delta/gnutls.git/lib/priority.c, branch tmp-cli-buffer-term gitlab.com: gnutls/gnutls.git gnutls_priority_init: fix err_pos on invalid strings 2018-07-19T03:55:14+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-16T12:04:01+00:00 96c9c1fc4af3cc3196f26e2a02110f0829a2ce61 When the provided string would be resolved (e.g., due to a @ priority being used), to a different string, then do not attempt to detect the right location of the error. It will not be useful to the caller. This addresses the issue of test suite failure when --with-system-priority-file and --with-default-priority-string are provided. It also enhances the test suite with these options being active. Resolves #517 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
When the provided string would be resolved (e.g., due to a @ priority
being used), to a different string, then do not attempt to
detect the right location of the error. It will not be useful to the caller.

This addresses the issue of test suite failure when --with-system-priority-file
and --with-default-priority-string are provided. It also enhances the test suite
with these options being active.

Resolves #517

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
_gnutls_resolve_priorities: avoid gnu extension for ?: construct 2018-07-14T06:27:26+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-07-14T06:27:26+00:00 c378f48f61736cc3579e4ea0422b81209dff4e94 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
priorities: ensure that SSL3.0 enablement fails early when disabled 2018-07-13T06:52:22+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-12T13:41:21+00:00 9faa012bc07aeef2147f4b4224aaee4cfe02256a That is, that a priority string with only SSL3.0 present is discarded as invalid. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
That is, that a priority string with only SSL3.0 present is discarded as
invalid.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
gnutls_priority_init2,gnutls_set_default_priority_append: introduced 2018-07-09T10:40:39+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-06-25T08:36:18+00:00 3518d288d4649a7e264c685e9a85aa84ddf361ad This allows enhancing the default priority with additional options, allowing an application to introduce stricter (or weaker) settings without requiring it to override all settings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> 
This allows enhancing the default priority with additional
options, allowing an application to introduce stricter (or weaker)
settings without requiring it to override all settings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
configure: added option --enable-tls13-support 2018-07-07T06:26:47+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-03T06:49:06+00:00 805f14d44805ec8070334e24ad87539d5f0b33dd The new option enables TLS1.3 draft-28 support unconditionally. Updated the test suite to run when TLS1.3 is enabled by default, and added a CI run with TLS1.3 enabled. Resolves #424 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
The new option enables TLS1.3 draft-28 support unconditionally.
Updated the test suite to run when TLS1.3 is enabled by default,
and added a CI run with TLS1.3 enabled.

Resolves #424

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
priorities: introduced %FORCE_ETM 2018-06-12T07:32:27+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-06-05T08:37:58+00:00 ce671a6db9e47006cff152d485091141b1569f39 This introduces a priority string option to force encrypt-then-mac during negotiation, to prevent negotiating the legacy CBC ciphersuites. Resolves #472 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> 
This introduces a priority string option to force encrypt-then-mac
during negotiation, to prevent negotiating the legacy CBC ciphersuites.

Resolves #472

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
priorities: hmac-sha256 ciphersuites were removed from defaults 2018-06-12T07:31:03+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-06-06T07:25:20+00:00 62248b6adf0c11d469b04b4bf58aa97deff5a813 These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> 
These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.

Relates #456

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
session tickets: expose {encrypt,decrypt}_ticket as internal API 2018-05-26T04:12:03+00:00 Ander Juaristi a@juaristi.eus 2018-04-12T15:58:47+00:00 b31203552840cc7f3a66a18780bb785d0d6e963c To reuse the same ticket construction in any TLS versions, expose the private functions in ext/session_ticket.c. Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
To reuse the same ticket construction in any TLS versions, expose the
private functions in ext/session_ticket.c.

Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
priority: handle RSA-PSK ciphersuites similar to SRP 2018-04-30T06:58:29+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-04-23T13:01:48+00:00 790cb112552bef3c366e55b7eaf956566231ea96 That is, when specified disable TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
That is, when specified disable TLS1.3.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
priority: document the reasons for the order of supported groups [ci skip] 2018-04-16T13:35:38+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-04-16T13:35:33+00:00 5c805f54b06e86df5ebbd06ec687111697ee4576 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>