Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: use one-time files in crlcoverage | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -3/+3 |
| | |||||
* | tests: check whether the randomly generate port is used | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -1/+7 |
| | |||||
* | .gitlab-ci.yml: enabled the code coverage checks in the valgrind and ubsan ↵ | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -3/+5 |
| | | | | targets | ||||
* | tests: enhanced the key-import-export tests | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -49/+246 |
| | | | | This check now includes the abstract privkey import/export interfaces. | ||||
* | corrected import issue in gnutls_privkey_import_ecc_raw | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -1/+1 |
| | |||||
* | x509/privkey: in raw import functions set the parameter's algorithm type | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+3 |
| | |||||
* | srp base64: return proper gnutls errors codes on error rather than -1 | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -4/+4 |
| | |||||
* | tests: added checks for base64 functions | Nikos Mavrogiannopoulos | 2016-04-29 | 3 | -1/+389 |
| | |||||
* | .gitlab-ci.yml: added code coverage run | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -4/+8 |
| | | | | | This enhances a test to print the code coverage of the test suite, which in turn is being used/reported by gitlab CI interface. | ||||
* | ax_code_coverage.m4: updated to latest version | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -30/+85 |
| | |||||
* | libtasn1: updated to latest version | Nikos Mavrogiannopoulos | 2016-04-29 | 3 | -6/+12 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -5/+9 |
| | |||||
* | errors.h: gnutls_assert() will log the function name in addition to ↵ | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -1/+1 |
| | | | | | | | filename/line This is quite necessary after the filenames were simplified and we have filenames with identical names in the directory structure. | ||||
* | tests: added check for SRP ID change during rehandshake | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -1/+275 |
| | | | | | The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. | ||||
* | tests: added check for PSK ID change during rehandshake | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -1/+192 |
| | | | | | The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. | ||||
* | handshake: enhance same certificate checks to apply to PSK/SRP username | Nikos Mavrogiannopoulos | 2016-04-29 | 13 | -47/+141 |
| | | | | | | That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites. | ||||
* | tests: added 'PFS' and 'SUITEB128' into the list of checked priority strings | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+2 |
| | |||||
* | tests: fail() function will also print function and line information | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -2/+5 |
| | |||||
* | _gnutls_hex2bin: refuse to decode odd-sized hex data | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+3 |
| | |||||
* | tests: added unit tests on the HEX encoding/decoding functions | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -1/+226 |
| | |||||
* | certtool: eliminated memory leaks in DH parameter printing/generation. | Nikos Mavrogiannopoulos | 2016-04-28 | 3 | -1/+10 |
| | |||||
* | certtool: combined all the seed decoding methods to a single one | Nikos Mavrogiannopoulos | 2016-04-28 | 3 | -43/+44 |
| | | | | | That not only simplifies the code, but also allows decoding hex strings which contain not hex chars (and that allows decoding hex of the form XX:XX:XX) | ||||
* | Revert "tests: ensure the seed is provided in plain hex" | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -5/+5 |
| | | | | This reverts commit 0ea7206e12f52f6ed50c4a76ea0a23f5470115b2. | ||||
* | tests: check certtool dh-parameter generation with --provable option | Nikos Mavrogiannopoulos | 2016-04-28 | 2 | -1/+86 |
| | |||||
* | tests: ensure the seed is provided in plain hex | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -5/+5 |
| | |||||
* | certtool: allow specifying seed size when generating provable DH parameters | Nikos Mavrogiannopoulos | 2016-04-28 | 3 | -12/+49 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -0/+3 |
| | |||||
* | tests: simplified custom-urls check | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -56/+1 |
| | |||||
* | tests: added check on whether builtin URLs cannot be overriden | Nikos Mavrogiannopoulos | 2016-04-28 | 2 | -1/+289 |
| | |||||
* | keys: custom URLs take precedence over pre-defined URLs | Nikos Mavrogiannopoulos | 2016-04-28 | 4 | -32/+36 |
| | | | | | | | This allows applications to define the own 'system:' or 'pkcs11:' URLs. Resolves #89 | ||||
* | x25519: ensure that a valid private key is present on key derivation | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -0/+1 |
| | |||||
* | tests: added check for GNUTLS_FORCE_CLIENT_CERT init flag | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -12/+20 |
| | |||||
* | instead of assigning a variable per flag use the init flags directly | Nikos Mavrogiannopoulos | 2016-04-28 | 8 | -41/+17 |
| | | | | | That is store the flags provided in gnutls_init() in the session structure and use these flags directly when required. | ||||
* | added flag in session to force sending a client certificate | Nikos Mavrogiannopoulos | 2016-04-28 | 4 | -8/+16 |
| | | | | | | | | | This handles the use case of a client connecting to a server which incorrectly lists the CA certificates it supports. Without that change the only option was to avoid using the "automatic" client certificate functions, but rather utilize callbacks. With that approach this use case is handled by the "automatic" certificate selection functions. | ||||
* | .gitlab-ci.yml: do not load submodules on CI since they are not used | Nikos Mavrogiannopoulos | 2016-04-28 | 1 | -10/+10 |
| | | | | This reduces the CI running time. | ||||
* | tests: check client behavior of sending CA certificates | Nikos Mavrogiannopoulos | 2016-04-28 | 3 | -1/+434 |
| | |||||
* | doc: removed news about feature already backported in 3.4.6 | Nikos Mavrogiannopoulos | 2016-04-27 | 1 | -4/+0 |
| | |||||
* | examples: introduced basic error checking in more examples | Nikos Mavrogiannopoulos | 2016-04-27 | 6 | -141/+103 |
| | |||||
* | examples: simplified the basic client example | Nikos Mavrogiannopoulos | 2016-04-27 | 1 | -11/+10 |
| | |||||
* | examples: introduced basic error checking in main client examples | Nikos Mavrogiannopoulos | 2016-04-27 | 2 | -47/+36 |
| | |||||
* | examples: corrected the required version of example | Nikos Mavrogiannopoulos | 2016-04-27 | 1 | -2/+2 |
| | |||||
* | tests: enhanced dane testing with offline verification checks | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -34/+573 |
| | |||||
* | dane: verification will not fail if a CA entry is encountered but cannot be ↵ | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -3/+5 |
| | | | | | | | | | verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped. | ||||
* | doc: improved documentation on certificate and DANE verification functions | Nikos Mavrogiannopoulos | 2016-04-26 | 2 | -10/+17 |
| | |||||
* | dane: updated documentation of dane_verify_crt_raw | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -19/+4 |
| | |||||
* | doc: added clarifications on documentation for dane_state_t | Nikos Mavrogiannopoulos | 2016-04-26 | 2 | -3/+7 |
| | |||||
* | manpages: include the dane functions into the distributed pages | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -2/+20 |
| | |||||
* | ecdhe: eliminated unneeded checks for zero of public parameters | Nikos Mavrogiannopoulos | 2016-04-24 | 1 | -6/+0 |
| | | | | | There were not required by either draft-ietf-tls-rfc4492bis-07 or rfc7748. | ||||
* | doc: added example client application utilizing the 3.1.x APIs | Nikos Mavrogiannopoulos | 2016-04-24 | 3 | -5/+214 |
| |