]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:01:57 +0000 (19:01 +0100)]
pkcs11: pass the correct user type to protected authentication login
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 09:22:11 +0000 (10:22 +0100)]
doc: corrected values for INSECURE level
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:55:40 +0000 (08:55 +0100)]
pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:44:46 +0000 (08:44 +0100)]
pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:54:41 +0000 (07:54 +0100)]
pkcs11: perform reauth at the appropriate state
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:49:54 +0000 (07:49 +0100)]
pkcs11_login: set the correct user type on reauthentication
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:35:21 +0000 (21:35 +0100)]
applied patch by A. Klitzing to improve compatibile with some apple systems
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:30:31 +0000 (21:30 +0100)]
pkcs11: force login on tokens that require it
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:36:09 +0000 (20:36 +0100)]
pkcs11: always set slot_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:25:39 +0000 (20:25 +0100)]
testcompat-openssl: disable SSL 3.0 as it is not supported on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:21:15 +0000 (20:21 +0100)]
fixed polarssl compatibility checks on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:13:58 +0000 (20:13 +0100)]
pkcs11: eliminated the need for struct token_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 18:51:04 +0000 (19:51 +0100)]
added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 15:49:53 +0000 (16:49 +0100)]
gnutls-cli-debug: clarified text
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:46:27 +0000 (15:46 +0100)]
tests: separated the two testcompat tests (openssl/polarssl)
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 21:27:43 +0000 (22:27 +0100)]
added missing comma
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 20:50:45 +0000 (21:50 +0100)]
gnutls-cli-debug: corrected heartbeat check
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)]
gnutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)]
gnutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:37:42 +0000 (15:37 +0100)]
tests: added interoperability tests with openssl's PSK
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:13:55 +0000 (14:13 +0100)]
corrected calculation for max send data and other uses of _gnutls_cipher_type()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:07:46 +0000 (14:07 +0100)]
modernized cipher table
Chen Hongzhi [Wed, 5 Nov 2014 11:10:43 +0000 (19:10 +0800)]
Fix double-free in gnutls_pkcs12_simple_parse()
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:21:39 +0000 (13:21 +0100)]
simplified checks for EtM
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:17:31 +0000 (13:17 +0100)]
tests: enhanced test to check the return value of gnutls_record_send()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 10:34:05 +0000 (11:34 +0100)]
tests: Added unit tests for gnutls_certificate_get_ours in mini-x509-2
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 09:47:56 +0000 (10:47 +0100)]
introduced GNUTLS_MAX_SESSION_ID_SIZE
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 20:54:49 +0000 (21:54 +0100)]
mytexi2latex: handle na@"ive
Chris Barry [Tue, 4 Nov 2014 18:17:20 +0000 (13:17 -0500)]
Cleaning up some awkward phrasings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:56:27 +0000 (19:56 +0100)]
tests: Added test for MAC verification checks
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:27:24 +0000 (19:27 +0100)]
EtM fixes: it only applies to block ciphers
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 16:05:20 +0000 (17:05 +0100)]
gnutls-cli-debug: reorganized output
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 15:55:12 +0000 (16:55 +0100)]
moved the HTTPS server name outside of verbose tests; only run when the HTTPS protocol is used
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 13:44:27 +0000 (14:44 +0100)]
enhanced gnutls-cli-debug verbose output (uses files for mass text)
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:44:55 +0000 (13:44 +0100)]
gnutls-cli-debug: Added tests for EtM and extended master secret support
In addition reworked the output for existing tests.
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:37:01 +0000 (13:37 +0100)]
tools: only warn of an error if it is fatal
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:32:31 +0000 (13:32 +0100)]
testcompat: increased the number of test cases checked
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:20:07 +0000 (11:20 +0100)]
updated text
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:22:30 +0000 (09:22 +0100)]
doc update
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:16:52 +0000 (09:16 +0100)]
testcompat-polarssl: try to run the test only if polarssl binaries are available
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:13:13 +0000 (09:13 +0100)]
testcompat: check the PSK ciphersuite interoperability against polarssl
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:31:47 +0000 (17:31 +0100)]
testcompat: added interop tests with polarssl
Jaak Ristioja [Mon, 3 Nov 2014 19:28:28 +0000 (21:28 +0200)]
doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Jaak Ristioja [Mon, 3 Nov 2014 19:28:27 +0000 (21:28 +0200)]
doc: Fixed typo in inline comment of gnutls_transport_set_errno().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:04:30 +0000 (17:04 +0100)]
doc update
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 13:23:48 +0000 (14:23 +0100)]
Added support for RFC7366 (encrypt then authenticate)
It implements a revised version of RFC7366, to avoid interoperability
issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html
This is currently enabled by default, unless %NO_ETM, or %COMPAT
is specified.
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 12:21:31 +0000 (13:21 +0100)]
Made AEAD type an alternative to stream and block
That way the terminology becomes closer to the TLS rfc.
Nikos Mavrogiannopoulos [Sun, 2 Nov 2014 14:55:17 +0000 (15:55 +0100)]
updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:46:25 +0000 (11:46 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:43:05 +0000 (11:43 +0100)]
tests: Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 + PIN
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:41:05 +0000 (11:41 +0100)]
more files to ignore
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 08:59:23 +0000 (09:59 +0100)]
when calling gnutls_x509_crt_get_subject_key_id set the id_size
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 06:44:29 +0000 (07:44 +0100)]
deinitialize the temporary spki data
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 21:01:43 +0000 (22:01 +0100)]
tests: added test for gnutls_global_init after all descriptors are closed
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:42:21 +0000 (21:42 +0100)]
corrected check for urandom fd
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:35:49 +0000 (21:35 +0100)]
tests: dtls-stress: fix issues in the suite
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 14:17:15 +0000 (15:17 +0100)]
Do not require a PIN callback in the certificate credentials when a password is specified
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 13:05:32 +0000 (14:05 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:46:24 +0000 (09:46 +0100)]
corrected exit state from gnutls_global_init
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:40:26 +0000 (09:40 +0100)]
updated text for gnutls_fd_in_use() to account the new behavior
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:34:15 +0000 (09:34 +0100)]
dropped gnutls_fd_in_use, it is no longer necessary
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:32:16 +0000 (09:32 +0100)]
When gnutls_global_init() is called manually from the application check the urandom fd for validity
That addresses the issue where a server closes all open file descriptors
and then calls gnutls_global_init().
Nikos Mavrogiannopoulos [Thu, 30 Oct 2014 10:15:20 +0000 (11:15 +0100)]
Added support for getentropy() and reworked getrandom support
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:17:45 +0000 (16:17 +0100)]
_gnutls_dh_generate_key() will account the q_bits
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:44 +0000 (16:09 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:23 +0000 (16:09 +0100)]
Added gnutls_dh_params_import_raw2(), which allows to specify the number of bits for key size
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:08:21 +0000 (15:08 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:06:34 +0000 (15:06 +0100)]
use Linux' getrandom() when available
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 23:18:15 +0000 (00:18 +0100)]
use the random rnd context when refreshing the nonce context
That avoids frequent reads from /dev/urandom.
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:43:04 +0000 (10:43 +0100)]
do not explicitly refresh rnd state on session deinit
It is already being refreshed during the session lifetime.
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:40:53 +0000 (10:40 +0100)]
doc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:37:47 +0000 (10:37 +0100)]
increase the reseed time
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:42:45 +0000 (07:42 +0100)]
tests: enhance cipher test to include tag verification error
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:38:22 +0000 (07:38 +0100)]
better documented the new API
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:32:41 +0000 (07:32 +0100)]
harmonise variable names
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 22:09:34 +0000 (00:09 +0200)]
disable hardware acceleration by default in solaris
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 19:25:11 +0000 (21:25 +0200)]
Improved support of draft-ietf-tls-session-hash-02.
Now the session hash is calculated correctly even when a
client certificate is sent. That is, the session hash now
does not take into account the CertificateVerify message.
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:28:34 +0000 (15:28 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:24:56 +0000 (15:24 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:01:56 +0000 (15:01 +0200)]
doc: list the AEAD API
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 12:55:48 +0000 (14:55 +0200)]
Added a new simple to use AEAD API
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:36:13 +0000 (10:36 +0200)]
the openssl compatibility library isn't built by default
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:30:33 +0000 (10:30 +0200)]
do not use the ifdef directive in assembly files, as it isn't portable
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 12:45:15 +0000 (14:45 +0200)]
eliminate IV size usage in TLS encryption/decryption; it was a remnant of salsa20
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 09:12:10 +0000 (11:12 +0200)]
corrected likely macro usage
Spotted by Manuel Pégourié-Gonnard.
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 08:41:04 +0000 (10:41 +0200)]
removed support for SALSA20 and for stream ciphers with IV
The proposal was not adopted by the TLS WG, and the AEAD path
will be used.
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 08:27:20 +0000 (10:27 +0200)]
Added priority string %NO_TICKETS that disables session ticket support
This is implied by the priority string PFS.
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 21:42:45 +0000 (23:42 +0200)]
do not negotiate nor use the 'extended master secret' in SSL 3.0
According to Alfredo Pironti support for that protocol will be dropped
from the draft.
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:18:10 +0000 (22:18 +0200)]
compile 3.3.9 by default
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 08:44:23 +0000 (10:44 +0200)]
always send the mandatory extensions (even in SSL 3.0)
The only way to force no extensions and usage of SCSVs is the
%NO_EXTENSIONS priority string.
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 08:40:42 +0000 (10:40 +0200)]
EXT MASTER SECRET moved to mandatory extensions
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:52:36 +0000 (09:52 +0200)]
check and use libnsl (used in solaris)
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:41:36 +0000 (09:41 +0200)]
updated asm sources
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:40:31 +0000 (09:40 +0200)]
updated perl asm sources
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:36:05 +0000 (09:36 +0200)]
use the GNU-stack note in linux systems
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:18:23 +0000 (09:18 +0200)]
updated gnulib
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:49:20 +0000 (08:49 +0200)]
tests: check the issuer value validity of gnutls_x509_trust_list_get_issuer
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:47:27 +0000 (08:47 +0200)]
corrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_GET_COPY flag
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:15:30 +0000 (22:15 +0200)]
tests: include minitasn1 when needed
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:05:16 +0000 (22:05 +0200)]
use HAVE_DANE ifdef for unused functions