]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
11 years agoverify PKCS #7 signed data
Nikos Mavrogiannopoulos [Mon, 1 Jun 2015 08:43:46 +0000 (10:43 +0200)] 
verify PKCS #7 signed data

11 years agoupdated PKCS #7 code to cache signed_data
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:41:13 +0000 (14:41 +0200)] 
updated PKCS #7 code to cache signed_data

11 years agoWhen manual PKCS #11 configuration is requested don't initialize other providers
Nikos Mavrogiannopoulos [Mon, 1 Jun 2015 19:48:48 +0000 (21:48 +0200)] 
When manual PKCS #11 configuration is requested don't initialize other providers

11 years agocerttool: deinitialize PKCS #7 resources
Nikos Mavrogiannopoulos [Sun, 31 May 2015 06:51:26 +0000 (08:51 +0200)] 
certtool: deinitialize PKCS #7 resources

11 years agotests: Added tests for PKCS7 cert extraction
Nikos Mavrogiannopoulos [Sun, 31 May 2015 06:50:09 +0000 (08:50 +0200)] 
tests: Added tests for PKCS7 cert extraction

11 years agoRevert "updated gnulib"
Nikos Mavrogiannopoulos [Fri, 29 May 2015 14:37:36 +0000 (16:37 +0200)] 
Revert "updated gnulib"

This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.

11 years agosilence format-signness warnings in gcc5
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:39:58 +0000 (14:39 +0200)] 
silence format-signness warnings in gcc5

11 years agoupdated gnulib
Nikos Mavrogiannopoulos [Fri, 29 May 2015 12:34:53 +0000 (14:34 +0200)] 
updated gnulib

11 years agoCheck the OID size for match when comparing for the OCSP nonce extension
Nikos Mavrogiannopoulos [Tue, 26 May 2015 20:12:19 +0000 (22:12 +0200)] 
Check the OID size for match when comparing for the OCSP nonce extension

Reported by Hanno Böck.

11 years agognutls_dh_get_prime_bits: return 0 if DH is not used
Armin Burgmeier [Sun, 24 May 2015 03:30:18 +0000 (23:30 -0400)] 
gnutls_dh_get_prime_bits: return 0 if DH is not used

Before, the number of bits of a zero-length number was attempted to be
extracted, resulting in an error. The changed behaviour is consistent with
the documentation which explicitly states that 0 should be returned if no DH
key exchange was performed.

11 years agognutls_dh_get_group: mention that the values may include a leading zero
Nikos Mavrogiannopoulos [Fri, 22 May 2015 07:08:00 +0000 (09:08 +0200)] 
gnutls_dh_get_group: mention that the values may include a leading zero

11 years agognutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits...
Nikos Mavrogiannopoulos [Thu, 21 May 2015 09:55:06 +0000 (11:55 +0200)] 
gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less

11 years agocleanup unused variable
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:52:37 +0000 (10:52 +0200)] 
cleanup unused variable

11 years agocorrected allocation check
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:51:17 +0000 (10:51 +0200)] 
corrected allocation check

11 years agoremoved useless check
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:46:26 +0000 (10:46 +0200)] 
removed useless check

11 years agodocument intentional fallthrough in switch
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:43:06 +0000 (10:43 +0200)] 
document intentional fallthrough in switch

11 years agoecc ext: check return code of _gnutls_buffer_append_data
Nikos Mavrogiannopoulos [Thu, 21 May 2015 08:41:11 +0000 (10:41 +0200)] 
ecc ext: check return code of _gnutls_buffer_append_data

11 years agotests: enhance the no-signal check to include proper data sending
Nikos Mavrogiannopoulos [Sun, 17 May 2015 19:11:14 +0000 (21:11 +0200)] 
tests: enhance the no-signal check to include proper data sending

11 years agodoc update
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:59:14 +0000 (20:59 +0200)] 
doc update

11 years agotests: check the operation of GNUTLS_NO_SIGNAL
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:57:48 +0000 (20:57 +0200)] 
tests: check the operation of GNUTLS_NO_SIGNAL

11 years agoAllow the usage of MSG_NOSIGNAL in send functions
Nikos Mavrogiannopoulos [Sun, 17 May 2015 18:33:48 +0000 (20:33 +0200)] 
Allow the usage of MSG_NOSIGNAL in send functions

That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(),
which is available in systems that support the MSG_NOSIGNAL
flag to send(). That eases the usage of the library within
other libraries.
Resolves #11

11 years agoinclude nettle/memxor when needed
Nikos Mavrogiannopoulos [Fri, 15 May 2015 10:03:23 +0000 (12:03 +0200)] 
include nettle/memxor when needed

11 years agognutls-serv: send alert when wrong data have been received from client
Nikos Mavrogiannopoulos [Fri, 15 May 2015 10:02:56 +0000 (12:02 +0200)] 
gnutls-serv: send alert when wrong data have been received from client

11 years agodoc update
Nikos Mavrogiannopoulos [Thu, 14 May 2015 13:32:09 +0000 (15:32 +0200)] 
doc update

11 years agocamellia256-gcm: corrected regression
Nikos Mavrogiannopoulos [Thu, 14 May 2015 12:00:11 +0000 (14:00 +0200)] 
camellia256-gcm: corrected regression

Reported by Manuel Pegourie-Gonnard.

11 years agodoc update
Nikos Mavrogiannopoulos [Mon, 11 May 2015 16:41:09 +0000 (18:41 +0200)] 
doc update

11 years agodoc: added section about subject alternative names
Nikos Mavrogiannopoulos [Wed, 6 May 2015 13:22:05 +0000 (15:22 +0200)] 
doc: added section about subject alternative names

11 years agohandshake_start_time was moved out of the DTLS-specific variables
Nikos Mavrogiannopoulos [Wed, 6 May 2015 09:17:09 +0000 (11:17 +0200)] 
handshake_start_time was moved out of the DTLS-specific variables

11 years agoapply default timeout for DTLS in gnutls_handshake_set_timeout
Nikos Mavrogiannopoulos [Wed, 6 May 2015 09:13:05 +0000 (11:13 +0200)] 
apply default timeout for DTLS in gnutls_handshake_set_timeout

11 years agotests: do not perform internationalized name checks without libidn
Nikos Mavrogiannopoulos [Wed, 6 May 2015 08:03:16 +0000 (10:03 +0200)] 
tests: do not perform internationalized name checks without libidn

11 years agotests: updated sign-md5-rep to reduce false failures
Nikos Mavrogiannopoulos [Wed, 6 May 2015 07:52:39 +0000 (09:52 +0200)] 
tests: updated sign-md5-rep to reduce false failures

11 years agotests: eliminate mem leaks in mini-loss-time
Nikos Mavrogiannopoulos [Tue, 5 May 2015 14:40:37 +0000 (16:40 +0200)] 
tests: eliminate mem leaks in mini-loss-time

11 years agotests: testdane: remove dane.nox.su from the list of known to be good hosts
Nikos Mavrogiannopoulos [Tue, 5 May 2015 13:55:19 +0000 (15:55 +0200)] 
tests: testdane: remove dane.nox.su from the list of known to be good hosts

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:43:42 +0000 (14:43 +0200)] 
doc update

11 years agotests: mini-loss-time enhanced to check proper timeouts in both client and server
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:41:55 +0000 (14:41 +0200)] 
tests: mini-loss-time enhanced to check proper timeouts in both client and server

11 years agodtls: combined the total timeouts of DTLS and TLS handshake
Nikos Mavrogiannopoulos [Tue, 5 May 2015 12:35:45 +0000 (14:35 +0200)] 
dtls: combined the total timeouts of DTLS and TLS handshake

That also makes the waits for packets more robust against blocking.

11 years agodefine GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
Nikos Mavrogiannopoulos [Tue, 5 May 2015 07:36:17 +0000 (09:36 +0200)] 
define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA

11 years agodoc: updated text to account for pkcs11-url standardization
Nikos Mavrogiannopoulos [Tue, 5 May 2015 05:57:16 +0000 (07:57 +0200)] 
doc: updated text to account for pkcs11-url standardization

11 years agotests: mini-dtls-mtu: compile in windows
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:43:40 +0000 (19:43 +0200)] 
tests: mini-dtls-mtu: compile in windows

11 years agodoc: Fixed typo in heartbeat documentation.
Jaak Ristioja [Mon, 4 May 2015 07:53:10 +0000 (10:53 +0300)] 
doc: Fixed typo in heartbeat documentation.

11 years agocross.mk: updated for 3.4.1
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:39:52 +0000 (19:39 +0200)] 
cross.mk: updated for 3.4.1

11 years agoupdated abi base for 3.4
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:36:02 +0000 (19:36 +0200)] 
updated abi base for 3.4

11 years agoNEWS: updated gnutls_3_4_1
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:24:23 +0000 (19:24 +0200)] 
NEWS: updated

11 years agoreleased 3.4.1
Nikos Mavrogiannopoulos [Sun, 3 May 2015 17:09:19 +0000 (19:09 +0200)] 
released 3.4.1

11 years agodoc: updated gnutls_dtls_set_timeouts
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 16:48:57 +0000 (18:48 +0200)] 
doc: updated gnutls_dtls_set_timeouts

11 years agodoc: fixed example with DTLS timeouts
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:40:24 +0000 (16:40 +0200)] 
doc: fixed example with DTLS timeouts

11 years agouse macro for DTLS default timeout
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:32:40 +0000 (16:32 +0200)] 
use macro for DTLS default timeout

11 years agognutls_handshake_set_timeout will properly work with DTLS
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 14:28:24 +0000 (16:28 +0200)] 
gnutls_handshake_set_timeout will properly work with DTLS

11 years agodoc update
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:09:22 +0000 (14:09 +0200)] 
doc update

11 years agodocument the need for gnutls_transport_set_pull_timeout_function
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:53:17 +0000 (14:53 +0200)] 
document the need for gnutls_transport_set_pull_timeout_function

11 years agodoc: updated async operation text
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 12:06:09 +0000 (14:06 +0200)] 
doc: updated async operation text

11 years agodisable default handshake timeout
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:53:19 +0000 (13:53 +0200)] 
disable default handshake timeout

It caused issues with non-blocking TLS clients and servers
which may not want to block while the pull timeout function
waits.

11 years agotests: added check to verify that pull timeout is not called on non-blocking sessions
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:38:26 +0000 (13:38 +0200)] 
tests: added check to verify that pull timeout is not called on non-blocking sessions

11 years agoGNUTLS_NONBLOCK can be used for non-DTLS sessions as well
Nikos Mavrogiannopoulos [Thu, 30 Apr 2015 11:22:34 +0000 (13:22 +0200)] 
GNUTLS_NONBLOCK can be used for non-DTLS sessions as well

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Apr 2015 12:44:30 +0000 (14:44 +0200)] 
doc update

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Apr 2015 12:44:30 +0000 (14:44 +0200)] 
doc update

11 years agotests: key generation test was moved to main checks
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 14:12:13 +0000 (16:12 +0200)] 
tests: key generation test was moved to main checks

This will allow to catch memory leaks with valgrind.

11 years agofix memory leak in ECDSA key parameters verification
Jan Vcelak [Tue, 28 Apr 2015 11:50:40 +0000 (13:50 +0200)] 
fix memory leak in ECDSA key parameters verification

Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
11 years agoupdated minitasn1
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:30:35 +0000 (14:30 +0200)] 
updated minitasn1

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:29:41 +0000 (14:29 +0200)] 
doc update

11 years agoHandle DNS name constraints with leading dot
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 12:26:57 +0000 (14:26 +0200)] 
Handle DNS name constraints with leading dot

Patch by Fotis Loukos.
Resolves 3

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Apr 2015 07:02:12 +0000 (09:02 +0200)] 
doc update

11 years agoupdated text for gnutls_pkcs11_init
Nikos Mavrogiannopoulos [Mon, 27 Apr 2015 07:16:42 +0000 (09:16 +0200)] 
updated text for gnutls_pkcs11_init

11 years agoupdated pkcs11 loading documentation
Nikos Mavrogiannopoulos [Mon, 27 Apr 2015 07:08:10 +0000 (09:08 +0200)] 
updated pkcs11 loading documentation

11 years agotests: mini-etm: use TLS as the transport layer
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:31:12 +0000 (08:31 +0200)] 
tests: mini-etm: use TLS as the transport layer

11 years agotests: added comment for sign-md5-rep
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:29:19 +0000 (08:29 +0200)] 
tests: added comment for sign-md5-rep

11 years agomore files to ignore
Nikos Mavrogiannopoulos [Sun, 26 Apr 2015 06:11:17 +0000 (08:11 +0200)] 
more files to ignore

11 years agoSync with TP.
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 22:04:13 +0000 (00:04 +0200)] 
Sync with TP.

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 19:23:38 +0000 (21:23 +0200)] 
doc update

11 years agotests: added reproducer for the MD5 acceptance issue
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 18:00:04 +0000 (20:00 +0200)] 
tests: added reproducer for the MD5 acceptance issue

Reported by Karthikeyan Bhargavan.
http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

11 years agobefore falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 17:34:34 +0000 (19:34 +0200)] 
before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled

11 years ago_gnutls_session_sign_algo_enabled: do not consider any values from the extension...
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 17:14:07 +0000 (19:14 +0200)] 
_gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:28:57 +0000 (09:28 +0200)] 
doc update

11 years agotests: added unit tests for gnutls_certificate_client_get_request_status
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:13:04 +0000 (09:13 +0200)] 
tests: added unit tests for gnutls_certificate_client_get_request_status

11 years agoset the value used by gnutls_certificate_client_get_request_status prior to selecting...
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:12:04 +0000 (09:12 +0200)] 
set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate

That allows gnutls_certificate_client_get_request_status() to be properly operating
from the callback. Reported by Anton Lavrentiev.

11 years agoupdated doc for retrieve function
Nikos Mavrogiannopoulos [Sat, 25 Apr 2015 07:10:15 +0000 (09:10 +0200)] 
updated doc for retrieve function

11 years agoupdated PKCS #11 URL references to rfc7512
Nikos Mavrogiannopoulos [Fri, 24 Apr 2015 14:04:44 +0000 (16:04 +0200)] 
updated PKCS #11 URL references to rfc7512

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 12:00:45 +0000 (14:00 +0200)] 
doc update

11 years agotests: added check for gnutls_credentials_get
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:54:18 +0000 (13:54 +0200)] 
tests: added check for gnutls_credentials_get

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:49:10 +0000 (13:49 +0200)] 
doc update

11 years agofixed doc: reported by Anton Lavrentiev
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 11:41:17 +0000 (13:41 +0200)] 
fixed doc: reported by Anton Lavrentiev

11 years agodoc: corrected typo
Nikos Mavrogiannopoulos [Wed, 22 Apr 2015 09:33:34 +0000 (11:33 +0200)] 
doc: corrected typo

11 years agotests: resume-dtls: remove global variables
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 20:08:56 +0000 (22:08 +0200)] 
tests: resume-dtls: remove global variables

11 years agoList all certificate type priority strings.
Andreas Metzler [Tue, 21 Apr 2015 17:18:00 +0000 (19:18 +0200)] 
List all certificate type priority strings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years agotls-rsa: keep a common code path when doing RSA decryption
Nikos Mavrogiannopoulos [Sun, 19 Apr 2015 19:23:21 +0000 (21:23 +0200)] 
tls-rsa: keep a common code path when doing RSA decryption

Suggested by Nimrod Aviram.

11 years agotests: initialize status where needed
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:20:38 +0000 (15:20 +0200)] 
tests: initialize status where needed

11 years agotests: cleanup openpgp-auth2
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:18:11 +0000 (15:18 +0200)] 
tests: cleanup openpgp-auth2

11 years agotests: cleanup mini-dtls-rehandshake
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 13:17:38 +0000 (15:17 +0200)] 
tests: cleanup mini-dtls-rehandshake

11 years agotests: resume: check for signals
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 11:46:36 +0000 (13:46 +0200)] 
tests: resume: check for signals

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:42:50 +0000 (10:42 +0200)] 
doc update

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:40:41 +0000 (10:40 +0200)] 
doc update

11 years agotests: reduced compiler warnings
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:36:07 +0000 (10:36 +0200)] 
tests: reduced compiler warnings

11 years agotests: verify the return value of gnutls_certificate_get_ours when no cert is sent
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:07:30 +0000 (10:07 +0200)] 
tests: verify the return value of gnutls_certificate_get_ours when no cert is sent

11 years agotests: close unused file descriptors in resume checks
Nikos Mavrogiannopoulos [Tue, 21 Apr 2015 08:07:11 +0000 (10:07 +0200)] 
tests: close unused file descriptors in resume checks

11 years agolibopts: fixed the reading of the --enable-local-libopts flag
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 21:39:08 +0000 (23:39 +0200)] 
libopts: fixed the reading of the --enable-local-libopts flag

11 years agognutls-cli: when no certificate is sent, notify the user
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:51:20 +0000 (17:51 +0200)] 
gnutls-cli: when no certificate is sent, notify the user

11 years agotests: added check with X.509 certificates and callbacks
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:45:33 +0000 (17:45 +0200)] 
tests: added check with X.509 certificates and callbacks

That corresponds to functionality checked in openpgp-callback.c

11 years agotests: added check for gnutls_certificate_get_ours() when used in combination with...
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 15:38:10 +0000 (17:38 +0200)] 
tests: added check for gnutls_certificate_get_ours() when used in combination with callbacks

11 years agotests: improved x509dn check
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:46:34 +0000 (16:46 +0200)] 
tests: improved x509dn check

11 years agognutls_certificate_get_ours: will return the certificate even if a callback was used
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:43:51 +0000 (16:43 +0200)] 
gnutls_certificate_get_ours: will return the certificate even if a callback was used

This corrects a bug where this function would not work, when
gnutls_certificate_set_retrieve_function2() was used.