Fedor Brunner
2fd0cbe1d3
Disable TLS tickets (RFC 5077) in OpenSSL Context for XTLS.
...
More on the effect of TLS tickets:
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
Fixes #7638
2014-01-29 14:12:10 +01:00
Fedor Brunner
3b629a52d2
"4096-bit MODP Group" from RFC3526, Section 5.
...
The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
RFC3526 specifies a generator of 2.
The generation of the group is described in RFC 2412.
Fixes : #7644
2014-02-17 14:54:20 +01:00
Fedor Brunner
ec2156ec42
Update entropy gathering for interface changes of pyOpenSSL.
...
Fixes : #7642
2014-02-17 13:51:45 +01:00
Yann Leboulanger
d337aeed4e
py2 -> py3
2013-12-30 21:19:15 +01:00
Yann Leboulanger
54c3f9acaa
py2 -> py3
2013-12-30 20:56:09 +01:00
Fedor Brunner
4a360397fe
cipher specification cleanup
...
https://trac.gajim.org/ticket/7599
2013-12-23 23:26:54 +01:00
Yann Leboulanger
df11617ddb
both sender and receiver request remote SSL certificate, but only if it's a new one.
...
Correctly verify remote SSL certificate.
2013-12-04 18:43:28 +01:00
Yann Leboulanger
928b7b67ba
fix warning message
2013-11-14 21:34:15 +01:00
Yann Leboulanger
d4c2fd4da8
[fedor] enable forward secrecy thanks to Diffie-Hellman parameters. Fixes #7555
2013-11-12 21:10:22 +01:00
Yann Leboulanger
24440e4185
[fedor] improve Jingle XTLS security. Fixes #7544
2013-11-05 11:21:56 +01:00
Emmanuel Gil Peyrot
4d0f63cd3a
Fix Jingle XTLS certificate creation.
2013-03-05 15:58:20 +01:00
Yann Leboulanger
db06bddb81
correctly close file after it's opened
2013-01-05 10:07:35 +01:00
Yann Leboulanger
7b82ab7b5d
close files after they are opened
2013-01-05 09:54:17 +01:00
Yann Leboulanger
912f0e921d
fix imports and many py3 changements
2013-01-02 13:54:02 +01:00
Yann Leboulanger
d27591076f
fix exception handling
2013-01-01 23:18:36 +01:00
Yann Leboulanger
069bddbbcb
remove call to unicode()
2013-01-01 21:06:16 +01:00
Yann Leboulanger
77775cf0af
Gajim now uses python-nbxmpp library instead of embedding it.
2012-12-09 21:37:51 +01:00
Yann Leboulanger
133593e1ca
coding standards
2012-08-22 12:21:45 +02:00
Denis Fomin
297032e6e6
correct check pyopenssl installed
2012-04-22 21:48:36 +04:00
Yann Leboulanger
dc3b203168
use event system for jingle FT
2011-06-24 18:24:42 +02:00
Yann Leboulanger
f951df7ead
ability to accept correct content by its name, not only by it's media
2010-08-26 11:09:35 +02:00
Yann Leboulanger
286d788da0
Name of filetransfer content is now random to be able to have 2 transfer in the same session. send and handle content-add in filetranfer
2010-08-26 10:36:58 +02:00
Yann Leboulanger
b6d746115d
handle cert path more commonly
2010-08-11 08:46:53 +02:00
Zhenchao Li
08c854aefa
put local certificates in ~/.config/gajim/ , accept session once key exchange completes
2010-08-11 00:50:14 +08:00
Zhenchao Li
42f6580d1d
move cert directory to ~/.local/share/gajim/certs
2010-08-10 21:10:45 +08:00
Zhenchao Li
91a68d30be
add code to send/request certificates
2010-08-10 20:34:46 +08:00
Zhenchao Li
048d875b3b
fix bug, os.path.exist -> os.path.exists. Define certificate path
2010-08-08 22:04:50 +08:00
Zhenchao Li
e810727002
create certs path if it does not exist
2010-08-08 21:55:32 +08:00
Zhenchao Li
02c1eaf930
load multiple certificate files
2010-08-08 21:25:29 +08:00
Zhenchao Li
a3e5e42375
add code to generate self signed certificates
2010-08-06 21:57:13 +08:00
Zhenchao Li
ae97a3ed83
wrap IO operations on SSL.Connection objects in try, catch SSL exceptions caused by SSL rehandshake request and simply ignore, retrying the IO should succeed.
2010-07-29 21:40:40 +08:00
Zhenchao Li
2b603fd7e1
add some code to allow testing using some pre-existing certificates.
...
TODO: manually handle handshake states to allow non-blocking I/O
2010-07-27 21:29:12 +08:00
Zhenchao Li
e9af72e944
add jingle_xtls.py, get_context helper function
2010-07-27 13:02:44 +08:00