summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* examples: added explicit 3.5.0 dependency in ex-client-x509Nikos Mavrogiannopoulos2016-04-241-2/+2
|
* examples: added error checks and updated verify_certificate_chain()Nikos Mavrogiannopoulos2016-04-241-24/+26
|
* .gitlab-ci.yml: made the linux tag explicit for our runnersNikos Mavrogiannopoulos2016-04-241-0/+9
|
* doc updateNikos Mavrogiannopoulos2016-04-241-15/+19
|
* doc: document curve X25519Nikos Mavrogiannopoulos2016-04-241-1/+2
|
* doc: clarify what catch all means in all scenariosNikos Mavrogiannopoulos2016-04-241-3/+6
|
* gnutls-cli-debug: added tests for supported curvesNikos Mavrogiannopoulos2016-04-243-17/+56
|
* tests: include self tests with CURVE-X25519Nikos Mavrogiannopoulos2016-04-243-64/+117
|
* gnutls-cli: enhanced KX benchmark with X25519Nikos Mavrogiannopoulos2016-04-241-11/+12
|
* handshake: added support for ECDH with curve X25519Nikos Mavrogiannopoulos2016-04-2416-86/+333
| | | | This follows draft-ietf-tls-rfc4492bis-07 and rfc7748
* tests: updated the openssl compat check to make explicit the used curvesNikos Mavrogiannopoulos2016-04-241-23/+32
|
* ecdhe: print the received curve from the server on debug modeNikos Mavrogiannopoulos2016-04-241-0/+7
|
* gnutls-cli-debug: added CHACHA20-POLY1305 detectionNikos Mavrogiannopoulos2016-04-243-6/+23
|
* tests: on out of memory conditions do not fail the hash-large testNikos Mavrogiannopoulos2016-04-231-0/+13
| | | | | | This test may require a large amount of memory which some CI systems cannot provide. When an out-of-memory-error is detected skip the test instead of failing.
* session: removed unused parameters from RSA-EXPORT eraNikos Mavrogiannopoulos2016-04-232-7/+0
|
* README-alpha.md: updated badges with the new gitlab URLsNikos Mavrogiannopoulos2016-04-231-3/+3
|
* doc: document the TPM 1.2 limitationNikos Mavrogiannopoulos2016-04-221-0/+1
|
* doc: tpm: include short instructions on initializing the TPM chipNikos Mavrogiannopoulos2016-04-211-1/+3
|
* tests: hash-large: use private mmap()Nikos Mavrogiannopoulos2016-04-201-1/+1
| | | | This reduces the memory usage of the test significantly on Linux.
* tests: use mmap() for large memory allocations in systems that support itNikos Mavrogiannopoulos2016-04-202-3/+27
| | | | | That allows the hash-large test to run on systems which its calloc() is attempting to allocate an impossible amount of memory.
* tests: use /bin/bash for tests that use bashismsNikos Mavrogiannopoulos2016-04-202-2/+2
|
* tests: don't run danetool.sh if danetool is not presentNikos Mavrogiannopoulos2016-04-201-2/+4
| | | | That prevents test suite failure in systems without libunbound.
* gnutls_int.h: allow compiling with system (gnutls) headersNikos Mavrogiannopoulos2016-04-201-11/+6
|
* .gitlab-ci.yml: added build rule on freebsdNikos Mavrogiannopoulos2016-04-201-0/+8
|
* certtool: document sha3 functions in manpage [ci skip]Nikos Mavrogiannopoulos2016-04-191-1/+1
|
* doc: added missing @end example in danetool documentationNikos Mavrogiannopoulos2016-04-191-0/+1
|
* doc: updated documentation on false startNikos Mavrogiannopoulos2016-04-191-7/+15
|
* doc updateNikos Mavrogiannopoulos2016-04-191-1/+2
|
* gnutls-cli-debug: enable socket verbosity when --verbose is givenNikos Mavrogiannopoulos2016-04-191-0/+2
|
* tools: explicitly initialize socket struct to zeroNikos Mavrogiannopoulos2016-04-191-0/+2
| | | | That resolves issue where verbose was enabled by default.
* tools: avoid extracting the value of the app-proto aliasNikos Mavrogiannopoulos2016-04-192-6/+6
| | | | | | Instead always extract the starttls-proto value, as it seems that libopts doesn't report any value for the former. This corrects the starttls capability of danetool and gnutls-cli-debug.
* tools: document the starttls capabilityNikos Mavrogiannopoulos2016-04-193-2/+15
|
* tests: do not run danetool.sh on windowsNikos Mavrogiannopoulos2016-04-191-1/+5
| | | | The test fails due to CRLF.
* tools: avoid relying on static buffers for service nameNikos Mavrogiannopoulos2016-04-184-11/+15
|
* tests: added basic check on danetool --tlsa-rr optionNikos Mavrogiannopoulos2016-04-182-1/+80
|
* danetool: Allow specifying a service name into port optionNikos Mavrogiannopoulos2016-04-183-25/+24
| | | | This makes the tool similar to gnutls-cli.
* Fix library build on Chrome Native Client (NaCl)Kevin Cernekee2016-04-181-1/+1
| | | | | | | Some supported toolchains define DT_UNKNOWN but do not define _DIRENT_HAVE_D_TYPE (and do not have the d_type field). On other platforms GnuTLS may need to second-guess what the library is reporting, but on NaCl this is unsafe.
* gnutls-serv: don't send closure messages in failed handshakesNikos Mavrogiannopoulos2016-04-181-1/+6
|
* client key exchange: fail if the client KX message is padded with additional ↵Nikos Mavrogiannopoulos2016-04-182-1/+7
| | | | bytes
* _wrap_nettle_pk_derive: reject values of public key that are over the primeNikos Mavrogiannopoulos2016-04-181-10/+4
| | | | | | | | | That is do not canonicalise the value we get from the network, but rather check it for validity. This saves a modular reduction on handshake and performs a sanity check on the peer's (client) parameters. Reported by Hubert Kario. Resolves #84
* tests: suite: disable any openssl cpu optimizationsNikos Mavrogiannopoulos2016-04-151-1/+2
| | | | | | This prevents from valgrind failures on softhsm usage due to any new instruction optimizations which are not supported by valgrind.
* doc: further updated documentation on false start [ci skip]Nikos Mavrogiannopoulos2016-04-151-0/+5
|
* doc: updated documentation on false startNikos Mavrogiannopoulos2016-04-152-13/+15
|
* tests: enhanced the false start checksNikos Mavrogiannopoulos2016-04-151-81/+153
| | | | | | These now check whether sending and receiving is performed as expected after handshake, DTLS, as well as test explicit handshake called by the application.
* Updated false start support to be transparent to applications.Nikos Mavrogiannopoulos2016-04-157-82/+90
| | | | | | | That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced for gnutls_init(), and that enables support for false start. At this point false start will be performed by the handshake if possible, and gnutls_record_recv() will handle handshake completion.
* doc updateNikos Mavrogiannopoulos2016-04-141-2/+2
|
* doc: updated docs related to private key generationNikos Mavrogiannopoulos2016-04-143-13/+18
|
* certtool: do not allow combining --provable with --ecc in key generationNikos Mavrogiannopoulos2016-04-141-0/+6
| | | | There is no such support in the library.
* updated auto-generated files for new APIsNikos Mavrogiannopoulos2016-04-143-17/+143
|
* doc: added tlsproxy example reference into documentationNikos Mavrogiannopoulos2016-04-145-9/+19
|
View Lorry Controller Status