Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | bumped versiongnutls_3_3_16 | Nikos Mavrogiannopoulos | 2015-07-12 | 3 | -3/+3 |
| | |||||
* | corrected function name | Nikos Mavrogiannopoulos | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-10 | 1 | -0/+2 |
| | |||||
* | PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites | Nikos Mavrogiannopoulos | 2015-07-10 | 1 | -10/+74 |
| | |||||
* | dumbfw: don't append a size prefix in the pad | Nikos Mavrogiannopoulos | 2015-07-09 | 1 | -4/+3 |
| | | | | Reported by Hannes Mehnert. | ||||
* | certtool --outder should not emit signature verification status | Daniel Kahn Gillmor | 2015-07-06 | 1 | -4/+6 |
| | | | | | | | | | When emitting binary-formatted output, send signature verification status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature verification to stderr, but that would change the text-formatted output. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-01 | 1 | -6/+6 |
| | |||||
* | DSA: the numeric number of bits returned from public key should depend on P ↵ | Nikos Mavrogiannopoulos | 2015-07-01 | 1 | -2/+2 |
| | | | | | | | not Y That allows to do the proper evaluation to check certificate strength. Reported by Hubert Kario. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-01 | 1 | -0/+4 |
| | |||||
* | name constraints: don't reject certificates if a CA has the URI or IPADDRESS ↵ | Nikos Mavrogiannopoulos | 2015-07-01 | 1 | -0/+48 |
| | | | | | | | constraints Don't reject certificates if a CA has the URI or IPADDRESS constraints, and the end certificate doesn't have an IPaddress name or a URI set. | ||||
* | enhanced header matching code for private keys to skip unrelated data | Nikos Mavrogiannopoulos | 2015-06-26 | 1 | -5/+21 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-06-25 | 1 | -0/+3 |
| | |||||
* | tests: backported test-ciphersuite-names from master | Nikos Mavrogiannopoulos | 2015-06-25 | 5 | -79/+107 |
| | |||||
* | gnutls_x509_privkey_import2: better behavior when provided with an ↵ | Nikos Mavrogiannopoulos | 2015-06-25 | 1 | -1/+22 |
| | | | | | | | unencrypted file That is, it will attempt to decode it first as plain file prior to trying all encrypted options. | ||||
* | _gnutls_get_asn_mpis() will release any data on failure | Nikos Mavrogiannopoulos | 2015-06-25 | 2 | -4/+5 |
| | | | | Resolves #15 | ||||
* | tests: backported test-compat-main from master | Nikos Mavrogiannopoulos | 2015-06-11 | 1 | -39/+77 |
| | |||||
* | Corrected camellia256 set key in nettle3 compat mode | Nikos Mavrogiannopoulos | 2015-06-10 | 1 | -2/+2 |
| | |||||
* | drbg-aes: include gnutls_errors.h | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -0/+1 |
| | |||||
* | fips140: added check for reseed detection | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -9/+35 |
| | |||||
* | tests: check random generator for long outputs as well | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -0/+15 |
| | |||||
* | fips140: reset the reseed counter only on reseed | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -1/+1 |
| | |||||
* | fips140: added more checks on the reseed and generate function | Nikos Mavrogiannopoulos | 2015-06-04 | 1 | -10/+49 |
| | |||||
* | fips140: enforce the max_number_of_bits_per_request | Nikos Mavrogiannopoulos | 2015-06-04 | 2 | -7/+36 |
| | |||||
* | Check the OID size for match when comparing for the OCSP nonce extension | Nikos Mavrogiannopoulos | 2015-05-26 | 1 | -2/+4 |
| | | | | Reported by Hanno Böck. | ||||
* | gnutls_dh_get_prime_bits: return 0 if DH is not used | Armin Burgmeier | 2015-05-24 | 1 | -0/+3 |
| | | | | | | | Before, the number of bits of a zero-length number was attempted to be extracted, resulting in an error. The changed behaviour is consistent with the documentation which explicitly states that 0 should be returned if no DH key exchange was performed. | ||||
* | gnutls_dh_get_group: mention that the values may include a leading zero | Nikos Mavrogiannopoulos | 2015-05-22 | 1 | -0/+6 |
| | |||||
* | gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with ↵ | Nikos Mavrogiannopoulos | 2015-05-21 | 1 | -3/+3 |
| | | | | 1007 bits or less | ||||
* | doc update | Nikos Mavrogiannopoulos | 2015-05-14 | 1 | -0/+8 |
| | |||||
* | Allow using nettle3 with gnutls3.3 | Nikos Mavrogiannopoulos | 2015-05-14 | 15 | -43/+668 |
| | |||||
* | tests: updated sign-md5-rep to reduce false failures | Nikos Mavrogiannopoulos | 2015-05-06 | 1 | -30/+9 |
| | |||||
* | tests: eliminate mem leaks in mini-loss-time | Nikos Mavrogiannopoulos | 2015-05-05 | 1 | -1/+2 |
| | |||||
* | tests: backported mini-loss-time from master | Nikos Mavrogiannopoulos | 2015-05-05 | 1 | -52/+84 |
| | |||||
* | fix memory leak in ECDSA key parameters verificationgnutls_3_3_15 | Jan Vcelak | 2015-05-03 | 1 | -0/+5 |
| | | | | Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> | ||||
* | updated NEWS | Nikos Mavrogiannopoulos | 2015-05-03 | 1 | -1/+1 |
| | |||||
* | released 3.3.15 | Nikos Mavrogiannopoulos | 2015-05-03 | 3 | -3/+3 |
| | |||||
* | doc: updated gnutls_dtls_set_timeouts | Nikos Mavrogiannopoulos | 2015-05-03 | 1 | -3/+0 |
| | |||||
* | gnutls_handshake_set_timeout will properly work with DTLS | Nikos Mavrogiannopoulos | 2015-05-03 | 1 | -0/+5 |
| | |||||
* | doc: fixed example with DTLS timeouts | Nikos Mavrogiannopoulos | 2015-05-03 | 1 | -2/+1 |
| | |||||
* | updated minitasn1 | Nikos Mavrogiannopoulos | 2015-04-28 | 2 | -2/+3 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-04-25 | 1 | -1/+4 |
| | |||||
* | tests: added reproducer for the MD5 acceptance issue | Nikos Mavrogiannopoulos | 2015-04-25 | 2 | -1/+366 |
| | | | | | | | | Reported by Karthikeyan Bhargavan. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html Conflicts: tests/Makefile.am | ||||
* | before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is ↵ | Nikos Mavrogiannopoulos | 2015-04-25 | 1 | -1/+5 |
| | | | | enabled | ||||
* | _gnutls_session_sign_algo_enabled: do not consider any values from the ↵ | Nikos Mavrogiannopoulos | 2015-04-25 | 1 | -17/+1 |
| | | | | extension data to decide acceptable algorithms | ||||
* | set the value used by gnutls_certificate_client_get_request_status prior to ↵ | Nikos Mavrogiannopoulos | 2015-04-25 | 1 | -5/+5 |
| | | | | | | | selecting certificate That allows gnutls_certificate_client_get_request_status() to be properly operating from the callback. Reported by Anton Lavrentiev. | ||||
* | fixed doc: reported by Anton Lavrentiev | Nikos Mavrogiannopoulos | 2015-04-22 | 1 | -3/+3 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-04-21 | 1 | -0/+13 |
| | |||||
* | gnutls_certificate_get_ours: will return the certificate even if a callback ↵ | Nikos Mavrogiannopoulos | 2015-04-21 | 1 | -1/+1 |
| | | | | | | | was used This corrects a bug where this function would not work, when gnutls_certificate_set_retrieve_function2() was used. | ||||
* | ensure that the X.509 version number is one byte only | Nikos Mavrogiannopoulos | 2015-04-21 | 1 | -1/+1 |
| | |||||
* | Check for invalid length in the X.509 version field | Nikos Mavrogiannopoulos | 2015-04-20 | 1 | -1/+10 |
| | | | | | If such an invalid length is detected, reject the certificate. Reported by Hanno Böck. | ||||
* | tests: mini-loss-time: ignore sigpipe | Nikos Mavrogiannopoulos | 2015-03-30 | 1 | -0/+1 |
| |