• Guillaume Roguez's avatar
    security: use anon+certificate authentification · 65e35da8
    Guillaume Roguez authored
    The TLS handshaking using certificate authentification leaks
    them: they are exchanged before cryptographic parameters,
    so the are in plaintext. This is an issue in TLS protocol itself.
    
    So this patch implements a new method to make a crypted channel
    first, then uses it to exchange certificates and permit trusted
    authentification based on certificates.
    
    This implementation is backware compatible.
    This is implies that old daemon can continue to work with patched one,
    but in such case certificates are leaked!
    
    Change-Id: Id5906df37b29bb938abdcdf25b875052527437e8
    Tuleap: #494
    65e35da8
tls_session.h 7 KB