summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* added missing filesgnutls_2_10_xAlexander von Klinski2013-08-302-0/+536
|
* [PATCH 1/1] our modifications to gnutls 2.10.2Alexander von Klinski2013-07-238-10/+46
| | | | This adds RSA-PSK to 2.10.x.
* Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE ↵Nikos Mavrogiannopoulos2011-03-264-9/+11
| | | | | | definition. Reported by Andreas Metzler.
* Corrected uninitialized var deinitiation. Reported by Vitaly Kruglikov.Nikos Mavrogiannopoulos2011-03-261-0/+2
|
* fix for C++.Nikos Mavrogiannopoulos2011-03-261-0/+9
|
* Corrected access to freed memory location. Reported by Vitaly Kruglikov.Nikos Mavrogiannopoulos2011-03-261-12/+14
|
* Generated.gnutls_2_10_5Simon Josefsson2011-02-281-0/+64
|
* Handle multi-word $GNUTLS_REQUIRES_PRIVATE's.Simon Josefsson2011-02-281-2/+2
|
* Version 2.10.5.Simon Josefsson2011-02-281-1/+1
|
* Document pkg-config changes.Simon Josefsson2011-02-271-1/+5
|
* SHA1 or better check fixed.Nikos Mavrogiannopoulos2011-02-271-1/+1
|
* documented fix.Nikos Mavrogiannopoulos2011-02-271-0/+2
|
* corrected finished packet check.Nikos Mavrogiannopoulos2011-02-271-4/+6
|
* Corrected signature generation and verificationNikos Mavrogiannopoulos2011-02-122-5/+40
| | | | | in the Certificate Verify message when in TLS 1.2. Reported by Todd A. Ouska.
* pkg-config: If gnutls is built with zlib support list zlib in Requires.private.Andreas Metzler2011-02-052-1/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private. This library only ↵Andreas Metzler2011-02-051-1/+1
| | | | | | contains gnutls itself nowadays, which is in Libs already. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkg-config: Move libtasn1 from Libs.private to Requires.private since ↵Andreas Metzler2011-02-052-1/+6
| | | | | | libtasn1 provides a .pc file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to AC_LIB_HAVE_LINKFLAGSAndreas Metzler2011-02-051-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Bump versions.Simon Josefsson2010-12-065-4/+9
|
* Update for 2.10.4.Simon Josefsson2010-12-061-64/+17
|
* Generated.gnutls_2_10_4Simon Josefsson2010-12-061-0/+103
|
* Version 2.10.4.Simon Josefsson2010-12-061-1/+1
|
* minitasn1: Updated to Libtasn1 2.9.Simon Josefsson2010-12-065-68/+33
|
* Bump versions.Simon Josefsson2010-12-063-3/+3
|
* Use ASN1_NULL when writing parameters for RSA signatures. This makes us ↵Nikos Mavrogiannopoulos2010-12-056-4/+14
| | | | comply with RFC3279. Reported by Michael Rommel.
* Corrected buffer overflow in gnutls-serv by Tomas Mraz.Nikos Mavrogiannopoulos2010-12-052-26/+22
| | | | | | | | | | | | | The gnutls-serv uses fixed allocated buffer for the response which can be pretty long if a client certificate is presented to it and the http header is large. This causes buffer overflow and heap corruption which then leads to random segfaults or aborts. It was reported originally here: https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to snprintf so the buffer is never overflowed.
* Reverted default behavior for verification and introduced ↵Nikos Mavrogiannopoulos2010-11-267-23/+25
| | | | | | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
* Fix dependencies, fixes parallel builds.Simon Josefsson2010-11-231-1/+1
| | | | Tiny patch from Graham Gower <graham.gower@gmail.com>.
* corrected newsNikos Mavrogiannopoulos2010-11-211-1/+1
|
* bumped versionNikos Mavrogiannopoulos2010-11-192-2/+2
|
* added infognutls_2_10_3Nikos Mavrogiannopoulos2010-11-161-0/+3
|
* Correctly write DSA public key in ASN.1 (add leading zero). Reported by ↵Nikos Mavrogiannopoulos2010-11-161-1/+1
| | | | Jeffrey Walton.
* Removed redundant error check. Reported by Nicolas Kaiser.Nikos Mavrogiannopoulos2010-11-111-8/+0
|
* Corrected leak in extension data calculation. Reported by Mike Blumenkrantz.Nikos Mavrogiannopoulos2010-11-032-0/+4
|
* Avoid bashism.Simon Josefsson2010-09-301-1/+1
| | | | | Reported by m.drochner@fz-juelich.de in <http://savannah.gnu.org/support/?107449>.
* Don't return from void functions.Simon Josefsson2010-09-301-2/+2
| | | | | Reported by Dagobert Michelsen <dam@opencsw.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
* Add.Simon Josefsson2010-09-301-0/+2
|
* Bump versions.Simon Josefsson2010-09-305-4/+9
|
* Remove spurious comma.Simon Josefsson2010-09-301-2/+2
|
* Remove spurious comma.Simon Josefsson2010-09-301-2/+2
|
* Generated.gnutls_2_10_2Simon Josefsson2010-09-301-0/+93
|
* Version 2.10.2.Simon Josefsson2010-09-301-1/+1
|
* Make pkcs8-decode test work on Windows.Simon Josefsson2010-09-302-1/+3
|
* Avoid double free.Nikos Mavrogiannopoulos2010-09-291-1/+0
|
* Add new extended key usage ipsecIKEMicah Anderson2010-09-297-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* removed invalid e-mail addressNikos Mavrogiannopoulos2010-09-271-1/+1
|
* Add.Simon Josefsson2010-09-261-0/+2
|
* Add.Simon Josefsson2010-09-261-5/+15
|
* No longer use is_fatal() during handshake. Explicitely treatNikos Mavrogiannopoulos2010-09-231-1/+6
| | | | | | EAGAIN and INTERRUPTED as non-fatal during handshake. If the check_fatal flag is set then GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
* fflush stdout and stderr before the call to setbuf. This fixes issue in ↵Nikos Mavrogiannopoulos2010-09-231-0/+3
| | | | solaris where lines dissappeared from output. Reported and suggested fix by Knut Anders Hatlen.
View Lorry Controller Status