Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: added pkcs11-privkey-exporttmp-pkcs11-tests-update | Nikos Mavrogiannopoulos | 2016-10-20 | 2 | -1/+162 |
| | | | | | This checks whether the public parts of RSA private and public keys can be properly extracted from a PKCS#11 module. | ||||
* | Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too | Jakub Jelen | 2016-10-20 | 1 | -2/+4 |
| | |||||
* | tests/pkcs11: Return also CKA_CLASS | Jakub Jelen | 2016-10-20 | 1 | -0/+12 |
| | |||||
* | tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS ↵ | Jakub Jelen | 2016-10-20 | 1 | -0/+59 |
| | | | | for public keys to widen compatibility | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+10 |
| | |||||
* | updated auto-generated filespkcs7-time-check | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+4 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-18 | 2 | -1/+3 |
| | |||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | ||||
* | certtool: introduce key purpose checks in p7 direct verification | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -2/+9 |
| | |||||
* | x509: introduced gnutls_x509_crt_check_key_purpose() | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -1/+29 |
| | |||||
* | gnutls_x509_crt_verify_data2: introduce constraints checks on the provided ↵ | Nikos Mavrogiannopoulos | 2016-10-18 | 5 | -13/+95 |
| | | | | | | certificate That is check the provided certificate for validity in time and key usage. | ||||
* | tests: introduced verification constraints checks for PKCS#7 structures | Nikos Mavrogiannopoulos | 2016-10-18 | 8 | -5/+408 |
| | | | | That is, key purpose checks and more elaborate time checks. | ||||
* | gnutls-serv: use the included known DH parameters by defaulttmp-dh-params-ffdhe | Nikos Mavrogiannopoulos | 2016-10-17 | 2 | -42/+31 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-17 | 1 | -0/+9 |
| | |||||
* | certtool: manpage update | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -3/+7 |
| | |||||
* | getfuncs-map.pl: ignore the ffdhe exported parameters | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+12 |
| | | | | | That is ignore the new variables exported which are not functions, and thus cannot be detected by getfuncs-map.pl. | ||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -0/+24 |
| | |||||
* | tests: crl-test: use a unique temp file | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -4/+5 |
| | |||||
* | tests: added sanity check for included primes | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -2/+60 |
| | |||||
* | doc: discuss the set_known_dh_params and use it in the examples | Nikos Mavrogiannopoulos | 2016-10-14 | 7 | -114/+50 |
| | |||||
* | tests: check gnutls_psk_set_server_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+178 |
| | |||||
* | tests: check gnutls_anon_set_server_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+158 |
| | |||||
* | tests: check gnutls_certificate_set_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+105 |
| | |||||
* | DH: introduced gnutls_*_set_known_dh_params() | Nikos Mavrogiannopoulos | 2016-10-14 | 10 | -2/+207 |
| | | | | | | | | | | | That is, the functions gnutls_certificate_set_known_dh_params(), gnutls_anon_set_server_known_dh_params(), gnutls_psk_set_server_known_dh_params(). These functions allow to statically set the DH parameters, based on the RFC7919 FFDHE parameters. This can simplify server configuration by allowing DH without loading parameters from file. Relates #37 | ||||
* | certtool: --get-dh-params will output the FFDHE primes instead of the SRP primes | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -2/+30 |
| | |||||
* | DH: export the FFDHE Diffie-Hellman values | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+422 |
| | |||||
* | .gitlab-ci.yml: use fedora's mingw-cmocka packages | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -4/+2 |
| | |||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+12 |
| | |||||
* | tests: added check for PKCS#7 catalog file parsing and data extracting | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+134 |
| | |||||
* | tests: updated pkcs7 text outputs to account for certtool update | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -0/+6999 |
| | |||||
* | certtool: --p7-info will include the PKCS#7 encoded data in PEM format | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+12 |
| | |||||
* | tests: replaced large test2.cat with a smaller file | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -136/+22 |
| | |||||
* | certtool: improve text on missing options for cert generation | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+5 |
| | |||||
* | Revert "certtool: improve text on missing options for cert generation" | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -5/+1 |
| | | | | This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3. | ||||
* | handshake: set a maximum number of warning messages that can be received per ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -9/+14 |
| | | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. | ||||
* | record: disallow parsing of alert messages prior to session start | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+6 |
| | |||||
* | tests: added check to verify that the server will bail out after receiving ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+172 |
| | | | | only alerts | ||||
* | tests: added check to verify that the server will bail out after many alerts | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+225 |
| | |||||
* | certtool: improve text on missing options for cert generation | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -1/+5 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -0/+2 |
| | |||||
* | tools: removed redudant messages on PIN re-use | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -3/+5 |
| | |||||
* | p11tool: avoid asking the security officer PIN twice on initialization | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -0/+3 |
| | |||||
* | p11tool: improved messages on token initialization | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -7/+15 |
| | |||||
* | p11tool: corrected check of PIN existance in token initialization | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -2/+2 |
| | |||||
* | doc: set a default handshake timeout on example server | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -0/+2 |
| | |||||
* | serv: set a timeout value in handshake | Nikos Mavrogiannopoulos | 2016-10-13 | 1 | -0/+3 |
| | |||||
* | tests: added check for Encrypt-then-MAC under DTLS | Nikos Mavrogiannopoulos | 2016-10-13 | 2 | -1/+346 |
| | |||||
* | tests: cleanups in tls-etm.c | Nikos Mavrogiannopoulos | 2016-10-13 | 2 | -45/+5 |
| | |||||
* | gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW flag | Nikos Mavrogiannopoulos | 2016-10-12 | 2 | -6/+18 |
| | | | | | | | | This flag allows the export of the stored embedded data with any wrapping encoding included. This in particular, it allows to read the data from the microsoft catalog PKCS#7 structures, which store as embedded data elements of a SEQUENCE, but only authenticate the inner parts without the bytes forming the SEQUENCE header. | ||||
* | configure: automatically disable non-suiteb curves | Nikos Mavrogiannopoulos | 2016-10-12 | 1 | -2/+8 |
| | | | | | That is, if the installed nettle doesn't provide the nettle_secp_192r1 symbol. |