summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: added pkcs11-privkey-exporttmp-pkcs11-tests-updateNikos Mavrogiannopoulos2016-10-202-1/+162
| | | | | This checks whether the public parts of RSA private and public keys can be properly extracted from a PKCS#11 module.
* Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys tooJakub Jelen2016-10-201-2/+4
|
* tests/pkcs11: Return also CKA_CLASSJakub Jelen2016-10-201-0/+12
|
* tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS ↵Jakub Jelen2016-10-201-0/+59
| | | | for public keys to widen compatibility
* doc update [ci skip]Nikos Mavrogiannopoulos2016-10-183-0/+10
|
* updated auto-generated filespkcs7-time-checkNikos Mavrogiannopoulos2016-10-183-0/+4
|
* doc updateNikos Mavrogiannopoulos2016-10-182-1/+3
|
* certtool: allow setting key purposes for non-CA certificatesNikos Mavrogiannopoulos2016-10-181-66/+69
| | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose.
* certtool: introduce key purpose checks in p7 direct verificationNikos Mavrogiannopoulos2016-10-181-2/+9
|
* x509: introduced gnutls_x509_crt_check_key_purpose()Nikos Mavrogiannopoulos2016-10-183-1/+29
|
* gnutls_x509_crt_verify_data2: introduce constraints checks on the provided ↵Nikos Mavrogiannopoulos2016-10-185-13/+95
| | | | | | certificate That is check the provided certificate for validity in time and key usage.
* tests: introduced verification constraints checks for PKCS#7 structuresNikos Mavrogiannopoulos2016-10-188-5/+408
| | | | That is, key purpose checks and more elaborate time checks.
* gnutls-serv: use the included known DH parameters by defaulttmp-dh-params-ffdheNikos Mavrogiannopoulos2016-10-172-42/+31
|
* doc updateNikos Mavrogiannopoulos2016-10-171-0/+9
|
* certtool: manpage updateNikos Mavrogiannopoulos2016-10-141-3/+7
|
* getfuncs-map.pl: ignore the ffdhe exported parametersNikos Mavrogiannopoulos2016-10-141-0/+12
| | | | | That is ignore the new variables exported which are not functions, and thus cannot be detected by getfuncs-map.pl.
* updated auto-generated filesNikos Mavrogiannopoulos2016-10-143-0/+24
|
* tests: crl-test: use a unique temp fileNikos Mavrogiannopoulos2016-10-141-4/+5
|
* tests: added sanity check for included primesNikos Mavrogiannopoulos2016-10-142-2/+60
|
* doc: discuss the set_known_dh_params and use it in the examplesNikos Mavrogiannopoulos2016-10-147-114/+50
|
* tests: check gnutls_psk_set_server_known_dh_paramsNikos Mavrogiannopoulos2016-10-144-1/+178
|
* tests: check gnutls_anon_set_server_known_dh_paramsNikos Mavrogiannopoulos2016-10-144-1/+158
|
* tests: check gnutls_certificate_set_known_dh_paramsNikos Mavrogiannopoulos2016-10-142-1/+105
|
* DH: introduced gnutls_*_set_known_dh_params()Nikos Mavrogiannopoulos2016-10-1410-2/+207
| | | | | | | | | | | That is, the functions gnutls_certificate_set_known_dh_params(), gnutls_anon_set_server_known_dh_params(), gnutls_psk_set_server_known_dh_params(). These functions allow to statically set the DH parameters, based on the RFC7919 FFDHE parameters. This can simplify server configuration by allowing DH without loading parameters from file. Relates #37
* certtool: --get-dh-params will output the FFDHE primes instead of the SRP primesNikos Mavrogiannopoulos2016-10-141-2/+30
|
* DH: export the FFDHE Diffie-Hellman valuesNikos Mavrogiannopoulos2016-10-144-1/+422
|
* .gitlab-ci.yml: use fedora's mingw-cmocka packagesNikos Mavrogiannopoulos2016-10-141-4/+2
|
* more files to ignoreNikos Mavrogiannopoulos2016-10-141-0/+12
|
* tests: added check for PKCS#7 catalog file parsing and data extractingNikos Mavrogiannopoulos2016-10-142-1/+134
|
* tests: updated pkcs7 text outputs to account for certtool updateNikos Mavrogiannopoulos2016-10-144-0/+6999
|
* certtool: --p7-info will include the PKCS#7 encoded data in PEM formatNikos Mavrogiannopoulos2016-10-141-1/+12
|
* tests: replaced large test2.cat with a smaller fileNikos Mavrogiannopoulos2016-10-143-136/+22
|
* certtool: improve text on missing options for cert generationNikos Mavrogiannopoulos2016-10-141-1/+5
|
* Revert "certtool: improve text on missing options for cert generation"Nikos Mavrogiannopoulos2016-10-141-5/+1
| | | | This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3.
* handshake: set a maximum number of warning messages that can be received per ↵Nikos Mavrogiannopoulos2016-10-143-9/+14
| | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing.
* record: disallow parsing of alert messages prior to session startNikos Mavrogiannopoulos2016-10-141-1/+6
|
* tests: added check to verify that the server will bail out after receiving ↵Nikos Mavrogiannopoulos2016-10-142-1/+172
| | | | only alerts
* tests: added check to verify that the server will bail out after many alertsNikos Mavrogiannopoulos2016-10-142-1/+225
|
* certtool: improve text on missing options for cert generationNikos Mavrogiannopoulos2016-10-131-1/+5
|
* doc updateNikos Mavrogiannopoulos2016-10-131-0/+2
|
* tools: removed redudant messages on PIN re-useNikos Mavrogiannopoulos2016-10-131-3/+5
|
* p11tool: avoid asking the security officer PIN twice on initializationNikos Mavrogiannopoulos2016-10-131-0/+3
|
* p11tool: improved messages on token initializationNikos Mavrogiannopoulos2016-10-131-7/+15
|
* p11tool: corrected check of PIN existance in token initializationNikos Mavrogiannopoulos2016-10-131-2/+2
|
* doc: set a default handshake timeout on example serverNikos Mavrogiannopoulos2016-10-131-0/+2
|
* serv: set a timeout value in handshakeNikos Mavrogiannopoulos2016-10-131-0/+3
|
* tests: added check for Encrypt-then-MAC under DTLSNikos Mavrogiannopoulos2016-10-132-1/+346
|
* tests: cleanups in tls-etm.cNikos Mavrogiannopoulos2016-10-132-45/+5
|
* gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW flagNikos Mavrogiannopoulos2016-10-122-6/+18
| | | | | | | | This flag allows the export of the stored embedded data with any wrapping encoding included. This in particular, it allows to read the data from the microsoft catalog PKCS#7 structures, which store as embedded data elements of a SEQUENCE, but only authenticate the inner parts without the bytes forming the SEQUENCE header.
* configure: automatically disable non-suiteb curvesNikos Mavrogiannopoulos2016-10-121-2/+8
| | | | | That is, if the installed nettle doesn't provide the nettle_secp_192r1 symbol.
View Lorry Controller Status