summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* released 3.4.14gnutls_3_4_14Nikos Mavrogiannopoulos2016-07-061-3/+6
|
* bumped versionNikos Mavrogiannopoulos2016-07-052-2/+2
|
* dane: corrected the license of libdane filesNikos Mavrogiannopoulos2016-07-052-2/+2
| | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni.
* pkcs11_get_attribute_avalue: correctly handle a -1 value length from ↵Nikos Mavrogiannopoulos2016-06-301-0/+6
| | | | | | | | | C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108
* tests: name-constraints moved to non-windows running scriptsNikos Mavrogiannopoulos2016-06-291-2/+2
| | | | That is because datefudge doesn't work there.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-06-291-0/+3
|
* pkcs11_get_attribute_avalue: do not assign values on failureNikos Mavrogiannopoulos2016-06-291-0/+1
| | | | | | | When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108.
* tests: use datefudge in name-constraints testNikos Mavrogiannopoulos2016-06-291-1/+12
| | | | This avoids the expiration of the used certificate to affect the test.
* tests: backported pkcs11-is-known from master branchNikos Mavrogiannopoulos2016-06-281-1/+186
|
* gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE ↵Nikos Mavrogiannopoulos2016-06-281-3/+3
| | | | unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
* find_cert_cb: minor cleanups in find_cert_cbNikos Mavrogiannopoulos2016-06-281-28/+28
|
* pkcs11: correctly encode the serial number when searching for certificateNikos Mavrogiannopoulos2016-06-221-16/+9
| | | | | | In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number.
* pkcs11: correctly account check_found_cert()Nikos Mavrogiannopoulos2016-06-221-0/+1
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-06-161-0/+3
|
* doc updateNikos Mavrogiannopoulos2016-06-161-0/+9
|
* dtls: corrected reconstruction of handshake packets received out of orderNikos Mavrogiannopoulos2016-06-161-4/+4
| | | | | | That is, when the handshake packet is split into multiple different chunks and received out of order, make sure that reconstruction occurs properly. Reported by Guillaume Roguez.
* Corrected the writing of serial number in PKCS#11 modulesNikos Mavrogiannopoulos2016-06-161-4/+9
| | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek.
* doc: remove references to GNUTLS_KEYLOGFILE [ci skip]Nikos Mavrogiannopoulos2016-06-081-1/+1
|
* tests: link libutils against gnutlsNikos Mavrogiannopoulos2016-06-061-0/+1
|
* bumped versionsgnutls_3_4_13Nikos Mavrogiannopoulos2016-06-063-4/+4
|
* doc updateNikos Mavrogiannopoulos2016-06-061-2/+3
|
* tests: backported keylog testNikos Mavrogiannopoulos2016-06-066-27/+994
|
* keylogfile: only consider the SSLKEYLOGFILE variableNikos Mavrogiannopoulos2016-06-063-9/+9
| | | | | | | In addition do not check the environment in the constructor but instead use static variables to save the key file name. The GNUTLS_KEYLOGFILE environment variable is no longer used since there is no reason to have a separate one.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-05-312-6/+5
|
* Rely on gnulib's secure_getenv()Nikos Mavrogiannopoulos2016-05-28257-1393/+1461
|
* x86-common: use secure_getenv()Nikos Mavrogiannopoulos2016-05-281-1/+1
|
* configure.ac: check for secure_getenv where available and always enable ↵Nikos Mavrogiannopoulos2016-05-271-1/+3
| | | | system extensions
* doc updateNikos Mavrogiannopoulos2016-05-271-0/+12
|
* env: use secure_getenv when reading environment variablesNikos Mavrogiannopoulos2016-05-274-8/+14
|
* Append keys on keylogfileNikos Mavrogiannopoulos2016-05-274-24/+17
| | | | | Also consider the SSLKEYLOGFILE variable, since the format is identical and we are always appending keys.
* pkcs11: added sanity check to find_obj_url_cb() for object validityNikos Mavrogiannopoulos2016-05-231-6/+6
| | | | Also avoid unnecessary recursion.
* tests: use /bin/bash in tests which require common.shNikos Mavrogiannopoulos2016-05-208-8/+10
|
* tests: simplified server launching processNikos Mavrogiannopoulos2016-05-209-214/+376
| | | | | Also attempt to use a new port on every started server and added a waiting period for the port to become re-usable.
* .gitlab-ci.yml: restrict windows build checks to tests/ subdirgnutls_3_4_12_win32Nikos Mavrogiannopoulos2016-05-201-1/+1
| | | | | That is because there is an issue with the gnulib self tests when run under windows.
* tests: do not use pkglib to generate libpkcs11mock1.soNikos Mavrogiannopoulos2016-05-201-4/+2
| | | | | | This resulted in the test library being installed. Install we use noinst for the library, but pass -rpath to LDFLAGS as a hack to for libtool to generate the shared version.
* .gitlab-ci.yml: added windows DLL build for 3.4.x branchgnutls_3_4_12Nikos Mavrogiannopoulos2016-05-201-0/+19
|
* updated auto-generated filesNikos Mavrogiannopoulos2016-05-201-0/+18
|
* released 3.4.12Nikos Mavrogiannopoulos2016-05-203-3/+6
|
* tests: priorities: account for the addition of CHACHA20-POLY1305Nikos Mavrogiannopoulos2016-05-191-16/+11
|
* CHACHA20_POLY1305 was added to the default priority stringsNikos Mavrogiannopoulos2016-05-191-5/+10
| | | | | That is the NORMAL and PERFORMANCE priority strings now will enable CHACHA20-POLY1305 by default.
* gnutls-cli: allow operation with stdin inputNikos Mavrogiannopoulos2016-05-193-3/+50
| | | | | | | That is once commands from stdin are given, they are not only sent to server, but we also wait for a response prior to exiting. Resolves #96
* doc updateNikos Mavrogiannopoulos2016-05-181-0/+5
|
* Write session keys into a file when GNUTLS_KEYLOGFILE is exportedNikos Mavrogiannopoulos2016-05-181-0/+43
| | | | | | | | | | | | | That is the file pointed from the variable is written to, and contain the session parameters in the following format (identical to NSS key log format): CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret> Resolves #64
* doc updateNikos Mavrogiannopoulos2016-05-171-0/+3
|
* gnutls-cli: corrected check for OCSP verification successNikos Mavrogiannopoulos2016-05-171-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-05-121-0/+3
|
* errors: include GNUTLS_E_IDNA_ERROR to the listNikos Mavrogiannopoulos2016-05-121-0/+2
|
* server_name: only save the supported server names in the sessionNikos Mavrogiannopoulos2016-05-121-11/+14
| | | | | Invalid server names with embedded nulls and unsupported types are not saved.
* gnutls_pubkey_verify_data2: simplified return logicNikos Mavrogiannopoulos2016-05-101-3/+1
|
* gnutls_pkcs7_print: corrected type of unsigned count variableNikos Mavrogiannopoulos2016-05-101-2/+2
|
View Lorry Controller Status