| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This makes builds independent by reducing interactions between
artifacts of builds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
That allows disabling openpgp authentication and at the same time
retaining ABI compatibility with versions including openpgp.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This checks whether the gnutls_certificate_set_x509_system_trust()
and thus the trust list equivalent function operate as expected
and return a positive number of certificates. The test is ignored
in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also don't check for a default_trust_store_file in configure when building on
macOS (unless explicitly asked to with --with-default-trust-store-file=xxx),
because otherwise it finds /etc/ssl/cert.pem: This file is new (since
10.12.2?), which means libraries built on the newest OS version wouldn't work
the same way on an older versions (and vice versa). "/etc/ssl/cert.pem" also
doesn't seem to reflect additions and deletions from the user's or system's
trusted roots keychain (in my limited testing).
Signed-off-by: David Caldwell <david@porkrind.org>
|
|
|
|
| |
Signed-off-by: David Caldwell <david@porkrind.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This utilizes assert() as it cannot be triggered in practice.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1
tree, it is not suitable to hold the maximum combined name. Instead
use a local definition of MAX_NAME_SIZE, which is a multiple of
the ASN1_MAX_NAME_SIZE.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
intentionally
This allows static analysers to properly warn on unchecked return values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This reduces warnings from static analysers like coverity and makes
explicit the intention.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Clarified when this function should be set. Based on suggestion by
Sean Greenslade.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
SSLv23_*_methods.
http://bugs.debian.org/857436
|
|
|
|
|
|
| |
Otherwise, out of tree builds will fail to copy the template.
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
|
|
|
|
|
| |
These check whether parsing of unsupported files (e.g., with RC2-128),
will succeed. This serves as functionality check for gnutls_pkcs8_info.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The documented behavior of the function was to return a valid
OID in that case.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
Travis build seem to fail for some reason since pkg-config is already
installed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This allows to re-run failed builds on the depending stages
during that time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
It was already being included in Requires.private. Reported
by Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That ensures that when loading a certificate pair with SHA1, when
SHA1 is disabled will not cause the server to fail to load.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, ensure that results from all verification functions,
including gnutls_pubkey_verify_data2(), will be consistent with
SHA1 and other algorithms deprecation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That ensures that overrides like using broken algorithms are considered
in OCSP validation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, whether the generated gnutls.pc will function for
compiling and linking.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Used common definitions from cert-common.h for certificates,
and improved error detection in tls-rehandshake-cert-2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That is, check whether if on initial handshake the server requests
a certificate, but on the following rehandshake he doesn't, whether
the client behaves as expected. This tests:
1f685db853db6e48c77c6dbde0cdf716a7303baa
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That addresses a bug which on client side on case of an initial
handshake with a client certificate, we continue to send this
certificate even if on rehandshake we were not requested with on.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since ac3de8f5, when all openpgp functionality was deprecated, a
library user including gnutls/abstract.h gets warnings about
deprecated declarations, like this:
gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations]
gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;
This warning is emitted since the gnutls_openpgp_set_recv_key_function
prototype uses the deprecated typedef gnutls_openpgp_recv_key_func.
By omitting the deprecation attribute from this individual
typedef, we avoid the spurious warnings in calling code which just
includes gnutls/abstract.h without actually using anything related
to openpgp.
Signed-off-by: Martin Storsjo <martin@martin.st>
|
|
|
|
| |
Signed-off-by: Martin Storsjo <martin@martin.st>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Incorrect ordering of -lseccomp:
<snip>
-Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
./.libs/libutils.a(seccomp.o): In function seccomp_init'
seccomp.c:(.text+0x2b): undefined reference to `seccomp_init'
<snip>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
When initializing a private key operation, attempt to re-open the key
if CKR_SESSION_HANDLE_INVALID is received.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|