summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* .gitlab-ci.yml: restrict windows build checks to tests/ subdirgnutls_3_4_12_win32Nikos Mavrogiannopoulos2016-05-201-1/+1
| | | | | That is because there is an issue with the gnulib self tests when run under windows.
* tests: do not use pkglib to generate libpkcs11mock1.soNikos Mavrogiannopoulos2016-05-201-4/+2
| | | | | | This resulted in the test library being installed. Install we use noinst for the library, but pass -rpath to LDFLAGS as a hack to for libtool to generate the shared version.
* .gitlab-ci.yml: added windows DLL build for 3.4.x branchgnutls_3_4_12Nikos Mavrogiannopoulos2016-05-201-0/+19
|
* updated auto-generated filesNikos Mavrogiannopoulos2016-05-201-0/+18
|
* released 3.4.12Nikos Mavrogiannopoulos2016-05-203-3/+6
|
* tests: priorities: account for the addition of CHACHA20-POLY1305Nikos Mavrogiannopoulos2016-05-191-16/+11
|
* CHACHA20_POLY1305 was added to the default priority stringsNikos Mavrogiannopoulos2016-05-191-5/+10
| | | | | That is the NORMAL and PERFORMANCE priority strings now will enable CHACHA20-POLY1305 by default.
* gnutls-cli: allow operation with stdin inputNikos Mavrogiannopoulos2016-05-193-3/+50
| | | | | | | That is once commands from stdin are given, they are not only sent to server, but we also wait for a response prior to exiting. Resolves #96
* doc updateNikos Mavrogiannopoulos2016-05-181-0/+5
|
* Write session keys into a file when GNUTLS_KEYLOGFILE is exportedNikos Mavrogiannopoulos2016-05-181-0/+43
| | | | | | | | | | | | | That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret> Resolves #64
* doc updateNikos Mavrogiannopoulos2016-05-171-0/+3
|
* gnutls-cli: corrected check for OCSP verification successNikos Mavrogiannopoulos2016-05-171-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-05-121-0/+3
|
* errors: include GNUTLS_E_IDNA_ERROR to the listNikos Mavrogiannopoulos2016-05-121-0/+2
|
* server_name: only save the supported server names in the sessionNikos Mavrogiannopoulos2016-05-121-11/+14
| | | | | Invalid server names with embedded nulls and unsupported types are not saved.
* gnutls_pubkey_verify_data2: simplified return logicNikos Mavrogiannopoulos2016-05-101-3/+1
|
* gnutls_pkcs7_print: corrected type of unsigned count variableNikos Mavrogiannopoulos2016-05-101-2/+2
|
* doc updateNikos Mavrogiannopoulos2016-05-101-0/+7
|
* cert cred: add the CN to the list of known hostnames only if no dns_namesNikos Mavrogiannopoulos2016-05-101-9/+14
| | | | That is, follow rfc6125 and support CN as a fallback only.
* gnutls_certificate_set_key: import the DNS names of the certificatesNikos Mavrogiannopoulos2016-05-101-1/+25
| | | | That is, only when no (NULL) names are provided.
* reset the global time func on init/deinitNikos Mavrogiannopoulos2016-05-101-1/+3
|
* gnutls_certificate_set_key: duplicate the provided memoryNikos Mavrogiannopoulos2016-05-031-2/+11
| | | | That is, do not assume that a heap allocated value is provided.
* doc updateNikos Mavrogiannopoulos2016-05-031-0/+7
|
* tests: added a basic PKCS#11 mock moduleNikos Mavrogiannopoulos2016-05-036-0/+3184
| | | | | | This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
* pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already ↵Nikos Mavrogiannopoulos2016-05-031-35/+37
| | | | | | | running While some modules implicitly terminated the previous run, this is not something that PKCS#11 modules are expected to typically do.
* pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be ↵Nikos Mavrogiannopoulos2016-05-031-0/+18
| | | | | | | | | respected by imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url() or gnutls_x509_crt_import_url() will be able to be extracted with their extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() and friends.
* pkcs11: find_ext_cb: eliminated memory leakNikos Mavrogiannopoulos2016-05-031-0/+1
|
* gnutls_pkcs11_obj_get_exts: updated documentationNikos Mavrogiannopoulos2016-05-021-3/+6
|
* gnutls_x509_crt_import_url: updated documentation for new function nameNikos Mavrogiannopoulos2016-05-021-7/+5
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-04-301-0/+8
|
* doc: mention the version after which gnutls_pem_base64_en/decode2() are ↵Nikos Mavrogiannopoulos2016-04-301-0/+12
| | | | available
* corrected import issue in gnutls_privkey_import_ecc_rawNikos Mavrogiannopoulos2016-04-291-1/+1
|
* x509/privkey: in raw import functions set the parameter's algorithm typeNikos Mavrogiannopoulos2016-04-291-0/+3
|
* examples: backported main client example [ci skip]Nikos Mavrogiannopoulos2016-04-271-29/+25
|
* tests: enhanced dane testing with offline verification checksNikos Mavrogiannopoulos2016-04-261-34/+573
|
* dane: verification will not fail if a CA entry is encountered but cannot be ↵Nikos Mavrogiannopoulos2016-04-261-3/+5
| | | | | | | | | verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped.
* doc: improved documentation on certificate and DANE verification functionsNikos Mavrogiannopoulos2016-04-262-10/+17
|
* dane: updated documentation of dane_verify_crt_raw [ci skip]Nikos Mavrogiannopoulos2016-04-261-19/+4
|
* manpages: include the dane functions into the distributed pagesNikos Mavrogiannopoulos2016-04-261-1/+1
|
* gnutls-cli-debug: enable socket verbosity when --verbose is givenNikos Mavrogiannopoulos2016-04-191-0/+2
|
* tools: explicitly initialize socket struct to zeroNikos Mavrogiannopoulos2016-04-191-0/+2
| | | | That resolves issue where verbose was enabled by default.
* tools: avoid extracting the value of the app-proto aliasNikos Mavrogiannopoulos2016-04-192-8/+8
| | | | | | Instead always extract the starttls-proto value, as it seems that libopts doesn't report any value for the former. This corrects the starttls capability of danetool and gnutls-cli-debug.
* tools: document the starttls capabilityNikos Mavrogiannopoulos2016-04-193-2/+15
|
* _wrap_nettle_pk_derive: reject values of public key that are over the primeNikos Mavrogiannopoulos2016-04-181-10/+4
| | | | | | | | | That is do not canonicalise the value we get from the network, but rather check it for validity. This saves a modular reduction on handshake and performs a sanity check on the peer's (client) parameters. Reported by Hubert Kario. Resolves #84
* handshake: do not overwrite the server's signature algorithmNikos Mavrogiannopoulos2016-04-131-1/+2
| | | | | | That is, correct a bug under which a client sending a certificate would overwrite the server's idea about the used signature algorithm. Reported by Hubert Kario.
* configure: corrected regression which prevented the build of tests/suiteNikos Mavrogiannopoulos2016-04-121-1/+1
| | | | This regression was introduced at 8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c
* gnutls_packet_get: avoid null pointer dereference on NULL inputNikos Mavrogiannopoulos2016-04-121-0/+1
| | | | | That is, still allow the function to handle a NULL packet input but reset the data contents.
* gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsableNikos Mavrogiannopoulos2016-04-121-2/+3
| | | | | That is because this field is not optional, and a failure on its parsing is always fatal. Reported by Yuan Jochen Kang.
* released 3.4.11gnutls_3_4_11Nikos Mavrogiannopoulos2016-04-111-1/+1
|
* tests: do not enable valgrind in non-git buildsNikos Mavrogiannopoulos2016-04-111-2/+16
|
View Lorry Controller Status