]> git.ipfire.org Git - thirdparty/gnutls.git/commit
projects / thirdparty / gnutls.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee3af8d) | patch
priority: support allowlisting in configuration file
authorDaiki Ueno <ueno@gnu.org>
Thu, 6 May 2021 10:41:40 +0000 (12:41 +0200)
committerDaiki Ueno <ueno@gnu.org>
Mon, 29 Nov 2021 12:21:53 +0000 (13:21 +0100)
commit0ecce7191dfd78387f2994253d37ed1df50d563d
treefb1d66e9329cdad3ef617c02b96c77aca1c8dd3etree | snapshot
parentee3af8d6e863bd958cbe7468f9cbe09d803f4e92commit | diff
priority: support allowlisting in configuration file

This adds a new mode of interpreting the [overrides] section.  If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled.  Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
22 files changed:
NEWS diff | blob | blame | history
devel/libgnutls.abignore diff | blob | blame | history
devel/symbols.last diff | blob | blame | history
doc/Makefile.am diff | blob | blame | history
doc/cha-config.texi diff | blob | blame | history
doc/manpages/Makefile.am diff | blob | blame | history
lib/algorithms.h diff | blob | blame | history
lib/algorithms/ecc.c diff | blob | blame | history
lib/algorithms/groups.c diff | blob | blame | history
lib/algorithms/mac.c diff | blob | blame | history
lib/algorithms/protocols.c diff | blob | blame | history
lib/algorithms/sign.c diff | blob | blame | history
lib/gnutls_int.h diff | blob | blame | history
lib/includes/gnutls/gnutls.h.in diff | blob | blame | history
lib/libgnutls.map diff | blob | blame | history
lib/priority.c diff | blob | blame | history
tests/Makefile.am diff | blob | blame | history
tests/system-override-curves-allowlist.sh [new file with mode: 0755] blob
tests/system-override-hash-allowlist.sh [new file with mode: 0755] blob
tests/system-override-sig-allowlist.sh [new file with mode: 0755] blob
tests/system-override-special-allowlist.sh [new file with mode: 0755] blob
tests/system-override-versions-allowlist.sh [new file with mode: 0755] blob
Mirror of https://gitlab.com/gnutls/gnutls.git