| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
Detect malloc failure.
See merge request gnutls/gnutls!960
|
| | |
|
|/
|
| |
malloc(data.size + 1) maybe returns NULL on failure.
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
Resolves: #704
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This also adds a reproducer for CVE-2019-3829.
Resolves: #694
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
fips140: Perform SHA-3 self tests
See merge request gnutls/gnutls!958
|
| |
| |
| |
| |
| |
| |
| | |
It is required to perform the self tests to validate SHA-3
implementation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
handshake: increase the default number of tickets we send to 2
Closes #596
See merge request gnutls/gnutls!942
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes it easier for clients which perform multiple connections
to the server to use the tickets sent by a default server. That's
because 2 tickets allow for 2 new connections (if one is using each
ticket once as recommended), which in turn lead to 4 new and so on.
Resolves: #596
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
SECURITY.md: updated to reflect the current practice
See merge request gnutls/gnutls!951
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change updates the SECURITY guidelines to reflect the current
practice (no special security releases), and thus refer directly
to the upcoming or following release. Furthermore, it removes
any mention of absolute time, as the release cadence is already
fixed to bi-monthly.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
configure.ac: remove --with-guile-site-dir
See merge request gnutls/gnutls!957
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The hack of distcheck is not known and should not be the default as the
GUILE_SITE_DIR macro is the default expected behavior.
There is little value in specifying any other location of the site-dir as it
is out of the guile configuration so best to remove.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The X.509 connection would still print informational message to the
stdout by default. Move that output to logfile and add x509 functionality
test in the test suite.
Signed-off-by: Ke Zhao <kzhao@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Improved estimation of wait in gnutls_session_get_data2
Closes #706
See merge request gnutls/gnutls!936
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously we would wait an arbitrary value of 50ms for the
server to send session tickets. This change makes the client
wait for the estimated single trip time + 60 ms for the server
to calculate the session tickets. This improves the chance
to obtain tickets from internet servers during the call of
gnutls_session_get_data2().
Resolves: #706
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |_|/
|/| |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
pkcs11: security officer login implies writable session
Closes #721
See merge request gnutls/gnutls!953
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer
sessions.
Resolves: #721
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Removed all FIXME comments in code
See merge request gnutls/gnutls!955
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We expand informational comments on limitations, but with removing
FIXME (keyword didn't help fixing these), and remove completely unhelpful
comments, obsolete ones, or comments about ideas.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First, add an option "--logfile" so user could choose a specific file to
store all the informational messages. In some cases, informational
messages may cause unexpected result if the output is standard output.
With this option, user could redirect these messages to a specific
file. This will be helpful in testing and tracking.
Second, replace printf() function with log_msg() function
This log_msg() function is used when "--logfile" is enabled.
Third, add a functionality test for "--logfile" option
Add a test script to test if "--logfile" option works as it should be.
Signed-off-by: Ke Zhao <kzhao@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
Change HTTP:// references to HTTPs:// (generally)
See merge request gnutls/gnutls!910
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
inet_ntop is available in Windows but not via arpa/inet.h
See merge request gnutls/gnutls!947
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
It's found in ws2tcpip.h which is already included in gnutls_int.h
arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers
replaced by gnulib if not found.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
tests: verify that 'certtool -i --outder' does not output text
Closes #627
See merge request gnutls/gnutls!952
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A common regression in the past, was certtool outputting text while
writing raw DER data. Ensure that the certificate-info option does not
regress.
Resolves: #627
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
doc: removed cyclo subdir
Closes #727
See merge request gnutls/gnutls!950
|
|/
|
|
|
|
|
|
|
|
| |
This directory had a makefile which was intended to calculate the cyclomatic
complexity, however that was not functional, and not related with gnutls'
documentation.
Resolves: #727
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
cleanup: _gnutls_recv_handshake: added explicit sanity checks
See merge request gnutls/gnutls!937
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Although, this function acts on the message provided as expected and thus
it should never call a message parsing function on unexpected
messages, we make a more explicit sanity check. This unifies the
sanity checks existing within the involved functions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
TLS 1.3: utilize "certificate_required" alert
Closes #715
See merge request gnutls/gnutls!946
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This could make errors more distinguishable when the client sends no
certificates or a bad certificate.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
This may be sent if the server received an empty Certificate message.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
gnutls-cli: Fix --starttls-proto=xmpp
Closes #697
See merge request gnutls/gnutls!911
|