summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Generated.gnutls_2_10_4Simon Josefsson2010-12-061-0/+103
|
* Version 2.10.4.Simon Josefsson2010-12-061-1/+1
|
* minitasn1: Updated to Libtasn1 2.9.Simon Josefsson2010-12-065-68/+33
|
* Bump versions.Simon Josefsson2010-12-063-3/+3
|
* Use ASN1_NULL when writing parameters for RSA signatures. This makes us ↵Nikos Mavrogiannopoulos2010-12-056-4/+14
| | | | comply with RFC3279. Reported by Michael Rommel.
* Corrected buffer overflow in gnutls-serv by Tomas Mraz.Nikos Mavrogiannopoulos2010-12-052-26/+22
| | | | | | | | | | | | | The gnutls-serv uses fixed allocated buffer for the response which can be pretty long if a client certificate is presented to it and the http header is large. This causes buffer overflow and heap corruption which then leads to random segfaults or aborts. It was reported originally here: https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to snprintf so the buffer is never overflowed.
* Reverted default behavior for verification and introduced ↵Nikos Mavrogiannopoulos2010-11-267-23/+25
| | | | | | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
* Fix dependencies, fixes parallel builds.Simon Josefsson2010-11-231-1/+1
| | | | Tiny patch from Graham Gower <graham.gower@gmail.com>.
* corrected newsNikos Mavrogiannopoulos2010-11-211-1/+1
|
* bumped versionNikos Mavrogiannopoulos2010-11-192-2/+2
|
* added infognutls_2_10_3Nikos Mavrogiannopoulos2010-11-161-0/+3
|
* Correctly write DSA public key in ASN.1 (add leading zero). Reported by ↵Nikos Mavrogiannopoulos2010-11-161-1/+1
| | | | Jeffrey Walton.
* Removed redundant error check. Reported by Nicolas Kaiser.Nikos Mavrogiannopoulos2010-11-111-8/+0
|
* Corrected leak in extension data calculation. Reported by Mike Blumenkrantz.Nikos Mavrogiannopoulos2010-11-032-0/+4
|
* Avoid bashism.Simon Josefsson2010-09-301-1/+1
| | | | | Reported by m.drochner@fz-juelich.de in <http://savannah.gnu.org/support/?107449>.
* Don't return from void functions.Simon Josefsson2010-09-301-2/+2
| | | | | Reported by Dagobert Michelsen <dam@opencsw.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
* Add.Simon Josefsson2010-09-301-0/+2
|
* Bump versions.Simon Josefsson2010-09-305-4/+9
|
* Remove spurious comma.Simon Josefsson2010-09-301-2/+2
|
* Remove spurious comma.Simon Josefsson2010-09-301-2/+2
|
* Generated.gnutls_2_10_2Simon Josefsson2010-09-301-0/+93
|
* Version 2.10.2.Simon Josefsson2010-09-301-1/+1
|
* Make pkcs8-decode test work on Windows.Simon Josefsson2010-09-302-1/+3
|
* Avoid double free.Nikos Mavrogiannopoulos2010-09-291-1/+0
|
* Add new extended key usage ipsecIKEMicah Anderson2010-09-297-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* removed invalid e-mail addressNikos Mavrogiannopoulos2010-09-271-1/+1
|
* Add.Simon Josefsson2010-09-261-0/+2
|
* Add.Simon Josefsson2010-09-261-5/+15
|
* No longer use is_fatal() during handshake. Explicitely treatNikos Mavrogiannopoulos2010-09-231-1/+6
| | | | | | EAGAIN and INTERRUPTED as non-fatal during handshake. If the check_fatal flag is set then GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
* fflush stdout and stderr before the call to setbuf. This fixes issue in ↵Nikos Mavrogiannopoulos2010-09-231-0/+3
| | | | solaris where lines dissappeared from output. Reported and suggested fix by Knut Anders Hatlen.
* Be liberal in the PEM decoding. That is spaces and tabs are being skipped.Nikos Mavrogiannopoulos2010-09-102-8/+7
|
* When the %COMPAT flag is specified, larger records that would otherwise ↵Nikos Mavrogiannopoulos2010-09-014-3/+9
| | | | violate the TLS spec, are accepted.
* Bump versions.Simon Josefsson2010-08-015-4/+7
|
* Update for 2.10.1.Simon Josefsson2010-08-011-440/+37
|
* Fix.Simon Josefsson2010-08-011-5/+5
|
* renamed NULL MAC to MAC-NULL to prevent clash with NULL cipher.Nikos Mavrogiannopoulos2010-07-262-1/+7
|
* Generated.gnutls_2_10_1Simon Josefsson2010-07-251-0/+90
|
* Typo.Simon Josefsson2010-07-251-1/+1
|
* Version 2.10.1.Simon Josefsson2010-07-251-1/+1
|
* Bump versions.Simon Josefsson2010-07-254-4/+4
|
* Add.Simon Josefsson2010-07-251-0/+3
|
* Add OID, from master branch. To make things build.Simon Josefsson2010-07-251-0/+1
|
* Indent code.Simon Josefsson2010-07-255-19/+21
|
* gnutls_x509_privkey_import() will fallback to ↵Nikos Mavrogiannopoulos2010-07-244-26/+27
| | | | gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to decode the key.
* use RSA-SHA1 as an indicator of RSA certificates.Nikos Mavrogiannopoulos2010-07-241-0/+1
|
* Added SIG_RSA_MD5_OID as an indicator of RSA. Some microsoft products were ↵Nikos Mavrogiannopoulos2010-07-212-0/+5
| | | | using it. Reported by Mads Kiilerich.
* gnutls-cli: Allow verification using V1 CAs.Nikos Mavrogiannopoulos2010-07-082-0/+3
|
* Warn when generating DSA keys of size more than 1024.Nikos Mavrogiannopoulos2010-07-052-3/+7
|
* Do not crash if input is redirected from /dev/null.Nikos Mavrogiannopoulos2010-07-051-0/+4
|
* Changed the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12Nikos Mavrogiannopoulos2010-07-055-52/+96
| | | | cipher with the --pkcs-cipher option.
View Lorry Controller Status