Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | doc: fixed copyright date in gnutls.texi | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -2/+2 |
| | |||||
* | gnutls_rnd: document the available values of level [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+3 |
| | | | | This enables using the function by only checking the man page. | ||||
* | pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-fix-pkcs11-verification | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -0/+11 |
| | | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. | ||||
* | Attempt to fix a leak in OpenPGP cert parsing. | Alex Gaynor | 2016-12-31 | 3 | -1/+7 |
| | |||||
* | tests: enable all the ciphersuite in openssl cli for DSS checksfix-compat-tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+3 |
| | |||||
* | certtool: improved error reporting on file error | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | tests: don't check against 3DES if disabled in openssl | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+8 |
| | |||||
* | tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -1/+8 |
| | |||||
* | tests: simplified DH params format | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -33/+9 |
| | | | | Also switch to RFC7919 DH params. | ||||
* | tests: corrected type in openssl compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | tests: added common variable for DH parameters | Nikos Mavrogiannopoulos | 2016-12-31 | 3 | -31/+33 |
| | |||||
* | tests: fixed paths in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | tests: better termination checking in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 2 | -3/+22 |
| | | | | | This ensures that the exit code of all spawned processes is checked. | ||||
* | cfg.mk: exclude devel/ subdirectory from syntax checks | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -1/+1 |
| | |||||
* | certtool: properly report unencrypted PKCS#8 keys in --p8-info | Nikos Mavrogiannopoulos | 2016-12-30 | 1 | -0/+4 |
| | |||||
* | fuzz: added decrypted PKCS#8 keys | Nikos Mavrogiannopoulos | 2016-12-30 | 3 | -0/+0 |
| | |||||
* | fuzz: added PKCS#8 keys with low iteration count | Nikos Mavrogiannopoulos | 2016-12-30 | 9 | -0/+3 |
| | | | | | This makes sure that the fuzzer will not timeout while trying to decode keys. | ||||
* | submodules: use the github mirror of openssl | Nikos Mavrogiannopoulos | 2016-12-28 | 1 | -1/+1 |
| | |||||
* | Do not infinite loop if an EOF occurs while skipping a PGP packet | Alex Gaynor | 2016-12-28 | 4 | -5/+59 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | Added a fuzzer for OpenPGP cert parsing | Alex Gaynor | 2016-12-28 | 1 | -0/+47 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | fuzz: document the convention for initial values | Nikos Mavrogiannopoulos | 2016-12-28 | 1 | -0/+3 |
| | |||||
* | fuzz: Added initial values for DN, PKCS8 and X.509 tests | Nikos Mavrogiannopoulos | 2016-12-28 | 11 | -0/+5 |
| | |||||
* | Added a parser for PKCS7 importing and printing | Alex Gaynor | 2016-12-26 | 1 | -0/+47 |
| | |||||
* | fuzz: added X.509 DN parser | Nikos Mavrogiannopoulos | 2016-12-24 | 2 | -1/+53 |
| | |||||
* | fuzz: added PKCS#8 private key parser | Nikos Mavrogiannopoulos | 2016-12-24 | 1 | -0/+54 |
| | |||||
* | configure: introduced --with-priority-string optiontmp-default-prio-string | Nikos Mavrogiannopoulos | 2016-12-21 | 2 | -1/+7 |
| | | | | | This allows specifying the priority string to be used with gnutls_set_default_priority() on configure time. | ||||
* | priorities: reset the profile flags when appending new flags | Nikos Mavrogiannopoulos | 2016-12-20 | 3 | -3/+14 |
| | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail. | ||||
* | gnutls_session_set_verify_cert: doc update | Nikos Mavrogiannopoulos | 2016-12-20 | 1 | -0/+6 |
| | |||||
* | Revert "priorities: set the additional verify flags instead of appending them" | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -0/+3 |
| | |||||
* | Merge branch 'tmp-cert-updates' into 'master' | Nikos Mavrogiannopoulos | 2016-12-19 | 6 | -193/+299 |
|\ | | | | | | | | | Updates in certificate handling on certtool See merge request !181 | ||||
| * | tests: added check for certtool loading CA certificates from PKCS#11 | Nikos Mavrogiannopoulos | 2016-12-19 | 3 | -8/+184 |
| | | |||||
| * | certtool: document that --load-ca-certificate can be used with PKCS#11 URLs | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | |||||
| * | certtool: load_ca_cert() can load a CA from URLs | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+11 |
| | | |||||
| * | certtool: unified the CA certificate loading process | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -183/+103 |
|/ | | | | | | | That is, combined how CA certificates are loaded for --verify-chain, --verify and --p7-verify. It is based on the trust list high level functions, something that allows PKCS#11 URLs to be specified in --load-ca-certificate. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-19 | 2 | -3/+17 |
| | |||||
* | .gitlab-ci.yml: changed buildroot to fedora25 | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -2/+2 |
| | |||||
* | Merge branch 'tmp-priority-fix' into 'master' | Nikos Mavrogiannopoulos | 2016-12-19 | 4 | -10/+185 |
|\ | | | | | | | | | Fix issue with multiple calls to priority functions See merge request !195 | ||||
| * | tests: added check for multiple calls to gnutls_priority_set_direct() | Nikos Mavrogiannopoulos | 2016-12-19 | 2 | -1/+173 |
| | | |||||
| * | priorities: set the additional verify flags instead of appending them | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | | | | | | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the combo could be undefined. | ||||
| * | verify: print certificate on sec param failure | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -8/+11 |
|/ | |||||
* | Merge branch 'tmp-x509-print-fix' into 'master' | Nikos Mavrogiannopoulos | 2016-12-16 | 13 | -430/+169 |
|\ | | | | | | | | | | | | | Updates in X.509 certificate handling Relates to #156 See merge request !192 | ||||
| * | x509: corrected leak in certificate printing | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -0/+1 |
| | | | | | | | | | | The leak could be triggered if the certificate policies to be imported are invalid. | ||||
| * | gnutls_x509_ext_import_proxy: fix issue reading the policy language | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -11/+11 |
| | | | | | | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. | ||||
| * | tests: added certificate which was causing issues in gnutls_x509_crt_print() | Nikos Mavrogiannopoulos | 2016-12-16 | 2 | -1/+1 |
| | | |||||
| * | tests: improved certder to easily load certificates from a directory | Nikos Mavrogiannopoulos | 2016-12-16 | 10 | -418/+156 |
| | | | | | | | | | | That allows to place certificates in certs-interesting/ and these will be loaded and checked upon the new "cert" test case. | ||||
| * | doc update | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -1/+1 |
|/ | |||||
* | Merge branch 'tmp-src-fixes' into 'master' | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -1/+1 |
|\ | | | | | | | | | | | | | Do not add cli-args.h to cli-args.stamp Makefile target Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> See merge request !190 | ||||
| * | Do not add cli-args.h to cli-args.stamp Makefile target | Alexander Kanavin | 2016-12-16 | 1 | -1/+1 |
|/ | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||||
* | Merge branch 'fuzzers' into 'master' | Nikos Mavrogiannopoulos | 2016-12-15 | 5 | -0/+418 |
|\ | | | | | | | | | | | | | Migrated fuzzers from the oss-repo to here. Also added a new private_key_parser fuzzer. See merge request !184 |