]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
11 years agoexported gnutls_fd_in_use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 19:44:23 +0000 (21:44 +0200)] 
exported gnutls_fd_in_use

11 years agodocument gnutls_fd_in_use()
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:35:42 +0000 (16:35 +0200)] 
document gnutls_fd_in_use()

11 years agognutls_fd_in_use: mention version
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:49 +0000 (16:31 +0200)] 
gnutls_fd_in_use: mention version

11 years agocorrected FIND_OBJECT loop when the token func is used
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:20 +0000 (16:31 +0200)] 
corrected FIND_OBJECT loop when the token func is used

11 years agoadded gnutls_fd_in_use() to check whether a file descriptor is in use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 10:19:25 +0000 (12:19 +0200)] 
added gnutls_fd_in_use() to check whether a file descriptor is in use

11 years agoadded prototype to avoid compiler warning
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 18:02:23 +0000 (20:02 +0200)] 
added prototype to avoid compiler warning

11 years agofips140-2: limit the FIPS code in fips mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 18:00:54 +0000 (20:00 +0200)] 
fips140-2: limit the FIPS code in fips mode

11 years agofips140-2: use the FIPS algorithms only when in FIPS140-2 mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 06:50:29 +0000 (08:50 +0200)] 
fips140-2: use the FIPS algorithms only when in FIPS140-2 mode

11 years agodtls-stress: reindented code
Nikos Mavrogiannopoulos [Mon, 20 Oct 2014 13:02:03 +0000 (15:02 +0200)] 
dtls-stress: reindented code

11 years agotests: dtls-stress: only replay when send succeeds
Nikos Mavrogiannopoulos [Mon, 20 Oct 2014 12:55:52 +0000 (14:55 +0200)] 
tests: dtls-stress: only replay when send succeeds

11 years agotestsrn: do not assume that SSL 3.0 is enabled by default
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 12:11:26 +0000 (14:11 +0200)] 
testsrn: do not assume that SSL 3.0 is enabled by default

11 years agognutls-cli-debug: added test that checks the fallback from TLS 1.6
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 11:46:10 +0000 (13:46 +0200)] 
gnutls-cli-debug: added test that checks the fallback from TLS 1.6

11 years agoadded _gnutls_hello_set_default_version() which allows to override the clienthello...
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 11:45:40 +0000 (13:45 +0200)] 
added _gnutls_hello_set_default_version() which allows to override the clienthello version

11 years agognutls-cli: prevent the combination of the -p and --list options
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 11:20:30 +0000 (13:20 +0200)] 
gnutls-cli: prevent the combination of the -p and --list options

As -p may be mistaken for --priority that would prevent wrong outputs.

11 years agoavoid d from getting out of scope
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 10:11:02 +0000 (12:11 +0200)] 
avoid d from getting out of scope

11 years agognutls-serv: avoid possible buffer overrun
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 10:05:56 +0000 (12:05 +0200)] 
gnutls-serv: avoid possible buffer overrun

11 years agoavoid memory leak on gnutls_x509_privkey_generate() failure
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 07:45:07 +0000 (09:45 +0200)] 
avoid memory leak on gnutls_x509_privkey_generate() failure

11 years agodoc update
Nikos Mavrogiannopoulos [Thu, 16 Oct 2014 11:55:12 +0000 (13:55 +0200)] 
doc update

11 years agognutls-cli: added option --priority-list
Nikos Mavrogiannopoulos [Thu, 16 Oct 2014 11:54:42 +0000 (13:54 +0200)] 
gnutls-cli: added option --priority-list

11 years agoadded gnutls_priority_string_list(), a function to iterate all priority strings
Nikos Mavrogiannopoulos [Thu, 16 Oct 2014 11:54:24 +0000 (13:54 +0200)] 
added gnutls_priority_string_list(), a function to iterate all priority strings

11 years agoput all priority strings into a table
Nikos Mavrogiannopoulos [Thu, 16 Oct 2014 11:39:50 +0000 (13:39 +0200)] 
put all priority strings into a table

11 years agoupdated documentation for SSL 3.0 removal
Nikos Mavrogiannopoulos [Wed, 15 Oct 2014 13:21:27 +0000 (15:21 +0200)] 
updated documentation for SSL 3.0 removal

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 15 Oct 2014 13:18:25 +0000 (15:18 +0200)] 
doc update

11 years agoSSL 3.0 is no longer on the default priorities list
Nikos Mavrogiannopoulos [Wed, 15 Oct 2014 13:17:22 +0000 (15:17 +0200)] 
SSL 3.0 is no longer on the default priorities list

11 years agoin FIPS140-2 mode only disable 1024-bit DSA parameters when generating
Nikos Mavrogiannopoulos [Wed, 15 Oct 2014 12:20:40 +0000 (14:20 +0200)] 
in FIPS140-2 mode only disable 1024-bit DSA parameters when generating

11 years agoguile: Remove trailing zero in 'gnutls_server_name_set' call.
Ludovic Courtès [Tue, 14 Oct 2014 20:33:10 +0000 (22:33 +0200)] 
guile: Remove trailing zero in 'gnutls_server_name_set' call.

In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
'set-session-server-name!' would pass a trailing nul character on the
wire after the server name, which would thus be rejected by servers.

11 years agocorrected libopt's Makefile.am
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 19:05:34 +0000 (21:05 +0200)] 
corrected libopt's Makefile.am

reported by Marius Schamschula.

11 years agouse _gnutls_hash_fast() in DSA/ECDSA verification
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 14:29:23 +0000 (16:29 +0200)] 
use _gnutls_hash_fast() in DSA/ECDSA verification

11 years agoFIPS140-2 RSA key generation changes to account for seed starting with null byte
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 11:57:33 +0000 (13:57 +0200)] 
FIPS140-2 RSA key generation changes to account for seed starting with null byte

11 years agocorrected the SSSE3 optimized SHA224
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 09:05:20 +0000 (11:05 +0200)] 
corrected the SSSE3 optimized SHA224

11 years agosimplified getrusage code; the failure check code wasn't needed
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 07:21:14 +0000 (09:21 +0200)] 
simplified getrusage code; the failure check code wasn't needed

11 years agouse lcm(p-1,q-1) instead of phi(n) for RSA key generation in FIPS-140-2 mode
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 11:29:43 +0000 (13:29 +0200)] 
use lcm(p-1,q-1) instead of phi(n) for RSA key generation in FIPS-140-2 mode

11 years agotests: added check for import failure of v1 certificate with extensions
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 13:12:21 +0000 (15:12 +0200)] 
tests: added check for import failure of v1 certificate with extensions

11 years agodo not allow importing X.509 certificates with version < 3 and extensions present
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 13:05:47 +0000 (15:05 +0200)] 
do not allow importing X.509 certificates with version < 3 and extensions present

11 years agoupdate the guile manual along the C one
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 07:02:02 +0000 (09:02 +0200)] 
update the guile manual along the C one

11 years agoupdated to libopts 5.18.4
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 21:04:04 +0000 (23:04 +0200)] 
updated to libopts 5.18.4

11 years agoplace all rusage variables into HAVE_GETRUSAGE block
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 17:42:56 +0000 (19:42 +0200)] 
place all rusage variables into HAVE_GETRUSAGE block

11 years agornd: if RUSAGE_THREAD fails try RUSAGE_SELF
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 12:34:02 +0000 (14:34 +0200)] 
rnd: if RUSAGE_THREAD fails try RUSAGE_SELF

11 years agotests: removed last remnants of GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 07:30:57 +0000 (09:30 +0200)] 
tests: removed last remnants of GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

11 years agotests: pkcs11-combo: use unique db file
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 07:29:58 +0000 (09:29 +0200)] 
tests: pkcs11-combo: use unique db file

11 years agoforbid heartbeat messages during a handshake
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 10:04:32 +0000 (12:04 +0200)] 
forbid heartbeat messages during a handshake

11 years agoadded internal variable to track handshake status
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 16:15:01 +0000 (18:15 +0200)] 
added internal variable to track handshake status

11 years agoocsptool: avoid shadowing a global variable
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 13:56:41 +0000 (15:56 +0200)] 
ocsptool: avoid shadowing a global variable

11 years agoremoved flag GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 13:53:47 +0000 (15:53 +0200)] 
removed flag GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

11 years agomore files to ignore
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 12:22:56 +0000 (14:22 +0200)] 
more files to ignore

11 years agotests: updated time in pkcs11-is-known
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 12:09:01 +0000 (14:09 +0200)] 
tests: updated time in pkcs11-is-known

11 years agopkcs11: handle errors from override_cert_exts as fatal
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 11:16:32 +0000 (13:16 +0200)] 
pkcs11: handle errors from override_cert_exts as fatal

11 years agotests: allow running specific chainverify tests on fixed dates
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:34:46 +0000 (12:34 +0200)] 
tests: allow running specific chainverify tests on fixed dates

11 years ago_gnutls_check_valid_key_id: corrected activation/expiration check
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:28:34 +0000 (12:28 +0200)] 
_gnutls_check_valid_key_id: corrected activation/expiration check

11 years agopkcs11: simplified and optimized loop
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:09:52 +0000 (12:09 +0200)] 
pkcs11: simplified and optimized loop

11 years agomention nettle as the recommended crypto backend
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 09:35:10 +0000 (11:35 +0200)] 
mention nettle as the recommended crypto backend

11 years agotests: Added check to ensure that trust list combination with extra certificates...
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 09:10:15 +0000 (11:10 +0200)] 
tests: Added check to ensure that trust list combination with extra certificates works

11 years agowhen both a trust module and additional CAs are present account the latter as well
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 08:41:57 +0000 (10:41 +0200)] 
when both a trust module and additional CAs are present account the latter as well

That solves an issue in openconnect which used the system trust module,
plus additional certificates.

11 years agosimplify the handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not given
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 08:13:48 +0000 (10:13 +0200)] 
simplify the handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not given

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 21:17:14 +0000 (23:17 +0200)] 
doc update

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 12:41:08 +0000 (14:41 +0200)] 
doc update

11 years agotools: print the status of safe renegotiation and extended master secret
Nikos Mavrogiannopoulos [Mon, 29 Sep 2014 14:02:42 +0000 (16:02 +0200)] 
tools: print the status of safe renegotiation and extended master secret

11 years agotests: check whether the extended master secret is negotiated by default
Nikos Mavrogiannopoulos [Mon, 29 Sep 2014 14:00:16 +0000 (16:00 +0200)] 
tests: check whether the extended master secret is negotiated by default

11 years agoAdded support for the extended master secret calculation
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 12:09:30 +0000 (14:09 +0200)] 
Added support for the extended master secret calculation

That is performed implicitly unless GNUTLS_NO_EXTENSIONS is specified.
The implementation follows draft-ietf-tls-session-hash-02.

11 years agocorrected assignment
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 09:47:49 +0000 (11:47 +0200)] 
corrected assignment

11 years agocorrected the name of exported function
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 08:22:04 +0000 (10:22 +0200)] 
corrected the name of exported function

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 16:25:09 +0000 (18:25 +0200)] 
doc update

11 years agotests: added check for gnutls_record_discard_queued()
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 16:24:29 +0000 (18:24 +0200)] 
tests: added check for gnutls_record_discard_queued()

11 years agoAdded gnutls_record_discard_queued()
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 16:03:25 +0000 (18:03 +0200)] 
Added gnutls_record_discard_queued()

That function allows to discard queued data in DTLS.

11 years agotests: corrected test for v1 cert signing (removed bogus authorityIdentifier)
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 14:50:05 +0000 (16:50 +0200)] 
tests: corrected test for v1 cert signing (removed bogus authorityIdentifier)

11 years agocerttool: only set the authority key identifier, if there is a corresponding subject...
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 14:44:26 +0000 (16:44 +0200)] 
certtool: only set the authority key identifier, if there is a corresponding subject key identifier

11 years agopkcs11: do not shortcut checks when GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 14:28:19 +0000 (16:28 +0200)] 
pkcs11: do not shortcut checks when GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified

11 years agopkcs11: always check for a valid subjectKeyIdentifier match
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 14:20:18 +0000 (16:20 +0200)] 
pkcs11: always check for a valid subjectKeyIdentifier match

That way, expired certificates can co-exist with their replacements.

11 years agoAdd a test for PKCS11 CA iteration
Armin Burgmeier [Mon, 6 Oct 2014 21:28:46 +0000 (17:28 -0400)] 
Add a test for PKCS11 CA iteration

Signed-off-by: Armin Burgmeier <armin@arbur.net>
11 years agoAlso iterate over the CA certificates in a PKCS11 token
Armin Burgmeier [Mon, 6 Oct 2014 21:24:11 +0000 (17:24 -0400)] 
Also iterate over the CA certificates in a PKCS11 token

Signed-off-by: Armin Burgmeier <armin@arbur.net>
11 years agoReturn an error if multiple PKCS11 URLs are added to a trust list
Armin Burgmeier [Mon, 6 Oct 2014 21:22:28 +0000 (17:22 -0400)] 
Return an error if multiple PKCS11 URLs are added to a trust list

Before, the new URL would overwrite the old URL, and the memory of theold URL
would be leaked. It is documented that only one URL can be used, so it should
be safe to reject any attempt to add another one.

Signed-off-by: Armin Burgmeier <armin@arbur.net>
11 years agopkcs11: when no CKA_ID can be relied on fallback on checking the SubjectKeyIdentifier
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 13:14:34 +0000 (15:14 +0200)] 
pkcs11: when no CKA_ID can be relied on fallback on checking the SubjectKeyIdentifier

Patch by David Woodhouse.

11 years agoadded FIPS140-2 ECDH verification functions
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 11:40:50 +0000 (13:40 +0200)] 
added FIPS140-2 ECDH verification functions

11 years agoremoved unused definition
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 09:19:39 +0000 (11:19 +0200)] 
removed unused definition

11 years agoadded FIPS140-2 DH verification functions
Nikos Mavrogiannopoulos [Tue, 7 Oct 2014 08:02:56 +0000 (10:02 +0200)] 
added FIPS140-2 DH verification functions

11 years agotests: corrected check with gnutls_x509_trust_list_get_issuer
Nikos Mavrogiannopoulos [Mon, 6 Oct 2014 22:12:37 +0000 (00:12 +0200)] 
tests: corrected check with gnutls_x509_trust_list_get_issuer

11 years agocorrected remove_pkcs11_url()
Nikos Mavrogiannopoulos [Mon, 6 Oct 2014 21:22:45 +0000 (23:22 +0200)] 
corrected remove_pkcs11_url()

11 years agoaddress memory leak in gnutls_pkcs11_crt_is_known()
Nikos Mavrogiannopoulos [Mon, 6 Oct 2014 17:50:39 +0000 (19:50 +0200)] 
address memory leak in gnutls_pkcs11_crt_is_known()

11 years agotests: check gnutls_pkcs11_crt_is_known() when multiple same DNs are present
Nikos Mavrogiannopoulos [Mon, 6 Oct 2014 21:18:08 +0000 (23:18 +0200)] 
tests: check gnutls_pkcs11_crt_is_known() when multiple same DNs are present

11 years agopkcs11: when checking for presence do not give up on the first mismatch
Nikos Mavrogiannopoulos [Mon, 6 Oct 2014 21:17:29 +0000 (23:17 +0200)] 
pkcs11: when checking for presence do not give up on the first mismatch

11 years agodoc update: clarifications in gnutls_x509_trust_list_add_trust_file
Nikos Mavrogiannopoulos [Sun, 5 Oct 2014 08:09:22 +0000 (10:09 +0200)] 
doc update: clarifications in gnutls_x509_trust_list_add_trust_file

11 years agocorrected compilation for non-pkcs11; reported by David Woodhouse.
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 14:24:41 +0000 (16:24 +0200)] 
corrected compilation for non-pkcs11; reported by David Woodhouse.

11 years agodoc update
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 13:15:52 +0000 (15:15 +0200)] 
doc update

11 years agoavoid calls in gnutls_init()
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 13:06:31 +0000 (15:06 +0200)] 
avoid calls in gnutls_init()

11 years agothe handshake function has a timeout value by default
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 09:08:15 +0000 (11:08 +0200)] 
the handshake function has a timeout value by default

11 years agouse wait and retransmit when receiving session tickets
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 12:55:01 +0000 (14:55 +0200)] 
use wait and retransmit when receiving session tickets

11 years agotests: added -r option to dtls-stress
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 12:10:16 +0000 (14:10 +0200)] 
tests: added -r option to dtls-stress

That allows it to replay messages in a kind of arbitrary way.

11 years agoreport the FIPS140-2 mode
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 07:25:58 +0000 (09:25 +0200)] 
report the FIPS140-2 mode

11 years agotests: added check for GNUTLS_TL_GET_COPY
Nikos Mavrogiannopoulos [Wed, 1 Oct 2014 18:29:49 +0000 (20:29 +0200)] 
tests: added check for GNUTLS_TL_GET_COPY

11 years agoAdded GNUTLS_TL_GET_COPY flag and documented the limitations of gnutls_x509_trust_lis...
Nikos Mavrogiannopoulos [Wed, 1 Oct 2014 18:27:51 +0000 (20:27 +0200)] 
Added GNUTLS_TL_GET_COPY flag and documented the limitations of gnutls_x509_trust_list_get_issuer()

11 years agoopencdk: changed filter_fnct_t to match the actual function prototypes
Nikos Mavrogiannopoulos [Tue, 30 Sep 2014 19:15:11 +0000 (21:15 +0200)] 
opencdk: changed filter_fnct_t to match the actual function prototypes

11 years agoupdated news entry
Nikos Mavrogiannopoulos [Tue, 30 Sep 2014 18:55:58 +0000 (20:55 +0200)] 
updated news entry

11 years agoguile: doc: Remove erroneous @ifnottex.
Ludovic Courtès [Tue, 30 Sep 2014 11:22:14 +0000 (13:22 +0200)] 
guile: doc: Remove erroneous @ifnottex.

11 years agoAdd NEWS entry for Guile changes.
Ludovic Courtès [Tue, 30 Sep 2014 11:08:56 +0000 (13:08 +0200)] 
Add NEWS entry for Guile changes.

11 years agoguile: doc: Make it clear that the bindings are part of GnuTLS.
Ludovic Courtès [Tue, 30 Sep 2014 11:07:24 +0000 (13:07 +0200)] 
guile: doc: Make it clear that the bindings are part of GnuTLS.

11 years agoif receiving a ChangeCipherSpec fails, return GNUTLS_E_UNEXPECTED_PACKET
Nikos Mavrogiannopoulos [Sat, 27 Sep 2014 15:37:32 +0000 (17:37 +0200)] 
if receiving a ChangeCipherSpec fails, return GNUTLS_E_UNEXPECTED_PACKET

That is more precise than the current GNUTLS_E_UNEXPECTED_PACKET_LENGTH

11 years agouse __hidden in solaris to provide the hidden visibility attribute
Nikos Mavrogiannopoulos [Fri, 26 Sep 2014 22:44:30 +0000 (00:44 +0200)] 
use __hidden in solaris to provide the hidden visibility attribute

11 years agono need to define _gnutls_x86_cpuid_s
Nikos Mavrogiannopoulos [Fri, 26 Sep 2014 22:40:39 +0000 (00:40 +0200)] 
no need to define _gnutls_x86_cpuid_s

11 years agouse MAX_CIPHER_BLOCK_SIZE more consistently
Nikos Mavrogiannopoulos [Mon, 29 Sep 2014 13:22:06 +0000 (15:22 +0200)] 
use MAX_CIPHER_BLOCK_SIZE more consistently

11 years agodo not allow GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
Nikos Mavrogiannopoulos [Fri, 26 Sep 2014 07:01:15 +0000 (09:01 +0200)] 
do not allow GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions