]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Thu, 29 May 2014 15:15:02 +0000 (17:15 +0200)]
doc update
Kurt Roeckx [Thu, 29 May 2014 08:25:01 +0000 (10:25 +0200)]
Fix capitalisation of ia5String
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Thu, 29 May 2014 14:20:59 +0000 (16:20 +0200)]
increased the maximum certificate size buffer in the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 29 May 2014 07:22:01 +0000 (09:22 +0200)]
re-enabled config path discovery code, and check the return code of getpwuid_r().
Reported by Viktor Dukhovni.
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:38:25 +0000 (16:38 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:36:58 +0000 (16:36 +0200)]
gnutls-cli's benchmark-soft-ciphers is no more.
It could not be emulated with the new library.
Nikos Mavrogiannopoulos [Tue, 27 May 2014 14:33:02 +0000 (16:33 +0200)]
removed old check for nettle
Nikos Mavrogiannopoulos [Tue, 27 May 2014 13:47:43 +0000 (15:47 +0200)]
safe_memset: allow memset of zero bytes.
Hani Benhabiles [Mon, 26 May 2014 23:17:16 +0000 (00:17 +0100)]
Fix unused variable warning without PKCS#11 support.
Signed-off-by: Hani Benhabiles <hani@linux.com>
Nikos Mavrogiannopoulos [Mon, 26 May 2014 15:18:44 +0000 (17:18 +0200)]
ocsptool: Include path in ocsp request.
This resolves #108582 (https://savannah.gnu.org/support/?108582), reported
by Matt McCutchen.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 06:22:04 +0000 (08:22 +0200)]
_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error instead of negative.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 14:05:12 +0000 (16:05 +0200)]
Allow wildcard comparison of options.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:35:23 +0000 (13:35 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:03:52 +0000 (13:03 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 23 May 2014 11:02:19 +0000 (13:02 +0200)]
certtool: Warn when invalid configuration options are set into a template.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 18:43:24 +0000 (20:43 +0200)]
Do not allow null strings to be read from ASN.1 structures.
This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 18:37:50 +0000 (20:37 +0200)]
removed redundant null termination
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:58:28 +0000 (17:58 +0200)]
removed _gnutls prefix from static functions.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:36:46 +0000 (17:36 +0200)]
Do not call the user_hello_func multiple times when performing ticket resumption.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 15:26:49 +0000 (17:26 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 22 May 2014 11:35:22 +0000 (13:35 +0200)]
gnutls_x509_crt_get_extension_data: will return zero if data is NULL and memory buffer size is not sufficient.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 07:21:20 +0000 (09:21 +0200)]
When assigning the TLS version, double check that it is valid.
Nikos Mavrogiannopoulos [Thu, 22 May 2014 07:12:37 +0000 (09:12 +0200)]
Prevent a crash by ensuring that there is a valid negotiated version.
Issue discovered by Joonas Kuorilehto of Codenomicon.
Nikos Mavrogiannopoulos [Tue, 20 May 2014 19:53:51 +0000 (21:53 +0200)]
Added aliases for unit and organization.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 09:57:11 +0000 (11:57 +0200)]
use a signed value for bits.
Nikos Mavrogiannopoulos [Tue, 20 May 2014 12:43:36 +0000 (14:43 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 20 May 2014 12:40:37 +0000 (14:40 +0200)]
certtool: allow multiple organizations and organizational unit names to be specified in a template.
Nikos Mavrogiannopoulos [Mon, 19 May 2014 10:49:24 +0000 (12:49 +0200)]
increased the number of allowed elements in a priority string.
Nikos Mavrogiannopoulos [Mon, 19 May 2014 10:48:28 +0000 (12:48 +0200)]
simplify break_comma_list().
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:46:24 +0000 (09:46 +0200)]
gnutls_x509_crt_get_signature() will use the internal _gnutls_x509_get_signature().
That prevents unnecessary replication of its code.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:40:00 +0000 (09:40 +0200)]
more sanity checks on signature size
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:25:40 +0000 (09:25 +0200)]
tools: Replace normal sec-param with medium in documentation.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 07:24:02 +0000 (09:24 +0200)]
invoke-*.texi generation: do not print the bug reports line from autogen.
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:59:52 +0000 (08:59 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:44:02 +0000 (08:44 +0200)]
do not yet export gnutls_memset().
Nikos Mavrogiannopoulos [Sat, 17 May 2014 06:43:40 +0000 (08:43 +0200)]
more files to ignore
Michał Górny [Thu, 15 May 2014 21:53:17 +0000 (23:53 +0200)]
tests/slow: add -I flags necessary for out-of-source builds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Michał Górny [Thu, 15 May 2014 21:46:03 +0000 (23:46 +0200)]
tests: pass PKCS12PATH to fix tests in out-of-source builds.
The set_pkcs12_cred used to default to looking for input files in a
subdirectory of the current working directory. When an out-of-source
build is performed, the files reside in a subdirectory of source
directory instead. Set PKCS12PATH to that directory in order to fix the
build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:50:01 +0000 (00:50 +0200)]
changed port of DSA test
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:26:25 +0000 (00:26 +0200)]
gnutls_x509_crt_get_signature() will return the correct signature size rather than the max.
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:36:49 +0000 (00:36 +0200)]
Print the openpgp DN only when gnutls_openpgp_crt_get_name() failed appropriately.
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:28:45 +0000 (00:28 +0200)]
initialize string in gnutls_x509_ext_import_basic_constraints().
Nikos Mavrogiannopoulos [Fri, 16 May 2014 22:28:23 +0000 (00:28 +0200)]
corrected error checking in gnutls_x509_crt_get_extension_data()
Nikos Mavrogiannopoulos [Fri, 16 May 2014 05:09:45 +0000 (07:09 +0200)]
Allow null list_size argument in gnutls_certificate_get_peers()
Nikos Mavrogiannopoulos [Fri, 16 May 2014 05:03:44 +0000 (07:03 +0200)]
certificate verification is performed asynchronously.
Nikos Mavrogiannopoulos [Thu, 15 May 2014 16:15:29 +0000 (18:15 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 15 May 2014 12:22:42 +0000 (14:22 +0200)]
enhanced the danetool usage instructions.
Nikos Mavrogiannopoulos [Thu, 15 May 2014 12:01:56 +0000 (14:01 +0200)]
Do not use autogen's file option for input parameters.
Instead use a string. We check the file for validity and autogen's
check was imposing rules such as normal file (as opposed to a device),
that were not needed.
Nikos Mavrogiannopoulos [Wed, 14 May 2014 19:59:17 +0000 (21:59 +0200)]
certtool: check for null prior to checking for empty passwd
Nikos Mavrogiannopoulos [Sun, 11 May 2014 11:05:46 +0000 (13:05 +0200)]
cleanup in the initialization of ECDH parameters.
Nikos Mavrogiannopoulos [Wed, 14 May 2014 13:47:48 +0000 (15:47 +0200)]
Eliminated memory leak on failed curve assignment.
The memory leak was uncovered by the Codenomicon TLS suite.
Nikos Mavrogiannopoulos [Tue, 13 May 2014 07:52:22 +0000 (09:52 +0200)]
gnutls-cli: if dane verification is used but not PKIX only check the end certificate.
Nikos Mavrogiannopoulos [Tue, 13 May 2014 07:51:46 +0000 (09:51 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 11 May 2014 07:52:17 +0000 (09:52 +0200)]
use gnutls_set_default_priority() in examples.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:06:29 +0000 (14:06 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:05:02 +0000 (14:05 +0200)]
Revert "Added dane_verify_crt_raw2() which allows verifying against the certificate name."
This reverts commit
d19ac66361300aaf188bc69ae64d5fcd7e89b0f6 .
Nikos Mavrogiannopoulos [Sat, 10 May 2014 12:04:56 +0000 (14:04 +0200)]
Revert "corrected prototypes for dane_verify_crt_raw2()."
This reverts commit
b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3 .
Nikos Mavrogiannopoulos [Sat, 10 May 2014 11:45:45 +0000 (13:45 +0200)]
corrected prototypes for dane_verify_crt_raw2().
Nikos Mavrogiannopoulos [Sat, 10 May 2014 11:41:32 +0000 (13:41 +0200)]
export gnutls_memset().
Nikos Mavrogiannopoulos [Sat, 10 May 2014 10:03:08 +0000 (12:03 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 10 May 2014 10:02:18 +0000 (12:02 +0200)]
Added dane_verify_crt_raw2() which allows verifying against the certificate name.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:31:14 +0000 (11:31 +0200)]
Improved dane_verify_session_crt(), which now attempts to create a full chain.
This addresses points from https://savannah.gnu.org/support/index.php?108552
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:25:32 +0000 (11:25 +0200)]
removed legacy code.
Nikos Mavrogiannopoulos [Sat, 10 May 2014 09:18:21 +0000 (11:18 +0200)]
Added gnutls_credentials_get().
Nikos Mavrogiannopoulos [Fri, 9 May 2014 18:07:36 +0000 (20:07 +0200)]
Added gnutls-serv option --verify-client-cert.
That option allows forcing verification of the provided certificate
even if it is not required to present one. In that case the connection
will be closed with a fatal alert.
Nikos Mavrogiannopoulos [Fri, 9 May 2014 17:51:37 +0000 (19:51 +0200)]
Addressed memory leak in status request extension handling during rehandshake.
The memory leak was uncovered by the Codenomicon TLS suite.
Nikos Mavrogiannopoulos [Fri, 9 May 2014 17:50:57 +0000 (19:50 +0200)]
Addressed memory leaks in DHE and ECDHE rehandshakes.
The memory leak was uncovered by the Codenomicon TLS suite.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 21:33:08 +0000 (23:33 +0200)]
updated cross compilation Makefile.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 17:46:51 +0000 (19:46 +0200)]
Avoid memory leak in safe renegotiation extension handling.
The memory leak was uncovered by the Codenomicon TLS suite.
Nikos Mavrogiannopoulos [Thu, 8 May 2014 14:59:21 +0000 (16:59 +0200)]
Small cleanups in packet receive as well as a memory leak error.
The memory leak was uncovered by the Codenomicon TLS suite.
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:37:15 +0000 (07:37 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:35:40 +0000 (07:35 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:33:46 +0000 (07:33 +0200)]
updated documentation on library initialization to reflex the changes in 3.3.0.
Nikos Mavrogiannopoulos [Wed, 7 May 2014 05:24:03 +0000 (07:24 +0200)]
re-enabled gnutls_global_set_mutex().
Nikos Mavrogiannopoulos [Tue, 6 May 2014 20:05:56 +0000 (22:05 +0200)]
Do not run autogen twice to generate the header files.
Nikos Mavrogiannopoulos [Tue, 6 May 2014 19:32:45 +0000 (21:32 +0200)]
Ship suppressions.valgrind
Nikos Mavrogiannopoulos [Tue, 6 May 2014 19:06:51 +0000 (21:06 +0200)]
bumped version
Nikos Mavrogiannopoulos [Mon, 5 May 2014 17:19:12 +0000 (19:19 +0200)]
Ensure that there is no remainders in the TLS handshake packets.
The issue was discovered using the codenomicon TLS suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 21:39:48 +0000 (23:39 +0200)]
Account the length byte in SRP extension.
Issue identified using valgrind and the Codenomicon TLS test suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 20:05:58 +0000 (22:05 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 5 May 2014 12:22:42 +0000 (14:22 +0200)]
Do not set "NORMAL" as default priority string.
That is, allow the library to select the appropriate default.
Nikos Mavrogiannopoulos [Mon, 5 May 2014 11:23:53 +0000 (13:23 +0200)]
fixed typo
Nikos Mavrogiannopoulos [Mon, 5 May 2014 09:58:25 +0000 (11:58 +0200)]
Added the 'very weak' certificate verification profile.
This profile corresponds to a 64-bit security level (e.g., RSA
parameters of 768 bits).
Nikos Mavrogiannopoulos [Mon, 5 May 2014 09:45:01 +0000 (11:45 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:58:33 +0000 (13:58 +0200)]
test ECC keys were upgraded to secp256r1
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:54:58 +0000 (13:54 +0200)]
When generating ECDSA keys, generate 256-bit keys by default.
Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
not widely supported.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 11:10:02 +0000 (13:10 +0200)]
Added ECDSA example keys.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:52:25 +0000 (12:52 +0200)]
Corrected an off-by-one error.
The issue was discovered using the codenomicon TLS suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:43:42 +0000 (12:43 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:35:52 +0000 (12:35 +0200)]
initialize to null the SRP extension data on allocation.
Issue identified using valgrind and the Codenomicon TLS test suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:31:46 +0000 (12:31 +0200)]
Modified the testrng for Debian's dieharder.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:19:33 +0000 (12:19 +0200)]
Better check for null signature method.
Issue identified using valgrind and the Codenomicon TLS test suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:18:41 +0000 (12:18 +0200)]
More precise packet length checking.
Issue discovered using valgrind and the Codenomicon TLS test suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 10:17:34 +0000 (12:17 +0200)]
Eliminated password file descriptor leak.
Issue discovered using codenomicon TLS test suite.
Nikos Mavrogiannopoulos [Sun, 4 May 2014 08:49:13 +0000 (10:49 +0200)]
Added a timeout to close inactive sessions.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 19:08:11 +0000 (21:08 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 3 May 2014 18:54:50 +0000 (20:54 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 3 May 2014 08:08:40 +0000 (10:08 +0200)]
Send the appropriate alert when a certificate is required but not present.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:50:21 +0000 (08:50 +0200)]
use __sun definition to detect solaris.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:44:45 +0000 (08:44 +0200)]
Cleaned up server process.
This eliminates an infinate loop triggered by unexpected client disconnections.