]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:52:32 +0000 (15:52 +0200)]
certtool: document that URLs are supported
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:50:59 +0000 (15:50 +0200)]
p11tool: document GNUTLS_SO_PIN env variable
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:39:48 +0000 (15:39 +0200)]
tests: improved testpkcs11 suite
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:17:38 +0000 (15:17 +0200)]
gnutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys)
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 12:36:30 +0000 (14:36 +0200)]
p11tool/certtool: use GNUTLS_SO_PIN for reading security officer's PIN
Nikos Mavrogiannopoulos [Tue, 1 Jul 2014 13:37:56 +0000 (15:37 +0200)]
p11tool: added options --set-pin and --set-so-pin
These allow for an non-interactive --initialize process.
Nikos Mavrogiannopoulos [Mon, 30 Jun 2014 20:53:04 +0000 (22:53 +0200)]
Added explicit documentation on IPv4 and IPv6 address matching.
Nikos Mavrogiannopoulos [Sun, 29 Jun 2014 11:18:32 +0000 (13:18 +0200)]
tests: long-session-id: ignore SIGPIPE
Nikos Mavrogiannopoulos [Sun, 29 Jun 2014 10:22:42 +0000 (12:22 +0200)]
doc: Added text on upgrading to 3.3.x from 3.2.x
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 15:36:45 +0000 (17:36 +0200)]
do not exit the loop in case a name doesn't fit into our buffer.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 15:34:49 +0000 (17:34 +0200)]
when verifying an IP, also verify it as a hostname
There are several misconfigured servers that placed their IP
as a DNS name. Pointed out by David Woodhouse.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:38:34 +0000 (11:38 +0200)]
supress warnings
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:34:02 +0000 (11:34 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:32:23 +0000 (11:32 +0200)]
check of inet_pton instead for AF_INET6
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:30:25 +0000 (11:30 +0200)]
Use inet_ntop() for printing IP addresses.
The old dumb code is used in systems that don't have that function.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:24:29 +0000 (11:24 +0200)]
tests: Added test cases for IPv4/6 matching.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 09:06:34 +0000 (11:06 +0200)]
gnutls_x509_crt_check_hostname() checks text ip addresses as well.
That aligns the documentation with the implementation. Reported by David Woodhouse.
Nikos Mavrogiannopoulos [Fri, 27 Jun 2014 07:08:18 +0000 (09:08 +0200)]
initialize str to NULL
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:41:09 +0000 (20:41 +0200)]
fixed documentation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:27:59 +0000 (20:27 +0200)]
tests: better replacement of LIBTOOL variable in scripts
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:27:38 +0000 (20:27 +0200)]
tests: ship certs/
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:16:19 +0000 (20:16 +0200)]
added new symbols
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 18:10:23 +0000 (20:10 +0200)]
bumped version
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 20:45:22 +0000 (22:45 +0200)]
gnutls-serv: removed the --print-cert option; the cert was anyway being printed.
Nikos Mavrogiannopoulos [Wed, 18 Jun 2014 20:08:08 +0000 (22:08 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 15:31:15 +0000 (17:31 +0200)]
corrected typo
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 12:25:40 +0000 (14:25 +0200)]
minitasn1: updated to version 4.0
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 12:22:16 +0000 (14:22 +0200)]
p11tool: updated documentation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 08:16:48 +0000 (10:16 +0200)]
p11tool: Warn when no --outfile has been specified on key generation
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:50:32 +0000 (09:50 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:48:34 +0000 (09:48 +0200)]
tests: Added new tests on PKCS #12 structure generation and decoding.
Nikos Mavrogiannopoulos [Thu, 26 Jun 2014 07:30:32 +0000 (09:30 +0200)]
certtool: allow specifying the friendly name on the command line and use the load-ca-certificate
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:54:47 +0000 (15:54 +0200)]
p11tool: warn in more operations if --login is not specified
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:46:57 +0000 (15:46 +0200)]
p11tool: No longer assume a default URL for operations.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 13:29:35 +0000 (15:29 +0200)]
p11tool: Do not allow a newline as PIN.
Nikos Mavrogiannopoulos [Wed, 25 Jun 2014 12:16:22 +0000 (14:16 +0200)]
pkcs11: avoid callig _gnutls_bin2hex() when length is zero.
Nikos Mavrogiannopoulos [Wed, 18 Jun 2014 13:11:28 +0000 (15:11 +0200)]
updated thanks file
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 23:30:42 +0000 (01:30 +0200)]
clarified license text
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 09:21:33 +0000 (11:21 +0200)]
gnutls-cli: Do not try to load the system CA trust if --insecure is specified.
Nikos Mavrogiannopoulos [Tue, 17 Jun 2014 08:28:36 +0000 (10:28 +0200)]
doc: more consistent use of pointer star.
Attila Molnar [Mon, 16 Jun 2014 18:57:37 +0000 (20:57 +0200)]
doc: Explain post-callback deallocation behavior for the SRP server callback
Signed-off-by: Attila Molnar <attilamolnar@hush.com>
Attila Molnar [Mon, 16 Jun 2014 18:56:03 +0000 (20:56 +0200)]
doc: Correct comment about ignoring certs in the SRP server example
Point readers to another example for a way to validate certificates in
both the SRP and the X.509 server example
Signed-off-by: Attila Molnar <attilamolnar@hush.com>
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 12:05:05 +0000 (14:05 +0200)]
gnutls_packet_get() was introduced to avoid exporting a structure on the API.
That change will allow exporting more info associated with a packet in the future.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 11:40:56 +0000 (13:40 +0200)]
treat the _gnutls_user_hello_func() output the same on resumed sessions.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:32:09 +0000 (11:32 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:30:13 +0000 (11:30 +0200)]
Test the return code of gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11 token.
Check whether the return code of gnutls_x509_trust_list_add_trust_file() is non-zero
when certificates are present.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:29:04 +0000 (11:29 +0200)]
gnutls_x509_trust_list_add_trust_file(): returns the number of certificates present when loading a PKCS #11 URL.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:28:11 +0000 (11:28 +0200)]
p11tool: Allow marking a certificate as a CA.
Nikos Mavrogiannopoulos [Mon, 16 Jun 2014 09:25:26 +0000 (11:25 +0200)]
Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.
That flag allows to mark a certificate in the token as a CA (category==CA)
Nikos Mavrogiannopoulos [Sun, 15 Jun 2014 20:52:13 +0000 (22:52 +0200)]
coding style: update the DCO text
Attila Molnar [Sun, 15 Jun 2014 15:42:28 +0000 (17:42 +0200)]
doc: Corrections for gnutls_handshake_set_hook_function()
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 15:13:29 +0000 (17:13 +0200)]
doc: updated text for the ALPN experimental protocols
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 15:10:56 +0000 (17:10 +0200)]
doc: Avoid listing the extensions as they are duplicated in the section index.
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:05:58 +0000 (16:05 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:05:39 +0000 (16:05 +0200)]
tests: Added check for the interrupted post client hello.
Nikos Mavrogiannopoulos [Mon, 9 Jun 2014 14:03:29 +0000 (16:03 +0200)]
handshake: Allow the post client hello callback to put the handshake on hold
That is, when the callback returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED the
handshake will return GNUTLS_E_INTERRUPTED, and can be resumed when needed.
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:13:13 +0000 (16:13 +0200)]
use the new API for receiving data
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:24:45 +0000 (16:24 +0200)]
Adapted test to check gnutls_record_recv_packet().
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 14:16:33 +0000 (16:16 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 13:48:55 +0000 (15:48 +0200)]
Added gnutls_record_recv_packet() and gnutls_packet_deinit()
These functions allow for a faster variant of gnutls_record_recv(),
i.e., a variant that eliminates the data memcpy().
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 12:59:49 +0000 (14:59 +0200)]
gnutls-cli-debug: Use proper HTTP request
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 08:15:11 +0000 (10:15 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 6 Jun 2014 08:13:19 +0000 (10:13 +0200)]
When decoding of a DN string fails, treat it as unknown string and print its hex value.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:45:20 +0000 (16:45 +0200)]
Print errors but avoid being verbose on stderr
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:44:58 +0000 (16:44 +0200)]
certtool: avoid sizeof() on lbuffer
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:41:22 +0000 (16:41 +0200)]
certtool: ensure that allocated buffer has a minimum size of 64kb.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:35:17 +0000 (16:35 +0200)]
certtool: Added option --stdout-info
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:16:24 +0000 (16:16 +0200)]
initialize iterator.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:07:36 +0000 (16:07 +0200)]
corrected the allocation size for CRL iterator.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 14:03:01 +0000 (16:03 +0200)]
Added test for CRL decoding.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 08:50:11 +0000 (10:50 +0200)]
Made gnutls_x509_crl_iter_crt_serial() thread-safe by making the iterator explicit.
Nikos Mavrogiannopoulos [Thu, 5 Jun 2014 07:13:39 +0000 (09:13 +0200)]
Pass the LIBTOOL variable into test scripts
That allows using the detected libtool in scripts.
That corrects an issue on OS X systems that ship a
different libtool. Reported by Daniel E. Macks.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 13:21:25 +0000 (15:21 +0200)]
renamed gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 16:21:24 +0000 (18:21 +0200)]
define NN_HASH unconditionally
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 12:58:48 +0000 (14:58 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 12:55:28 +0000 (14:55 +0200)]
Added gnutls_x509_crl_get_crt_serial2(), a faster variant of gnutls_x509_crl_get_crt_serial().
The new function caches pointers to allow working faster in CRL structures with
lots of entries (e.g., 50000+ entries).
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 09:26:20 +0000 (11:26 +0200)]
certtool: When an external file is used increase out maximum buffer accordingly.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 08:55:41 +0000 (10:55 +0200)]
Abort printing on error.
Nikos Mavrogiannopoulos [Wed, 4 Jun 2014 07:34:58 +0000 (09:34 +0200)]
tie the weak DH warning to the very weak security parameter.
Nikos Mavrogiannopoulos [Tue, 3 Jun 2014 11:48:32 +0000 (13:48 +0200)]
m4/hooks.m4: use enableval rather than fixed values.
That should resolve issue #108592 at
http://savannah.gnu.org/support/?108592
Nikos Mavrogiannopoulos [Mon, 2 Jun 2014 13:01:45 +0000 (15:01 +0200)]
handshake: Prevent memory leak on invalid SSLv2 hello length.
Nikos Mavrogiannopoulos [Sat, 31 May 2014 08:29:30 +0000 (10:29 +0200)]
bumped version
Nikos Mavrogiannopoulos [Fri, 30 May 2014 17:35:01 +0000 (19:35 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 30 May 2014 13:53:19 +0000 (15:53 +0200)]
more files to ignore
Nikos Mavrogiannopoulos [Fri, 30 May 2014 13:40:14 +0000 (15:40 +0200)]
Updated asm sources
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:43:32 +0000 (19:43 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:37:40 +0000 (19:37 +0200)]
updated windows makefile
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:32:44 +0000 (19:32 +0200)]
update files for gnutls_credentials_get()
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:15:47 +0000 (19:15 +0200)]
bumped version
Nikos Mavrogiannopoulos [Thu, 29 May 2014 17:11:54 +0000 (19:11 +0200)]
Added test for memory corruption issue in server hello.
Related to the
688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
Nikos Mavrogiannopoulos [Sun, 25 May 2014 19:35:55 +0000 (21:35 +0200)]
updated libtasn1
Nikos Mavrogiannopoulos [Sun, 25 May 2014 18:31:55 +0000 (20:31 +0200)]
avoid cleanup when there are no allocations in _gnutls_x509_der_encode().
Nikos Mavrogiannopoulos [Sun, 25 May 2014 12:32:35 +0000 (14:32 +0200)]
cleanup resources on _gnutls_ecc_ansi_x963_export() failure.
Nikos Mavrogiannopoulos [Sun, 25 May 2014 08:53:12 +0000 (10:53 +0200)]
Added the --print-cert option to gnutls-serv.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:52:18 +0000 (20:52 +0200)]
certtool: correct size calculation when loading privkey
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:11:06 +0000 (20:11 +0200)]
re-indented messy table.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 18:06:54 +0000 (20:06 +0200)]
Removed unused function.
Nikos Mavrogiannopoulos [Sat, 24 May 2014 14:37:22 +0000 (16:37 +0200)]
document the symbol version bump needed in a .so version bump.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 17:50:31 +0000 (19:50 +0200)]
Prevent memory corruption due to server hello parsing.
Issue discovered by Joonas Kuorilehto of Codenomicon.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 16:47:52 +0000 (18:47 +0200)]
only try to copy session ID if there is a session ID.