delta/gnutls.git/libdane/includes, branch tmp-remove-debugging-code gitlab.com: gnutls/gnutls.git dane: corrected the license of libdane files 2016-07-05T09:41:28+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2016-07-05T09:41:20+00:00 24a7ccb0f0adb935053aa6c5e326150812e94cc5 The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni. 
The license was always LGPL version 2.1, and these
files mentioned LGPL version 3. Reported by Thomas
Petazzoni.
libdane: add function dane_query_to_raw_tlsa 2014-07-11T15:37:05+00:00 Simon Arlott sa.me.uk 2014-07-10T21:08:30+00:00 62120b1872664b883a4ae59b1ff54a424bd2f297 This function converts a dane_query_t into the parameters needed for dane_raw_tlsa() to make it easy to copy the results of the (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for dane_data_len to avoid trying to malloc 0 bytes if q->data_entries is 0 (it is possible for malloc/calloc to return NULL when requested to allocate 0 bytes). Signed-off-by: Simon Arlott 
This function converts a dane_query_t into the parameters needed for
dane_raw_tlsa() to make it easy to copy the results of the (synchronous)
lookup query from one process to another.

This code allocates an unnecessary extra NULL entry for dane_data_len
to avoid trying to malloc 0 bytes if q->data_entries is 0 (it is possible
for malloc/calloc to return NULL when requested to allocate 0 bytes).

Signed-off-by: Simon Arlott
Revert "Added dane_verify_crt_raw2() which allows verifying against the certificate name." 2014-05-10T12:05:02+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2014-05-10T12:05:02+00:00 cd7773e429421936cc6a369fd38899aacdc21f06 This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6. 
This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
Revert "corrected prototypes for dane_verify_crt_raw2()." 2014-05-10T12:04:56+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2014-05-10T12:04:56+00:00 ec68060caaf1715a5cc73b3a61b14d6f71911ff6 This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3. 
This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
corrected prototypes for dane_verify_crt_raw2(). 2014-05-10T11:45:53+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2014-05-10T11:45:45+00:00 b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3 






Added dane_verify_crt_raw2() which allows verifying against the certificate name.
2014-05-10T10:02:18+00:00

Nikos Mavrogiannopoulos
nmav@gnutls.org

2014-05-10T10:02:18+00:00

d19ac66361300aaf188bc69ae64d5fcd7e89b0f6












Accept a certificate using DANE if there is at least one entry that matches the certificate.
2014-04-28T09:15:47+00:00

Nikos Mavrogiannopoulos
nmav@redhat.com

2014-04-28T09:10:07+00:00

9fce428f14810e601960adbc9ba07e89bbe7c0d2

This corrects the previous behavior that was rejecting the certificate if there
were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO
is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>





This corrects the previous behavior that was rejecting the certificate if there
were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO
is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>







reindented code
2013-11-08T21:17:10+00:00

Nikos Mavrogiannopoulos
nmav@gnutls.org

2013-11-08T21:14:07+00:00

76c93d23c073ef8b885503b7d28a31ffe2add6d8












Adding option DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key entirely when initializing a dane_state_t.
2013-10-23T16:47:25+00:00

Christian Grothoff
christian@grothoff.org

2013-10-23T10:01:31+00:00

a960a0fd4ab2aa6166c9f42914442c7e6630dcfb

This is a useful optimization if the DANE/TLSA data is initialized
from a source other than libunbound/DNS, as then the DNSSEC root key
would not be used anyway.  Worse, if we failed to read the DNSSEC
root key, this would create a failure even though for applications
that do not use DNSSEC (but do use DANE/TLSA) such a failure would
be totally harmless.





This is a useful optimization if the DANE/TLSA data is initialized
from a source other than libunbound/DNS, as then the DNSSEC root key
would not be used anyway.  Worse, if we failed to read the DNSSEC
root key, this would create a failure even though for applications
that do not use DNSSEC (but do use DANE/TLSA) such a failure would
be totally harmless.







Adding dane_verify_crt_raw to allow direct verification of a certificate chain against a dane_query_t (for example, as provided by the new dane_raw_tlsa).
2013-10-21T17:48:01+00:00

Christian Grothoff
christian@grothoff.org

2013-10-21T16:15:57+00:00

4c45e35790f50818d1179ee4443e77e16424f5dc

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>





Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>