]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Mon, 1 Jun 2015 08:43:46 +0000 (10:43 +0200)]
verify PKCS #7 signed data
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:41:13 +0000 (14:41 +0200)]
updated PKCS #7 code to cache signed_data
Nikos Mavrogiannopoulos [Mon, 1 Jun 2015 19:48:48 +0000 (21:48 +0200)]
When manual PKCS #11 configuration is requested don't initialize other providers
Nikos Mavrogiannopoulos [Sun, 31 May 2015 06:51:26 +0000 (08:51 +0200)]
certtool: deinitialize PKCS #7 resources
Nikos Mavrogiannopoulos [Sun, 31 May 2015 06:50:09 +0000 (08:50 +0200)]
tests: Added tests for PKCS7 cert extraction
Nikos Mavrogiannopoulos [Fri, 29 May 2015 14:37:36 +0000 (16:37 +0200)]
Revert "updated gnulib"
This reverts commit
c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c .
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:39:58 +0000 (14:39 +0200)]
silence format-signness warnings in gcc5
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:34:53 +0000 (14:34 +0200)]
updated gnulib
Nikos Mavrogiannopoulos [Tue, 26 May 2015 20:12:19 +0000 (22:12 +0200)]
Check the OID size for match when comparing for the OCSP nonce extension
Reported by Hanno Böck.
Armin Burgmeier [Sun, 24 May 2015 03:30:18 +0000 (23:30 -0400)]
gnutls_dh_get_prime_bits: return 0 if DH is not used
Before, the number of bits of a zero-length number was attempted to be
extracted, resulting in an error. The changed behaviour is consistent with
the documentation which explicitly states that 0 should be returned if no DH
key exchange was performed.
Nikos Mavrogiannopoulos [Fri, 22 May 2015 07:08:00 +0000 (09:08 +0200)]
gnutls_dh_get_group: mention that the values may include a leading zero
Nikos Mavrogiannopoulos [Thu, 21 May 2015 09:55:06 +0000 (11:55 +0200)]
gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:52:37 +0000 (10:52 +0200)]
cleanup unused variable
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:51:17 +0000 (10:51 +0200)]
corrected allocation check
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:46:26 +0000 (10:46 +0200)]
removed useless check
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:43:06 +0000 (10:43 +0200)]
document intentional fallthrough in switch
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:41:11 +0000 (10:41 +0200)]
ecc ext: check return code of _gnutls_buffer_append_data
Nikos Mavrogiannopoulos [Sun, 17 May 2015 19:11:14 +0000 (21:11 +0200)]
tests: enhance the no-signal check to include proper data sending
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:59:14 +0000 (20:59 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:57:48 +0000 (20:57 +0200)]
tests: check the operation of GNUTLS_NO_SIGNAL
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:33:48 +0000 (20:33 +0200)]
Allow the usage of MSG_NOSIGNAL in send functions
That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(),
which is available in systems that support the MSG_NOSIGNAL
flag to send(). That eases the usage of the library within
other libraries.
Resolves #11
Nikos Mavrogiannopoulos [Fri, 15 May 2015 10:03:23 +0000 (12:03 +0200)]
include nettle/memxor when needed
Nikos Mavrogiannopoulos [Fri, 15 May 2015 10:02:56 +0000 (12:02 +0200)]
gnutls-serv: send alert when wrong data have been received from client
Nikos Mavrogiannopoulos [Thu, 14 May 2015 13:32:09 +0000 (15:32 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 14 May 2015 12:00:11 +0000 (14:00 +0200)]
camellia256-gcm: corrected regression
Reported by Manuel Pegourie-Gonnard.
Nikos Mavrogiannopoulos [Mon, 11 May 2015 16:41:09 +0000 (18:41 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 6 May 2015 13:22:05 +0000 (15:22 +0200)]
doc: added section about subject alternative names
Nikos Mavrogiannopoulos [Wed, 6 May 2015 09:17:09 +0000 (11:17 +0200)]
handshake_start_time was moved out of the DTLS-specific variables
Nikos Mavrogiannopoulos [Wed, 6 May 2015 09:13:05 +0000 (11:13 +0200)]
apply default timeout for DTLS in gnutls_handshake_set_timeout
Nikos Mavrogiannopoulos [Wed, 6 May 2015 08:03:16 +0000 (10:03 +0200)]
tests: do not perform internationalized name checks without libidn
Nikos Mavrogiannopoulos [Wed, 6 May 2015 07:52:39 +0000 (09:52 +0200)]
tests: updated sign-md5-rep to reduce false failures
Nikos Mavrogiannopoulos [Tue, 5 May 2015 14:40:37 +0000 (16:40 +0200)]
tests: eliminate mem leaks in mini-loss-time
Nikos Mavrogiannopoulos [Tue, 5 May 2015 13:55:19 +0000 (15:55 +0200)]
tests: testdane: remove dane.nox.su from the list of known to be good hosts
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:43:42 +0000 (14:43 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:41:55 +0000 (14:41 +0200)]
tests: mini-loss-time enhanced to check proper timeouts in both client and server
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:35:45 +0000 (14:35 +0200)]
dtls: combined the total timeouts of DTLS and TLS handshake
That also makes the waits for packets more robust against blocking.
Nikos Mavrogiannopoulos [Tue, 5 May 2015 07:36:17 +0000 (09:36 +0200)]
define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
Nikos Mavrogiannopoulos [Tue, 5 May 2015 05:57:16 +0000 (07:57 +0200)]
doc: updated text to account for pkcs11-url standardization
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:43:40 +0000 (19:43 +0200)]
tests: mini-dtls-mtu: compile in windows
Jaak Ristioja [Mon, 4 May 2015 07:53:10 +0000 (10:53 +0300)]
doc: Fixed typo in heartbeat documentation.
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:39:52 +0000 (19:39 +0200)]
cross.mk: updated for 3.4.1
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:36:02 +0000 (19:36 +0200)]
updated abi base for 3.4
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:24:23 +0000 (19:24 +0200)]
NEWS: updated
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:09:19 +0000 (19:09 +0200)]
released 3.4.1
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 16:48:57 +0000 (18:48 +0200)]
doc: updated gnutls_dtls_set_timeouts
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:40:24 +0000 (16:40 +0200)]
doc: fixed example with DTLS timeouts
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:32:40 +0000 (16:32 +0200)]
use macro for DTLS default timeout
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:28:24 +0000 (16:28 +0200)]
gnutls_handshake_set_timeout will properly work with DTLS
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:09:22 +0000 (14:09 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:53:17 +0000 (14:53 +0200)]
document the need for gnutls_transport_set_pull_timeout_function
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:06:09 +0000 (14:06 +0200)]
doc: updated async operation text
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:53:19 +0000 (13:53 +0200)]
disable default handshake timeout
It caused issues with non-blocking TLS clients and servers
which may not want to block while the pull timeout function
waits.
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:38:26 +0000 (13:38 +0200)]
tests: added check to verify that pull timeout is not called on non-blocking sessions
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:22:34 +0000 (13:22 +0200)]
GNUTLS_NONBLOCK can be used for non-DTLS sessions as well
Nikos Mavrogiannopoulos [Wed, 29 Apr 2015 12:44:30 +0000 (14:44 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 29 Apr 2015 12:44:30 +0000 (14:44 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 14:12:13 +0000 (16:12 +0200)]
tests: key generation test was moved to main checks
This will allow to catch memory leaks with valgrind.
Jan Vcelak [Tue, 28 Apr 2015 11:50:40 +0000 (13:50 +0200)]
fix memory leak in ECDSA key parameters verification
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:30:35 +0000 (14:30 +0200)]
updated minitasn1
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:29:41 +0000 (14:29 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:26:57 +0000 (14:26 +0200)]
Handle DNS name constraints with leading dot
Patch by Fotis Loukos.
Resolves 3
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 07:02:12 +0000 (09:02 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 27 Apr 2015 07:16:42 +0000 (09:16 +0200)]
updated text for gnutls_pkcs11_init
Nikos Mavrogiannopoulos [Mon, 27 Apr 2015 07:08:10 +0000 (09:08 +0200)]
updated pkcs11 loading documentation
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:31:12 +0000 (08:31 +0200)]
tests: mini-etm: use TLS as the transport layer
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:29:19 +0000 (08:29 +0200)]
tests: added comment for sign-md5-rep
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:11:17 +0000 (08:11 +0200)]
more files to ignore
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 22:04:13 +0000 (00:04 +0200)]
Sync with TP.
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 19:23:38 +0000 (21:23 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 18:00:04 +0000 (20:00 +0200)]
tests: added reproducer for the MD5 acceptance issue
Reported by Karthikeyan Bhargavan.
http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 17:34:34 +0000 (19:34 +0200)]
before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 17:14:07 +0000 (19:14 +0200)]
_gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:28:57 +0000 (09:28 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:13:04 +0000 (09:13 +0200)]
tests: added unit tests for gnutls_certificate_client_get_request_status
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:12:04 +0000 (09:12 +0200)]
set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate
That allows gnutls_certificate_client_get_request_status() to be properly operating
from the callback. Reported by Anton Lavrentiev.
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:10:15 +0000 (09:10 +0200)]
updated doc for retrieve function
Nikos Mavrogiannopoulos [Fri, 24 Apr 2015 14:04:44 +0000 (16:04 +0200)]
updated PKCS #11 URL references to rfc7512
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 12:00:45 +0000 (14:00 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:54:18 +0000 (13:54 +0200)]
tests: added check for gnutls_credentials_get
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:49:10 +0000 (13:49 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:41:17 +0000 (13:41 +0200)]
fixed doc: reported by Anton Lavrentiev
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 09:33:34 +0000 (11:33 +0200)]
doc: corrected typo
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 20:08:56 +0000 (22:08 +0200)]
tests: resume-dtls: remove global variables
Andreas Metzler [Tue, 21 Apr 2015 17:18:00 +0000 (19:18 +0200)]
List all certificate type priority strings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 19 Apr 2015 19:23:21 +0000 (21:23 +0200)]
tls-rsa: keep a common code path when doing RSA decryption
Suggested by Nimrod Aviram.
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:20:38 +0000 (15:20 +0200)]
tests: initialize status where needed
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:18:11 +0000 (15:18 +0200)]
tests: cleanup openpgp-auth2
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:17:38 +0000 (15:17 +0200)]
tests: cleanup mini-dtls-rehandshake
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 11:46:36 +0000 (13:46 +0200)]
tests: resume: check for signals
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:42:50 +0000 (10:42 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:40:41 +0000 (10:40 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:36:07 +0000 (10:36 +0200)]
tests: reduced compiler warnings
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:07:30 +0000 (10:07 +0200)]
tests: verify the return value of gnutls_certificate_get_ours when no cert is sent
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:07:11 +0000 (10:07 +0200)]
tests: close unused file descriptors in resume checks
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 21:39:08 +0000 (23:39 +0200)]
libopts: fixed the reading of the --enable-local-libopts flag
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:51:20 +0000 (17:51 +0200)]
gnutls-cli: when no certificate is sent, notify the user
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:45:33 +0000 (17:45 +0200)]
tests: added check with X.509 certificates and callbacks
That corresponds to functionality checked in openpgp-callback.c
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:38:10 +0000 (17:38 +0200)]
tests: added check for gnutls_certificate_get_ours() when used in combination with callbacks
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:46:34 +0000 (16:46 +0200)]
tests: improved x509dn check
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:43:51 +0000 (16:43 +0200)]
gnutls_certificate_get_ours: will return the certificate even if a callback was used
This corrects a bug where this function would not work, when
gnutls_certificate_set_retrieve_function2() was used.