd6ce08 Support for TLS 1.1 finished 2016-08-15 22:49:45 +02:00
Simon Rozman
82e910fea4 Late pad-checking added to prevent [Canvel, B] attack 2016-08-15 22:48:08 +02:00
Simon Rozman
7fa3289e3d Incorrect parameter reference fixed 2016-08-15 22:45:54 +02:00
Simon Rozman
de802b7a28 Byte-enums redefined & code clean-up 2016-08-15 21:01:38 +02:00
Simon Rozman
67fe27f6fd Support for stream ciphers added 2016-08-15 19:04:56 +02:00
Simon Rozman
c8cfe4da42 TLS version no longer static, thou still fixed to TLS 1.0 2016-08-15 19:04:21 +02:00
Simon Rozman
3267b7f53d Missing credential storage added 2016-08-15 18:36:01 +02:00
Simon Rozman
7b3ecda484 Clean-up 2016-08-15 18:35:15 +02:00