Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Change ca3 and related certificate to include an intermediate CA in the chain. | Stefan Sørensen | 2016-08-09 | 10 | -198/+483 |
| | | | | | | Also update a bunch of test-cases to support chains with an intermediate CA. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> | ||||
* | Revert "tests: check gnutls_certificate_get_x509_crt with more than one ↵ | Nikos Mavrogiannopoulos | 2016-08-09 | 2 | -82/+30 |
| | | | | | | certificates" This reverts commit f7d884720b128ef86f6b9dc9fc498be89faf1732. | ||||
* | tests: do not run srp test when no SRP support is compiled in | Nikos Mavrogiannopoulos | 2016-08-09 | 1 | -1/+1 |
| | |||||
* | tests: moved child status error checking code in utils.h | Nikos Mavrogiannopoulos | 2016-08-09 | 61 | -337/+91 |
| | |||||
* | latex: updated sources for new functions | Nikos Mavrogiannopoulos | 2016-08-09 | 2 | -1/+5 |
| | |||||
* | updated auto-generated filesgnutls_3_5_3 | Nikos Mavrogiannopoulos | 2016-08-09 | 3 | -0/+9 |
| | |||||
* | released 3.5.3 | Nikos Mavrogiannopoulos | 2016-08-09 | 1 | -3/+3 |
| | |||||
* | gnutls_transport_set_fastopen: added flags optionstcp-fast-open | Nikos Mavrogiannopoulos | 2016-08-08 | 4 | -4/+7 |
| | | | | | This will allow minor modifications to the semantics of the function in the future, without introducing a new API. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-08-08 | 1 | -0/+7 |
| | |||||
* | Fix gnutls_pkcs12_simple_parse to always extract the complete chainstefan-fixes | Stefan Sørensen | 2016-08-08 | 1 | -20/+15 |
| | | | | | | | | | gnutls_pkcs12_simple_parse was only collecting extra certificates that was possible elements of the certificate chain when the extra_certs argument was not NULL. Fix by allways collecting all the certificates, any unneeded certificates are released before returning if extra_certs is NULL anyway. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> | ||||
* | tests: check gnutls_certificate_get_x509_crt with more than one certificates | Nikos Mavrogiannopoulos | 2016-08-08 | 2 | -30/+82 |
| | | | | This would detect the issue in the "Fix invalid pointer operation in gnutls_certificate_get_x509_crt" | ||||
* | tests: Use common ca3 test certificates in x509cert, x509dn and x509self tests. | Stefan Sørensen | 2016-08-08 | 3 | -307/+32 |
| | | | | Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> | ||||
* | tests: Remove zero-termination of gnutls_datum encapsulated certificates | Stefan Sørensen | 2016-08-08 | 1 | -17/+17 |
| | | | | | | This allows for memcmp comparison with certificates after processing. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> | ||||
* | Fix invalid pointer operation in gnutls_certificate_get_x509_crt | Stefan Sørensen | 2016-08-08 | 1 | -2/+2 |
| | | | | | | | | The access to the allocated crt_list variable was missing a pointer dereference, leading to memory corruption for any certificate list with more than one element. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> | ||||
* | tests: added check for errors when importing illegal RSA keys | Nikos Mavrogiannopoulos | 2016-08-08 | 7 | -3/+345 |
| | |||||
* | x509: call the fixup functions after loading private keys | Nikos Mavrogiannopoulos | 2016-08-08 | 2 | -12/+41 |
| | | | | | That way we can better report errors which relate to illegal parameters being detected. | ||||
* | nettle: use rsa_*_key_prepare on key import | Nikos Mavrogiannopoulos | 2016-08-08 | 1 | -10/+52 |
| | | | | | | | | | | | Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). This patch avoids calling rsa_private_key_prepare every time we construct a nettle private key struct, because this function requires a bigint multiplication. We call that function once on private key import. | ||||
* | tests: added missing backslash in key-tests Makefile | Nikos Mavrogiannopoulos | 2016-08-08 | 1 | -1/+1 |
| | |||||
* | Revert "nettle: use rsa_*_key_prepare" | Nikos Mavrogiannopoulos | 2016-08-08 | 1 | -32/+12 |
| | | | | This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2. | ||||
* | gnutls.h: moved all compatibility defines outside the enum | Nikos Mavrogiannopoulos | 2016-08-08 | 1 | -8/+11 |
| | |||||
* | prepared for release 3.5.3 | Nikos Mavrogiannopoulos | 2016-08-08 | 2 | -4/+4 |
| | |||||
* | tests: use gnutls_record_set_timeout instead of kill child processes | Nikos Mavrogiannopoulos | 2016-08-05 | 3 | -3/+8 |
| | | | | | | That way we avoid issues like #118 which are caused by killing the child process, and we also avoid deadlocks by making sure that recv will terminate after a long delay. | ||||
* | tests: mini-record modify in a way to be more fail safe | Nikos Mavrogiannopoulos | 2016-08-05 | 1 | -4/+6 |
| | | | | | | | That is, do not kill the child, but instead switch the roles of child and parent, and add a timeout on recv to avoid infinite delays. Relates: #118 | ||||
* | pkcs11: is_object_pkcs11_url -> is_pkcs11_url_object | Nikos Mavrogiannopoulos | 2016-08-05 | 2 | -3/+5 |
| | | | | Renamed function for clarity. | ||||
* | tests: ignore sigpipe in mini-record | Nikos Mavrogiannopoulos | 2016-08-05 | 1 | -0/+1 |
| | |||||
* | gnutls_fips140_mode_enabled: changed return type to unsigned | Nikos Mavrogiannopoulos | 2016-08-05 | 2 | -2/+2 |
| | |||||
* | doc: updated contribution guide with more info on test suite [ci skip] | Nikos Mavrogiannopoulos | 2016-08-04 | 1 | -2/+11 |
| | |||||
* | gnutls_pkcs11_privkey_status: return type changed to unsigned | Nikos Mavrogiannopoulos | 2016-08-04 | 2 | -2/+2 |
| | |||||
* | doc: added section on SCTP protocol [ci skip] | Nikos Mavrogiannopoulos | 2016-08-04 | 2 | -0/+23 |
| | |||||
* | tests: client-fastopen: removed seccomp conditional | Nikos Mavrogiannopoulos | 2016-08-02 | 1 | -1/+1 |
| | |||||
* | fastopen: improved error checking at connect() | Nikos Mavrogiannopoulos | 2016-08-02 | 1 | -1/+1 |
| | |||||
* | nettle: use rsa_*_key_prepare | Nikos Mavrogiannopoulos | 2016-08-01 | 1 | -12/+32 |
| | | | | | | | Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). | ||||
* | gnutls_transport_set_fastopen: doc update | Nikos Mavrogiannopoulos | 2016-07-29 | 1 | -7/+18 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-07-29 | 1 | -0/+5 |
| | |||||
* | getrandom: use SYS_getrandom instead of __NR_getrandom | Nikos Mavrogiannopoulos | 2016-07-29 | 1 | -1/+1 |
| | | | | | These are identical definitions, but according to syscall() SYS_getrandom is the expected value. | ||||
* | x059: Fix asymmetry in name constraints intersection | Martin Ukrop | 2016-07-29 | 1 | -5/+21 |
| | | | | | | | | - In _gnutls_name_constraints_intersect, if *_nc had a node of some type not present in _nc2, this was preserved. However, if it was vice versa (_nc2 having a type not present in *_nc), this node was discarded. - This is now fixed. - Removed redundant return value check that was accidentally left when refactoring from set_datum to explicit NULL setting. Signed-off-by: Martin Ukrop <mukrop@redhat.com> | ||||
* | tests: Add and improve chain tests | Martin Ukrop | 2016-07-29 | 1 | -54/+164 |
| | | | | | | | | - Add a new chaintest testing the symmetry of merging name constraints of different types. - Rename old name_constraints_but_no_name test to match other name constraints tests. - Improve chain description of older name constraints tests. Signed-off-by: Martin Ukrop <mukrop@redhat.com> | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-07-29 | 1 | -2/+2 |
| | |||||
* | configure: do not generate makefiles in removed dirstests-simplification | Nikos Mavrogiannopoulos | 2016-07-28 | 1 | -7/+0 |
| | |||||
* | tests: updated paths for new location of p12 files | Nikos Mavrogiannopoulos | 2016-07-28 | 2 | -5/+5 |
| | |||||
* | tests: safe renegotiation tests are run from top dir | Nikos Mavrogiannopoulos | 2016-07-28 | 3 | -43/+6 |
| | |||||
* | tests: srp tests moved outside subdir | Nikos Mavrogiannopoulos | 2016-07-28 | 3 | -53/+2 |
| | |||||
* | tests: moved sha2 tests into cert-tests/ | Nikos Mavrogiannopoulos | 2016-07-28 | 14 | -208/+191 |
| | |||||
* | tests: moved ecdsa tests to key-tests/ | Nikos Mavrogiannopoulos | 2016-07-28 | 6 | -126/+105 |
| | |||||
* | tests: moved dsa tests into key-tests/ | Nikos Mavrogiannopoulos | 2016-07-28 | 11 | -50/+22 |
| | |||||
* | tests: moved pkcs8 tests to key-tests/ | Nikos Mavrogiannopoulos | 2016-07-28 | 14 | -49/+17 |
| | |||||
* | tests: key-tests: moved data files into data/ subdir | Nikos Mavrogiannopoulos | 2016-07-28 | 14 | -29/+33 |
| | |||||
* | tests: moved pkcs12 tests into cert-certs/ subdir | Nikos Mavrogiannopoulos | 2016-07-28 | 13 | -318/+15 |
| | |||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-07-28 | 1 | -0/+3 |
| | |||||
* | Require compiler to support C99 | Tim Rühsen | 2016-07-28 | 1 | -0/+8 |
| |