summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tools: do not access unused variablestmp-optimize-buildsNikos Mavrogiannopoulos2017-11-082-8/+2
| | | | | | This avoids warnings by static analyzers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: use dash for ./configureNikos Mavrogiannopoulos2017-11-082-19/+19
| | | | | | This is known to reduce configure running time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: disabled gcc warnings on CI buildsNikos Mavrogiannopoulos2017-11-081-15/+16
| | | | | | | That should decrease the time spent in configure. Based on suggestion by Tim Ruehsen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: static-analyzers build: don't consider any cacheNikos Mavrogiannopoulos2017-11-071-2/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: do not upload coverage files as artifactsNikos Mavrogiannopoulos2017-11-071-2/+1
| | | | | | | These files are not generally useful, removing that "feature" will reduce CI running time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: mingw builds updated to use ccacheNikos Mavrogiannopoulos2017-11-061-5/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: introduced version to allow expiration of old cachesNikos Mavrogiannopoulos2017-11-061-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: leave script from same pwd as the initialNikos Mavrogiannopoulos2017-11-061-0/+6
| | | | | | This allows $(PWD) variable in after script to be usable. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: jobs renamed to not contain slashNikos Mavrogiannopoulos2017-11-061-15/+15
| | | | | | The '/' character seems to be interfering with cache uploading. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: use configure cache file and ccacheNikos Mavrogiannopoulos2017-11-061-25/+45
| | | | | | | | That reduces the total time spent per build by caching configure checks, and compilation artifacts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* doc: corrected typo [ci skip]Nikos Mavrogiannopoulos2017-11-041-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: list-tokens: not only list but also verify whether module is operationalNikos Mavrogiannopoulos2017-11-031-0/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: refuse to load modules with duplicate informationNikos Mavrogiannopoulos2017-11-031-1/+2
| | | | | | | | That is, when ck_info matches, we soft fail loading the module. That is, because in several cases the pointers got by p11-kit may differ for the same modules. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced PKCS#11 loading testNikos Mavrogiannopoulos2017-11-032-0/+14
| | | | | | | | Test whether implicit initialization in trusted module (e.g., via verification), would result to proper initialization of additional modules once a PCKS#11 function is called. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#11 module loading testNikos Mavrogiannopoulos2017-11-037-10/+320
| | | | | | | | | | | | | | | | | | This checks: 1. Whether all modules are loaded from p11-kit when no explicit gnutls_pkcs11_init() is called and pkcs11 calls are accessed. 2. Whether only the trusted modules are loaded from p11-kit and no other PKCS#11 calls than PKCS#11 cert validation is performed. 3. Whether the trusted modules are loaded when gnutls_pkcs11_init() is called with manual flag. Resolves #315 Resolves #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: allow loading trusted modules when pkcs11 was initialized in manual modeNikos Mavrogiannopoulos2017-11-033-28/+26
| | | | | | | | | | | | | When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 trust store was not loaded, and thus prevent any certificate validation. This change allows initializing the trust modules only even if generic PKCS#11 support is disabled by the application. Relates #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: introduce multiple levels of loadingNikos Mavrogiannopoulos2017-11-034-15/+50
| | | | | | | | | That allows to load the PKCS#11 trusted modules (on systems which use them) without loading all the potentially present PKCS#11 modules. Relates #315 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* CONTRIBUTING.md: added a short text on reviewing code [ci skip]tmp-review-guidelinesNikos Mavrogiannopoulos2017-11-021-0/+21
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix non-null warningRoberto Newmon2017-10-291-8/+8
| | | | | | | | | Help the compiler understand the control flow in the MATCH_FUNC and INVALID_MATCH_FUNC macros. Because we are using macros, the compiler is not able to correlate the replaced values of the macro variables to each other yielding non-null warnings. Introduce a C variable to mimic the macro variable helping the compiler understanding the control flow.
* tests: test whether PKCS#11 generation works without loginNikos Mavrogiannopoulos2017-10-211-0/+23
| | | | | | Resolves #147 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: attempt to auto-login when the token requires itNikos Mavrogiannopoulos2017-10-211-8/+21
| | | | | | | | | In operations like generation or writing objects, run as if --login was given if the token is marked to require login. Relates #147 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: print PKCS#11 token flags in --list-tokensNikos Mavrogiannopoulos2017-10-211-0/+88
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkcs11: forward token flags to applicationsNikos Mavrogiannopoulos2017-10-212-1/+58
| | | | | | | | That is, gnutls_pkcs11_token_get_flags() will not return the most common/useful PKCS#11 token flags, in addition to trusted and HW flags. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]gnutls_3_6_1Nikos Mavrogiannopoulos2017-10-211-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2017-10-211-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-10-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip]Thomas Klute2017-10-191-1/+1
| | | | Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
* doc: mention SHA224 removal in upgrade guideNikos Mavrogiannopoulos2017-10-181-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* bumped versionNikos Mavrogiannopoulos2017-10-183-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-serv: print the right error code on OCSP request settingNikos Mavrogiannopoulos2017-10-181-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ocsptool: doc updateNikos Mavrogiannopoulos2017-10-181-1/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-10-162-8/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cmp_hsk_types: fixed check for SSLv2 helloNikos Mavrogiannopoulos2017-10-151-4/+4
| | | | | | | Previously, if SSLv2 hello support was disabled, the check for the expected TLS message was incorrect. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: improve documentation on provable private keysNikos Mavrogiannopoulos2017-10-095-18/+65
| | | | | | Resolves #301 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: enhanced text on PKCS#7 and public keysNikos Mavrogiannopoulos2017-10-091-9/+37
| | | | | | Resolves #302 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: check whether key IDs with SHA512 are corrected calculatedtmp-fix-sha512-use-in-certtoolNikos Mavrogiannopoulos2017-10-011-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: allow using SHA512 for key IDsNikos Mavrogiannopoulos2017-10-011-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* _gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512Nikos Mavrogiannopoulos2017-10-012-1/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: check fingerprint generation with SHA512Nikos Mavrogiannopoulos2017-10-011-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: allow using --fingerprint with sha384 or sha512Nikos Mavrogiannopoulos2017-10-011-5/+7
| | | | | | Resolves #295 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Modernize gtk-doc supporttmp-modernize-gtk-docAndreas Metzler2017-09-283-130/+162
| | | | | | | | | Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Fix autoreconf invocation to actually run autopointRowan Thorpe2017-09-271-2/+1
| | | | Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
* CONTRIBUTING.md: added some text on introducing new APIs [ci skip]Nikos Mavrogiannopoulos2017-09-272-1/+19
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: re-purposed client_dsa_key test to match new behavior of the librarytmp-signature-fixNikos Mavrogiannopoulos2017-09-251-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: update TLS 1.2 tests to account for RSA-PSS client signaturesNikos Mavrogiannopoulos2017-09-252-3/+3
| | | | | | | | | | | On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36: "signature: on client side, refuse to negotiate non-enabled signature schemes" the behavior of allowing a client to utilize disabled for the session signatures, and thus the negotiated signatures now match the ones in the session's priority string. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* signature: on client side, refuse to negotiate non-enabled signature schemesNikos Mavrogiannopoulos2017-09-252-1/+17
| | | | | | | | | | That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4: "On client side allow signing with the signature algorithm of our cert" Previously, when we initially disabled DSA, we allowed client certificates which can do DSA-SHA1 to be utilized to ease migration from these certificates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* _gnutls_epoch_gc: ensure there are no stray epochs after gcNikos Mavrogiannopoulos2017-09-251-3/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* constate: simplified allocation of epochsNikos Mavrogiannopoulos2017-09-254-53/+30
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_epoch_get(): simplified useNikos Mavrogiannopoulos2017-09-253-5/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_crt/q_set_spki: always initialize the spki structureNikos Mavrogiannopoulos2017-09-242-2/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status