| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This allows to catch early regressions due to changes.
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
While it was used during the first years of development, today
it is way more easy to access protocol documents via the IETF
web site.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
We do not require a specific stack size, and there is legacy
code which utilizes large stack sizes. As such remove the
warnings to allow for a warning free compilation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, use assert() to ensure that known to be non-null
variables will be used as input to functions requiring non-null.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This introduces a static analyser pass in the CI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This adds a basic static analysis of the source code.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
That ensures that there are no overflows in the subsequent
calculations.
Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
Relates: #159
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That triggers a heap buffer overflow:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test suite unnecessarily failed on systems without netstat because
it was assumed to be present. Instead of simply checking for its
presence and indicating an unsupported test, however, the ss utility
can be used as a drop-in replacement. When netstat/net-tools is not
present, the ss utility from iproute2 still stands a fair chance of
existing, and they also have similar enough semantics that they can be
used interchangeably in the test suite.
The functions in tests/scripts/common.sh that used netstat
(wait_for_port, wait_for_free_port) now use new functions,
check_if_port_in_use and check_if_port_listening, to abstract the call
to netstat/ss. The eval'd variable GETPORT also used netstat, and has
been updated accordingly.
The new port-checking functions use another new function,
have_port_finder, which takes care of the details of selecting ss
(preferred) or netstat, or fails otherwise.
Signed-off-by: Rical Jasan <ricaljasan@pacific.net>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
images are required also by the html documentation.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
That is, do not include non-function names.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
This allows the existing reproducers which contain certificates which
are rejected by sanity checks, to still be used to detect regressions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This functions allows specifying flags to the certificate object.
In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY
which allows to ignore sanity checks at the import of the certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
This error code indicates an issue in the time fields of certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That will refuse to import certificates which their time field
is not in GMT, or contain fractional seconds.
Resolves: #169
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Fractional seconds in GeneralizedTime are prohibited by RFC5280.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That certificate contains a GeneralizedTime with fractional
seconds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
That is, check whether the creation of invalid V2 or V1 certificates
will be detected, and that the correct error codes are returned.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, do not sign X.509 certificates which have fields that
shouldn't be present on their corresponding version.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Refuse to import X.509v1 certificates which have fields that didn't
exist in X.509v1 specification. That is the issuerUniqueID and
subjectUniqueID fields.
Resolves: #168
Resolves: #167
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
The libidn2 versions available do not include libidn2.pc,
thus the inclusion was causing problems when using pkg-config.
Instead we include -lidn2 in Libs.private.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
The less CPU intensive tasks were moved to earlier stage, and the
CPU intensive tasks are only spawned only after basic syntax and
ABI checks have succeeded.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
|
|
| |
FreeBSD does know alloca() but has no such header
Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>
|
| |
|
|
|
|
|
|
| |
This documents the gnutls_set_default_priority() function, and
how it is intended to be combined with an application that utilizes
priority strings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
