]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
15 years agoprevent a memory leak in the unique_id functions.
Nikos Mavrogiannopoulos [Fri, 20 Aug 2010 17:41:34 +0000 (19:41 +0200)] 
prevent a memory leak in the unique_id functions.

15 years agoAs identified in a previous mail, I've added support for accessing / displaying
Brad Hards [Fri, 20 Aug 2010 17:36:34 +0000 (19:36 +0200)] 
As identified in a previous mail, I've added support for accessing / displaying
the subjectUniqueID and issuerUniqueID fields within an X.509 certificate. This
is provided (along with a test case) in the attached patch.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
15 years agoBy default lowat is set to zero.
Nikos Mavrogiannopoulos [Fri, 20 Aug 2010 17:05:53 +0000 (19:05 +0200)] 
By default lowat is set to zero.

15 years agoRevert "When scanning for terminator character for PKCS #11 URLs ignore escaped \;."
Nikos Mavrogiannopoulos [Thu, 19 Aug 2010 13:55:16 +0000 (15:55 +0200)] 
Revert "When scanning for terminator character for PKCS #11 URLs ignore escaped \;."

This reverts commit 583fad076506421c9007a3349784496e2927dcd1.

15 years agoAdded Sjoerd.
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 17:40:02 +0000 (19:40 +0200)] 
Added Sjoerd.

15 years agolibnettle is the default crypto library.
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 17:35:58 +0000 (19:35 +0200)] 
libnettle is the default crypto library.

15 years agooldstate var removed.
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 16:35:21 +0000 (18:35 +0200)] 
oldstate var removed.

15 years agomini-eagain will fail with EAGAIN error one every two attempts. That is to remove...
Nikos Mavrogiannopoulos [Tue, 17 Aug 2010 17:54:06 +0000 (19:54 +0200)] 
mini-eagain will fail with EAGAIN error one every two attempts. That is to remove probabilities.

15 years agoRemember the amount of user data we're sending out
Sjoerd Simons [Wed, 11 Aug 2010 12:49:46 +0000 (13:49 +0100)] 
Remember the amount of user data we're sending out

Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294. gnutls_record_send
needs to return the amount of user-data we sent, so we need to keep this
information somewhere to return it when we succeed in sending that data.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
15 years agoCheck whether the error is fatal in more cases
Sjoerd Simons [Wed, 11 Aug 2010 12:48:26 +0000 (13:48 +0100)] 
Check whether the error is fatal in more cases

When stressing the async API of gnutls a lot of internal errors are hit as
IMED_RET clears the handshake hash buffers as a result of -EAGAIN even though
it would never be re-initialized at that point, but is still needed in later
stages.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
15 years agoAdd state for flushing the handshake buffer
Sjoerd Simons [Wed, 11 Aug 2010 10:06:43 +0000 (11:06 +0100)] 
Add state for flushing the handshake buffer

A seperate state is needed between flushing the handshake buffers and sending
the chipher spec change otherwise it's impossible to determine whether
_gnutls_send_change_cipher_spec is called for the first time or again.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
15 years agoFix warning.
Simon Josefsson [Sun, 1 Aug 2010 21:22:26 +0000 (23:22 +0200)] 
Fix warning.

15 years agoDefine HAVE_GCRYPT when using gcrypt. nettle is no longer marked as unsupported.
Nikos Mavrogiannopoulos [Thu, 29 Jul 2010 08:33:47 +0000 (10:33 +0200)] 
Define HAVE_GCRYPT when using gcrypt. nettle is no longer marked as unsupported.

15 years agoAdded Camellia-128/256, SHA-224/384/512 and support for DSA2 when using nettle.
Nikos Mavrogiannopoulos [Thu, 29 Jul 2010 08:26:33 +0000 (10:26 +0200)] 
Added Camellia-128/256, SHA-224/384/512 and support for DSA2 when using nettle.

15 years agoWhen scanning for terminator character for PKCS #11 URLs ignore escaped \;.
Nikos Mavrogiannopoulos [Wed, 28 Jul 2010 15:48:40 +0000 (17:48 +0200)] 
When scanning for terminator character for PKCS #11 URLs ignore escaped \;.

15 years agoModified the example to work in TLS 1.2.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:21:46 +0000 (17:21 +0200)] 
Modified the example to work in TLS 1.2.

15 years agoAdded RSA_NULL_SHA1 and SHA256 ciphersuites.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:13:56 +0000 (17:13 +0200)] 
Added RSA_NULL_SHA1 and SHA256 ciphersuites.

15 years agoWhen signature algorithms extension is not received allow SHA1 and SHA256.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:12:19 +0000 (17:12 +0200)] 
When signature algorithms extension is not received allow SHA1 and SHA256.

15 years agoNULL MAC renamed to MAC-NULL
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 14:40:31 +0000 (16:40 +0200)] 
NULL MAC renamed to MAC-NULL

15 years agoAvoid fixed size buffers (now handles the big >100 SAN cert).
Simon Josefsson [Sun, 25 Jul 2010 16:27:04 +0000 (18:27 +0200)] 
Avoid fixed size buffers (now handles the big >100 SAN cert).

15 years agoGenerated.
Simon Josefsson [Sun, 25 Jul 2010 16:12:54 +0000 (18:12 +0200)] 
Generated.

15 years agoRe-add old NEWS entries.
Simon Josefsson [Sun, 25 Jul 2010 16:12:07 +0000 (18:12 +0200)] 
Re-add old NEWS entries.

15 years agoDoc fix.
Simon Josefsson [Sun, 25 Jul 2010 16:07:57 +0000 (18:07 +0200)] 
Doc fix.

15 years agoDo not trust fbase64_decode to return 0 on success.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 14:25:28 +0000 (16:25 +0200)] 
Do not trust fbase64_decode to return 0 on success.

15 years agognutls_x509_privkey_import() will fallback to gnutls_x509_privkey_import_pkcs8()...
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 14:18:20 +0000 (16:18 +0200)] 
gnutls_x509_privkey_import() will fallback to gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to decode the key.

15 years agoAdded GNUTLS_PK_DH to differentiate in the generation of parameters with PK_DSA
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 09:28:39 +0000 (11:28 +0200)] 
Added GNUTLS_PK_DH to differentiate in the generation of parameters with PK_DSA
that requires special treatment.

15 years agoCorrected wrong descriptions of security levels.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 09:10:21 +0000 (11:10 +0200)] 
Corrected wrong descriptions of security levels.

15 years agouse RSA-SHA1 as an indicator of RSA certificates.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 08:53:11 +0000 (10:53 +0200)] 
use RSA-SHA1 as an indicator of RSA certificates.

15 years agoFix DSA key values to avoid generating normal and reporting them as low.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 08:54:06 +0000 (10:54 +0200)] 
Fix DSA key values to avoid generating normal and reporting them as low.

15 years agoBetter handling of security parameters to key sizes matching (via a single table...
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 21:48:45 +0000 (23:48 +0200)] 
Better handling of security parameters to key sizes matching (via a single table). Added
functions to return the security parameter of a private key.

15 years agoSimplified documentation.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:38:31 +0000 (20:38 +0200)] 
Simplified documentation.

15 years agoFollow ECRYPT II recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:16:19 +0000 (20:16 +0200)] 
Follow ECRYPT II recommendations.

15 years agoUpdated documentation and gnutls_pk_params_t mappings to ECRYPT II recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:06:35 +0000 (20:06 +0200)] 
Updated documentation and gnutls_pk_params_t mappings to ECRYPT II recommendations.

15 years agoHMAC-MD5 deprecated according to ECRYPT II yearly report (2009-2010) recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 17:36:48 +0000 (19:36 +0200)] 
HMAC-MD5 deprecated according to ECRYPT II yearly report (2009-2010) recommendations.

15 years agoadded missing file key-subca-dsa.pem
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 06:24:28 +0000 (08:24 +0200)] 
added missing file key-subca-dsa.pem

15 years agoignore html errors otherwise make dist doesn't work.
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 17:43:43 +0000 (19:43 +0200)] 
ignore html errors otherwise make dist doesn't work.

15 years agoupdated NEWS
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 17:43:30 +0000 (19:43 +0200)] 
updated NEWS

15 years agoAdded option for certtool to print certificate public key.
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 15:20:15 +0000 (17:20 +0200)] 
Added option for certtool to print certificate public key.

16 years agoAdded SIG_RSA_MD5_OID as an indicator of RSA. Some microsoft products were using...
Nikos Mavrogiannopoulos [Wed, 21 Jul 2010 07:17:34 +0000 (09:17 +0200)] 
Added SIG_RSA_MD5_OID as an indicator of RSA. Some microsoft products were using it. Reported by Mads Kiilerich.

16 years agoAdded RSA with SHA224.
Nikos Mavrogiannopoulos [Mon, 19 Jul 2010 11:37:34 +0000 (13:37 +0200)] 
Added RSA with SHA224.

16 years agoAdded blinding to RSA decryption AND signing. Will stay there until it is moved to...
Nikos Mavrogiannopoulos [Sat, 17 Jul 2010 15:51:52 +0000 (17:51 +0200)] 
Added blinding to RSA decryption AND signing. Will stay there until it is moved to nettle itself.

16 years agofixed
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 09:57:06 +0000 (11:57 +0200)] 
fixed

16 years agoAdded support for EGD daemon in nettle's RNG. It is used if /dev/urandom
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 09:52:13 +0000 (11:52 +0200)] 
Added support for EGD daemon in nettle's RNG. It is used if /dev/urandom
is not present.

16 years agoCorrected the lowat behavior. Documented that it will be deprecated in
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 07:50:44 +0000 (09:50 +0200)] 
Corrected the lowat behavior. Documented that it will be deprecated in
later versions.

16 years agognutls-serv: Do not print CR/LF if received, but instead print LF only.
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 07:50:24 +0000 (09:50 +0200)] 
gnutls-serv: Do not print CR/LF if received, but instead print LF only.

16 years agosystem specific functions were moved to system.c
Nikos Mavrogiannopoulos [Sat, 10 Jul 2010 21:25:31 +0000 (23:25 +0200)] 
system specific functions were moved to system.c

16 years agoSupport scattered write using writev(). This takes
Nikos Mavrogiannopoulos [Sat, 10 Jul 2010 21:10:45 +0000 (23:10 +0200)] 
Support scattered write using writev(). This takes
advantage of the new buffering layer and allows queuing of packets
and flushing them. This is currently used for handshake messages
only. Performance-wise the difference of packing several TLS records
in a single write doesn't seem to offer anything over ethernet (that
my tests were on). Probably on links with higher latency there would
be a benefit.

16 years agoRemoved old reference.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 16:04:08 +0000 (18:04 +0200)] 
Removed old reference.

16 years agoex-rfc2818 is now a functional program demonstrating the verification procedure.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:55:54 +0000 (17:55 +0200)] 
ex-rfc2818 is now a functional program demonstrating the verification procedure.

16 years agoExample with export ciphersuites was removed.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:35:34 +0000 (17:35 +0200)] 
Example with export ciphersuites was removed.

16 years agocorrected typo
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:33:16 +0000 (17:33 +0200)] 
corrected typo

16 years agoUse the same "e" for RSA as libgcrypt. It's the fastest choice.
Nikos Mavrogiannopoulos [Wed, 7 Jul 2010 11:31:28 +0000 (13:31 +0200)] 
Use the same "e" for RSA as libgcrypt. It's the fastest choice.

16 years agoDo not crash if input is redirected from /dev/null.
Nikos Mavrogiannopoulos [Mon, 5 Jul 2010 06:32:00 +0000 (08:32 +0200)] 
Do not crash if input is redirected from /dev/null.

16 years agoChanged the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12
Nikos Mavrogiannopoulos [Mon, 5 Jul 2010 06:21:07 +0000 (08:21 +0200)] 
Changed the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12
cipher with the --pkcs-cipher option.

16 years agoUse double to count bytes.
Nikos Mavrogiannopoulos [Sun, 4 Jul 2010 08:48:11 +0000 (10:48 +0200)] 
Use double to count bytes.

16 years agoAdded a windows version of the RNG.
Nikos Mavrogiannopoulos [Sun, 4 Jul 2010 07:45:34 +0000 (09:45 +0200)] 
Added a windows version of the RNG.

16 years agoCorrected locking usage in nettle's random subsystem.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 23:03:47 +0000 (01:03 +0200)] 
Corrected locking usage in nettle's random subsystem.

16 years agoFixed to compile under mingw32.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 17:44:37 +0000 (19:44 +0200)] 
Fixed to compile under mingw32.

16 years agoonly warn if dlopen or pthreads are not found.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 17:20:52 +0000 (19:20 +0200)] 
only warn if dlopen or pthreads are not found.

16 years agoLocks were converted to be in align with posix locks to easier wrap around them.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 16:37:19 +0000 (18:37 +0200)] 
Locks were converted to be in align with posix locks to easier wrap around them.

16 years agoThe included pakchois will use gnutls locks and will use a portable
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 16:21:44 +0000 (18:21 +0200)] 
The included pakchois will use gnutls locks and will use a portable
dlopen() to allow compilation in win32 (untested).

16 years agoRead from /dev/urandom every 20 minutes.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 10:49:20 +0000 (12:49 +0200)] 
Read from /dev/urandom every 20 minutes.

16 years agoAdded missing files
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 10:35:00 +0000 (12:35 +0200)] 
Added missing files

16 years agoAllow encryption and decryption that are not in-place only.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 08:37:45 +0000 (10:37 +0200)] 
Allow encryption and decryption that are not in-place only.

16 years agoPrint values in a human-readable format and do the calculations in fixed
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 08:29:23 +0000 (10:29 +0200)] 
Print values in a human-readable format and do the calculations in fixed
time to prevent stalling in slow systems.

16 years agocorrected library version
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 21:26:20 +0000 (23:26 +0200)] 
corrected library version

16 years agoPIN callback supplies the token URL. The callback function in common.c
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:52:52 +0000 (19:52 +0200)] 
PIN callback supplies the token URL. The callback function in common.c
will cache PIN if requested for second time.

16 years agoReverted the SAVE_PIN approach in PIN callback. The new approach will be to provide
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:24:39 +0000 (19:24 +0200)] 
Reverted the SAVE_PIN approach in PIN callback. The new approach will be to provide
enough information for the callback to save the PIN itself.

16 years agoremoved unneeded function.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:19:18 +0000 (19:19 +0200)] 
removed unneeded function.

16 years agoMore uses of gnutls_certificate_free_ca_names
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:17:43 +0000 (19:17 +0200)] 
More uses of gnutls_certificate_free_ca_names

16 years agoDo not allow setting NULL lock functions
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:16:10 +0000 (19:16 +0200)] 
Do not allow setting NULL lock functions

16 years agocorrected lock usage.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:14:57 +0000 (19:14 +0200)] 
corrected lock usage.

16 years agobumped library version
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:14:09 +0000 (19:14 +0200)] 
bumped library version

16 years agoInclude abstract.h in releases.
Nikos Mavrogiannopoulos [Thu, 1 Jul 2010 15:05:50 +0000 (17:05 +0200)] 
Include abstract.h in releases.

16 years agoCorrectly deinitialize crypto API handles.
Nikos Mavrogiannopoulos [Wed, 30 Jun 2010 14:33:42 +0000 (16:33 +0200)] 
Correctly deinitialize crypto API handles.

16 years agocommented obscure HANDSHAKE_MAC_TYPE_10 and HANDSHAKE_MAC_TYPE_12.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 17:16:27 +0000 (19:16 +0200)] 
commented obscure HANDSHAKE_MAC_TYPE_10 and HANDSHAKE_MAC_TYPE_12.

16 years agosimplified locking code. Locking functions always exist but are dummies if no
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 16:12:44 +0000 (18:12 +0200)] 
simplified locking code. Locking functions always exist but are dummies if no
locks have been set.

16 years agoInitialization of crypto libraries moved outside main gnutls code.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 16:05:18 +0000 (18:05 +0200)] 
Initialization of crypto libraries moved outside main gnutls code.

16 years agoMoved locking code to special file.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 15:42:47 +0000 (17:42 +0200)] 
Moved locking code to special file.

16 years agoAdd pkcs11-vision rules.
Simon Josefsson [Tue, 29 Jun 2010 09:22:14 +0000 (11:22 +0200)] 
Add pkcs11-vision rules.

16 years agoGenerated.
Simon Josefsson [Tue, 29 Jun 2010 09:10:28 +0000 (11:10 +0200)] 
Generated.

16 years agoWhen copying a private key the sensitive flag can be set or not. This allows
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 19:02:02 +0000 (21:02 +0200)] 
When copying a private key the sensitive flag can be set or not. This allows
copying private keys that can be exported.

16 years agoCombined object flags. No implicit login any more. Login has to be specified with...
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 17:01:20 +0000 (19:01 +0200)] 
Combined object flags. No implicit login any more. Login has to be specified with a flag
on every call that could use it.

16 years agoIndented code.
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 16:51:29 +0000 (18:51 +0200)] 
Indented code.

16 years agoAllow flags when importing objects from PKCS11 URLs. The only flag supported
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 16:07:01 +0000 (18:07 +0200)] 
Allow flags when importing objects from PKCS11 URLs. The only flag supported
now is the PKCS11_OBJ_FLAG_LOGIN, which forces login before accessing object on
a token. The reason is that some tokens do not allow access of any data without login.

16 years agoAdded AES-128 to block ciphers.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 19:21:37 +0000 (21:21 +0200)] 
Added AES-128 to block ciphers.

16 years agoCorrected writing and reading order of security parameters.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 19:04:34 +0000 (21:04 +0200)] 
Corrected writing and reading order of security parameters.

16 years agouse 2.11.0 everywhere
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:52:07 +0000 (19:52 +0200)] 
use 2.11.0 everywhere

16 years agoAdded gnutls_global_set_mutex() to allow setting
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:22:07 +0000 (19:22 +0200)] 
Added gnutls_global_set_mutex() to allow setting
alternative locking procedures. By default the system available
locking is used. In *NIX pthreads are used and in windows the
critical section API.

As a side effect this change avoids any API dependance on libgcrypt
even if threads are used.

16 years agoModified the cacertrsamd5 short-cut. The test was checking whether
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:05:56 +0000 (19:05 +0200)] 
Modified the cacertrsamd5 short-cut. The test was checking whether
verification using a trusted insecurely signed self signed certificate
will fail against a chain that has this as intermediate. However this
test should have succeeded since the insecure certificate is trusted.

This isn't the purpose of this test however. It should have checked whether
using the same certificate as trusted and to be verified and the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
flag should return an error.

16 years agoFail on error.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 16:37:25 +0000 (18:37 +0200)] 
Fail on error.

16 years agoWhen generating private key allow usage of --pkcs-cipher flag.
Nikos Mavrogiannopoulos [Sat, 26 Jun 2010 19:51:03 +0000 (21:51 +0200)] 
When generating private key allow usage of --pkcs-cipher flag.

16 years agoMAX_SRP_USERNAME -> MAX_USERNAME_SIZE
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 16:36:22 +0000 (18:36 +0200)] 
MAX_SRP_USERNAME -> MAX_USERNAME_SIZE

16 years agoWe also require GNU make.
Simon Josefsson [Thu, 24 Jun 2010 07:47:53 +0000 (09:47 +0200)] 
We also require GNU make.

16 years agoUse silent build rules.
Simon Josefsson [Thu, 24 Jun 2010 07:27:45 +0000 (09:27 +0200)] 
Use silent build rules.

Suggested by Vincent Torri <vincent.torri@gmail.com>
in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.

16 years agoremoved OPRFI extension functions.
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 16:03:47 +0000 (18:03 +0200)] 
removed OPRFI extension functions.

16 years agoremoved OPRFI from makefile.
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 15:56:57 +0000 (17:56 +0200)] 
removed OPRFI from makefile.

16 years agoWhen verifying certificates use the same algorithm whether the DO_NOT_ALLOW_SAME
Nikos Mavrogiannopoulos [Mon, 21 Jun 2010 16:42:09 +0000 (18:42 +0200)] 
When verifying certificates use the same algorithm whether the DO_NOT_ALLOW_SAME
flag is set or not. Before we were shortening certificate list if the flag was not
set by the size of the first certificate found in the trusted list, and keep the
list intact otherwise. Now we shorten the list in the latter case as well, except
for the first certificate.

16 years agoAdded news entry for EV-certificates.
Nikos Mavrogiannopoulos [Sat, 19 Jun 2010 16:35:30 +0000 (18:35 +0200)] 
Added news entry for EV-certificates.

16 years agoCorrected some tests. Added test to check whether the %COMPAT option is
Nikos Mavrogiannopoulos [Sat, 19 Jun 2010 16:15:39 +0000 (18:15 +0200)] 
Corrected some tests. Added test to check whether the %COMPAT option is
required for this server.