| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
Fix check for GNU C compiler in eina_cpu.c
See merge request gnutls/gnutls!772
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
Fix gen-mech-list.sh on Solaris / Bourne Shell
See merge request gnutls/gnutls!771
|
| |/
| |
| |
| |
| |
| |
| |
| | |
`cmd` is more compatible than $(cmd).
The shell is "sh (Schily Bourne Shell) version 2013/01/14 a+ (i386-pc-solaris2.9)"
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Let bootstrap check for gperf, makeinfo, rsync, autopoint
Closes #582
See merge request gnutls/gnutls!769
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
Skip tests/tls13/prf.c if visibility 'protected' doesn't work
Closes #584
See merge request gnutls/gnutls!770
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Overriding gnutls_rnd() with visibility 'protected' doesn't always work.
E.g. LDFLAGS="-Wl,-Bsymbolic-functions" seems to have priority on
Debian derived systems.
Fixes #584
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
|
|
|
|
|
|
| |
This adds a unit and a negative test which ensures that
a client will not be tricked in performing resumption when
this function is used.
Resolves #585
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
gnutls_priority_set: do not override version on handshake
Closes #580
See merge request gnutls/gnutls!765
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When handshake is in progress, do not override the default TLS
version in the session. This allows gnutls_priority_set to be called
in the post_client_hello function without breaking the handshake.
Resolves #580
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
encrypt_packet_tls13: added explicit check on iv_size bounds
See merge request gnutls/gnutls!767
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Although there are no ciphers defined for TLS1.3 which would overflow
the assumed bound, an explicit check is necessary to avoid that code
be a liability in future updates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Use ASCII version of strcasecmp() in library code
Closes #570
See merge request gnutls/gnutls!764
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
strcasecmp() has side effects in some locales.
What we really need is c_strcasecmp() from Gnulib for comparing
ASCII strings.
Fixes #570
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
tlsfuzzer: add missing script
See merge request gnutls/gnutls!759
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests
pass.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3
option was passed. We will run these tests anyway from
gnutls-nocert-ssl3.json, so disable them here.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adapt tls-fuzzer-common.sh script to be able to run tests in case
srcdir != builddir.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us
catch issues in legacy code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing
in the source tree. Add it back.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Move common code to tls-fuzzer-common.sh to ease further adjustments.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
usage of random port for server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
usage of random port for server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make tlsproxy/buffer.c compilable by gcc 4.4.7
Closes #577
See merge request gnutls/gnutls!763
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
manpage generation cleanup
See merge request gnutls/gnutls!760
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This API is no longer functional and is only available as stubs
for backwards binary compatibility.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Recognize parameters of the form unsigned char name[8], and
do not print obscure warnings. Furthermore gdoc will fail
when a function parameter is not described or when no
function is found. This addresses the generation of undetected
errors in generated manpages.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
_gnutls_check_key_purpose: eliminated dead code
Closes #573
See merge request gnutls/gnutls!762
|
|/
|
|
|
|
| |
Resolves #573
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
mech-list.h: generate unique entries
See merge request gnutls/gnutls!761
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
The NetBSD default shell cannot handle the UTF-8 strings we use
in that script.
Resolves #544
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
As the protocol has been finalized, and the implementation is
stable and interoperable, there is no need to enable it conditionally.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Provide a less restrictive PKCS#11 search of certificates
Closes #569
See merge request gnutls/gnutls!757
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This addresses the problem where the CA certificate doesn't
have a subject key identifier whereas the end certificates
have an authority key identifier.
Resolves #569
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls-cli enables CRL validation on startup
Closes #564
See merge request gnutls/gnutls!752
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also makes the failure in adding CRLs or CAs, a fatal error.
Resolves #564
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| | |
This allows an application to be notified of the addition of invalid
CRLs in the trust list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Session ticket key rotation with TOTP
Closes #184
See merge request gnutls/gnutls!695
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were previously only relying on the client's view of the
ticket lifetime for TLS1.3 tickets. This makes sure that we
only resume tickets that the server considers valid and consolidates
the expiration time checks to _gnutls_check_resumed_params().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|