1 2010-05-10 Sebastien Pouliot <sebastien@ximian.com>
3 * TlsClientCertificateVerify.cs: Let it compile for Moonlight -
4 where the file is compiled inside System.dll
6 2010-04-07 Gonzalo Paniagua Javier <gonzalo@novell.com>
8 * TlsServerCertificate.cs: display the error code.
10 2010-03-11 Gonzalo Paniagua Javier <gonzalo@novell.com>
12 * TlsServerCertificate.cs: chain is built and validated in
15 2010-03-01 Gonzalo Paniagua Javier <gonzalo@novell.com>
17 * TlsServerCertificate.cs:
18 added a new callback for certificate validation that gets all the
19 certificates received from the server/client. The callee should
20 build the chain and validate it.
22 2009-08-20 Sebastien Pouliot <sebastien@ximian.com>
24 * TlsServerCertificate.cs: If no usage information is available then
25 assume it's ok for SSL since we'll (later) check that the CN contains
26 a host name (that match the server) and such a certificate wouldn't
27 be much useful for anything but SSL/TLS. Fix the new stmp.gmail.com
28 certificate usage failure.
30 2007-12-15 Sebastien Pouliot <sebastien@ximian.com>
32 * TlsServerCertificate.cs: Add support for wilcard (*) when matching
33 the target host with the certificate. Fix bug #346812
35 2007-05-22 Sebastien Pouliot <sebastien@ximian.com>
37 * TlsClientCertificate.cs: If possible avoid to export the private key
38 (it could be non-exportable in a different RSA class implementation).
39 Patch from Roy Versteeg to fix #81592.
40 * TlsClientCertificateVerify.cs: Add chain support for x.509 client
41 certificates. Based on Roy Versteeg patch to fix #80557.
43 2006-12-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
45 * TlsServerCertificate.cs: typo.
47 2006-09-11 Sebastien Pouliot <sebastien@ximian.com>
49 * TlsClientFinished.cs: Use Write.Cipher instead of Cipher. Remove
50 usage of TlsStream in ProcessAsSsl3.
51 * TlsClientKeyExchange.cs: Use Negotiating.Cipher instead of Cipher.
52 Refactor to avoid code duplication between SSL3 and TLS.
53 * TlsServerCertificate.cs: Use Negotiating.Cipher instead of Cipher.
54 * TlsServerFinished.cs: Use Current.Cipher instead of Cipher. Use
55 Compare to test client and server digests equality. Remove usage of
56 TlsStream in ProcessAsSsl3.
57 * TlsServerHello.cs: Use Negotiating.Cipher instead of Cipher. Remove
58 usage of TlsStream to reduce memory allocations. Remove method
59 CompareSessionId and use the new base class Compare method instead.
61 2006-03-16 Sebastien Pouliot <sebastien@ximian.com>
63 * TlsClientHello.cs: Check to see if we already have a known session
64 (past or concurrent) with the same target host. If so the use this
65 session id to try to resume (i.e. abbreviated handshake).
66 * TlsServerFinished.cs: Don't reset the hasndshake stream here. The
67 stream must be resetted once BOTH the client and the server are done.
68 The order of message can be different if we use an abbreviated
69 handshake sequence which leads to an invalid handshake.
70 * TlsServerHello.cs: Add this session info to the client cache. If the
71 server sends the same session id (as we supplied) then we MUST do an
72 abbreviated handshake.
74 2005-11-23 Sebastien Pouliot <sebastien@ximian.com>
76 * TlsServerCertificate.cs: Add support for Netscape Server Gated
77 Crypto (2.16.840.1.113730.4) as a valid server-side EKU OID. Fix bug
80 2005-06-14 Sebastien Pouliot <sebastien@ximian.com>
82 * TlsClientCertificate.cs: Add support for _optional_ mutual
83 authentication. SSL3 and TLS1 deals differently with this. SSL3 tested
84 with OpenSSL, TSL1 tested with OpenSSL and LDAPS/AD.
86 2005-04-12 Sebastien Pouliot <sebastien@ximian.com>
88 * TlsClientCertificateVerify.cs: Add missing data length (16 bits -
89 not to be confused with the record 24 bits length) before the RSA
90 signature of the MD5SHA1 hash. Fix #71696.
92 2004-05-11 Carlos Guzman Alvarez <carlosga@telefonica.net>
94 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
96 - Added fix for better handling of exceptions when
97 building the X509 Certificate chain.
99 2004-04-22 Sebastien Pouliot <sebastien@ximian.com>
101 * TlsClientCertificateVerify.cs: Use Buffer.BlockCopy instead of
103 * TlsServerCertificate.cs: Changed KeyUsage to KeyUsages and CertType
106 2004-03-19 Sebastien Pouliot <sebastien@ximian.com>
108 * TlsClientKeyExchange.cs: Fixed key pair used to encrypt pre-master
109 secret for exportable ciphers - must use the public key received in
112 2004-03-10 Carlos Guzman Alvarez <carlosga@telefonica.net>
114 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
115 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificateRequest.cs:
116 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerFinished.cs:
117 * Mono.Security.Protocol.Tls.Handshake.Server/TlsClientCertificateVerify.cs:
118 * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerCertificateRequest.cs:
119 * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerFinished.cs:
121 - Fixed meesage type definition.
123 2004-03-04 Carlos Guzman Alvarez <carlosga@telefonica.net>
125 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerHelloDone.cs:
126 * Mono.Security.Protocol.Tls.Handshake.Server/TlsServerHelloDone.cs:
128 - Fixed message type.
130 2004-02-26 Sebastien Pouliot <sebastien@ximian.com>
132 * TlsServerCertificate.cs: Certificate validation has been activated.
134 2004-02-26 Carlos Guzman Alvarez <carlosga@telefonica.net>
136 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerFinished.cs:
138 - Added changes for better handling of ClientHelloRequest messages.
140 2004-02-21 Carlos Guzman Alvarez <carlosga@telefonica.net>
142 * TlsServerHello: Fix for handle SecurityProtocolType.Default.
144 2004-02-20 Sebastien Pouliot <sebastien@ximian.com>
146 * TlsServerCertificate.cs: Added code to validate the server X.509
147 certificate (identity, usage) and it's chain to a trusted root.
148 Note that the verification is commented for the time being.
150 2004-02-14 Carlos Guzmán Álvarez <carlosga@telefonica.net>
152 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
156 2003-11-17 Carlos Guzmán Álvarez <carlosga@telefonica.net>
158 * Mono.Security.Protocol.Tls/SslClientStream.cs:
160 Removed ReadByte method, use innerStream.ReadByte() method instead.
162 2003-11-13 Carlos Guzmán Álvarez <carlosga@telefonica.net>
164 * Added implementation of an SslClientStream class similar to the MS .NET Framework 1.2 documentation.
166 The next files are no more needed:
170 - TlsNetworkStream.cs
176 The next files are renamed:
178 - TlsSessionSettings.cs -> TlsClientSettings.cs
180 - TlsSessionContext.cs -> TlsContext.cs
182 The next files are new:
184 - SslClientStream.cs ( the name is non definitive yet )
186 The next files where changed to reflect the new canges:
188 - TlsHandshakeMessage.cs
190 - TlsClientCertificate.cs
192 - TlsClientCertificateVerify.cs
194 - TlsClientFinished.cs
198 - TlsClientKeyExchange.cs
200 - TlsServerCertificate.cs
202 - TlsServerCertificateRequest.cs
204 - TlsServerFinished.cs
208 - TlsServerHelloDone.cs
210 - TlsServerKeyExchange.cs
214 - TlsCloseNotifyAlert.cs
217 2003-11-12 Carlos Guzmán Álvarez <carlosga@telefonica.net>
219 * Mono.Security.Protocol.Tls.Alerts/TlsAlert.cs:
221 - Changes for give full error message only in debug mode ( Thanks to Sebastién Pouliot. )
223 * Mono.Security.Protocol.Tls/TlsProtocol.cs:
225 - Renamed to SecurityProtocolType.cs ( for match .NET 1.2 )
227 * Mono.Security.Cryptography/MD5SHA1CryptoServiceProvider.cs:
229 - Renamed to MD5SHA1.cs ( Thanks to Sebastién Pouliot. )
231 * Mono.Security.Cryptography/TlsCompressionMethod.cs:
233 - Renamed to SecurityCompressionType.
235 * Mono.Security.Protocol.Tls/CipherAlgorithmType.cs:
236 * Mono.Security.Protocol.Tls/HashAlgorithmType.cs:
237 * Mono.Security.Protocol.Tls/ExchangeAlgorithmType.cs:
239 - New enumerations that matches .NET 1.2 definitions with some minor differences.
241 * Mono.Security.Protocol.Tls/CipherSuite.cs:
242 * Mono.Security.Protocol.Tls/TlsCipherSuite.cs:
243 * Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs:
244 * Mono.Security.Protocol.Tls/TlsSessionContext.cs:
246 - Added changes for make use of new enumerations.
248 * Mono.Security.Protocol.Tls/TlsClientStream.cs:
250 - Added new informative properties that matches .NET 1.2 SslClientStream
251 ( Not all the properties are implemented yet ).
254 2003-11-10 Carlos Guzmán Álvarez <carlosga@telefonica.net>
256 * Mono.Security.Protocol.Tls.Alerts/TlsAlert.cs:
258 - Fixed invalid alert message.
260 * Mono.Security.Protocol.Tls/CipherSuite.cs:
261 * Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs:
262 * Mono.Security.Cryptography/HMAC.cs:
263 * Mono.Security.Cryptography/MD5SHA1CryptoServiceProvider.cs:
264 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
266 - Changed ( Thanks to Sebastién Pouliot for his feedback )
268 SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
269 MD5CryptoServiceProvider sha = new MD5CryptoServiceProvider();
273 HashAlgorithm sha = SHA1.Create();
274 HashAlgorithm md5 = MD5.Create();
276 2003-11-04 Carlos Guzmán Álvarez <carlosga@telefonica.net>
278 * Mono.Security.Protocol.Tls/CipherSuite.cs:
280 - Added custom padding for record encryption.
283 2003-11-03 Carlos Guzmán Álvarez <carlosga@telefonica.net>
285 * Mono.Security.Protocol.Tls.Handshake/TlsHandshakeMessages.cs:
289 * Mono.Security.Protocol.Tls/TlsSslHandshakeHash.cs:
291 - New class for handshake hashes calculation on SSL3 protocol.
293 * Mono.Security.Protocol.Tls/TlsSessionContext.cs:
295 - Fixed mac keys clearing for SSL3 protocol.
297 * Mono.Security.Protocol.Tls/TlsSslCipherSuite.cs:
298 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientFinished.cs:
300 - Added changes for make use of new TlsSslHandshakeHash class.
302 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerFinished.cs:
304 - Added initial implementation for SSL3 protocol.
306 * Mono.Security.Cryptography/MD5SHA1CryptoServiceProvider.cs:
308 - New class for md5-sha hash calculation.
310 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientFinished.cs:
311 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerFinished.cs:
312 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:
313 * Mono.Security.Protocol.Tls.Handshake.Client/TlsHandshakeMessage.cs:
315 - Make use of new MD5SHA1CryptoServiceProvider class.
317 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
319 - Added initial implementation (not finished).
321 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:
323 - Minor change to message processing.
325 - Changed verify method name to verifySignature.
327 * Mono.Security.Protocol.Tls/TlsSessionContext.cs:
329 - Changed handshakeHashes member to be an TlsStream.
331 2003-10-28 Carlos Guzmán Álvarez <carlosga@telefonica.net>
333 * Mono.Security.Protocol.Tls/CipherSuite.cs:
334 * Mono.Security.Protocol.Tls/TlsSessionSettings.cs:
335 * Mono.Security.Protocol.Tls/TlsServerSettings.cs:
336 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientCertificateVerify.cs:
337 * Mono.Security.Protocol.Tls.Handshake.Client/TlsClientKeyExchange.cs:
338 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:
339 * Mono.Security.Protocol.Tls.Handshake.Client/TlsServerKeyExchange.cs:
341 - Added changes for make use of X509 classes from mono.
343 2003-10-23 Carlos Guzmán Álvarez <carlosga@telefonica.net>
345 * Added partial implementation of SSL3 protocol ( not finished yet ).