Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedoratmp-fix-pkcs11-trust-store | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+13 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: use gnutls_global_init instead of global_init | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+1 |
| | | | | | | | | The reason is to force initialization of the PKCS#11 backend, and thus support for any PKCS#11 trust store when setup. This fixes running the test suite in Fedora. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added checks with certificates that contain invalid time fieldtmp-increase-tests | Nikos Mavrogiannopoulos | 2017-04-07 | 7 | -2/+49 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509/time: reject invalid dates in local mktime() | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -0/+4 |
| | | | | | | Resolves #135 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: added newline in error message | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added basic check for systemkey tool | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -1/+44 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | systemkey: improved error message on unsupported systems | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+5 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: enhanced tofu trustdb checks | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -3/+42 |
| | | | | | | | Include checks which store and load commitments from the user's home directory. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: do not run pkgconfig test in systems with invalid libidn flags | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -0/+7 |
| | | | | | | | This prevents our test from failing, due to invalid flags found in a dependency of ours. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc: fixed tpmtool and psktool documentation | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+5 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -0/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit tests for the base64 raw decoding functions | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -1/+192 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pem_base64_decode: allow decoding raw base64 data | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+16 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509/output: do not print usage entry when there is none | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: improved printing of the key PIN and key ID | Nikos Mavrogiannopoulos | 2017-04-07 | 3 | -3/+24 |
| | | | | | | | | That is, on private keys use the same format when printing the public Key ID and public key PIN, as when printing it in certificates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | .gitlab-ci.yml: fixed freebsd build project restriction | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: print the key PIN on private and public keys | Nikos Mavrogiannopoulos | 2017-04-07 | 4 | -22/+23 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pem_base64_encode2: do raw base64 when msg is NULL | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -20/+31 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | .gitlab-ci.yml: simplified CI setuptmp-reduce-ci-interactions | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -35/+19 |
| | | | | | | | This makes builds independent by reducing interactions between artifacts of builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | fuzz: do not enable the openpgp fuzzer when openpgp is disabledtmp-fix-coverity-issues | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | serv: fixed carriage return stripping in strip() | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Mark with (void) the remove() function and other unchecked functions | Nikos Mavrogiannopoulos | 2017-04-06 | 8 | -15/+15 |
| | | | | | | This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls-cli: fixed minor coverity identified issues | Nikos Mavrogiannopoulos | 2017-04-06 | 2 | -9/+41 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: fixed newline skip code in smime-to-p7 code | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit test for the certtool smime conversion functionality | Nikos Mavrogiannopoulos | 2017-04-06 | 3 | -2/+107 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: fixed minor issues pointed out by coverity | Nikos Mavrogiannopoulos | 2017-04-06 | 3 | -7/+17 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls-cli: better resource management in benchmark cmd | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -5/+7 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | is_level_acceptable: ensure issuer is not dereferenced when null | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -4/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: guard the value of tl before gnutls_pkcs7_verify | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+5 |
| | | | | | | This utilizes assert() as it cannot be triggered in practice. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Avoid using ASN1_MAX_NAME_SIZE directly | Nikos Mavrogiannopoulos | 2017-04-06 | 11 | -52/+53 |
| | | | | | | | | | Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1 tree, it is not suitable to hold the maximum combined name. Instead use a local definition of MAX_NAME_SIZE, which is a multiple of the ASN1_MAX_NAME_SIZE. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_crq_set_challenge_password: don't accept null password | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Mark with (void) the functions where the returned value is not checked ↵ | Nikos Mavrogiannopoulos | 2017-04-06 | 6 | -22/+32 |
| | | | | | | | | intentionally This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | removed duplicate code | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -3/+0 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | handshake/record: mark with comments all expected fall-through switches | Nikos Mavrogiannopoulos | 2017-04-06 | 2 | -34/+41 |
| | | | | | | | This reduces warnings from static analysers like coverity and makes explicit the intention. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutlsxx.cpp: fixed misleading indentation issues | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -5/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc: document intended fallthrough | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -0/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: fixed possible buffer overflow to avoid spurious complaints | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2017-04-06 | 3 | -0/+16 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509.h: added macro for inhibit any policy | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -0/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | NEWS: updated | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -0/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc: documented the inhibit any policy extension | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -2/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added PKCS#12 unit test with AES file | Nikos Mavrogiannopoulos | 2017-04-06 | 3 | -3/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit test for inhibit anypolicy generation | Nikos Mavrogiannopoulos | 2017-04-06 | 4 | -1/+215 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | supported_exts: inhibit anypolicy is listed as supported | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -2/+6 |
| | | | | | | | | Since we don't support certificate verification based on policies, we make sure we do not reject any certificates based on the inhibit any policy extension being present. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: added template option inhibit_anypolicy_skip_certs | Nikos Mavrogiannopoulos | 2017-04-06 | 2 | -0/+17 |
| | | | | | | This option writes the inhibit anyPolicy option in a certificate. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509: output the inhibit anyPolicy value | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -0/+17 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | documented the GNUTLS_X509_OID_POLICY_ANY macro | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -0/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509: added function to set and retrieve inhibit anypolicy extension value | Nikos Mavrogiannopoulos | 2017-04-06 | 4 | -1/+105 |
| | | | | | | | | | | That is, introduced: * gnutls_x509_crt_get_inhibit_anypolicy * gnutls_x509_crt_set_inhibit_anypolicy Resolves #180 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | _gnutls_x509_write_uint32: ensure we prepend leading zero when writing | Nikos Mavrogiannopoulos | 2017-04-06 | 1 | -3/+9 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Added helper functions to parse the inhibit anyPolicy X.509 extension | Nikos Mavrogiannopoulos | 2017-04-06 | 6 | -3/+126 |
| | | | | | | | | That introduces: * gnutls_x509_ext_export_inhibit_anypolicy * gnutls_x509_ext_import_inhibit_anypolicy Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |