]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 17:37:48 +0000 (19:37 +0200)]
gnutls_x509_trust_list_add_system_trust() will not allow duplicate entries
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 17:33:57 +0000 (19:33 +0200)]
more compiler warning fixes
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 17:24:57 +0000 (19:24 +0200)]
configure: enabled more warnings
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 17:11:14 +0000 (19:11 +0200)]
fixed compilation warnings
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 16:54:57 +0000 (18:54 +0200)]
use _DIRENT_HAVE_D_TYPE to detect d->d_type
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 16:50:35 +0000 (18:50 +0200)]
corrected type
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 16:46:55 +0000 (18:46 +0200)]
configure: don't both with checks for padlock in non-x86
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 12:41:17 +0000 (14:41 +0200)]
updated auto-generated files
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 12:34:55 +0000 (14:34 +0200)]
run abi-compliance-checker prior to release
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 12:07:23 +0000 (14:07 +0200)]
indented symbols
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 10:00:39 +0000 (12:00 +0200)]
protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an infinite loop on handshake
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 09:52:52 +0000 (11:52 +0200)]
removed unused error values
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 09:49:52 +0000 (11:49 +0200)]
restrict the number of non-fatal errors gnutls_handshake() can return
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 07:55:53 +0000 (09:55 +0200)]
optimized gnutls_error_is_fatal() by splitting the errors to two tables
Nikos Mavrogiannopoulos [Wed, 24 Sep 2014 08:29:03 +0000 (10:29 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 24 Sep 2014 08:20:54 +0000 (10:20 +0200)]
use unsigned types in prototypes
Nikos Mavrogiannopoulos [Wed, 24 Sep 2014 08:14:32 +0000 (10:14 +0200)]
enable gcc warnings by default
Armin Burgmeier [Tue, 23 Sep 2014 20:12:38 +0000 (16:12 -0400)]
Check the credentials getter functions as part of the unit tests
Armin Burgmeier [Thu, 18 Sep 2014 15:22:35 +0000 (11:22 -0400)]
Add an interface to iterate the trusted CA certificates in a trust list
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Thu, 18 Sep 2014 14:13:55 +0000 (10:13 -0400)]
Add getter functions for openpgp keys and certificates
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Wed, 17 Sep 2014 22:59:29 +0000 (18:59 -0400)]
Add functions to obtain X.509 keys and certificates from certificate credentials
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Nikos Mavrogiannopoulos [Wed, 24 Sep 2014 08:03:13 +0000 (10:03 +0200)]
enabled gnutls_privkey_export_pkcs11
Armin Burgmeier [Wed, 17 Sep 2014 21:33:40 +0000 (17:33 -0400)]
Add functions to export X.509 and OpenPGP private keys from the abstract type
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Wed, 17 Sep 2014 16:30:44 +0000 (12:30 -0400)]
Add a function to obtain the trust list of a gnutls_certificate_credentials_t
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Nikos Mavrogiannopoulos [Wed, 24 Sep 2014 07:44:39 +0000 (09:44 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 20:31:07 +0000 (22:31 +0200)]
more files to ignore
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 20:27:42 +0000 (22:27 +0200)]
removed gnutls_pcert_get_type()
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 16:55:38 +0000 (18:55 +0200)]
only enable crywrap if libidn is present
Ludovic Courtès [Mon, 22 Sep 2014 14:20:07 +0000 (16:20 +0200)]
guile: Restore cross-reference in 'set-session-priorities!' docstring.
This had been destroyed in
32d90395 .
Ludovic Courtès [Mon, 22 Sep 2014 14:10:36 +0000 (16:10 +0200)]
guile: Add bindings for 'gnutls_server_name_set'.
This adds the 'set-session-server-name!' procedure and the
'server-name-type' enum type.
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 09:21:00 +0000 (11:21 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 09:15:06 +0000 (11:15 +0200)]
tests: Added checks for key purpose verification
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 09:12:56 +0000 (11:12 +0200)]
Verify key purpose on intermediate certificate if GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified
That introduces the verification flag GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE,
and the verification result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
verification test must be explicitly enabled is because it is only defined in CA
Forum's Baseline requirements 1.1.9 but not any IETF document.
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 07:53:00 +0000 (09:53 +0200)]
certtool: updated the extended key usage documentation
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 07:51:15 +0000 (09:51 +0200)]
added missing prototype
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 06:57:36 +0000 (08:57 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 22 Sep 2014 06:56:23 +0000 (08:56 +0200)]
introduced gnutls_privkey_import_ext3()
That function allows copying an external specified private
key, as well as allow variability on the capabilities of an
external key.
Nikos Mavrogiannopoulos [Sun, 21 Sep 2014 00:18:09 +0000 (02:18 +0200)]
updated cross.mk
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:55:59 +0000 (01:55 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:55:18 +0000 (01:55 +0200)]
when printing a certificate request also print its signature algorithm
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:50:52 +0000 (01:50 +0200)]
added gnutls_x509_crq_get_signature_algorithm()
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:17:10 +0000 (01:17 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:14:34 +0000 (01:14 +0200)]
Added missing prototype
Nikos Mavrogiannopoulos [Sat, 20 Sep 2014 23:11:24 +0000 (01:11 +0200)]
Added gnutls_pkcs11_privkey_cpy()
Armin Burgmeier [Wed, 17 Sep 2014 22:54:09 +0000 (18:54 -0400)]
Add gnutls_certificate_get_verify_flags
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Wed, 17 Sep 2014 16:26:47 +0000 (12:26 -0400)]
Add API to retrieve a X.509 or OpenPGP certificate from a gnutls_pcert_t
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Thu, 18 Sep 2014 15:22:50 +0000 (11:22 -0400)]
Memory leak fix on certificate copy failure
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Armin Burgmeier [Wed, 17 Sep 2014 16:31:19 +0000 (12:31 -0400)]
Fix a documentation typo
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 14:24:57 +0000 (16:24 +0200)]
regenerated files.mk
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 09:31:51 +0000 (11:31 +0200)]
libdane: do not require the CA to be a direct CA
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 08:40:44 +0000 (10:40 +0200)]
tests: enhanced test suite to pass more of the PKCS #11 API under valgrind
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 08:40:14 +0000 (10:40 +0200)]
gnutls-serv: added the --provider option
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 08:03:05 +0000 (10:03 +0200)]
tools: corrected pin entry
Nikos Mavrogiannopoulos [Fri, 19 Sep 2014 07:43:22 +0000 (09:43 +0200)]
cleaned up memory deallocation in read_cert_url()
That caused unexpected results when loading PKCS #11 URLs.
Reported by Joseph Peruski.
Nikos Mavrogiannopoulos [Thu, 18 Sep 2014 19:09:11 +0000 (21:09 +0200)]
updated certtool.cfg
Nikos Mavrogiannopoulos [Mon, 15 Sep 2014 14:09:29 +0000 (16:09 +0200)]
tests: added checks with modified certificate
This tests whether a modified of a DER certificate, that is cancelled
out while we parse it, would result to a good signature.
Nikos Mavrogiannopoulos [Thu, 18 Sep 2014 11:33:52 +0000 (13:33 +0200)]
require explicit disabling of PKCS #11 in configure
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 18:05:21 +0000 (20:05 +0200)]
Added Armin's DCO
Nikos Mavrogiannopoulos [Thu, 18 Sep 2014 08:49:54 +0000 (10:49 +0200)]
updated details on certificate verification
Nikos Mavrogiannopoulos [Thu, 18 Sep 2014 08:37:32 +0000 (10:37 +0200)]
depend on p11-kit 0.20.7
Armin Burgmeier [Tue, 16 Sep 2014 18:02:24 +0000 (14:02 -0400)]
Check for all error conditions when verifying a certificate
This allows to check for all possible flaws with a certificate chain with a
single call to gnutls_x509_crt_list_verify and friends.
Signed-off-by: Armin Burgmeier <armin@arbur.net>
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 14:54:05 +0000 (16:54 +0200)]
depend on p11-kit 0.20.6
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 11:27:41 +0000 (13:27 +0200)]
removed unneeded set of status
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 11:26:25 +0000 (13:26 +0200)]
pkcs11: when a signer isn't found in PKCS #11 force the verification of the chain
That allows obtaining any additional flags from the chain such as insecure
algorithms or expirations.
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 07:25:02 +0000 (09:25 +0200)]
psktool: corrected resource leak on failure
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 07:23:07 +0000 (09:23 +0200)]
added sanity check on cleanup
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 07:13:44 +0000 (09:13 +0200)]
removed unused variable
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 07:11:48 +0000 (09:11 +0200)]
certtool: corrected typo in printing error
Nikos Mavrogiannopoulos [Wed, 17 Sep 2014 07:03:11 +0000 (09:03 +0200)]
pkcs11: correctly reallocate the read buffer
Report and patch by David Woodhouse.
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 13:38:19 +0000 (15:38 +0200)]
updated documentation on PKCS #11 trust module verification
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 09:08:37 +0000 (11:08 +0200)]
unified the key purpose checks functions
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 08:49:19 +0000 (10:49 +0200)]
check for CAs with the same key in gnutls_x509_trust_list_add_cas
That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA will
overwrite any previous one with the same name and key.
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 08:58:06 +0000 (10:58 +0200)]
hostname and key purpose checks were moved above CRL checks
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 08:40:37 +0000 (10:40 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 16 Sep 2014 08:30:05 +0000 (10:30 +0200)]
corrected gnutls_x509_crl_get_raw_issuer_dn()
Nikos Mavrogiannopoulos [Mon, 15 Sep 2014 19:07:33 +0000 (21:07 +0200)]
tests: use the PID number in RPORT
The shell's RANDOM isn't that random.
Nikos Mavrogiannopoulos [Mon, 15 Sep 2014 14:05:33 +0000 (16:05 +0200)]
updated libtasn1
Nikos Mavrogiannopoulos [Mon, 15 Sep 2014 12:49:45 +0000 (14:49 +0200)]
documented the environment variables
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 11:06:33 +0000 (13:06 +0200)]
simulate pkcs11x.h when it doesn't exist
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 09:13:18 +0000 (11:13 +0200)]
tests: Added crlverify to check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 08:59:35 +0000 (10:59 +0200)]
create-chain.sh: generate CRL
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 08:34:29 +0000 (10:34 +0200)]
gnutls_x509_crl_verify: do not always set the invalid status
Reported by Armin Burgmeier.
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 08:33:40 +0000 (10:33 +0200)]
Revert "gnutls_x509_crl_verify: do not always set the invalid status"
This reverts commit
a922ee10c5f3902988e5730a1e6fbf77b033058c .
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 07:50:22 +0000 (09:50 +0200)]
gnutls_x509_crl_verify: do not always set the invalid status
Reported by Armin Burgmeier.
Nikos Mavrogiannopoulos [Sat, 13 Sep 2014 07:27:58 +0000 (09:27 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 12 Sep 2014 14:40:56 +0000 (16:40 +0200)]
added missing file
Nikos Mavrogiannopoulos [Fri, 12 Sep 2014 14:22:57 +0000 (16:22 +0200)]
p11tool: print Attached Extensions, instead of extensions
Nikos Mavrogiannopoulos [Fri, 12 Sep 2014 14:22:43 +0000 (16:22 +0200)]
when adding a duplicate certificate, keep the last entry
Nikos Mavrogiannopoulos [Fri, 12 Sep 2014 11:51:39 +0000 (13:51 +0200)]
added gnutls_pkcs11_copy_attached_extension()
Nikos Mavrogiannopoulos [Fri, 12 Sep 2014 09:31:28 +0000 (11:31 +0200)]
pkcs11-get-issuer: do not hardcode the chain number, use its name
Nikos Mavrogiannopoulos [Thu, 11 Sep 2014 17:23:11 +0000 (19:23 +0200)]
Revert "corrected planned version number"
This reverts commit
5e44f432580f8b9533223acc3060db26446f0e96 .
Nikos Mavrogiannopoulos [Thu, 11 Sep 2014 16:09:50 +0000 (18:09 +0200)]
fixes in the extension handling
Nikos Mavrogiannopoulos [Thu, 11 Sep 2014 16:07:46 +0000 (18:07 +0200)]
p11tool: will print trust module extensions if present
Nikos Mavrogiannopoulos [Wed, 10 Sep 2014 14:55:05 +0000 (16:55 +0200)]
check the key purpose of the CA certificate when in pkcs11 cert validation
Nikos Mavrogiannopoulos [Wed, 10 Sep 2014 14:02:12 +0000 (16:02 +0200)]
allow retrieving extensions in a trust module using GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT
Nikos Mavrogiannopoulos [Wed, 10 Sep 2014 13:29:59 +0000 (15:29 +0200)]
export x509_crt_to_raw_pubkey() in x509/common.h and prefixed s/get_extension with _gnutls
Nikos Mavrogiannopoulos [Wed, 10 Sep 2014 07:41:03 +0000 (09:41 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 9 Sep 2014 11:36:06 +0000 (13:36 +0200)]
corrected planned version number
Nikos Mavrogiannopoulos [Tue, 9 Sep 2014 08:56:27 +0000 (10:56 +0200)]
gnutls_x509_trust_list_verify_crt2 is in par with gnutls_certificate_verify_peers
That is, it accepts a list of gnutls_typed_vdata_st and allows for flexibility.
Nikos Mavrogiannopoulos [Mon, 8 Sep 2014 14:27:01 +0000 (16:27 +0200)]
doc update