Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -0/+7 | |
| | ||||||
* | cert cred: add the CN to the list of known hostnames only if no dns_names | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -9/+14 | |
| | | | | That is, follow rfc6125 and support CN as a fallback only. | |||||
* | gnutls_certificate_set_key: import the DNS names of the certificates | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -1/+25 | |
| | | | | That is, only when no (NULL) names are provided. | |||||
* | reset the global time func on init/deinit | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -1/+3 | |
| | ||||||
* | gnutls_certificate_set_key: duplicate the provided memory | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -2/+11 | |
| | | | | That is, do not assume that a heap allocated value is provided. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+7 | |
| | ||||||
* | tests: added a basic PKCS#11 mock module | Nikos Mavrogiannopoulos | 2016-05-03 | 6 | -0/+3184 | |
| | | | | | | This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. | |||||
* | pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already ↵ | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -35/+37 | |
| | | | | | | | running While some modules implicitly terminated the previous run, this is not something that PKCS#11 modules are expected to typically do. | |||||
* | pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be ↵ | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+18 | |
| | | | | | | | | | respected by imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url() or gnutls_x509_crt_import_url() will be able to be extracted with their extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() and friends. | |||||
* | pkcs11: find_ext_cb: eliminated memory leak | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+1 | |
| | ||||||
* | gnutls_pkcs11_obj_get_exts: updated documentation | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -3/+6 | |
| | ||||||
* | gnutls_x509_crt_import_url: updated documentation for new function name | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -7/+5 | |
| | ||||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -0/+8 | |
| | ||||||
* | doc: mention the version after which gnutls_pem_base64_en/decode2() are ↵ | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -0/+12 | |
| | | | | available | |||||
* | corrected import issue in gnutls_privkey_import_ecc_raw | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -1/+1 | |
| | ||||||
* | x509/privkey: in raw import functions set the parameter's algorithm type | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+3 | |
| | ||||||
* | examples: backported main client example [ci skip] | Nikos Mavrogiannopoulos | 2016-04-27 | 1 | -29/+25 | |
| | ||||||
* | tests: enhanced dane testing with offline verification checks | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -34/+573 | |
| | ||||||
* | dane: verification will not fail if a CA entry is encountered but cannot be ↵ | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -3/+5 | |
| | | | | | | | | | verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped. | |||||
* | doc: improved documentation on certificate and DANE verification functions | Nikos Mavrogiannopoulos | 2016-04-26 | 2 | -10/+17 | |
| | ||||||
* | dane: updated documentation of dane_verify_crt_raw [ci skip] | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -19/+4 | |
| | ||||||
* | manpages: include the dane functions into the distributed pages | Nikos Mavrogiannopoulos | 2016-04-26 | 1 | -1/+1 | |
| | ||||||
* | gnutls-cli-debug: enable socket verbosity when --verbose is given | Nikos Mavrogiannopoulos | 2016-04-19 | 1 | -0/+2 | |
| | ||||||
* | tools: explicitly initialize socket struct to zero | Nikos Mavrogiannopoulos | 2016-04-19 | 1 | -0/+2 | |
| | | | | That resolves issue where verbose was enabled by default. | |||||
* | tools: avoid extracting the value of the app-proto alias | Nikos Mavrogiannopoulos | 2016-04-19 | 2 | -8/+8 | |
| | | | | | | Instead always extract the starttls-proto value, as it seems that libopts doesn't report any value for the former. This corrects the starttls capability of danetool and gnutls-cli-debug. | |||||
* | tools: document the starttls capability | Nikos Mavrogiannopoulos | 2016-04-19 | 3 | -2/+15 | |
| | ||||||
* | _wrap_nettle_pk_derive: reject values of public key that are over the prime | Nikos Mavrogiannopoulos | 2016-04-18 | 1 | -10/+4 | |
| | | | | | | | | | That is do not canonicalise the value we get from the network, but rather check it for validity. This saves a modular reduction on handshake and performs a sanity check on the peer's (client) parameters. Reported by Hubert Kario. Resolves #84 | |||||
* | handshake: do not overwrite the server's signature algorithm | Nikos Mavrogiannopoulos | 2016-04-13 | 1 | -1/+2 | |
| | | | | | | That is, correct a bug under which a client sending a certificate would overwrite the server's idea about the used signature algorithm. Reported by Hubert Kario. | |||||
* | configure: corrected regression which prevented the build of tests/suite | Nikos Mavrogiannopoulos | 2016-04-12 | 1 | -1/+1 | |
| | | | | This regression was introduced at 8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c | |||||
* | gnutls_packet_get: avoid null pointer dereference on NULL input | Nikos Mavrogiannopoulos | 2016-04-12 | 1 | -0/+1 | |
| | | | | | That is, still allow the function to handle a NULL packet input but reset the data contents. | |||||
* | gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable | Nikos Mavrogiannopoulos | 2016-04-12 | 1 | -2/+3 | |
| | | | | | That is because this field is not optional, and a failure on its parsing is always fatal. Reported by Yuan Jochen Kang. | |||||
* | released 3.4.11gnutls_3_4_11 | Nikos Mavrogiannopoulos | 2016-04-11 | 1 | -1/+1 | |
| | ||||||
* | tests: do not enable valgrind in non-git builds | Nikos Mavrogiannopoulos | 2016-04-11 | 1 | -2/+16 | |
| | ||||||
* | x509 output: don't warn about insecure algorithm when unknown | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -3/+3 | |
| | ||||||
* | tests: disable unsupported curves from compatibility checks | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -1/+5 | |
| | | | | This allows running make check even when compiling with disable-suiteb-curves. | |||||
* | dtls: added missing dtls.h to state.c | Nikos Mavrogiannopoulos | 2016-04-09 | 1 | -0/+1 | |
| | ||||||
* | bumped version | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -2/+2 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-09 | 1 | -1/+1 | |
| | ||||||
* | minitasn1: updated to latest git version | Nikos Mavrogiannopoulos | 2016-04-09 | 9 | -356/+409 | |
| | ||||||
* | doc: Replace references to select with poll and other fixes | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -6/+6 | |
| | ||||||
* | doc: replace inaccurate sentence with reference to ↵ | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -3/+3 | |
| | | | | gnutls_record_discard_queued [ci skip] | |||||
* | gnutls_record_get_direction: doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -11/+7 | |
| | ||||||
* | tests: reduce the number of loops in x509sign-verify2 | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -1/+1 | |
| | | | | This enables running the test in reasonable time under valgrind. | |||||
* | pkix.asn: corrected byKey definition | Nikos Mavrogiannopoulos | 2016-04-08 | 2 | -2/+2 | |
| | | | | | OCSP is defined in an EXPLICIT tags module, and as such we must tag explicitly all of its tags. | |||||
* | name constraints: enforce the rules for IP constraints when adding | Nikos Mavrogiannopoulos | 2016-04-05 | 1 | -2/+13 | |
| | | | | This will prevent gnutls from generating badly formed certificates. | |||||
* | _gnutls_parse_general_name2: allow parsing empty names | Nikos Mavrogiannopoulos | 2016-04-05 | 3 | -17/+39 | |
| | | | | | This allows parsing empty general names such as an empty DNSname used in name constraints. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-02 | 1 | -0/+4 | |
| | ||||||
* | ocsptool: use HTTP/1.0 for requests | Nikos Mavrogiannopoulos | 2016-04-02 | 1 | -1/+1 | |
| | | | | | This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -0/+2 | |
| | ||||||
* | tests: delete outfile in certtool-long-cn | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -1/+3 | |
| |