Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | doc updatetmp-dn-decoding | Nikos Mavrogiannopoulos | 2016-11-01 | 2 | -22/+25 |
| | |||||
* | tests: added a DN test suite based on AFL | Nikos Mavrogiannopoulos | 2016-11-01 | 10 | -0/+188 |
| | | | | | This is currently, expected to be run manually since AFL has infinite running time. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-01 | 1 | -0/+5 |
| | |||||
* | tests: added decoding of multi-value DN | Nikos Mavrogiannopoulos | 2016-11-01 | 3 | -6/+97 |
| | |||||
* | x509_dn: forbid non-supported escaped chars on DN encoding | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -14/+21 |
| | |||||
* | tests: enhanced RFC4514 with arbitrary escaped strings | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -0/+27 |
| | |||||
* | x509_dn: allow arbitrary escaped strings | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -3/+15 |
| | | | | | In addition fail encoding on unescaped '+'. We do not support it for DN encoding. | ||||
* | tests: modified to account for backwards-encoded DN (according to RFC4514) | Nikos Mavrogiannopoulos | 2016-10-31 | 25 | -39/+40 |
| | |||||
* | tests: removed old README file | Nikos Mavrogiannopoulos | 2016-10-31 | 2 | -14/+1 |
| | | | | The description in the file had no relevance to the existing tests. | ||||
* | gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property ↵ | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -12/+64 |
| | | | | | | | | | of RFC4514 When converting an RFC4514 string to a DN ensure that the elements are encoded in reverse order, as required by the RFC. Resolves #111 | ||||
* | Encode string DNs backwards according to RFC4514 | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -28/+36 |
| | | | | | | | This makes the output string from functions such as gnutls_x509_crt_get*dn() to comply with RFC4514 requirements in DN element order. Relates #111 | ||||
* | Updated issue templates [ci skip] | Nikos Mavrogiannopoulos | 2016-10-31 | 1 | -3/+4 |
| | |||||
* | Added issue templates [ci skip] | Nikos Mavrogiannopoulos | 2016-10-31 | 2 | -0/+31 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-10-30 | 1 | -4/+10 |
| | |||||
* | nettle: renamed system random generator-related files for claritytmp-mini-rng-additions | Nikos Mavrogiannopoulos | 2016-10-29 | 5 | -4/+8 |
| | |||||
* | tests: introduced checks for gnutls_rnd() in multi-threaded scenario | Nikos Mavrogiannopoulos | 2016-10-29 | 2 | -1/+128 |
| | |||||
* | tests: introduced sanity checks in rng-fork | Nikos Mavrogiannopoulos | 2016-10-29 | 1 | -2/+3 |
| | |||||
* | drbg-aes-self-test: corrected free call | Nikos Mavrogiannopoulos | 2016-10-29 | 1 | -1/+1 |
| | |||||
* | tests: check for gnutls 3.3.x compatibilitytmp-status-response-rollback | Nikos Mavrogiannopoulos | 2016-10-27 | 2 | -1/+347 |
| | | | | | | That is, check whether the status request extension is not sent by the server, if the server does not hold a status response. We require that behavior to be backwards compatible with gnutls 3.3.x. | ||||
* | Reverted the behavior of sending a status request extension even without a ↵ | Nikos Mavrogiannopoulos | 2016-10-27 | 4 | -44/+83 |
| | | | | | | | | | | | | | | | response That is, we no longer reply to a client's hello with a status request, with a status request extension. Although that behavior which was introduced in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility issues with gnutls 3.3.x branch. That is because versions prior 3.3.26 translates the presence of the extension as a guarrantee that the status response data will be sent. Even though, that is false assumption we replicate the previous behavior to allow such clients to connect to a gnutls 3.5.x server. Relates !66 | ||||
* | tests: do not enable testpkcs11.sh twice | Dmitry Eremin-Solenikov | 2016-10-27 | 1 | -1/+1 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | starttls: search for chat in sbin if it is not present in PATH | Dmitry Eremin-Solenikov | 2016-10-27 | 1 | -2/+17 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Fix autoconf warnings in libopts.m4 | Dmitry Eremin-Solenikov | 2016-10-27 | 1 | -12/+12 |
| | | | | | | | | | | | | | | | | | | | | Without this patch Autoconf will spam console with the following kind of messages: configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from... ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from... src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from... src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from... src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from... src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from... configure.ac:650: the top level Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | cfg.mk: fix m4 files removal | Dmitry Eremin-Solenikov | 2016-10-27 | 1 | -3/+3 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | tests: better check for gnutls_ecc_curve_get result | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -1/+3 |
| | |||||
* | Terminate handshake if only unknown or disabled signatures are advertized by ↵ | Nikos Mavrogiannopoulos | 2016-10-26 | 2 | -8/+8 |
| | | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. | ||||
* | Fix compilation of tests if nettle is not installed in standard path | Dmitry Eremin-Solenikov | 2016-10-25 | 4 | -14/+15 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | gnutls-cli-debug: corrected TLS1.2 detection | Nikos Mavrogiannopoulos | 2016-10-25 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-24 | 1 | -0/+7 |
| | |||||
* | modified the gnutls_certificate_set_key* change | Nikos Mavrogiannopoulos | 2016-10-24 | 13 | -27/+285 |
| | | | | | | | | | While the change was fully backwards compatible for applications that were adding a single certificate, and applications that were checking for negative errors codes, many applications do not. As this may cause incompatibility issues with software properly utilizing the previously documented API, the change is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2) in the credentials structure for the set_key functions to return an index. | ||||
* | tests: removed nohats.ca from testdane | Nikos Mavrogiannopoulos | 2016-10-22 | 1 | -1/+1 |
| | | | | The host seems to be unreliable. | ||||
* | .travis.yml: use as many jobs as CPUs in OSX | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -2/+2 |
| | |||||
* | .travis.yml: do not run the public submodule checks of maint.mk | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+1 |
| | | | | | These seem to be problematic to detect modification and are preventing the CI from operating. | ||||
* | .travis.yml: simplified the submodule checkout | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+6 |
| | | | | The default submodule initialization in travis caused the MacOSX builds to fail. | ||||
* | Added casts to prevent compiler warnings | Nikos Mavrogiannopoulos | 2016-10-21 | 2 | -3/+5 |
| | |||||
* | corrected typo | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -2/+1 |
| | |||||
* | README.md: corrected link to travius build | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+1 |
| | |||||
* | .travis.yml: added support for compiling in macosx | Nikos Mavrogiannopoulos | 2016-10-21 | 7 | -5/+1029 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -0/+1 |
| | |||||
* | tests: added checks for the new GNUTLS_NO_TICKETS flag | Nikos Mavrogiannopoulos | 2016-10-21 | 3 | -1/+577 |
| | |||||
* | gnutls_init: added GNUTLS_NO_TICKETS flags | Nikos Mavrogiannopoulos | 2016-10-21 | 2 | -2/+8 |
| | | | | | | These flags allow the callers to disable the automatically enabled session tickets. This could be done only with GNUTLS_NO_EXTENSIONS which also disabled other useful extensions. | ||||
* | tests: added pkcs11-privkey-exporttmp-pkcs11-tests-update | Nikos Mavrogiannopoulos | 2016-10-20 | 2 | -1/+162 |
| | | | | | This checks whether the public parts of RSA private and public keys can be properly extracted from a PKCS#11 module. | ||||
* | Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too | Jakub Jelen | 2016-10-20 | 1 | -2/+4 |
| | |||||
* | tests/pkcs11: Return also CKA_CLASS | Jakub Jelen | 2016-10-20 | 1 | -0/+12 |
| | |||||
* | tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS ↵ | Jakub Jelen | 2016-10-20 | 1 | -0/+59 |
| | | | | for public keys to widen compatibility | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+10 |
| | |||||
* | updated auto-generated filespkcs7-time-check | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+4 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-18 | 2 | -1/+3 |
| | |||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | ||||
* | certtool: introduce key purpose checks in p7 direct verification | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -2/+9 |
| |