| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
That is, to avoid causing issues to applications calling gnutls_*priority_set()
multiple times with different parameters. In that case if multiple profiles are
used the outcome could be undefined. Now, the last call will prevail.
|
|
|
|
|
|
|
|
| |
Instead of spreading checks all over the GnuTLS, cache used PRF after
setting the cipher suite and reference the value later. Like in
_gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
response
That is, we no longer reply to a client's hello with a status request, with
a status request extension. Although that behavior which was introduced
in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility
issues with gnutls 3.3.x branch. That is because versions prior 3.3.26
translates the presence of the extension as a guarrantee that the status
response data will be sent. Even though, that is false assumption we
replicate the previous behavior to allow such clients to connect to
a gnutls 3.5.x server.
Relates !66
|
|
|
|
|
|
|
| |
handshake
That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost
of processing.
|
|
|
|
|
| |
This allows a caller to add supplemental data handling which will
only be made available for a specific session.
|
|
|
|
|
| |
This allows a caller to add extensions which will be made available
for a specific session.
|
|
|
|
|
| |
This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.
|
|
|
|
|
|
|
|
|
|
|
| |
That introduces a new function to allow setting an OCSP status
request handling function per certificate. Furthermore it repurposes
the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file.
The changes above allow setting a different OCSP status response
file per certificate, and a different function. The indexes they
rely on to associate with existing certs are the indexes returned
by the gnutls_certificate_set_key() and friends functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In this implementation, the end of the sliding window is always advanced
to the latest received packet, and we accept up to 64 packets before
that one. We no longer refuse to accept packets because they are
*too* far ahead of what we've already seen.
Some of the test cases are fixed up accordingly.
This matches the code in OpenConnect esp-seqno.c at commit 314ac65.
|
|
|
|
| |
This improves compatibility with new openssl versions.
|
|
|
|
|
|
|
| |
This introduces a new function gnutls_transport_set_fastopen().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Tim Ruehsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
This simplifies the current code, and reduces the memory needed.
|
|
|
|
|
|
|
| |
This allows to completely remove SSL 3.0 support by calling configure
with the '--disable-ssl3' option.
Resolves #93
|
| |
|
|
|
|
|
|
| |
That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake
clients will not be allowed to present another certificate than the original,
or change their username for PSK or SRP ciphersuites.
|
|
|
|
|
| |
That is store the flags provided in gnutls_init() in the session structure
and use these flags directly when required.
|
|
|
|
|
|
|
|
|
| |
This handles the use case of a client connecting to a server
which incorrectly lists the CA certificates it supports. Without
that change the only option was to avoid using the "automatic"
client certificate functions, but rather utilize callbacks.
With that approach this use case is handled by the "automatic"
certificate selection functions.
|
|
|
|
| |
This follows draft-ietf-tls-rfc4492bis-07 and rfc7748
|
| |
|
| |
|
|
|
|
|
|
|
| |
That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced
for gnutls_init(), and that enables support for false start. At
this point false start will be performed by the handshake if possible,
and gnutls_record_recv() will handle handshake completion.
|
|
|
|
|
|
|
|
|
|
| |
gnutls_session_get_data*() on non-resumed sessions
This allows of obtaining the session data required for proper session resumption
from any available session. This brings the API in par with expectations of its
users.
Resolves #79
|
|
|
|
| |
The latter is more resilient against non-key renewal.
|
|
|
|
|
| |
This function allows to use TLS False-start, by using the provided
function to send data just after finished message.
|
| |
|
|
|
|
|
| |
This resolves issue with max-record being negotiated but
ignored. Resolves #61
|
|
|
|
|
|
| |
That is require that the certificate of the peer remains the same
and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert
to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was introduced.
|
| |
|
| |
|
|
|
|
|
|
| |
That enables better backwards compatibility with old applications
which disable or enable algorithms which no longer are supported.
Relates #44
|
| |
|
|
|
|
|
| |
Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384.
Relates to #34
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The major use-case for the TLS protocol is verification of PKIX
certificates. However, certificate verification support while is
similar for almost all projects it requires around 100 lines of code
(a callback) to be duplicated to all applications. That patch
set gets rid of the callback and simplifies certificate verification
support, by introducing a very simple API; one that would accept
the session and the hostname only.
Resolves #27
|
|
|
|
|
| |
That allows to set a verification callback per session rather
than only globally on the credentials structure.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a new attack on the TLS protocol which relies on using certificates
for ECDSA as certificates for ECDH ciphersuites. That attack while it doesn't
affect gnutls, which doesn't support static ECDH, assumes that implementations
ignore the key usage bits in the certificate. We have done it since 3.1.0 for
compatibility reasons (see http://www.gnutls.org/faq.html#key-usage-violation),
but that clearly opens the door for real attacks in the future.
For this reason the key usage bits will no longer be ignored.
Resolves #24
|
|
|
|
|
| |
This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
the handshake, as defined in RFC7507.
|
| |
|
|
|
|
| |
That allows faster operations in almost all instruction sets.
|
| |
|
|
|
|
| |
That also makes the waits for packets more robust against blocking.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
That reduced the maximum send size for CBC ciphers from 16384
to 16384-(block size), which was unnecessary and was causing issues:
https://bugs.winehq.org/show_bug.cgi?id=37500
|
| |
|