+2010-03-11 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * TlsServerCertificate.cs: chain is built and validated in
+ System.dll now.
+
+2010-03-01 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * TlsServerCertificate.cs:
+ added a new callback for certificate validation that gets all the
+ certificates received from the server/client. The callee should
+ build the chain and validate it.
+
+2009-08-20 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsServerCertificate.cs: If no usage information is available then
+ assume it's ok for SSL since we'll (later) check that the CN contains
+ a host name (that match the server) and such a certificate wouldn't
+ be much useful for anything but SSL/TLS. Fix the new stmp.gmail.com
+ certificate usage failure.
+
+2007-12-15 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsServerCertificate.cs: Add support for wilcard (*) when matching
+ the target host with the certificate. Fix bug #346812
+
+2007-05-22 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsClientCertificate.cs: If possible avoid to export the private key
+ (it could be non-exportable in a different RSA class implementation).
+ Patch from Roy Versteeg to fix #81592.
+ * TlsClientCertificateVerify.cs: Add chain support for x.509 client
+ certificates. Based on Roy Versteeg patch to fix #80557.
+
+2006-12-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * TlsServerCertificate.cs: typo.
+
+2006-09-11 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsClientFinished.cs: Use Write.Cipher instead of Cipher. Remove
+ usage of TlsStream in ProcessAsSsl3.
+ * TlsClientKeyExchange.cs: Use Negotiating.Cipher instead of Cipher.
+ Refactor to avoid code duplication between SSL3 and TLS.
+ * TlsServerCertificate.cs: Use Negotiating.Cipher instead of Cipher.
+ * TlsServerFinished.cs: Use Current.Cipher instead of Cipher. Use
+ Compare to test client and server digests equality. Remove usage of
+ TlsStream in ProcessAsSsl3.
+ * TlsServerHello.cs: Use Negotiating.Cipher instead of Cipher. Remove
+ usage of TlsStream to reduce memory allocations. Remove method
+ CompareSessionId and use the new base class Compare method instead.
+
+2006-03-16 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsClientHello.cs: Check to see if we already have a known session
+ (past or concurrent) with the same target host. If so the use this
+ session id to try to resume (i.e. abbreviated handshake).
+ * TlsServerFinished.cs: Don't reset the hasndshake stream here. The
+ stream must be resetted once BOTH the client and the server are done.
+ The order of message can be different if we use an abbreviated
+ handshake sequence which leads to an invalid handshake.
+ * TlsServerHello.cs: Add this session info to the client cache. If the
+ server sends the same session id (as we supplied) then we MUST do an
+ abbreviated handshake.
+
+2005-11-23 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsServerCertificate.cs: Add support for Netscape Server Gated
+ Crypto (2.16.840.1.113730.4) as a valid server-side EKU OID. Fix bug
+ #76804.
+
+2005-06-14 Sebastien Pouliot <sebastien@ximian.com>
+
+ * TlsClientCertificate.cs: Add support for _optional_ mutual
+ authentication. SSL3 and TLS1 deals differently with this. SSL3 tested
+ with OpenSSL, TSL1 tested with OpenSSL and LDAPS/AD.
+
2005-04-12 Sebastien Pouliot <sebastien@ximian.com>
* TlsClientCertificateVerify.cs: Add missing data length (16 bits -
not to be confused with the record 24 bits length) before the RSA
signature of the MD5SHA1 hash. Fix #71696.
-2004-05-11 Carlos Guzman Alvarez <carlosga@telefonica.net>\r
-\r
- * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:\r
+2004-05-11 Carlos Guzman Alvarez <carlosga@telefonica.net>
+
+ * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
- Added fix for better handling of exceptions when
building the X509 Certificate chain.
certificate (identity, usage) and it's chain to a trusted root.
Note that the verification is commented for the time being.
-2004-02-14 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2004-02-14 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
- Removed test code.
-2003-11-17 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-17 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls/SslClientStream.cs:
Removed ReadByte method, use innerStream.ReadByte() method instead.
-2003-11-13 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-13 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Added implementation of an SslClientStream class similar to the MS .NET Framework 1.2 documentation.
- TlsCloseNotifyAlert.cs
-2003-11-12 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-12 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls.Alerts/TlsAlert.cs:
- - Changes for give full error message only in debug mode ( Thanks to Sebastién Pouliot. )
+ - Changes for give full error message only in debug mode ( Thanks to Sebastién Pouliot. )
* Mono.Security.Protocol.Tls/TlsProtocol.cs:
* Mono.Security.Cryptography/MD5SHA1CryptoServiceProvider.cs:
- - Renamed to MD5SHA1.cs ( Thanks to Sebastién Pouliot. )
+ - Renamed to MD5SHA1.cs ( Thanks to Sebastién Pouliot. )
* Mono.Security.Cryptography/TlsCompressionMethod.cs:
( Not all the properties are implemented yet ).
-2003-11-10 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-10 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls.Alerts/TlsAlert.cs:
* Mono.Security.Cryptography/MD5SHA1CryptoServiceProvider.cs:
* Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
- - Changed ( Thanks to Sebastién Pouliot for his feedback )
+ - Changed ( Thanks to Sebastién Pouliot for his feedback )
SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
MD5CryptoServiceProvider sha = new MD5CryptoServiceProvider();
HashAlgorithm sha = SHA1.Create();
HashAlgorithm md5 = MD5.Create();
-2003-11-04 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-04 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls/CipherSuite.cs:
- Added custom padding for record encryption.
-2003-11-03 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-11-03 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls.Handshake/TlsHandshakeMessages.cs:
- Changed handshakeHashes member to be an TlsStream.
-2003-10-28 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-10-28 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Mono.Security.Protocol.Tls/CipherSuite.cs:
* Mono.Security.Protocol.Tls/TlsSessionSettings.cs:
- Added changes for make use of X509 classes from mono.
-2003-10-23 Carlos Guzmán Álvarez <carlosga@telefonica.net>
+2003-10-23 Carlos Guzmán Álvarez <carlosga@telefonica.net>
* Added partial implementation of SSL3 protocol ( not finished yet ).