Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | released 3.4.14gnutls_3_4_14 | Nikos Mavrogiannopoulos | 2016-07-06 | 1 | -3/+6 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2016-07-05 | 2 | -2/+2 |
| | |||||
* | dane: corrected the license of libdane files | Nikos Mavrogiannopoulos | 2016-07-05 | 2 | -2/+2 |
| | | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni. | ||||
* | pkcs11_get_attribute_avalue: correctly handle a -1 value length from ↵ | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -0/+6 |
| | | | | | | | | | C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108 | ||||
* | tests: name-constraints moved to non-windows running scripts | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -2/+2 |
| | | | | That is because datefudge doesn't work there. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -0/+3 |
| | |||||
* | pkcs11_get_attribute_avalue: do not assign values on failure | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -0/+1 |
| | | | | | | | When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108. | ||||
* | tests: use datefudge in name-constraints test | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -1/+12 |
| | | | | This avoids the expiration of the used certificate to affect the test. | ||||
* | tests: backported pkcs11-is-known from master branch | Nikos Mavrogiannopoulos | 2016-06-28 | 1 | -1/+186 |
| | |||||
* | gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE ↵ | Nikos Mavrogiannopoulos | 2016-06-28 | 1 | -3/+3 |
| | | | | unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given | ||||
* | find_cert_cb: minor cleanups in find_cert_cb | Nikos Mavrogiannopoulos | 2016-06-28 | 1 | -28/+28 |
| | |||||
* | pkcs11: correctly encode the serial number when searching for certificate | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -16/+9 |
| | | | | | | In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number. | ||||
* | pkcs11: correctly account check_found_cert() | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -0/+1 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -0/+3 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -0/+9 |
| | |||||
* | dtls: corrected reconstruction of handshake packets received out of order | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -4/+4 |
| | | | | | | That is, when the handshake packet is split into multiple different chunks and received out of order, make sure that reconstruction occurs properly. Reported by Guillaume Roguez. | ||||
* | Corrected the writing of serial number in PKCS#11 modules | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -4/+9 |
| | | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek. | ||||
* | doc: remove references to GNUTLS_KEYLOGFILE [ci skip] | Nikos Mavrogiannopoulos | 2016-06-08 | 1 | -1/+1 |
| | |||||
* | tests: link libutils against gnutls | Nikos Mavrogiannopoulos | 2016-06-06 | 1 | -0/+1 |
| | |||||
* | bumped versionsgnutls_3_4_13 | Nikos Mavrogiannopoulos | 2016-06-06 | 3 | -4/+4 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-06-06 | 1 | -2/+3 |
| | |||||
* | tests: backported keylog test | Nikos Mavrogiannopoulos | 2016-06-06 | 6 | -27/+994 |
| | |||||
* | keylogfile: only consider the SSLKEYLOGFILE variable | Nikos Mavrogiannopoulos | 2016-06-06 | 3 | -9/+9 |
| | | | | | | | In addition do not check the environment in the constructor but instead use static variables to save the key file name. The GNUTLS_KEYLOGFILE environment variable is no longer used since there is no reason to have a separate one. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-05-31 | 2 | -6/+5 |
| | |||||
* | Rely on gnulib's secure_getenv() | Nikos Mavrogiannopoulos | 2016-05-28 | 257 | -1393/+1461 |
| | |||||
* | x86-common: use secure_getenv() | Nikos Mavrogiannopoulos | 2016-05-28 | 1 | -1/+1 |
| | |||||
* | configure.ac: check for secure_getenv where available and always enable ↵ | Nikos Mavrogiannopoulos | 2016-05-27 | 1 | -1/+3 |
| | | | | system extensions | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-27 | 1 | -0/+12 |
| | |||||
* | env: use secure_getenv when reading environment variables | Nikos Mavrogiannopoulos | 2016-05-27 | 4 | -8/+14 |
| | |||||
* | Append keys on keylogfile | Nikos Mavrogiannopoulos | 2016-05-27 | 4 | -24/+17 |
| | | | | | Also consider the SSLKEYLOGFILE variable, since the format is identical and we are always appending keys. | ||||
* | pkcs11: added sanity check to find_obj_url_cb() for object validity | Nikos Mavrogiannopoulos | 2016-05-23 | 1 | -6/+6 |
| | | | | Also avoid unnecessary recursion. | ||||
* | tests: use /bin/bash in tests which require common.sh | Nikos Mavrogiannopoulos | 2016-05-20 | 8 | -8/+10 |
| | |||||
* | tests: simplified server launching process | Nikos Mavrogiannopoulos | 2016-05-20 | 9 | -214/+376 |
| | | | | | Also attempt to use a new port on every started server and added a waiting period for the port to become re-usable. | ||||
* | .gitlab-ci.yml: restrict windows build checks to tests/ subdirgnutls_3_4_12_win32 | Nikos Mavrogiannopoulos | 2016-05-20 | 1 | -1/+1 |
| | | | | | That is because there is an issue with the gnulib self tests when run under windows. | ||||
* | tests: do not use pkglib to generate libpkcs11mock1.so | Nikos Mavrogiannopoulos | 2016-05-20 | 1 | -4/+2 |
| | | | | | | This resulted in the test library being installed. Install we use noinst for the library, but pass -rpath to LDFLAGS as a hack to for libtool to generate the shared version. | ||||
* | .gitlab-ci.yml: added windows DLL build for 3.4.x branchgnutls_3_4_12 | Nikos Mavrogiannopoulos | 2016-05-20 | 1 | -0/+19 |
| | |||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-05-20 | 1 | -0/+18 |
| | |||||
* | released 3.4.12 | Nikos Mavrogiannopoulos | 2016-05-20 | 3 | -3/+6 |
| | |||||
* | tests: priorities: account for the addition of CHACHA20-POLY1305 | Nikos Mavrogiannopoulos | 2016-05-19 | 1 | -16/+11 |
| | |||||
* | CHACHA20_POLY1305 was added to the default priority strings | Nikos Mavrogiannopoulos | 2016-05-19 | 1 | -5/+10 |
| | | | | | That is the NORMAL and PERFORMANCE priority strings now will enable CHACHA20-POLY1305 by default. | ||||
* | gnutls-cli: allow operation with stdin input | Nikos Mavrogiannopoulos | 2016-05-19 | 3 | -3/+50 |
| | | | | | | | That is once commands from stdin are given, they are not only sent to server, but we also wait for a response prior to exiting. Resolves #96 | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-18 | 1 | -0/+5 |
| | |||||
* | Write session keys into a file when GNUTLS_KEYLOGFILE is exported | Nikos Mavrogiannopoulos | 2016-05-18 | 1 | -0/+43 |
| | | | | | | | | | | | | | That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret> Resolves #64 | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-17 | 1 | -0/+3 |
| | |||||
* | gnutls-cli: corrected check for OCSP verification success | Nikos Mavrogiannopoulos | 2016-05-17 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-12 | 1 | -0/+3 |
| | |||||
* | errors: include GNUTLS_E_IDNA_ERROR to the list | Nikos Mavrogiannopoulos | 2016-05-12 | 1 | -0/+2 |
| | |||||
* | server_name: only save the supported server names in the session | Nikos Mavrogiannopoulos | 2016-05-12 | 1 | -11/+14 |
| | | | | | Invalid server names with embedded nulls and unsupported types are not saved. | ||||
* | gnutls_pubkey_verify_data2: simplified return logic | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -3/+1 |
| | |||||
* | gnutls_pkcs7_print: corrected type of unsigned count variable | Nikos Mavrogiannopoulos | 2016-05-10 | 1 | -2/+2 |
| |