| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
Incorporated comments made in Lenka Horakova's thesis study.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This accomodates for files which have salt sizes up to 256 bytes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The previous implementation of the function was restricted to SHA1 and
SHA256. Extended to allow SHA384 and SHA512 as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Resolves #191
Resolves #190
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, verify whether certtool --p12-info will print the
actual encryption OID on unsupported files, rather than the
generic PBES2 algorithm.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When failing to import a structure due to an unsupported encryption
algorithm OID, return the unsupported OID instead of the generic
PBES2 OID.
Resolves: #193
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Clarified when this function should be set. Based on suggestion by
Sean Greenslade.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
SSLv23_*_methods.
http://bugs.debian.org/857436
|
|
|
|
|
|
| |
This better describes the name of the build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That is an improvement to run the CI faster.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
That is no longer return indexes for ciphersuites which would not have
been available due to TLS version mismatch in the priorities cache.
Resolves #146
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
Otherwise, out of tree builds will fail to copy the template.
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
These check whether parsing of unsupported files (e.g., with RC2-128),
will succeed. This serves as functionality check for gnutls_pkcs8_info.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The documented behavior of the function was to return a valid
OID in that case.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
It is no longer being used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Removed the dependency on git2cl and utilize git log directly.
git2cl seems to provide incorrect output.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
They both require access to the same port and thus cannot
be run in parallel.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This enhances the testsuite by running all the tlsfuzzer
fuzzer tests which require certificates from server.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.
|
|
|
|
|
|
|
| |
Travis build seem to fail for some reason since pkg-config is already
installed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This allows to re-run failed builds on the depending stages
during that time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
It was already being included in Requires.private. Reported
by Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
| |
We were previously exporting certificates with serial number being
zero, which is not allowed by RFC5280.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This is a unit test for GNUTLS_DT_IP_ADDRESS as used in
gnutls_certificate_verify_peers().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This allows verifying an IP address using gnutls_certificate_verify_peers()
or gnutls_x509_trust_list_verify_crt2().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This is a unit test for:
"gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Do not fallback to checking the CN of a certificate for a hostname
if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2().
This behavioral change is in order to satisfy the RFC6125 requirement
of not falling back to CN in that case. Reported by Suphannee Sivakorn.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This flag when provided to the gnutls_x509_crt_check_hostname2() function
(and its callers), will prevent IP matching of the subject alternative
name. This can be utilized by applications which directly check for
IP addresses using gnutls_x509_crt_check_ip().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|