| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| | |
certtool: data encipherment is disabled by default
See merge request gnutls/gnutls!875
|
| |/
|
|
|
|
|
|
|
| |
For the TLS protocol this option is not necessary, and if enabled
by mistake (as default) and no other option is set, then the
generated key will be unusable. Thus we disable it, to generate
working keys by default.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
Revert "build: remove src/*.bak from distribution"
See merge request gnutls/gnutls!869
|
| | |
| |
| |
| |
| |
| |
| | |
This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it
turned out to be not practical. See !862 for the discussion.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The latter is no longer available after the removal of
GNUMakefile.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
When sending no extensions do not include a zero length
See merge request gnutls/gnutls!868
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to RFC5246:
The presence of extensions can be detected by determining whether
there are bytes following the compression_method field at the end of
the ServerHello.
and as such we correct our behavior to not send the zero length bytes.
This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects
a regression of gnutls with these branches.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
build: install all m4 macros
See merge request gnutls/gnutls!865
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
having all m4 macros in m4/ directory enables easier autoreconf process for
downstream as dependency programs that provide these macros are not required.
both gtk-doc and guile requires huge dependency list, and currently are
required per any change (patch) in autotools.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2
Closes #659 and #645
See merge request gnutls/gnutls!854
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
algorithm.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This extends commit 51d21634 to cover the optional TLS 1.2 cases,
which RFC 8446 4.2.3 suggests: "Implementations that advertise support
for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
accept a signature using that scheme even when TLS 1.2 is negotiated".
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This alert is more appropriate according to the tlsfuzzer test:
https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
Fix _gnutls_write_new_general_name() result checking
See merge request gnutls/gnutls!866
|
| | |/ |
|
| |/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
_gnutls13_handshake_sign_data: properly fail on signing error
See merge request gnutls/gnutls!855
|
| | |
| |
| |
| |
| |
| |
| | |
When signing failed, gnutls would return an invalid signed message
(with no data) instead of failing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
ext/pre_shared_key: avoid unnecessary use of VLA for MSVC
See merge request gnutls/gnutls!861
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Gisle Vanem in:
https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Unroll MinGW CI runner commands
See merge request gnutls/gnutls!857
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix typos in lib/
See merge request gnutls/gnutls!850
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
tests: treat all signals as error
Closes #623
See merge request gnutls/gnutls!856
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we were only treating SIGSEGV as error though there is
no reason to treat other signals as success and they may hide an
actual error case (e.g., when SIGPIPE is received). With this change we
treat any signals received by the child except SIGTERM as error, and
we ensure that SIGPIPE is ignored in all tests.
This also updates tests/slow/cipher-api-test.c to test failures with
SIGABRT or otherwise consistently.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Revert "verify-high2: Fix cert dir iteration on Win32"
See merge request gnutls/gnutls!860
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This was failing CI (x509cert-tl) but was not detected due to
a bug.
This reverts commit 362a0c30b79ccede7e5bc3a7747c3e7f1d30889a.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Fix typos in doc/
See merge request gnutls/gnutls!849
|
| | |/
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \
| |/
|/|
| |
| | |
Fix typo when checking for ed25519 support
See merge request gnutls/gnutls!858
|
| |/ |
|
| |\
| |
| |
| |
| | |
Update gnulib
See merge request gnutls/gnutls!851
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following error will be fixed:
ERROR: files left in build directory after distclean:
./tests/softhsm-privkey-eddsa-test.config
make[1]: *** [Makefile:1833: distcleancheck] Error 1
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Bootstrapping with latest gnulib updated both files,
so they are obviously auto-generated files which do not
belong into the repository.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the bootstrap error with the latest gnulib:
gnulib/gnulib-tool: *** minimum supported autoconf version is 2.63. Try adding AC_PREREQ([2.63]) to your configure.ac.
gnulib/gnulib-tool: *** Stop.
./bootstrap: gnulib-tool failed
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the following 'make syntax-check' failure:
maint.mk: out of date copyright in ./gnulib/lib/version-etc.c; update it
make: *** [maint.mk:1199: sc_copyright_check] Error 1
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |/
|
|
|
|
|
|
|
| |
This fixes the following error of 'make syntax-check':
maint.mk: out of date copyright in doc/gnutls.texi; update it
make: *** [maint.mk:1201: sc_copyright_check] Error 1
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
examples: use a valid DNS name
Closes #663
See merge request gnutls/gnutls!848
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
| |
This prevents a gnutls server from sending an unexpected message
alert due to invalid DNS name encoding, if the example is not modified.
Resolves: #663
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
Fix OSS-Fuzz build
See merge request gnutls/gnutls!847
|
| |/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix cipher-openssl-compat failing with LibreSSL
Closes #658
See merge request gnutls/gnutls!846
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
There is no need to call EVP_CIPHER_CTX_init() after
EVP_CIPHER_CTX_new().
Fixes #658
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |/
|
|
|
|
|
| |
LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER
interface, so let's skip the test if cipher is not available.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| | |
gnutls_pubkey_import_ecc_raw: set the public key bits
Closes #640
See merge request gnutls/gnutls!843
|
| |/
|
|
|
|
|
|
| |
This sets the number of key bits once an ECC key is imported.
Resolves #640
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
