summaryrefslogtreecommitdiff
path: root/libdane
Commit message (Collapse)AuthorAgeFilesLines
* doc: fixed documentation for various function parametersNikos Mavrogiannopoulos2017-04-071-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2016-09-111-3/+3
|
* libdane: include minitasn1 headersNikos Mavrogiannopoulos2016-08-231-0/+1
|
* dane: corrected the license of libdane filesNikos Mavrogiannopoulos2016-07-052-2/+2
| | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni.
* dane: verification will not fail if a CA entry is encountered but cannot be ↵Nikos Mavrogiannopoulos2016-04-261-3/+5
| | | | | | | | | verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped.
* doc: improved documentation on certificate and DANE verification functionsNikos Mavrogiannopoulos2016-04-261-6/+13
|
* dane: updated documentation of dane_verify_crt_rawNikos Mavrogiannopoulos2016-04-261-19/+4
|
* doc: added clarifications on documentation for dane_state_tNikos Mavrogiannopoulos2016-04-261-2/+4
|
* common.mk: corrected typo on LDFLAGS for coverageNikos Mavrogiannopoulos2016-04-121-1/+1
|
* configure: Add a code coverage optionNikos Mavrogiannopoulos2016-04-121-2/+3
| | | | | | | Configure with: ./configure --enable-code-coverage Show coverage output with: make && make check && make code-coverage-capture
* corrected typosNikos Mavrogiannopoulos2015-01-161-2/+2
| | | | Reported by Guido Kroon.
* improved documentation on daneNikos Mavrogiannopoulos2014-12-121-8/+13
|
* dane: use the new _gnutls_buffer_to_datumNikos Mavrogiannopoulos2014-12-051-6/+1
|
* libdane: undef gnutls_assert() before redefining itNikos Mavrogiannopoulos2014-11-251-0/+4
|
* libdane: do not require the CA to be a direct CANikos Mavrogiannopoulos2014-09-191-27/+56
|
* libdane: disable debugging modeNikos Mavrogiannopoulos2014-08-091-1/+0
|
* doc updategnutls_3_3_6Nikos Mavrogiannopoulos2014-07-231-3/+3
|
* libdane: simplified initialization of variables.Nikos Mavrogiannopoulos2014-07-221-14/+9
|
* libdane: bogus and secure values are always initialized in ↵Nikos Mavrogiannopoulos2014-07-221-2/+8
| | | | dane_query_to_raw_tlsa
* libdane: use gnutls_malloc() and doc updateNikos Mavrogiannopoulos2014-07-221-5/+5
|
* doc updateNikos Mavrogiannopoulos2014-07-221-1/+2
|
* libdane: add function dane_query_to_raw_tlsaSimon Arlott2014-07-113-0/+85
| | | | | | | | | | | | This function converts a dane_query_t into the parameters needed for dane_raw_tlsa() to make it easy to copy the results of the (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for dane_data_len to avoid trying to malloc 0 bytes if q->data_entries is 0 (it is possible for malloc/calloc to return NULL when requested to allocate 0 bytes). Signed-off-by: Simon Arlott
* dane: Skip DANE entries that may contain unknown infoNikos Mavrogiannopoulos2014-07-061-22/+19
| | | | | That would allow skipping any future entries without failing. Reported by Simon Arlott.
* dane: Added sanity check in dane_verify_crt_raw()Nikos Mavrogiannopoulos2014-07-061-0/+3
| | | | | That allows calling the function will an empty chain. Reported by Simon Arlott.
* doc updateNikos Mavrogiannopoulos2014-05-131-1/+1
|
* Revert "Added dane_verify_crt_raw2() which allows verifying against the ↵Nikos Mavrogiannopoulos2014-05-103-89/+7
| | | | | | certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
* Revert "corrected prototypes for dane_verify_crt_raw2()."Nikos Mavrogiannopoulos2014-05-102-4/+2
| | | | This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
* corrected prototypes for dane_verify_crt_raw2().Nikos Mavrogiannopoulos2014-05-102-2/+4
|
* Added dane_verify_crt_raw2() which allows verifying against the certificate ↵Nikos Mavrogiannopoulos2014-05-103-7/+89
| | | | name.
* Improved dane_verify_session_crt(), which now attempts to create a full chain.Nikos Mavrogiannopoulos2014-05-101-2/+71
| | | | This addresses points from https://savannah.gnu.org/support/index.php?108552
* increased MAX_DATA_ENTRIES to 100.Nikos Mavrogiannopoulos2014-04-281-1/+1
|
* rearranged codeNikos Mavrogiannopoulos2014-04-281-5/+4
|
* Accept a certificate using DANE if there is at least one entry that matches ↵Nikos Mavrogiannopoulos2014-04-282-5/+24
| | | | | | | | | | the certificate. This corrects the previous behavior that was rejecting the certificate if there were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Corrected dane_verify_crt() to not deinitialize any input state.Nikos Mavrogiannopoulos2014-04-151-1/+1
|
* pass the correct flag to dane_verify_crt_raw()Nikos Mavrogiannopoulos2013-12-231-7/+7
| | | | | That doesn't affect anything but logical correctness, as the parameter is ignored.
* reindented codeNikos Mavrogiannopoulos2013-11-084-753/+687
|
* Removed unused parameter.Nikos Mavrogiannopoulos2013-10-291-3/+0
|
* reindented codeNikos Mavrogiannopoulos2013-10-291-450/+545
|
* Reorganized main loop in dane_raw_tlsaNikos Mavrogiannopoulos2013-10-291-15/+14
|
* Adding option DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key ↵Christian Grothoff2013-10-232-4/+9
| | | | | | | | | | | entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized from a source other than libunbound/DNS, as then the DNSSEC root key would not be used anyway. Worse, if we failed to read the DNSSEC root key, this would create a failure even though for applications that do not use DNSSEC (but do use DANE/TLSA) such a failure would be totally harmless.
* corrected libdane docNikos Mavrogiannopoulos2013-10-231-2/+2
|
* exported symbolsNikos Mavrogiannopoulos2013-10-211-0/+2
|
* small fixesNikos Mavrogiannopoulos2013-10-211-2/+2
|
* Adding dane_verify_crt_raw to allow direct verification of a certificate ↵Christian Grothoff2013-10-212-22/+77
| | | | | | chain against a dane_query_t (for example, as provided by the new dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Adding dane_raw_tlsa to allow initialization of dane_query_t from DANE ↵Christian Grothoff2013-10-212-73/+115
| | | | | | records based on external DNS resolutions. Also fixing a buffer overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* several updatesNikos Mavrogiannopoulos2013-05-161-0/+1
|
* corrected typo. reported by Etan Reisner.Nikos Mavrogiannopoulos2013-05-022-7/+9
|
* updated docNikos Mavrogiannopoulos2013-03-051-2/+2
|
* Added verify flags for DANE to enforce verification and restrict it to a field.Nikos Mavrogiannopoulos2013-03-012-6/+26
|
* when verifying a DANE CA constraint make sure that the provided chain is ↵Nikos Mavrogiannopoulos2013-02-243-0/+57
| | | | actually a chain.