summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedoratmp-fix-pkcs11-trust-storeNikos Mavrogiannopoulos2017-04-071-1/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: use gnutls_global_init instead of global_initNikos Mavrogiannopoulos2017-04-071-1/+1
| | | | | | | | The reason is to force initialization of the PKCS#11 backend, and thus support for any PKCS#11 trust store when setup. This fixes running the test suite in Fedora. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added checks with certificates that contain invalid time fieldtmp-increase-testsNikos Mavrogiannopoulos2017-04-077-2/+49
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/time: reject invalid dates in local mktime()Nikos Mavrogiannopoulos2017-04-071-0/+4
| | | | | | Resolves #135 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: added newline in error messageNikos Mavrogiannopoulos2017-04-071-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added basic check for systemkey toolNikos Mavrogiannopoulos2017-04-072-1/+44
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* systemkey: improved error message on unsupported systemsNikos Mavrogiannopoulos2017-04-071-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced tofu trustdb checksNikos Mavrogiannopoulos2017-04-072-3/+42
| | | | | | | Include checks which store and load commitments from the user's home directory. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: do not run pkgconfig test in systems with invalid libidn flagsNikos Mavrogiannopoulos2017-04-071-0/+7
| | | | | | | This prevents our test from failing, due to invalid flags found in a dependency of ours. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: fixed tpmtool and psktool documentationNikos Mavrogiannopoulos2017-04-071-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-04-071-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit tests for the base64 raw decoding functionsNikos Mavrogiannopoulos2017-04-072-1/+192
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pem_base64_decode: allow decoding raw base64 dataNikos Mavrogiannopoulos2017-04-071-1/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: do not print usage entry when there is noneNikos Mavrogiannopoulos2017-04-071-2/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: improved printing of the key PIN and key IDNikos Mavrogiannopoulos2017-04-073-3/+24
| | | | | | | | That is, on private keys use the same format when printing the public Key ID and public key PIN, as when printing it in certificates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: fixed freebsd build project restrictionNikos Mavrogiannopoulos2017-04-071-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: print the key PIN on private and public keysNikos Mavrogiannopoulos2017-04-074-22/+23
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pem_base64_encode2: do raw base64 when msg is NULLNikos Mavrogiannopoulos2017-04-072-20/+31
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: simplified CI setuptmp-reduce-ci-interactionsNikos Mavrogiannopoulos2017-04-071-35/+19
| | | | | | | This makes builds independent by reducing interactions between artifacts of builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: do not enable the openpgp fuzzer when openpgp is disabledtmp-fix-coverity-issuesNikos Mavrogiannopoulos2017-04-061-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* serv: fixed carriage return stripping in strip()Nikos Mavrogiannopoulos2017-04-061-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Mark with (void) the remove() function and other unchecked functionsNikos Mavrogiannopoulos2017-04-068-15/+15
| | | | | | This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli: fixed minor coverity identified issuesNikos Mavrogiannopoulos2017-04-062-9/+41
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: fixed newline skip code in smime-to-p7 codeNikos Mavrogiannopoulos2017-04-061-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for the certtool smime conversion functionalityNikos Mavrogiannopoulos2017-04-063-2/+107
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: fixed minor issues pointed out by coverityNikos Mavrogiannopoulos2017-04-063-7/+17
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli: better resource management in benchmark cmdNikos Mavrogiannopoulos2017-04-061-5/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* is_level_acceptable: ensure issuer is not dereferenced when nullNikos Mavrogiannopoulos2017-04-061-4/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: guard the value of tl before gnutls_pkcs7_verifyNikos Mavrogiannopoulos2017-04-061-1/+5
| | | | | | This utilizes assert() as it cannot be triggered in practice. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Avoid using ASN1_MAX_NAME_SIZE directlyNikos Mavrogiannopoulos2017-04-0611-52/+53
| | | | | | | | | Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1 tree, it is not suitable to hold the maximum combined name. Instead use a local definition of MAX_NAME_SIZE, which is a multiple of the ASN1_MAX_NAME_SIZE. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_crq_set_challenge_password: don't accept null passwordNikos Mavrogiannopoulos2017-04-061-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Mark with (void) the functions where the returned value is not checked ↵Nikos Mavrogiannopoulos2017-04-066-22/+32
| | | | | | | | intentionally This allows static analysers to properly warn on unchecked return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* removed duplicate codeNikos Mavrogiannopoulos2017-04-061-3/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake/record: mark with comments all expected fall-through switchesNikos Mavrogiannopoulos2017-04-062-34/+41
| | | | | | | This reduces warnings from static analysers like coverity and makes explicit the intention. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutlsxx.cpp: fixed misleading indentation issuesNikos Mavrogiannopoulos2017-04-061-5/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: document intended fallthroughNikos Mavrogiannopoulos2017-04-061-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: fixed possible buffer overflow to avoid spurious complaintsNikos Mavrogiannopoulos2017-04-061-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filesNikos Mavrogiannopoulos2017-04-063-0/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509.h: added macro for inhibit any policyNikos Mavrogiannopoulos2017-04-061-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: updatedNikos Mavrogiannopoulos2017-04-061-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: documented the inhibit any policy extensionNikos Mavrogiannopoulos2017-04-061-2/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#12 unit test with AES fileNikos Mavrogiannopoulos2017-04-063-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for inhibit anypolicy generationNikos Mavrogiannopoulos2017-04-064-1/+215
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* supported_exts: inhibit anypolicy is listed as supportedNikos Mavrogiannopoulos2017-04-061-2/+6
| | | | | | | | Since we don't support certificate verification based on policies, we make sure we do not reject any certificates based on the inhibit any policy extension being present. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: added template option inhibit_anypolicy_skip_certsNikos Mavrogiannopoulos2017-04-062-0/+17
| | | | | | This option writes the inhibit anyPolicy option in a certificate. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: output the inhibit anyPolicy valueNikos Mavrogiannopoulos2017-04-061-0/+17
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* documented the GNUTLS_X509_OID_POLICY_ANY macroNikos Mavrogiannopoulos2017-04-061-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: added function to set and retrieve inhibit anypolicy extension valueNikos Mavrogiannopoulos2017-04-064-1/+105
| | | | | | | | | | That is, introduced: * gnutls_x509_crt_get_inhibit_anypolicy * gnutls_x509_crt_set_inhibit_anypolicy Resolves #180 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_x509_write_uint32: ensure we prepend leading zero when writingNikos Mavrogiannopoulos2017-04-061-3/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added helper functions to parse the inhibit anyPolicy X.509 extensionNikos Mavrogiannopoulos2017-04-066-3/+126
| | | | | | | | That introduces: * gnutls_x509_ext_export_inhibit_anypolicy * gnutls_x509_ext_import_inhibit_anypolicy Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status