]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
12 years agocerttool: document that URLs are supported
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:52:32 +0000 (15:52 +0200)] 
certtool: document that URLs are supported

12 years agop11tool: document GNUTLS_SO_PIN env variable
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:50:59 +0000 (15:50 +0200)] 
p11tool: document GNUTLS_SO_PIN env variable

12 years agotests: improved testpkcs11 suite
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:39:48 +0000 (15:39 +0200)] 
tests: improved testpkcs11 suite

12 years agognutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys)
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:17:38 +0000 (15:17 +0200)] 
gnutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys)

12 years agop11tool/certtool: use GNUTLS_SO_PIN for reading security officer's PIN
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 12:36:30 +0000 (14:36 +0200)] 
p11tool/certtool: use GNUTLS_SO_PIN for reading security officer's PIN

12 years agop11tool: added options --set-pin and --set-so-pin
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:37:56 +0000 (15:37 +0200)] 
p11tool: added options --set-pin and --set-so-pin

These allow for an non-interactive --initialize process.

12 years agoAdded explicit documentation on IPv4 and IPv6 address matching.
Nikos Mavrogiannopoulos [Mon, 30 Jun 2014 20:53:04 +0000 (22:53 +0200)] 
Added explicit documentation on IPv4 and IPv6 address matching.

12 years agotests: long-session-id: ignore SIGPIPE
Nikos Mavrogiannopoulos [Sun, 29 Jun 2014 11:18:32 +0000 (13:18 +0200)] 
tests: long-session-id: ignore SIGPIPE

12 years agodoc: Added text on upgrading to 3.3.x from 3.2.x
Nikos Mavrogiannopoulos [Sun, 29 Jun 2014 10:22:42 +0000 (12:22 +0200)] 
doc: Added text on upgrading to 3.3.x from 3.2.x

12 years agodo not exit the loop in case a name doesn't fit into our buffer.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 15:36:45 +0000 (17:36 +0200)] 
do not exit the loop in case a name doesn't fit into our buffer.

12 years agowhen verifying an IP, also verify it as a hostname
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 15:34:49 +0000 (17:34 +0200)] 
when verifying an IP, also verify it as a hostname

There are several misconfigured servers that placed their IP
as a DNS name. Pointed out by David Woodhouse.

12 years agosupress warnings
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:38:34 +0000 (11:38 +0200)] 
supress warnings

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:34:02 +0000 (11:34 +0200)] 
doc update

12 years agocheck of inet_pton instead for AF_INET6
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:32:23 +0000 (11:32 +0200)] 
check of inet_pton instead for AF_INET6

12 years agoUse inet_ntop() for printing IP addresses.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:30:25 +0000 (11:30 +0200)] 
Use inet_ntop() for printing IP addresses.

The old dumb code is used in systems that don't have that function.

12 years agotests: Added test cases for IPv4/6 matching.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:24:29 +0000 (11:24 +0200)] 
tests: Added test cases for IPv4/6 matching.

12 years agognutls_x509_crt_check_hostname() checks text ip addresses as well.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:06:34 +0000 (11:06 +0200)] 
gnutls_x509_crt_check_hostname() checks text ip addresses as well.

That aligns the documentation with the implementation. Reported by David Woodhouse.

12 years agoinitialize str to NULL
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 07:08:18 +0000 (09:08 +0200)] 
initialize str to NULL

12 years agofixed documentation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:41:09 +0000 (20:41 +0200)] 
fixed documentation

12 years agotests: better replacement of LIBTOOL variable in scripts gnutls_3_3_5
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:27:59 +0000 (20:27 +0200)] 
tests: better replacement of LIBTOOL variable in scripts

12 years agotests: ship certs/
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:27:38 +0000 (20:27 +0200)] 
tests: ship certs/

12 years agoadded new symbols
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:16:19 +0000 (20:16 +0200)] 
added new symbols

12 years agobumped version
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:10:23 +0000 (20:10 +0200)] 
bumped version

12 years agognutls-serv: removed the --print-cert option; the cert was anyway being printed.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 20:45:22 +0000 (22:45 +0200)] 
gnutls-serv: removed the --print-cert option; the cert was anyway being printed.

12 years agodoc update
Nikos Mavrogiannopoulos [Wed, 18 Jun 2014 20:08:08 +0000 (22:08 +0200)] 
doc update

12 years agocorrected typo
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 15:31:15 +0000 (17:31 +0200)] 
corrected typo

12 years agominitasn1: updated to version 4.0
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 12:25:40 +0000 (14:25 +0200)] 
minitasn1: updated to version 4.0

12 years agop11tool: updated documentation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 12:22:16 +0000 (14:22 +0200)] 
p11tool: updated documentation

12 years agop11tool: Warn when no --outfile has been specified on key generation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 08:16:48 +0000 (10:16 +0200)] 
p11tool: Warn when no --outfile has been specified on key generation

12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:50:32 +0000 (09:50 +0200)] 
doc update

12 years agotests: Added new tests on PKCS #12 structure generation and decoding.
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:48:34 +0000 (09:48 +0200)] 
tests: Added new tests on PKCS #12 structure generation and decoding.

12 years agocerttool: allow specifying the friendly name on the command line and use the load...
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:30:32 +0000 (09:30 +0200)] 
certtool: allow specifying the friendly name on the command line and use the load-ca-certificate

12 years agop11tool: warn in more operations if --login is not specified
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:54:47 +0000 (15:54 +0200)] 
p11tool: warn in more operations if --login is not specified

12 years agop11tool: No longer assume a default URL for operations.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:46:57 +0000 (15:46 +0200)] 
p11tool: No longer assume a default URL for operations.

12 years agop11tool: Do not allow a newline as PIN.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:29:35 +0000 (15:29 +0200)] 
p11tool: Do not allow a newline as PIN.

12 years agopkcs11: avoid callig _gnutls_bin2hex() when length is zero.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 12:16:22 +0000 (14:16 +0200)] 
pkcs11: avoid callig _gnutls_bin2hex() when length is zero.

12 years agoupdated thanks file
Nikos Mavrogiannopoulos [Wed, 18 Jun 2014 13:11:28 +0000 (15:11 +0200)] 
updated thanks file

12 years agoclarified license text
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 23:30:42 +0000 (01:30 +0200)] 
clarified license text

12 years agognutls-cli: Do not try to load the system CA trust if --insecure is specified.
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 09:21:33 +0000 (11:21 +0200)] 
gnutls-cli: Do not try to load the system CA trust if --insecure is specified.

12 years agodoc: more consistent use of pointer star.
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 08:28:36 +0000 (10:28 +0200)] 
doc: more consistent use of pointer star.

12 years agodoc: Explain post-callback deallocation behavior for the SRP server callback
Attila Molnar [Mon, 16 Jun 2014 18:57:37 +0000 (20:57 +0200)] 
doc: Explain post-callback deallocation behavior for the SRP server callback

Signed-off-by: Attila Molnar <attilamolnar@hush.com>
12 years agodoc: Correct comment about ignoring certs in the SRP server example
Attila Molnar [Mon, 16 Jun 2014 18:56:03 +0000 (20:56 +0200)] 
doc: Correct comment about ignoring certs in the SRP server example

Point readers to another example for a way to validate certificates in
both the SRP and the X.509 server example

Signed-off-by: Attila Molnar <attilamolnar@hush.com>
12 years agognutls_packet_get() was introduced to avoid exporting a structure on the API.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 12:05:05 +0000 (14:05 +0200)] 
gnutls_packet_get() was introduced to avoid exporting a structure on the API.

That change will allow exporting more info associated with a packet in the future.

12 years agotreat the _gnutls_user_hello_func() output the same on resumed sessions.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 11:40:56 +0000 (13:40 +0200)] 
treat the _gnutls_user_hello_func() output the same on resumed sessions.

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:32:09 +0000 (11:32 +0200)] 
doc update

12 years agoTest the return code of gnutls_x509_trust_list_add_trust_file() when loading a PKCS...
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:30:13 +0000 (11:30 +0200)] 
Test the return code of gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11 token.

Check whether the return code of gnutls_x509_trust_list_add_trust_file() is non-zero
when certificates are present.

12 years agognutls_x509_trust_list_add_trust_file(): returns the number of certificates present...
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:29:04 +0000 (11:29 +0200)] 
gnutls_x509_trust_list_add_trust_file(): returns the number of certificates present when loading a PKCS #11 URL.

12 years agop11tool: Allow marking a certificate as a CA.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:28:11 +0000 (11:28 +0200)] 
p11tool: Allow marking a certificate as a CA.

12 years agoAdded flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:25:26 +0000 (11:25 +0200)] 
Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.

That flag allows to mark a certificate in the token as a CA (category==CA)

12 years agocoding style: update the DCO text
Nikos Mavrogiannopoulos [Sun, 15 Jun 2014 20:52:13 +0000 (22:52 +0200)] 
coding style: update the DCO text

12 years agodoc: Corrections for gnutls_handshake_set_hook_function()
Attila Molnar [Sun, 15 Jun 2014 15:42:28 +0000 (17:42 +0200)] 
doc: Corrections for gnutls_handshake_set_hook_function()

12 years agodoc: updated text for the ALPN experimental protocols
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 15:13:29 +0000 (17:13 +0200)] 
doc: updated text for the ALPN experimental protocols

12 years agodoc: Avoid listing the extensions as they are duplicated in the section index.
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 15:10:56 +0000 (17:10 +0200)] 
doc: Avoid listing the extensions as they are duplicated in the section index.

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:05:58 +0000 (16:05 +0200)] 
doc update

12 years agotests: Added check for the interrupted post client hello.
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:05:39 +0000 (16:05 +0200)] 
tests: Added check for the interrupted post client hello.

12 years agohandshake: Allow the post client hello callback to put the handshake on hold
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:03:29 +0000 (16:03 +0200)] 
handshake: Allow the post client hello callback to put the handshake on hold

That is, when the callback returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED the
handshake will return GNUTLS_E_INTERRUPTED, and can be resumed when needed.

12 years agouse the new API for receiving data
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:13:13 +0000 (16:13 +0200)] 
use the new API for receiving data

12 years agoAdapted test to check gnutls_record_recv_packet().
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:24:45 +0000 (16:24 +0200)] 
Adapted test to check gnutls_record_recv_packet().

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:16:33 +0000 (16:16 +0200)] 
doc update

12 years agoAdded gnutls_record_recv_packet() and gnutls_packet_deinit()
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 13:48:55 +0000 (15:48 +0200)] 
Added gnutls_record_recv_packet() and gnutls_packet_deinit()

These functions allow for a faster variant of gnutls_record_recv(),
i.e., a variant that eliminates the data memcpy().

12 years agognutls-cli-debug: Use proper HTTP request
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 12:59:49 +0000 (14:59 +0200)] 
gnutls-cli-debug: Use proper HTTP request

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 08:15:11 +0000 (10:15 +0200)] 
doc update

12 years agoWhen decoding of a DN string fails, treat it as unknown string and print its hex...
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 08:13:19 +0000 (10:13 +0200)] 
When decoding of a DN string fails, treat it as unknown string and print its hex value.

12 years agoPrint errors but avoid being verbose on stderr
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:45:20 +0000 (16:45 +0200)] 
Print errors but avoid being verbose on stderr

12 years agocerttool: avoid sizeof() on lbuffer
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:44:58 +0000 (16:44 +0200)] 
certtool: avoid sizeof() on lbuffer

12 years agocerttool: ensure that allocated buffer has a minimum size of 64kb.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:41:22 +0000 (16:41 +0200)] 
certtool: ensure that allocated buffer has a minimum size of 64kb.

12 years agocerttool: Added option --stdout-info
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:35:17 +0000 (16:35 +0200)] 
certtool: Added option --stdout-info

12 years agoinitialize iterator.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:16:24 +0000 (16:16 +0200)] 
initialize iterator.

12 years agocorrected the allocation size for CRL iterator.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:07:36 +0000 (16:07 +0200)] 
corrected the allocation size for CRL iterator.

12 years agoAdded test for CRL decoding.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:03:01 +0000 (16:03 +0200)] 
Added test for CRL decoding.

12 years agoMade gnutls_x509_crl_iter_crt_serial() thread-safe by making the iterator explicit.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 08:50:11 +0000 (10:50 +0200)] 
Made gnutls_x509_crl_iter_crt_serial() thread-safe by making the iterator explicit.

12 years agoPass the LIBTOOL variable into test scripts
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 07:13:39 +0000 (09:13 +0200)] 
Pass the LIBTOOL variable into test scripts

That allows using the detected libtool in scripts.
That corrects an issue on OS X systems that ship a
different libtool. Reported by Daniel E. Macks.

12 years agorenamed gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 13:21:25 +0000 (15:21 +0200)] 
renamed gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.

12 years agodefine NN_HASH unconditionally
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 16:21:24 +0000 (18:21 +0200)] 
define NN_HASH unconditionally

12 years agodoc update
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 12:58:48 +0000 (14:58 +0200)] 
doc update

12 years agoAdded gnutls_x509_crl_get_crt_serial2(), a faster variant of gnutls_x509_crl_get_crt_...
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 12:55:28 +0000 (14:55 +0200)] 
Added gnutls_x509_crl_get_crt_serial2(), a faster variant of gnutls_x509_crl_get_crt_serial().

The new function caches pointers to allow working faster in CRL structures with
lots of entries (e.g., 50000+ entries).

12 years agocerttool: When an external file is used increase out maximum buffer accordingly.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 09:26:20 +0000 (11:26 +0200)] 
certtool: When an external file is used increase out maximum buffer accordingly.

12 years agoAbort printing on error.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 08:55:41 +0000 (10:55 +0200)] 
Abort printing on error.

12 years agotie the weak DH warning to the very weak security parameter.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 07:34:58 +0000 (09:34 +0200)] 
tie the weak DH warning to the very weak security parameter.

12 years agom4/hooks.m4: use enableval rather than fixed values.
Nikos Mavrogiannopoulos [Tue, 3 Jun 2014 11:48:32 +0000 (13:48 +0200)] 
m4/hooks.m4: use enableval rather than fixed values.

That should resolve issue #108592 at
http://savannah.gnu.org/support/?108592

12 years agohandshake: Prevent memory leak on invalid SSLv2 hello length.
Nikos Mavrogiannopoulos [Mon, 2 Jun 2014 13:01:45 +0000 (15:01 +0200)] 
handshake: Prevent memory leak on invalid SSLv2 hello length.

12 years agobumped version gnutls_3_3_4
Nikos Mavrogiannopoulos [Sat, 31 May 2014 08:29:30 +0000 (10:29 +0200)] 
bumped version

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 30 May 2014 17:35:01 +0000 (19:35 +0200)] 
doc update

12 years agomore files to ignore
Nikos Mavrogiannopoulos [Fri, 30 May 2014 13:53:19 +0000 (15:53 +0200)] 
more files to ignore

12 years agoUpdated asm sources
Nikos Mavrogiannopoulos [Fri, 30 May 2014 13:40:14 +0000 (15:40 +0200)] 
Updated asm sources

12 years agodoc update gnutls_3_3_3
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:43:32 +0000 (19:43 +0200)] 
doc update

12 years agoupdated windows makefile
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:37:40 +0000 (19:37 +0200)] 
updated windows makefile

12 years agoupdate files for gnutls_credentials_get()
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:32:44 +0000 (19:32 +0200)] 
update files for gnutls_credentials_get()

12 years agobumped version
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:15:47 +0000 (19:15 +0200)] 
bumped version

12 years agoAdded test for memory corruption issue in server hello.
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:11:54 +0000 (19:11 +0200)] 
Added test for memory corruption issue in server hello.

Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.

12 years agoupdated libtasn1
Nikos Mavrogiannopoulos [Sun, 25 May 2014 19:35:55 +0000 (21:35 +0200)] 
updated libtasn1

12 years agoavoid cleanup when there are no allocations in _gnutls_x509_der_encode().
Nikos Mavrogiannopoulos [Sun, 25 May 2014 18:31:55 +0000 (20:31 +0200)] 
avoid cleanup when there are no allocations in _gnutls_x509_der_encode().

12 years agocleanup resources on _gnutls_ecc_ansi_x963_export() failure.
Nikos Mavrogiannopoulos [Sun, 25 May 2014 12:32:35 +0000 (14:32 +0200)] 
cleanup resources on _gnutls_ecc_ansi_x963_export() failure.

12 years agoAdded the --print-cert option to gnutls-serv.
Nikos Mavrogiannopoulos [Sun, 25 May 2014 08:53:12 +0000 (10:53 +0200)] 
Added the --print-cert option to gnutls-serv.

12 years agocerttool: correct size calculation when loading privkey
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:52:18 +0000 (20:52 +0200)] 
certtool: correct size calculation when loading privkey

12 years agore-indented messy table.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:11:06 +0000 (20:11 +0200)] 
re-indented messy table.

12 years agoRemoved unused function.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:06:54 +0000 (20:06 +0200)] 
Removed unused function.

12 years agodocument the symbol version bump needed in a .so version bump.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 14:37:22 +0000 (16:37 +0200)] 
document the symbol version bump needed in a .so version bump.

12 years agoPrevent memory corruption due to server hello parsing.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 17:50:31 +0000 (19:50 +0200)] 
Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.

12 years agoonly try to copy session ID if there is a session ID.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 16:47:52 +0000 (18:47 +0200)] 
only try to copy session ID if there is a session ID.