]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 29 May 2014 15:15:02 +0000 (17:15 +0200)] 
doc update

12 years agoFix capitalisation of ia5String
Kurt Roeckx [Thu, 29 May 2014 08:25:01 +0000 (10:25 +0200)] 
Fix capitalisation of ia5String

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
12 years agoincreased the maximum certificate size buffer in the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 29 May 2014 14:20:59 +0000 (16:20 +0200)] 
increased the maximum certificate size buffer in the PKCS #11 subsystem.

12 years agore-enabled config path discovery code, and check the return code of getpwuid_r().
Nikos Mavrogiannopoulos [Thu, 29 May 2014 07:22:01 +0000 (09:22 +0200)] 
re-enabled config path discovery code, and check the return code of getpwuid_r().

Reported by Viktor Dukhovni.

12 years agodoc update
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:38:25 +0000 (16:38 +0200)] 
doc update

12 years agognutls-cli's benchmark-soft-ciphers is no more.
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:36:58 +0000 (16:36 +0200)] 
gnutls-cli's benchmark-soft-ciphers is no more.

It could not be emulated with the new library.

12 years agoremoved old check for nettle
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:33:02 +0000 (16:33 +0200)] 
removed old check for nettle

12 years agosafe_memset: allow memset of zero bytes.
Nikos Mavrogiannopoulos [Tue, 27 May 2014 13:47:43 +0000 (15:47 +0200)] 
safe_memset: allow memset of zero bytes.

12 years agoFix unused variable warning without PKCS#11 support.
Hani Benhabiles [Mon, 26 May 2014 23:17:16 +0000 (00:17 +0100)] 
Fix unused variable warning without PKCS#11 support.

Signed-off-by: Hani Benhabiles <hani@linux.com>
12 years agoocsptool: Include path in ocsp request.
Nikos Mavrogiannopoulos [Mon, 26 May 2014 15:18:44 +0000 (17:18 +0200)] 
ocsptool: Include path in ocsp request.

This resolves #108582 (https://savannah.gnu.org/support/?108582), reported
by Matt McCutchen.

12 years ago_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error instead of negative.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 06:22:04 +0000 (08:22 +0200)] 
_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error instead of negative.

12 years agoAllow wildcard comparison of options.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 14:05:12 +0000 (16:05 +0200)] 
Allow wildcard comparison of options.

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:35:23 +0000 (13:35 +0200)] 
doc update

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:03:52 +0000 (13:03 +0200)] 
doc update

12 years agocerttool: Warn when invalid configuration options are set into a template.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:02:19 +0000 (13:02 +0200)] 
certtool: Warn when invalid configuration options are set into a template.

12 years agoDo not allow null strings to be read from ASN.1 structures.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 18:43:24 +0000 (20:43 +0200)] 
Do not allow null strings to be read from ASN.1 structures.

This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.

12 years agoremoved redundant null termination
Nikos Mavrogiannopoulos [Thu, 22 May 2014 18:37:50 +0000 (20:37 +0200)] 
removed redundant null termination

12 years agoremoved _gnutls prefix from static functions.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:58:28 +0000 (17:58 +0200)] 
removed _gnutls prefix from static functions.

12 years agoDo not call the user_hello_func multiple times when performing ticket resumption.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:36:46 +0000 (17:36 +0200)] 
Do not call the user_hello_func multiple times when performing ticket resumption.

12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:26:49 +0000 (17:26 +0200)] 
doc update

12 years agognutls_x509_crt_get_extension_data: will return zero if data is NULL and memory buffe...
Nikos Mavrogiannopoulos [Thu, 22 May 2014 11:35:22 +0000 (13:35 +0200)] 
gnutls_x509_crt_get_extension_data: will return zero if data is NULL and memory buffer size is not sufficient.

12 years agoWhen assigning the TLS version, double check that it is valid.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 07:21:20 +0000 (09:21 +0200)] 
When assigning the TLS version, double check that it is valid.

12 years agoPrevent a crash by ensuring that there is a valid negotiated version.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 07:12:37 +0000 (09:12 +0200)] 
Prevent a crash by ensuring that there is a valid negotiated version.

Issue discovered by Joonas Kuorilehto of Codenomicon.

12 years agoAdded aliases for unit and organization.
Nikos Mavrogiannopoulos [Tue, 20 May 2014 19:53:51 +0000 (21:53 +0200)] 
Added aliases for unit and organization.

12 years agouse a signed value for bits.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 09:57:11 +0000 (11:57 +0200)] 
use a signed value for bits.

12 years agodoc update
Nikos Mavrogiannopoulos [Tue, 20 May 2014 12:43:36 +0000 (14:43 +0200)] 
doc update

12 years agocerttool: allow multiple organizations and organizational unit names to be specified...
Nikos Mavrogiannopoulos [Tue, 20 May 2014 12:40:37 +0000 (14:40 +0200)] 
certtool: allow multiple organizations and organizational unit names to be specified in a template.

12 years agoincreased the number of allowed elements in a priority string.
Nikos Mavrogiannopoulos [Mon, 19 May 2014 10:49:24 +0000 (12:49 +0200)] 
increased the number of allowed elements in a priority string.

12 years agosimplify break_comma_list().
Nikos Mavrogiannopoulos [Mon, 19 May 2014 10:48:28 +0000 (12:48 +0200)] 
simplify break_comma_list().

12 years agognutls_x509_crt_get_signature() will use the internal _gnutls_x509_get_signature().
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:46:24 +0000 (09:46 +0200)] 
gnutls_x509_crt_get_signature() will use the internal _gnutls_x509_get_signature().

That prevents unnecessary replication of its code.

12 years agomore sanity checks on signature size
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:40:00 +0000 (09:40 +0200)] 
more sanity checks on signature size

12 years agotools: Replace normal sec-param with medium in documentation.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:25:40 +0000 (09:25 +0200)] 
tools: Replace normal sec-param with medium in documentation.

12 years agoinvoke-*.texi generation: do not print the bug reports line from autogen.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:24:02 +0000 (09:24 +0200)] 
invoke-*.texi generation: do not print the bug reports line from autogen.

12 years agodoc update
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:59:52 +0000 (08:59 +0200)] 
doc update

12 years agodo not yet export gnutls_memset().
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:44:02 +0000 (08:44 +0200)] 
do not yet export gnutls_memset().

12 years agomore files to ignore
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:43:40 +0000 (08:43 +0200)] 
more files to ignore

12 years agotests/slow: add -I flags necessary for out-of-source builds.
Michał Górny [Thu, 15 May 2014 21:53:17 +0000 (23:53 +0200)] 
tests/slow: add -I flags necessary for out-of-source builds.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12 years agotests: pass PKCS12PATH to fix tests in out-of-source builds.
Michał Górny [Thu, 15 May 2014 21:46:03 +0000 (23:46 +0200)] 
tests: pass PKCS12PATH to fix tests in out-of-source builds.

The set_pkcs12_cred used to default to looking for input files in a
subdirectory of the current working directory. When an out-of-source
build is performed, the files reside in a subdirectory of source
directory instead. Set PKCS12PATH to that directory in order to fix the
build.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12 years agochanged port of DSA test
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:50:01 +0000 (00:50 +0200)] 
changed port of DSA test

12 years agognutls_x509_crt_get_signature() will return the correct signature size rather than...
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:26:25 +0000 (00:26 +0200)] 
gnutls_x509_crt_get_signature() will return the correct signature size rather than the max.

12 years agoPrint the openpgp DN only when gnutls_openpgp_crt_get_name() failed appropriately.
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:36:49 +0000 (00:36 +0200)] 
Print the openpgp DN only when gnutls_openpgp_crt_get_name() failed appropriately.

12 years agoinitialize string in gnutls_x509_ext_import_basic_constraints().
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:28:45 +0000 (00:28 +0200)] 
initialize string in gnutls_x509_ext_import_basic_constraints().

12 years agocorrected error checking in gnutls_x509_crt_get_extension_data()
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:28:23 +0000 (00:28 +0200)] 
corrected error checking in gnutls_x509_crt_get_extension_data()

12 years agoAllow null list_size argument in gnutls_certificate_get_peers()
Nikos Mavrogiannopoulos [Fri, 16 May 2014 05:09:45 +0000 (07:09 +0200)] 
Allow null list_size argument in gnutls_certificate_get_peers()

12 years agocertificate verification is performed asynchronously.
Nikos Mavrogiannopoulos [Fri, 16 May 2014 05:03:44 +0000 (07:03 +0200)] 
certificate verification is performed asynchronously.

12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 15 May 2014 16:15:29 +0000 (18:15 +0200)] 
doc update

12 years agoenhanced the danetool usage instructions.
Nikos Mavrogiannopoulos [Thu, 15 May 2014 12:22:42 +0000 (14:22 +0200)] 
enhanced the danetool usage instructions.

12 years agoDo not use autogen's file option for input parameters.
Nikos Mavrogiannopoulos [Thu, 15 May 2014 12:01:56 +0000 (14:01 +0200)] 
Do not use autogen's file option for input parameters.

Instead use a string. We check the file for validity and autogen's
check was imposing rules such as normal file (as opposed to a device),
that were not needed.

12 years agocerttool: check for null prior to checking for empty passwd
Nikos Mavrogiannopoulos [Wed, 14 May 2014 19:59:17 +0000 (21:59 +0200)] 
certtool: check for null prior to checking for empty passwd

12 years agocleanup in the initialization of ECDH parameters.
Nikos Mavrogiannopoulos [Sun, 11 May 2014 11:05:46 +0000 (13:05 +0200)] 
cleanup in the initialization of ECDH parameters.

12 years agoEliminated memory leak on failed curve assignment.
Nikos Mavrogiannopoulos [Wed, 14 May 2014 13:47:48 +0000 (15:47 +0200)] 
Eliminated memory leak on failed curve assignment.

The memory leak was uncovered by the Codenomicon TLS suite.

12 years agognutls-cli: if dane verification is used but not PKIX only check the end certificate.
Nikos Mavrogiannopoulos [Tue, 13 May 2014 07:52:22 +0000 (09:52 +0200)] 
gnutls-cli: if dane verification is used but not PKIX only check the end certificate.

12 years agodoc update
Nikos Mavrogiannopoulos [Tue, 13 May 2014 07:51:46 +0000 (09:51 +0200)] 
doc update

12 years agouse gnutls_set_default_priority() in examples.
Nikos Mavrogiannopoulos [Sun, 11 May 2014 07:52:17 +0000 (09:52 +0200)] 
use gnutls_set_default_priority() in examples.

12 years agodoc update
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:06:29 +0000 (14:06 +0200)] 
doc update

12 years agoRevert "Added dane_verify_crt_raw2() which allows verifying against the certificate...
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:05:02 +0000 (14:05 +0200)] 
Revert "Added dane_verify_crt_raw2() which allows verifying against the certificate name."

This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.

12 years agoRevert "corrected prototypes for dane_verify_crt_raw2()."
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:04:56 +0000 (14:04 +0200)] 
Revert "corrected prototypes for dane_verify_crt_raw2()."

This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.

12 years agocorrected prototypes for dane_verify_crt_raw2().
Nikos Mavrogiannopoulos [Sat, 10 May 2014 11:45:45 +0000 (13:45 +0200)] 
corrected prototypes for dane_verify_crt_raw2().

12 years agoexport gnutls_memset().
Nikos Mavrogiannopoulos [Sat, 10 May 2014 11:41:32 +0000 (13:41 +0200)] 
export gnutls_memset().

12 years agodoc update
Nikos Mavrogiannopoulos [Sat, 10 May 2014 10:03:08 +0000 (12:03 +0200)] 
doc update

12 years agoAdded dane_verify_crt_raw2() which allows verifying against the certificate name.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 10:02:18 +0000 (12:02 +0200)] 
Added dane_verify_crt_raw2() which allows verifying against the certificate name.

12 years agoImproved dane_verify_session_crt(), which now attempts to create a full chain.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:31:14 +0000 (11:31 +0200)] 
Improved dane_verify_session_crt(), which now attempts to create a full chain.

This addresses points from https://savannah.gnu.org/support/index.php?108552

12 years agoremoved legacy code.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:25:32 +0000 (11:25 +0200)] 
removed legacy code.

12 years agoAdded gnutls_credentials_get().
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:18:21 +0000 (11:18 +0200)] 
Added gnutls_credentials_get().

12 years agoAdded gnutls-serv option --verify-client-cert.
Nikos Mavrogiannopoulos [Fri, 9 May 2014 18:07:36 +0000 (20:07 +0200)] 
Added gnutls-serv option --verify-client-cert.

That option allows forcing verification of the provided certificate
even if it is not required to present one. In that case the connection
will be closed with a fatal alert.

12 years agoAddressed memory leak in status request extension handling during rehandshake.
Nikos Mavrogiannopoulos [Fri, 9 May 2014 17:51:37 +0000 (19:51 +0200)] 
Addressed memory leak in status request extension handling during rehandshake.

The memory leak was uncovered by the Codenomicon TLS suite.

12 years agoAddressed memory leaks in DHE and ECDHE rehandshakes.
Nikos Mavrogiannopoulos [Fri, 9 May 2014 17:50:57 +0000 (19:50 +0200)] 
Addressed memory leaks in DHE and ECDHE rehandshakes.

The memory leak was uncovered by the Codenomicon TLS suite.

12 years agoupdated cross compilation Makefile.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 21:33:08 +0000 (23:33 +0200)] 
updated cross compilation Makefile.

12 years agoAvoid memory leak in safe renegotiation extension handling.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 17:46:51 +0000 (19:46 +0200)] 
Avoid memory leak in safe renegotiation extension handling.

The memory leak was uncovered by the Codenomicon TLS suite.

12 years agoSmall cleanups in packet receive as well as a memory leak error.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 14:59:21 +0000 (16:59 +0200)] 
Small cleanups in packet receive as well as a memory leak error.

The memory leak was uncovered by the Codenomicon TLS suite.

12 years agodoc update
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:37:15 +0000 (07:37 +0200)] 
doc update

12 years agodoc update
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:35:40 +0000 (07:35 +0200)] 
doc update

12 years agoupdated documentation on library initialization to reflex the changes in 3.3.0.
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:33:46 +0000 (07:33 +0200)] 
updated documentation on library initialization to reflex the changes in 3.3.0.

12 years agore-enabled gnutls_global_set_mutex().
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:24:03 +0000 (07:24 +0200)] 
re-enabled gnutls_global_set_mutex().

12 years agoDo not run autogen twice to generate the header files.
Nikos Mavrogiannopoulos [Tue, 6 May 2014 20:05:56 +0000 (22:05 +0200)] 
Do not run autogen twice to generate the header files.

12 years agoShip suppressions.valgrind gnutls_3_3_2
Nikos Mavrogiannopoulos [Tue, 6 May 2014 19:32:45 +0000 (21:32 +0200)] 
Ship suppressions.valgrind

12 years agobumped version
Nikos Mavrogiannopoulos [Tue, 6 May 2014 19:06:51 +0000 (21:06 +0200)] 
bumped version

12 years agoEnsure that there is no remainders in the TLS handshake packets.
Nikos Mavrogiannopoulos [Mon, 5 May 2014 17:19:12 +0000 (19:19 +0200)] 
Ensure that there is no remainders in the TLS handshake packets.

The issue was discovered using the codenomicon TLS suite.

12 years agoAccount the length byte in SRP extension.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 21:39:48 +0000 (23:39 +0200)] 
Account the length byte in SRP extension.

Issue identified using valgrind and the Codenomicon TLS test suite.

12 years agodoc update
Nikos Mavrogiannopoulos [Sun, 4 May 2014 20:05:58 +0000 (22:05 +0200)] 
doc update

12 years agoDo not set "NORMAL" as default priority string.
Nikos Mavrogiannopoulos [Mon, 5 May 2014 12:22:42 +0000 (14:22 +0200)] 
Do not set "NORMAL" as default priority string.

That is, allow the library to select the appropriate default.

12 years agofixed typo
Nikos Mavrogiannopoulos [Mon, 5 May 2014 11:23:53 +0000 (13:23 +0200)] 
fixed typo

12 years agoAdded the 'very weak' certificate verification profile.
Nikos Mavrogiannopoulos [Mon, 5 May 2014 09:58:25 +0000 (11:58 +0200)] 
Added the 'very weak' certificate verification profile.

This profile corresponds to a 64-bit security level (e.g., RSA
parameters of 768 bits).

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 5 May 2014 09:45:01 +0000 (11:45 +0200)] 
doc update

12 years agotest ECC keys were upgraded to secp256r1
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:58:33 +0000 (13:58 +0200)] 
test ECC keys were upgraded to secp256r1

12 years agoWhen generating ECDSA keys, generate 256-bit keys by default.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:54:58 +0000 (13:54 +0200)] 
When generating ECDSA keys, generate 256-bit keys by default.

Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
not widely supported.

12 years agoAdded ECDSA example keys.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:10:02 +0000 (13:10 +0200)] 
Added ECDSA example keys.

12 years agoCorrected an off-by-one error.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:52:25 +0000 (12:52 +0200)] 
Corrected an off-by-one error.

The issue was discovered using the codenomicon TLS suite.

12 years agodoc update
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:43:42 +0000 (12:43 +0200)] 
doc update

12 years agoinitialize to null the SRP extension data on allocation.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:35:52 +0000 (12:35 +0200)] 
initialize to null the SRP extension data on allocation.

Issue identified using valgrind and the Codenomicon TLS test suite.

12 years agoModified the testrng for Debian's dieharder.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:31:46 +0000 (12:31 +0200)] 
Modified the testrng for Debian's dieharder.

12 years agoBetter check for null signature method.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:19:33 +0000 (12:19 +0200)] 
Better check for null signature method.

Issue identified using valgrind and the Codenomicon TLS test suite.

12 years agoMore precise packet length checking.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:18:41 +0000 (12:18 +0200)] 
More precise packet length checking.

Issue discovered using valgrind and the Codenomicon TLS test suite.

12 years agoEliminated password file descriptor leak.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:17:34 +0000 (12:17 +0200)] 
Eliminated password file descriptor leak.

Issue discovered using codenomicon TLS test suite.

12 years agoAdded a timeout to close inactive sessions.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 08:49:13 +0000 (10:49 +0200)] 
Added a timeout to close inactive sessions.

12 years agodoc update
Nikos Mavrogiannopoulos [Sat, 3 May 2014 19:08:11 +0000 (21:08 +0200)] 
doc update

12 years agodoc update
Nikos Mavrogiannopoulos [Sat, 3 May 2014 18:54:50 +0000 (20:54 +0200)] 
doc update

12 years agoSend the appropriate alert when a certificate is required but not present.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 08:08:40 +0000 (10:08 +0200)] 
Send the appropriate alert when a certificate is required but not present.

12 years agouse __sun definition to detect solaris.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:50:21 +0000 (08:50 +0200)] 
use __sun definition to detect solaris.

12 years agoCleaned up server process.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:44:45 +0000 (08:44 +0200)] 
Cleaned up server process.

This eliminates an infinate loop triggered by unexpected client disconnections.