]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:31:55 +0000 (16:31 +0200)]
gnutls-cli: when a certificate is specified require the corresponding private key
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 14:25:21 +0000 (16:25 +0200)]
ensure that the X.509 version number is one byte only
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 12:04:37 +0000 (14:04 +0200)]
Check for invalid length in the X.509 version field
If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 11:57:31 +0000 (13:57 +0200)]
ocsp: initialize certs to NULL
Nikos Mavrogiannopoulos [Mon, 20 Apr 2015 10:45:56 +0000 (12:45 +0200)]
gnutls-serv: print when the peer's certificate is not verified
Nikos Mavrogiannopoulos [Sun, 19 Apr 2015 07:42:05 +0000 (09:42 +0200)]
Sync with TP.
Tim Kosse [Sat, 18 Apr 2015 09:38:57 +0000 (11:38 +0200)]
ncrypt.h lacks some defines with some versions of MinGW.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 19 Apr 2015 07:19:22 +0000 (09:19 +0200)]
updated auto-generated files
Tim Kosse [Sat, 18 Apr 2015 09:38:56 +0000 (11:38 +0200)]
Fix a preprocessor warning about mismatched quotes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Tim Kosse [Sat, 18 Apr 2015 09:38:55 +0000 (11:38 +0200)]
Set _WIN32_WINNT to 0x600, at least with some MinGW versions ncrypt.h checks this define to be at least 0x600.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Tim Kosse [Sat, 18 Apr 2015 09:38:54 +0000 (11:38 +0200)]
Fix include order, include gnutls_int.h before gnutls.h, otherwise undefined external references to gnutls_free and gnutls_strdup are the result when statically linking against GnuTLS built by MinGW.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Thu, 16 Apr 2015 16:36:32 +0000 (19:36 +0300)]
gnutls-cli: removed CCM from the ciphers tested with the old API
That prevents a crash of the benchmark. Reported by James Cloos.
Nikos Mavrogiannopoulos [Thu, 16 Apr 2015 16:24:46 +0000 (19:24 +0300)]
refuse to use the old cipher API with AEAD-only ciphers
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 21:16:22 +0000 (00:16 +0300)]
tests: ignore sigpipe in resume and termination tests
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 17:05:59 +0000 (20:05 +0300)]
doc: added error check in example
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 17:03:06 +0000 (20:03 +0300)]
doc update
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 13:00:53 +0000 (16:00 +0300)]
doc: removed stray @end
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:53:39 +0000 (11:53 +0300)]
doc update
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:49:26 +0000 (11:49 +0300)]
doc update
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:48:21 +0000 (11:48 +0300)]
x509: when printing the keyid of a certificate use the curve name for randomart
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:47:39 +0000 (11:47 +0300)]
gnutls_x509_crt_get_pk_* are based on gnutls_pubkey_export_*
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:45:08 +0000 (11:45 +0300)]
gnutls_pubkey_export_* are tolerable in null input
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:41:54 +0000 (11:41 +0300)]
Added gnutls_x509_crt_get_pk_ecc_raw()
Nikos Mavrogiannopoulos [Wed, 15 Apr 2015 08:24:01 +0000 (11:24 +0300)]
randomart: corrected usage of snprintf
Nikos Mavrogiannopoulos [Tue, 14 Apr 2015 19:11:14 +0000 (22:11 +0300)]
certtool: when generating an ECDSA key use the curve name in random art
Nikos Mavrogiannopoulos [Tue, 14 Apr 2015 19:08:18 +0000 (22:08 +0300)]
randomart: only print key size if it is non-zero
Nikos Mavrogiannopoulos [Tue, 14 Apr 2015 19:01:29 +0000 (22:01 +0300)]
cross.mk: updated for 3.4.0
Nikos Mavrogiannopoulos [Tue, 14 Apr 2015 18:33:19 +0000 (21:33 +0300)]
Remove SOCK_CLOEXEC from socket() call.
That allows compilation in systems where this
flag doesn't exist.
Resolves #7
Nikos Mavrogiannopoulos [Tue, 14 Apr 2015 13:06:39 +0000 (16:06 +0300)]
document the recommended re-handshake process
Nikos Mavrogiannopoulos [Thu, 9 Apr 2015 14:00:43 +0000 (16:00 +0200)]
remove duplicate entries from manpages Makefile
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 15:08:07 +0000 (17:08 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 15:07:11 +0000 (17:07 +0200)]
tests: enhanced cert tests with SHA256 key IDs
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 14:56:44 +0000 (16:56 +0200)]
certtool: modified to allow different key ID algorithms
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 14:48:46 +0000 (16:48 +0200)]
Added flags which modify the algorithm used for key ID calculation
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 14:33:47 +0000 (16:33 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 14:18:37 +0000 (16:18 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 14:16:42 +0000 (16:16 +0200)]
gnutls_record_discard_queued() is both for TLS and DTLS
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:59:54 +0000 (08:59 +0200)]
document the new crypto register functions
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:53:39 +0000 (08:53 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:49:45 +0000 (08:49 +0200)]
doc: avoid spaces in showfunc
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:15:24 +0000 (08:15 +0200)]
tests: added files into dist
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:08:14 +0000 (08:08 +0200)]
configure: ask for nettle 3.1
Nikos Mavrogiannopoulos [Wed, 8 Apr 2015 06:06:52 +0000 (08:06 +0200)]
released 3.4.0
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 21:28:06 +0000 (23:28 +0200)]
gnutls-cli: document the method to override the detected ciphers
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 21:21:23 +0000 (23:21 +0200)]
fixed AESNI CCM encryption
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 21:14:48 +0000 (23:14 +0200)]
cleanups in CCM-aesni
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 20:28:29 +0000 (22:28 +0200)]
tests: test CCM-8 against polarssl
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 20:21:45 +0000 (22:21 +0200)]
gnutls-cli-debug: test for AES-CCM
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 20:10:43 +0000 (22:10 +0200)]
doc: added 'git submodule update' to clone steps
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 20:00:17 +0000 (22:00 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 19:38:11 +0000 (21:38 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 18:24:10 +0000 (20:24 +0200)]
removed unused functions
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 14:03:16 +0000 (16:03 +0200)]
extend the fallback to setkey in addition to init
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 13:50:23 +0000 (15:50 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 13:48:41 +0000 (15:48 +0200)]
tests: verify the behavior of GNUTLS_E_NEED_FALLBACK
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 13:39:18 +0000 (15:39 +0200)]
introduced GNUTLS_E_NEED_FALLBACK to allow falling back from registered ciphers
That allows a registered cipher to indicate that it cannot operate
(e.g., due to memory constraints, or internal limits), and gnutls should
proceed with the default algorithms.
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:53:54 +0000 (10:53 +0200)]
ciphersuites: moved CCM ciphersuites in the appropriate ifdefs
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:51:25 +0000 (10:51 +0200)]
tests: ciphersuite test will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8
That is because the names in rfc6655 are for some reason different
than the expected.
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:47:00 +0000 (10:47 +0200)]
document CCM and CCM-8
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:44:02 +0000 (10:44 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:42:36 +0000 (10:42 +0200)]
tests: added CCM and CCM_8 into ciphersuite tests
Nikos Mavrogiannopoulos [Tue, 7 Apr 2015 08:31:23 +0000 (10:31 +0200)]
Added CCM-8 ciphersuites
Nikos Mavrogiannopoulos [Mon, 6 Apr 2015 17:14:31 +0000 (19:14 +0200)]
updated announce text
Nikos Mavrogiannopoulos [Mon, 6 Apr 2015 08:49:15 +0000 (10:49 +0200)]
symbols: added the new supplemental functions
Nikos Mavrogiannopoulos [Mon, 6 Apr 2015 08:08:16 +0000 (10:08 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 5 Apr 2015 18:43:18 +0000 (20:43 +0200)]
tests: delay tests that depend on timing when they fail
That often prevents failures on busy systems.
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 16:31:28 +0000 (18:31 +0200)]
don't enforce iv_size > block_size; it is no longer true for all ciphers
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 13:10:26 +0000 (15:10 +0200)]
simplified calc_enc_length_stream
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 12:49:03 +0000 (14:49 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 12:29:58 +0000 (14:29 +0200)]
tests: updated supplemental API
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 10:42:21 +0000 (12:42 +0200)]
gnutls_ext_register will fail on double registration
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 10:37:38 +0000 (12:37 +0200)]
gnutls_supplemental_register will fail on double registration
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 10:05:40 +0000 (12:05 +0200)]
symbols: added new exported functions
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 10:04:34 +0000 (12:04 +0200)]
doc: updated makefiles to include new functions
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 10:03:37 +0000 (12:03 +0200)]
libgnutls.map: remove gnutls_record_set_max_empty_records
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 09:54:03 +0000 (11:54 +0200)]
account for the renamed gnutls_supplemental_recv/send
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 09:50:54 +0000 (11:50 +0200)]
document the export supplemental data API
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 09:45:28 +0000 (11:45 +0200)]
gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send
Also added the gnutls_ prefix to new types.
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 09:34:55 +0000 (11:34 +0200)]
Added documentation for gnutls_do_send/recv_supplemental
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 08:30:56 +0000 (10:30 +0200)]
doc updates
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 07:43:16 +0000 (09:43 +0200)]
the base64 xxx_alloc functions were renamed to xxx2
That brings them in par with the rest of the allocation
functions.
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 07:36:34 +0000 (09:36 +0200)]
p11tool: use the key usage flags to set PKCS #11 properties
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 07:31:00 +0000 (09:31 +0200)]
pkcs11: use key_usage to set the appropriate flags
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 06:53:33 +0000 (08:53 +0200)]
cleanups in supplemental data support
Nikos Mavrogiannopoulos [Sat, 4 Apr 2015 05:36:47 +0000 (07:36 +0200)]
DH: do not warn on zero q_bits
Nikos Mavrogiannopoulos [Fri, 3 Apr 2015 20:52:17 +0000 (22:52 +0200)]
NEWS: rearrange entries
Nikos Mavrogiannopoulos [Fri, 3 Apr 2015 20:35:24 +0000 (22:35 +0200)]
certtool: certtool --generate-dh-params will account for --outder
Resolves #5
Nikos Mavrogiannopoulos [Thu, 2 Apr 2015 13:30:20 +0000 (15:30 +0200)]
chacha20-poly1305: ciphersuite numbers correspond to the latest draft
Nikos Mavrogiannopoulos [Thu, 2 Apr 2015 13:27:51 +0000 (15:27 +0200)]
p11tool: improved output message
Nikos Mavrogiannopoulos [Thu, 2 Apr 2015 10:54:45 +0000 (12:54 +0200)]
removed unecessary warning
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 17:08:33 +0000 (19:08 +0200)]
doc update: account for new functions
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 16:42:13 +0000 (18:42 +0200)]
p11tool: better output text
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 16:40:47 +0000 (18:40 +0200)]
pkcs11: added GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY
Also enforce the expected flags despite any given flags
in the URL.
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 16:29:08 +0000 (18:29 +0200)]
p11tool: added the --test-sign parameter
That allows to check an existing key for signing/verification.
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 14:52:48 +0000 (16:52 +0200)]
gnutls_priv/pubkey_import_url replace: gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 14:02:02 +0000 (16:02 +0200)]
certtool: corrected import of pubkey in DER format
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 08:50:08 +0000 (10:50 +0200)]
tests: added check for EtM negotiation
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 08:42:28 +0000 (10:42 +0200)]
only send EtM extension if we have CBC ciphersuites
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 08:04:54 +0000 (10:04 +0200)]
mention gnutls_privkey_sign_raw_data in upgrade section
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 07:55:09 +0000 (09:55 +0200)]
gnutls_privkey_sign_raw_data: converted to macro over gnutls_privkey_sign_hash