]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:08:35 +0000 (08:08 +0200)]
Added support for constructors and destructors in solaris CC.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 13:44:24 +0000 (15:44 +0200)]
Updated dieharder tests.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 13:22:26 +0000 (15:22 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 2 May 2014 12:51:50 +0000 (14:51 +0200)]
include header for self-test functions
Nikos Mavrogiannopoulos [Fri, 2 May 2014 08:06:33 +0000 (10:06 +0200)]
Allow testrng test to run with older versions of dieharder.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 07:10:49 +0000 (09:10 +0200)]
simplify casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 07:10:49 +0000 (09:10 +0200)]
simplify casting to mpz_t using __mpz_struct.
Nikos Mavrogiannopoulos [Thu, 1 May 2014 21:14:16 +0000 (23:14 +0200)]
updated included libtasn1.
Nikos Mavrogiannopoulos [Thu, 1 May 2014 14:17:00 +0000 (16:17 +0200)]
Do not return from void functions. Reported by dev [at] cor0.com.
Nikos Mavrogiannopoulos [Wed, 30 Apr 2014 07:40:35 +0000 (09:40 +0200)]
removed return from void function.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 21:14:34 +0000 (23:14 +0200)]
updated prng test
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 20:36:25 +0000 (22:36 +0200)]
Test the random generators in gnutls using the dieharder tool.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:22:31 +0000 (15:22 +0200)]
use different db file for pkcs11-get-issuer.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:16:25 +0000 (15:16 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:12:51 +0000 (15:12 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:06:24 +0000 (15:06 +0200)]
Added test to verify whether gnutls_x509_trust_list_get_issuer() operates correctly under PKCS #11 trust list.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:05:30 +0000 (15:05 +0200)]
gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS #11 trust list.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:00:21 +0000 (15:00 +0200)]
initialize the size value
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 12:45:56 +0000 (14:45 +0200)]
Include the correct header for the self tests functions
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:51:39 +0000 (11:51 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:49:25 +0000 (11:49 +0200)]
removed redundant code. Reported by David Binderman.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:28:28 +0000 (11:28 +0200)]
increased MAX_DATA_ENTRIES to 100.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:24:03 +0000 (11:24 +0200)]
rearranged code
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:17:04 +0000 (11:17 +0200)]
only fail DANE verification if status is non-zero
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:10:07 +0000 (11:10 +0200)]
Accept a certificate using DANE if there is at least one entry that matches the certificate.
This corrects the previous behavior that was rejecting the certificate if there
were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO
is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:50:22 +0000 (10:50 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:05:21 +0000 (10:05 +0200)]
Do not deinitialize in gnutls_global_deinit() if the call to gnutls_global_init() failed.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:00:28 +0000 (10:00 +0200)]
Alternative fix for the initialization of random generator. Reported by Martin Kletzander.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 07:56:10 +0000 (09:56 +0200)]
Revert "Avoid dual initialization of random generator. Reported by Martin Kletzander."
This reverts commit
43a71114dfdb6aa5c28a1378102a935c68951eed .
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 17:34:38 +0000 (19:34 +0200)]
x86.h was renamed to x86-common.h to avoid clashes with system headers.
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 17:31:27 +0000 (19:31 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 16:59:02 +0000 (18:59 +0200)]
Avoid dual initialization of random generator. Reported by Martin Kletzander.
Kurt Roeckx [Sat, 19 Apr 2014 17:46:18 +0000 (19:46 +0200)]
Test for the existance of the /etc/system-fips file
We don't read it, the existance of the file is enough to say in what
mode we are.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Kurt Roeckx [Sat, 19 Apr 2014 17:46:17 +0000 (19:46 +0200)]
Add _gnutls_fips_mode_enabled() return values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Andreas Metzler [Sat, 19 Apr 2014 18:07:26 +0000 (20:07 +0200)]
Typo fix: overriden -> overridden
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 16:02:45 +0000 (18:02 +0200)]
Use unsigned type for encode(). Based on suggestion by Shawn (sth0r2046 [at] gmail.com).
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 15:59:19 +0000 (17:59 +0200)]
tolerate NULL in strdup(). Patch by shawn (sth0r2046 [at] gmail.com).
Nikos Mavrogiannopoulos [Sat, 26 Apr 2014 09:47:11 +0000 (11:47 +0200)]
Allow exporting a CRL in DER format.
Nikos Mavrogiannopoulos [Fri, 25 Apr 2014 13:42:53 +0000 (15:42 +0200)]
cleaned up authors and thanks file.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:52:55 +0000 (18:52 +0200)]
More script tests run under valgrind
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:44:37 +0000 (18:44 +0200)]
Run scripts under valgrind.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:32:07 +0000 (18:32 +0200)]
Treat othername as printable (i.e., null terminate it), as the XMPP printing code assumes that.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:28:04 +0000 (18:28 +0200)]
cleanups in output
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 13:04:54 +0000 (15:04 +0200)]
do not override gnutls' allocation functions
That was not being done using the API, and overriding them
is no longer possible in 3.3.x.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 11:10:51 +0000 (13:10 +0200)]
relased 3.3.1
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 11:02:57 +0000 (13:02 +0200)]
changed port to allow parallelization
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:56:09 +0000 (12:56 +0200)]
gnutls_secure_malloc() is no longer part of the API (though it remains in the ABI).
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:51:20 +0000 (12:51 +0200)]
revived gnutls_secure_malloc() to avoid breaking ABI.
gnutls_secure_calloc() is no longer exported as it was never in any
public header.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:45:33 +0000 (12:45 +0200)]
removed file from Makefile that doesn't exist
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:21:45 +0000 (01:21 +0200)]
gnutls-cli will no longer allow the session to proceed if DANE verification fails.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:17:59 +0000 (01:17 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:15:57 +0000 (01:15 +0200)]
Added test certificate with multiple XMPP othername SAN fields.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:09:21 +0000 (01:09 +0200)]
Corrected decoding of XMPP SAN othername.
This also corrects the semantics of the get_*_othername_oid() functions,
such as gnutls_x509_crt_get_subject_alt_othername_oid().
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 21:34:57 +0000 (23:34 +0200)]
always initialize size values
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 21:11:25 +0000 (23:11 +0200)]
copy_string() and copy_data() are more resilient on null input
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 18:46:14 +0000 (20:46 +0200)]
increased server startup wait time.
That is because we now check for key/certificate match via a sign/verify
request that may take longer in some systems. Based on patch by Andreas
Metzler.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 14:37:42 +0000 (16:37 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 14:30:09 +0000 (16:30 +0200)]
fix issue in gnutls_subject_alt_names_get().
That caused a null pointer dereference when extracting names
from a certificate that contained an OtherName. Reported and
investigated by Kirill A. Shutemov.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 13:57:41 +0000 (15:57 +0200)]
Removed the already unused secure alloc functions.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 13:55:37 +0000 (15:55 +0200)]
Use a harder to optimize out memset().
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 12:53:33 +0000 (14:53 +0200)]
fix typo
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 12:41:24 +0000 (14:41 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 11:27:09 +0000 (13:27 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:36:24 +0000 (12:36 +0200)]
corrected get_auth_info() for SRP-RSA.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:18:01 +0000 (12:18 +0200)]
include hint into psk test.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:17:29 +0000 (12:17 +0200)]
Avoid dual generation of key.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:13:08 +0000 (12:13 +0200)]
Enable hint in the rsa-psk test.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:12:48 +0000 (12:12 +0200)]
use custom proc_server_kx for RSA-PSK
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:02:39 +0000 (12:02 +0200)]
eliminated the leak of hint when deallocating the credentials.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:57:23 +0000 (11:57 +0200)]
_gnutls_auth_info_set() will decide the replacing of auth info based on the provided credentials type.
This avoids issues with discrepances in server and client mode.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:25:47 +0000 (11:25 +0200)]
Made _gnutls_get_auth_info() safer to use.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:02:38 +0000 (11:02 +0200)]
Both DANE and PKI verification are advisory when --tofu is being used.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 08:44:27 +0000 (10:44 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 08:40:49 +0000 (10:40 +0200)]
When checking for data to be received use the 'transport_recv_ptr'
This affects cases where there is different send and recv pointers.
Reported and investigated by JMRecio.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:23:06 +0000 (21:23 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:19:14 +0000 (21:19 +0200)]
documentation update.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:18:08 +0000 (21:18 +0200)]
Do not print certificates twice.
That will improve the visibility of messages of the various verification methods.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:17:29 +0000 (21:17 +0200)]
Updated TOFU documentation. Suggested by Jens Lechtenboerger.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 15:46:38 +0000 (17:46 +0200)]
added newlines to p11tool error messages
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 14:47:36 +0000 (16:47 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 13:16:28 +0000 (15:16 +0200)]
corrected uninitialized value
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:36:51 +0000 (14:36 +0200)]
removed conditionally exported functions.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:27:10 +0000 (14:27 +0200)]
Added self check functions to self-test.h.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:12:49 +0000 (14:12 +0200)]
bumped versions
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 07:46:14 +0000 (09:46 +0200)]
use MAX_CHAIN definition to avoid overflow issues in the future
Nikos Mavrogiannopoulos [Wed, 16 Apr 2014 22:08:27 +0000 (00:08 +0200)]
increased the space available for certificates.
That avoids a crash in sparc64; reported by Andreas Metzler.
Nikos Mavrogiannopoulos [Wed, 16 Apr 2014 21:08:52 +0000 (23:08 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:07:30 +0000 (14:07 +0200)]
several bug fixes in certtool.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:03:08 +0000 (14:03 +0200)]
use the same cflags for included programs as with library.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:01:28 +0000 (14:01 +0200)]
Corrected dane_verify_crt() to not deinitialize any input state.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:58:05 +0000 (13:58 +0200)]
several bug fixes due to coverity.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:57:36 +0000 (13:57 +0200)]
several bug fixes due to coverity.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:35:10 +0000 (13:35 +0200)]
Corrected bugs reported from coverity in opencdk.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 09:56:06 +0000 (11:56 +0200)]
correctly check for message upper limit.
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 11:44:21 +0000 (13:44 +0200)]
Allow a null ca file; i.e., allow setting only CRLs in gnutls_x509_trust_list_add_trust_file().
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 09:54:53 +0000 (11:54 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 09:47:31 +0000 (11:47 +0200)]
Added the PFS priority string.
Nikos Mavrogiannopoulos [Sat, 12 Apr 2014 07:01:26 +0000 (09:01 +0200)]
corrected Peter's name!
Nikos Mavrogiannopoulos [Fri, 11 Apr 2014 13:05:41 +0000 (15:05 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 11 Apr 2014 12:55:08 +0000 (14:55 +0200)]
Added self tests for ECC PKCS #8 files.