]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 19:22:35 +0000 (20:22 +0100)]
tests: added leak check for gnutls_set_x509_key_mem2()
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 18:16:42 +0000 (19:16 +0100)]
documented the limitations of the loading functions
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 17:54:28 +0000 (18:54 +0100)]
corrected memleak in read_key_mem()
Patch by Georg Richter.
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 12:27:09 +0000 (13:27 +0100)]
gnutls-cli-debug: Added check for sorted certificate chain
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 09:40:24 +0000 (10:40 +0100)]
do not allow the resumption of a session which switches the state of ext_master_secret
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 21:23:55 +0000 (22:23 +0100)]
tests: run rfc2253-escape-test under valgrind
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 18:43:44 +0000 (19:43 +0100)]
tests: enhanced custom-url check
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 18:43:01 +0000 (19:43 +0100)]
sanitize URLs at the proper place
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 18:42:43 +0000 (19:42 +0100)]
corrected freeing of custom URL
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 12:03:50 +0000 (13:03 +0100)]
doc update
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 11:43:27 +0000 (12:43 +0100)]
Added memxor_different_alignment into suppressions
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 11:36:22 +0000 (12:36 +0100)]
Allow the construction of chains with custom URLs
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 10:04:47 +0000 (11:04 +0100)]
updated ignored files
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 10:04:15 +0000 (11:04 +0100)]
renamed systemkey-tool to systemkey, and don't install it by default
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 09:51:30 +0000 (10:51 +0100)]
doc update
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 09:49:59 +0000 (10:49 +0100)]
tests: added check for registration of custom URLs
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 09:49:32 +0000 (10:49 +0100)]
export gnutls_register_custom_url
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 09:48:56 +0000 (10:48 +0100)]
correctly handle non-pkcs11 URLs in read_cert_url
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 08:30:29 +0000 (09:30 +0100)]
more files to ignore
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 08:11:38 +0000 (09:11 +0100)]
Added the ability to register application specific URLs for keys and certs
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 07:47:41 +0000 (08:47 +0100)]
system-keys-win: use macros for the URL
Nikos Mavrogiannopoulos [Sat, 22 Nov 2014 09:49:52 +0000 (10:49 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 19:42:21 +0000 (20:42 +0100)]
tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 19:18:08 +0000 (20:18 +0100)]
treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete
This corrects a regression introduced in
b5a0de2e6da98866cafb770c3141b7353d030ab2
Reported by Dan Winship. https://savannah.gnu.org/support/?108690
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 15:48:45 +0000 (16:48 +0100)]
removed old news
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 15:10:33 +0000 (16:10 +0100)]
The record version in the client Hello will be set to the lowest supported protocol
There should have been no harm in keeping it SSL 3.0 but
unfortunately in draft-thomson-sslv3-diediedie-00
it has been marked as MUST NOT do that. That will be fixed in a later
revision but since then there are servers not accepting SSL 3.0
as a valid record version (note that this is about the record
version, which describes the format of the packet, nothing to
do with the negotiated version).
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:41:25 +0000 (15:41 +0100)]
Revert "The priority modifier %LATEST_RECORD_VERSION is now the default"
This reverts commit
66c419cc6336ea9a2747574588ffee77458b838f .
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:02:40 +0000 (15:02 +0100)]
deinitialize the OCSP response der data
That also makes sure that reinitialization of ASN1 structures
are done when it is required only.
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 13:48:50 +0000 (14:48 +0100)]
gnutls_priority_string_list: allow printing the special keywords as well.
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 13:18:15 +0000 (14:18 +0100)]
simplified code involving getrandom() and getentropy()
Nikos Mavrogiannopoulos [Thu, 20 Nov 2014 09:36:23 +0000 (10:36 +0100)]
configure: detect android system and define a variable
Nikos Mavrogiannopoulos [Thu, 20 Nov 2014 09:35:26 +0000 (10:35 +0100)]
separated system-keys implementations
Nikos Mavrogiannopoulos [Thu, 20 Nov 2014 21:52:43 +0000 (22:52 +0100)]
removed redundant local
Nikos Mavrogiannopoulos [Wed, 19 Nov 2014 23:15:02 +0000 (00:15 +0100)]
tests: added check for the abbreviated URLs which don't contain object information
Nikos Mavrogiannopoulos [Wed, 19 Nov 2014 23:13:45 +0000 (00:13 +0100)]
prior to importing objects with URLs sanitize them
That allows to use out of band information to complete missing
parts in URLs (e.g., object-type=cert, when there is a certificate).
Nikos Mavrogiannopoulos [Wed, 19 Nov 2014 22:53:50 +0000 (23:53 +0100)]
compilation fixes
Nikos Mavrogiannopoulos [Wed, 19 Nov 2014 10:28:38 +0000 (11:28 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 15:14:08 +0000 (16:14 +0100)]
Added API to read/write/delete key-cert pairs (limited to windows for now)
Nikos Mavrogiannopoulos [Mon, 17 Nov 2014 19:26:26 +0000 (20:26 +0100)]
NORMAL priority: prioritize the less than 256-bits curves at the lowest level
Nikos Mavrogiannopoulos [Mon, 17 Nov 2014 17:21:48 +0000 (18:21 +0100)]
certtool: Allow to set the nonRepudiation, keyAgreement and dataEncipherment flags
Nikos Mavrogiannopoulos [Mon, 17 Nov 2014 17:09:36 +0000 (18:09 +0100)]
list the OIDs in the certtool cfg file documentation
Nikos Mavrogiannopoulos [Sun, 16 Nov 2014 17:27:01 +0000 (18:27 +0100)]
properly reset the zombie mode in FIPS mode
This amends
9158f590f4a18c84fc9eb41877b29d73b30af879
Nikos Mavrogiannopoulos [Sat, 15 Nov 2014 09:06:12 +0000 (10:06 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 21:17:42 +0000 (22:17 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 21:16:09 +0000 (22:16 +0100)]
partially reverted
999d221fd2241ff73f884bf33d8cbe6eb8299184
That change allows to use the intermediate certificates in chains
as OCSP anchors.
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 20:21:53 +0000 (21:21 +0100)]
certtool: print message when the system trust is used
David Weber [Fri, 14 Nov 2014 12:49:24 +0000 (14:49 +0200)]
Fixed SRTP profile configuration in cli.c and serv.c.
I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable
to compile gnutls (./configure complains about gl_INIT and ggl_INIT).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 19:13:36 +0000 (20:13 +0100)]
tests: ocsp: added the signature in check
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 19:10:06 +0000 (20:10 +0100)]
only print about additional certificates if they are present
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 16:22:07 +0000 (17:22 +0100)]
ocsp: fix DN decoding in gnutls_ocsp_resp_get_responder_raw_id
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 10:42:42 +0000 (11:42 +0100)]
tests: ocsp: added check with a long response
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 15:17:58 +0000 (16:17 +0100)]
use the original DER/BER data when verifying an OCSP response
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 10:55:21 +0000 (11:55 +0100)]
_pkcs1_rsa_verify_sig() simplify hashing
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 10:42:15 +0000 (11:42 +0100)]
ocsp: eliminated duplicate code
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 10:05:18 +0000 (11:05 +0100)]
clarified the multiple paths printing of the verify options
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 09:53:31 +0000 (10:53 +0100)]
gnutls-cli: allow printing the certificates in OCSP responses when --print-cert is specified
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 09:47:55 +0000 (10:47 +0100)]
updated OCSP verification code to better use the trust list, and the KeyHash
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 08:34:13 +0000 (09:34 +0100)]
OCSP printing: Add header in front of certificates
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 08:32:40 +0000 (09:32 +0100)]
added gnutls_pkcs11_get_raw_issuer_by_dn and gnutls_x509_trust_list_get_issuer_by_dn
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 06:57:19 +0000 (07:57 +0100)]
gnutls-cli-debug: check for OCSP status response
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 06:45:49 +0000 (07:45 +0100)]
corrected crq test case; reported by Andreas Metzler
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 19:56:27 +0000 (20:56 +0100)]
set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 15:31:21 +0000 (16:31 +0100)]
replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id
In addition reverted gnutls_ocsp_resp_get_responder() to the old
buggy behavior of returning 0 if the element was missing.
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 15:05:44 +0000 (16:05 +0100)]
certtool: make sure that GNUTLS_PKCS_PLAIN is set when no password should be asked
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 15:05:21 +0000 (16:05 +0100)]
gnutls_x509_privkey_import2: will not use a callback if GNUTLS_PKCS_PLAIN is specified
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:55:50 +0000 (15:55 +0100)]
the FIPS140-2 testing mode is disabled after self-checks
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:50:05 +0000 (15:50 +0100)]
updated OCSP tests to account for the new key ID
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:43:04 +0000 (15:43 +0100)]
doc update and gnutls_ocsp_resp_get_responder() will always initialized output data
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:38:34 +0000 (15:38 +0100)]
_rnd_get_event: use memset to avoid valgrind complaints
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:34:23 +0000 (15:34 +0100)]
gnutls-cli: print the OCSP response in verbose mode
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:30:55 +0000 (15:30 +0100)]
corrected documentation of OCSP response verification
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 13:39:41 +0000 (14:39 +0100)]
Added gnutls_ocsp_resp_get_responder_by_key()
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 13:39:07 +0000 (14:39 +0100)]
dn parsing: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 13:12:15 +0000 (14:12 +0100)]
gnutls-cli: added option to save the OCSP response
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 11:06:32 +0000 (12:06 +0100)]
added the notion of preferred sign algorithm in a private key
This can be set for keys imported with gnutls_privkey_import_ext3()
with the info callback. It is only considered for client side keys
in TLS sessions.
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 09:18:03 +0000 (10:18 +0100)]
Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 09:06:51 +0000 (10:06 +0100)]
certificate status requestion response is optional according to RFC6066
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:52:43 +0000 (09:52 +0100)]
Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:27:38 +0000 (09:27 +0100)]
rnd: removed the packed attribute from event_st
That prevents a SIGBUS on solaris sparc systems.
Reported by Thomas Thorberger.
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:18:31 +0000 (09:18 +0100)]
The priority modifier %LATEST_RECORD_VERSION is now the default
This works-around issue with servers that forbit the SSL 3.0
version number from the first packet of the record protocol.
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:16:29 +0000 (09:16 +0100)]
added check for servers that disallow the SSL 3.0 record version
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 18:44:18 +0000 (19:44 +0100)]
gnutls-cli: print whether status request has been checked
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 15:14:55 +0000 (16:14 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 14:44:53 +0000 (15:44 +0100)]
Enable PIN support to gnutls_x509_privkey_t
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 14:16:12 +0000 (15:16 +0100)]
_gnutls_ucs2_to_utf8() can handle little endian strings.
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 10:25:57 +0000 (11:25 +0100)]
doc update
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 10:25:44 +0000 (11:25 +0100)]
Added gnutls_memcmp() and exported it.
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 09:47:56 +0000 (10:47 +0100)]
indentation fix
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 09:40:21 +0000 (10:40 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 15:05:10 +0000 (16:05 +0100)]
added gnutls_pkcs12_bag_set_privkey()
Conflicts:
lib/libgnutls.map
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 11:59:39 +0000 (12:59 +0100)]
dropped unused copy_func
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 10:38:58 +0000 (11:38 +0100)]
silence warning
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:08:00 +0000 (10:08 +0100)]
Added check with the invalid crq sent by Sean Burford
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)]
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
Reported by Sean Burford.
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 08:06:36 +0000 (09:06 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:38:44 +0000 (08:38 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:36:16 +0000 (08:36 +0100)]
exported gnutls_memset()
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:35:01 +0000 (08:35 +0100)]
doc: updated text on session tickets
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 20:46:58 +0000 (21:46 +0100)]
tools: include arpa/inet.h in socket.c
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:18:22 +0000 (19:18 +0100)]
doc: use the same port for DTLS client and server