| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
We expand informational comments on limitations, but with removing
FIXME (keyword didn't help fixing these), and remove completely unhelpful
comments, obsolete ones, or comments about ideas.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
| |
While gettime() is extensively used in the code, the library
previously hadn't provided a way to replace it for testing. This adds
a new internal function _gnutls_global_set_gettime_function and makes
use of it through virt-time.h.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the received record doesn't even complete the handshake
header (i.e., the record size < 4), keep it in a temporary buffer and
let the caller receive more records. Once enough amount of data is
received, move the already received records back to record_buffer and
proceed to the normal processing.
Fixes: #272
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If `remain > 0` is true, `recv_buf[0].length > 0` always holds.
Combine those conditions and remove the `remain` utilizing MIN().
This is to make the incomplete header handling case easier.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
| |
Previously, to calculate the fragment length, it added/subtracted one
to the ending offset back and forth; that was not easier to read and
couldn't handle empty payload messages in TLS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is permitted to concatenate multiple async handshake messages in a single
record message as well as split large messages (NST) into multiple records.
Modified _gnutls13_recv_async_handshake() to process them correctly, instead
of assuming that they are formatted as one message per record.
Resolves #510
Resolves #504
Relates #511
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It is used only in DTLS where multiple handshake states may be
active.
Resolves #421
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That also distinguishes between them by using the special random value,
and implements the version check as in draft-ietf-tls-tls13-24.
Resolves #391 #390 #392
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Previously, if SSLv2 hello support was disabled, the check for
the expected TLS message was incorrect.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This returns a more reasonable error code on platforms where
this errno is set.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
Previously we were using a rough calculation of the max recv size
based on maximum values. Now we calculate the exact maximum value once
the epoch is initialized and enforce it throughout the session.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: David Caldwell <david@porkrind.org>
|
| |
|
|
|
|
|
|
|
| |
This introduces a new function gnutls_transport_set_fastopen().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Tim Ruehsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
| |
That is, when the handshake packet is split into multiple different
chunks and received out of order, make sure that reconstruction occurs
properly. Reported by Guillaume Roguez.
|
|
|
|
|
|
|
| |
This allows to completely remove SSL 2.0 support by calling configure
with the '--disable-ssl2-support' option.
Relates #97
|
|
|
|
|
|
|
| |
This allows to specify an indefinite timeout to gnutls_record_set_timeout().
In addition this flag is accepted by gnutls_handshake_set_timeout() and
cancels out a previously set timeout.
Resolves #41
|
|
|