]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 15:53:21 +0000 (17:53 +0200)]
Added debugging
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 15:35:49 +0000 (17:35 +0200)]
Added danetool manpage
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 15:16:20 +0000 (17:16 +0200)]
released 3.1.3
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 14:39:30 +0000 (16:39 +0200)]
doc updates
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 08:09:26 +0000 (10:09 +0200)]
remove files that are not generated
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 08:05:22 +0000 (10:05 +0200)]
use common definitions for generating docs.
Nikos Mavrogiannopoulos [Fri, 12 Oct 2012 07:24:54 +0000 (09:24 +0200)]
Separated DANE functionality from certtool and added danetool.
Nikos Mavrogiannopoulos [Thu, 11 Oct 2012 20:37:25 +0000 (22:37 +0200)]
Added (back) RFC5081 support in client mode.
Nikos Mavrogiannopoulos [Thu, 11 Oct 2012 18:47:46 +0000 (20:47 +0200)]
Several OpenPGP updates.
Exported gnutls_certificate_get_peers_subkey_id().
Removed compatibility code with RFC5081.
The gnutls_openpgp_*_get_subkey_*() functions return the master key parameters if provided with GNUTLS_OPENPGP_MASTER_KEYID_IDX.
Nikos Mavrogiannopoulos [Thu, 11 Oct 2012 07:15:56 +0000 (09:15 +0200)]
documented fixes
Nikos Mavrogiannopoulos [Wed, 10 Oct 2012 18:12:27 +0000 (20:12 +0200)]
Increased maximum password len in PKCS #12.
Nikos Mavrogiannopoulos [Wed, 10 Oct 2012 18:11:28 +0000 (20:11 +0200)]
Bug fixes in the openssl encrypted PEM key parsing.
Nikos Mavrogiannopoulos [Wed, 10 Oct 2012 06:32:07 +0000 (08:32 +0200)]
session->key no longer needs to be an allocated structure.
Nikos Mavrogiannopoulos [Wed, 10 Oct 2012 06:16:34 +0000 (08:16 +0200)]
The high level functions accept sflags and vflags as separate options.
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 22:24:41 +0000 (00:24 +0200)]
Updates in DANE support. Allow caching of queries.
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 20:58:30 +0000 (22:58 +0200)]
dane-rr -> dane-tlsa-rr
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 18:53:35 +0000 (20:53 +0200)]
Documentation updates
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 18:31:30 +0000 (20:31 +0200)]
bumped versions
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 18:04:42 +0000 (20:04 +0200)]
inlude DANE in manual
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 17:55:35 +0000 (19:55 +0200)]
define Loaded_CertEnumCRLsInStore to CertEnumCRLsInStore when it exists.
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 17:12:40 +0000 (19:12 +0200)]
documented updates
Nikos Mavrogiannopoulos [Tue, 9 Oct 2012 17:11:22 +0000 (19:11 +0200)]
Certtool updates.
By default generate public key TLSA RR entries. Added --verbose option.
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 19:16:21 +0000 (21:16 +0200)]
libdane -> libgnutls-dane
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 19:09:29 +0000 (21:09 +0200)]
use hex for single byte entries
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 15:31:20 +0000 (17:31 +0200)]
DANE RR -> DANE TLSA RR
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 15:07:09 +0000 (17:07 +0200)]
Certtool generates DANE entries with selector 0 (X.509 certificate).
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 14:55:38 +0000 (16:55 +0200)]
Certtool can generate a DANE RR entry.
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 14:39:49 +0000 (16:39 +0200)]
use the old libtasn1 type
Nikos Mavrogiannopoulos [Mon, 8 Oct 2012 14:36:19 +0000 (16:36 +0200)]
removed old file
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 21:55:47 +0000 (23:55 +0200)]
The session ticket and OCSP certificate status extensions are enabled by default.
In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 21:36:31 +0000 (23:36 +0200)]
save some memory by removed unused ASN.1 structures.
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 10:57:57 +0000 (12:57 +0200)]
corrected version number
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 10:10:59 +0000 (12:10 +0200)]
Bug fixes in DANE.
Corrected packet length parsing and removed the verify
options DANE_VERIFY_DNSSEC_DATA_INVALID and DANE_VERIFY_NO_DNSSEC_DATA.
There is longer use for them since using the DANE API requires DNSSEC.
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 09:54:49 +0000 (11:54 +0200)]
corrected versions
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 09:01:29 +0000 (11:01 +0200)]
Added helper functions gnutls_pubkey_import_openpgp_raw() and gnutls_pubkey_import_x509_raw().
Nikos Mavrogiannopoulos [Sun, 7 Oct 2012 08:33:55 +0000 (10:33 +0200)]
Added functions to export structures in an allocated buffer.
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 22:19:40 +0000 (00:19 +0200)]
Added command-line option to disable CA verification.
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 22:01:42 +0000 (00:01 +0200)]
removed old flag
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 15:30:15 +0000 (17:30 +0200)]
Always require DNSSEC.
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 13:10:05 +0000 (15:10 +0200)]
some reorganization of the configure script.
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 10:56:58 +0000 (12:56 +0200)]
some more text for TPMs
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 02:34:44 +0000 (04:34 +0200)]
In gnutls-cli the server certificate is printed prior to verification
Nikos Mavrogiannopoulos [Sat, 6 Oct 2012 02:26:05 +0000 (04:26 +0200)]
Added a DANE library.
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 18:43:08 +0000 (20:43 +0200)]
updated
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 17:37:56 +0000 (19:37 +0200)]
enable useful extensions in the examples.
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 17:25:01 +0000 (19:25 +0200)]
included config.h to avoid issue with gnulib
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 17:10:26 +0000 (19:10 +0200)]
gnutls_certificate_verify_peers2() checks ocsp status response if available.
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 16:58:13 +0000 (18:58 +0200)]
do not set verify_flags
Nikos Mavrogiannopoulos [Thu, 4 Oct 2012 08:31:35 +0000 (10:31 +0200)]
doc update.
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:58:18 +0000 (20:58 +0200)]
If revocation reason cannot be read set it to GNUTLS_X509_CRLREASON_UNSPECIFIED.
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:31:39 +0000 (20:31 +0200)]
changed generation of manpages.
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:15:04 +0000 (20:15 +0200)]
upload -> upload-tarballs
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:13:18 +0000 (20:13 +0200)]
Use hash-pjw-bare instead of asn1_bhash().
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:02:44 +0000 (20:02 +0200)]
Updated gnulib and added hash-pjw-bare
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 17:28:42 +0000 (19:28 +0200)]
Added test to verify that callbacks are being actually called.
Nikos Mavrogiannopoulos [Mon, 1 Oct 2012 19:33:24 +0000 (21:33 +0200)]
check the first response.
Nikos Mavrogiannopoulos [Mon, 1 Oct 2012 19:32:51 +0000 (21:32 +0200)]
gnutls_ocsp_resp_check_crt() accepts the response index.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:20:53 +0000 (00:20 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:19:03 +0000 (00:19 +0200)]
Added gnutls_x509_crl_reason_flags_t.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:18:43 +0000 (00:18 +0200)]
read revocation reason
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 20:59:12 +0000 (22:59 +0200)]
simplified doc
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 16:10:17 +0000 (18:10 +0200)]
gnutls_ocsp_resp_check_crt was moved to 3.0 symbols and documented update.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 14:34:32 +0000 (16:34 +0200)]
documented gnutls_ocsp_resp_check_crt().
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 14:22:33 +0000 (16:22 +0200)]
The OCSP response file is now set on the credentials and other additions.
Changed OCSP function prototypes for almost all status_request functions
to move the response file and callback to the certificate credentials structure.
Added gnutls_ocsp_resp_check_crt() to check whether a response corresponds
to a given certificate.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 11:12:37 +0000 (13:12 +0200)]
documented fix
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:57:01 +0000 (12:57 +0200)]
Print debugging information even when an extension is not parsed.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:53:37 +0000 (12:53 +0200)]
Fixed the receipt of session tickets during session resumption.
Reported by danblack
http://savannah.gnu.org/support/?108146
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:04:45 +0000 (12:04 +0200)]
better output in resume
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:04:22 +0000 (12:04 +0200)]
simplified handshake states.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:52:24 +0000 (10:52 +0200)]
Verify callback is run in either side.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:21:53 +0000 (10:21 +0200)]
removed unused functions.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:06:01 +0000 (10:06 +0200)]
Pack and unpack the status request extension data on resumption.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 17:00:19 +0000 (19:00 +0200)]
Use the server's OCSP provided data when verifying a certificate's validity.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 16:54:15 +0000 (18:54 +0200)]
The certificate verification callback is being run after the certificate status response is received.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 15:50:28 +0000 (17:50 +0200)]
documented updates
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 12:26:05 +0000 (14:26 +0200)]
updated OCSP status request.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 12:07:46 +0000 (14:07 +0200)]
Session ID is correctly read.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 11:14:31 +0000 (13:14 +0200)]
Corrected signed-to-unsigned comparisons
Simon Josefsson [Tue, 17 Apr 2012 12:31:09 +0000 (14:31 +0200)]
Implement status_request OCSP extension.
Nikos Mavrogiannopoulos [Thu, 27 Sep 2012 15:40:40 +0000 (17:40 +0200)]
Added Olga and Ilya to authors.
Nikos Mavrogiannopoulos [Thu, 27 Sep 2012 15:16:44 +0000 (17:16 +0200)]
more files to ignore
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 21:28:36 +0000 (23:28 +0200)]
updated heartbeat text
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:50:35 +0000 (20:50 +0200)]
more files to ignore
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:32:44 +0000 (20:32 +0200)]
released 3.1.2
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:19:48 +0000 (20:19 +0200)]
Handle heartbeat packets with zero payload, and account for the payload length when sending a heartbeat of fixed size.
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 19:27:30 +0000 (21:27 +0200)]
benchmark time was increased.
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 19:16:39 +0000 (21:16 +0200)]
Updated to minitasn1 3.0
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 15:22:09 +0000 (17:22 +0200)]
updated cross.mk
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 15:11:22 +0000 (17:11 +0200)]
added missing tpm.h header
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 14:51:44 +0000 (16:51 +0200)]
All external libraries that were in LDFLAGS are moved into LIBADD/LDADD.
It also fixes order within LIBADD/LDADD so that libtool objects go first.
Patch by Bartosz Brachaczek.
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:47:42 +0000 (20:47 +0200)]
updated copyright
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:44:48 +0000 (20:44 +0200)]
openpgp doc update
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:13:27 +0000 (20:13 +0200)]
Added boilerplate.
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 21:17:00 +0000 (23:17 +0200)]
simplified calculations
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:43 +0000 (19:06 +0200)]
documented fix
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:17 +0000 (19:06 +0200)]
reduced verbosity and better debugging.
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:00 +0000 (19:06 +0200)]
Corrected bug in PGP subpacket encoding
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 14:34:25 +0000 (16:34 +0200)]
Added script to check against randomly generated certificates.
Nikos Mavrogiannopoulos [Sat, 22 Sep 2012 12:28:00 +0000 (14:28 +0200)]
removed unused label
Nikos Mavrogiannopoulos [Sat, 22 Sep 2012 12:09:49 +0000 (14:09 +0200)]
doc updates