Skip to content
Snippets Groups Projects
Commit 65e35da8 authored by Guillaume Roguez's avatar Guillaume Roguez
Browse files

security: use anon+certificate authentification 

The TLS handshaking using certificate authentification leaks
them: they are exchanged before cryptographic parameters,
so the are in plaintext. This is an issue in TLS protocol itself.

So this patch implements a new method to make a crypted channel
first, then uses it to exchange certificates and permit trusted
authentification based on certificates.

This implementation is backware compatible.
This is implies that old daemon can continue to work with patched one,
but in such case certificates are leaked!

Change-Id: Id5906df37b29bb938abdcdf25b875052527437e8
Tuleap: #494
parent 700ebf57
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment