summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* bumped versiongnutls_3_3_16Nikos Mavrogiannopoulos2015-07-123-3/+3
|
* corrected function nameNikos Mavrogiannopoulos2015-07-101-1/+1
|
* doc updateNikos Mavrogiannopoulos2015-07-101-0/+2
|
* PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuitesNikos Mavrogiannopoulos2015-07-101-10/+74
|
* dumbfw: don't append a size prefix in the padNikos Mavrogiannopoulos2015-07-091-4/+3
| | | | Reported by Hannes Mehnert.
* certtool --outder should not emit signature verification statusDaniel Kahn Gillmor2015-07-061-4/+6
| | | | | | | | | When emitting binary-formatted output, send signature verification status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature verification to stderr, but that would change the text-formatted output.
* doc updateNikos Mavrogiannopoulos2015-07-011-6/+6
|
* DSA: the numeric number of bits returned from public key should depend on P ↵Nikos Mavrogiannopoulos2015-07-011-2/+2
| | | | | | | not Y That allows to do the proper evaluation to check certificate strength. Reported by Hubert Kario.
* doc updateNikos Mavrogiannopoulos2015-07-011-0/+4
|
* name constraints: don't reject certificates if a CA has the URI or IPADDRESS ↵Nikos Mavrogiannopoulos2015-07-011-0/+48
| | | | | | | constraints Don't reject certificates if a CA has the URI or IPADDRESS constraints, and the end certificate doesn't have an IPaddress name or a URI set.
* enhanced header matching code for private keys to skip unrelated dataNikos Mavrogiannopoulos2015-06-261-5/+21
|
* doc updateNikos Mavrogiannopoulos2015-06-251-0/+3
|
* tests: backported test-ciphersuite-names from masterNikos Mavrogiannopoulos2015-06-255-79/+107
|
* gnutls_x509_privkey_import2: better behavior when provided with an ↵Nikos Mavrogiannopoulos2015-06-251-1/+22
| | | | | | | unencrypted file That is, it will attempt to decode it first as plain file prior to trying all encrypted options.
* _gnutls_get_asn_mpis() will release any data on failureNikos Mavrogiannopoulos2015-06-252-4/+5
| | | | Resolves #15
* tests: backported test-compat-main from masterNikos Mavrogiannopoulos2015-06-111-39/+77
|
* Corrected camellia256 set key in nettle3 compat modeNikos Mavrogiannopoulos2015-06-101-2/+2
|
* drbg-aes: include gnutls_errors.hNikos Mavrogiannopoulos2015-06-041-0/+1
|
* fips140: added check for reseed detectionNikos Mavrogiannopoulos2015-06-041-9/+35
|
* tests: check random generator for long outputs as wellNikos Mavrogiannopoulos2015-06-041-0/+15
|
* fips140: reset the reseed counter only on reseedNikos Mavrogiannopoulos2015-06-041-1/+1
|
* fips140: added more checks on the reseed and generate functionNikos Mavrogiannopoulos2015-06-041-10/+49
|
* fips140: enforce the max_number_of_bits_per_requestNikos Mavrogiannopoulos2015-06-042-7/+36
|
* Check the OID size for match when comparing for the OCSP nonce extensionNikos Mavrogiannopoulos2015-05-261-2/+4
| | | | Reported by Hanno Böck.
* gnutls_dh_get_prime_bits: return 0 if DH is not usedArmin Burgmeier2015-05-241-0/+3
| | | | | | | Before, the number of bits of a zero-length number was attempted to be extracted, resulting in an error. The changed behaviour is consistent with the documentation which explicitly states that 0 should be returned if no DH key exchange was performed.
* gnutls_dh_get_group: mention that the values may include a leading zeroNikos Mavrogiannopoulos2015-05-221-0/+6
|
* gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with ↵Nikos Mavrogiannopoulos2015-05-211-3/+3
| | | | 1007 bits or less
* doc updateNikos Mavrogiannopoulos2015-05-141-0/+8
|
* Allow using nettle3 with gnutls3.3Nikos Mavrogiannopoulos2015-05-1415-43/+668
|
* tests: updated sign-md5-rep to reduce false failuresNikos Mavrogiannopoulos2015-05-061-30/+9
|
* tests: eliminate mem leaks in mini-loss-timeNikos Mavrogiannopoulos2015-05-051-1/+2
|
* tests: backported mini-loss-time from masterNikos Mavrogiannopoulos2015-05-051-52/+84
|
* fix memory leak in ECDSA key parameters verificationgnutls_3_3_15Jan Vcelak2015-05-031-0/+5
| | | | Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
* updated NEWSNikos Mavrogiannopoulos2015-05-031-1/+1
|
* released 3.3.15Nikos Mavrogiannopoulos2015-05-033-3/+3
|
* doc: updated gnutls_dtls_set_timeoutsNikos Mavrogiannopoulos2015-05-031-3/+0
|
* gnutls_handshake_set_timeout will properly work with DTLSNikos Mavrogiannopoulos2015-05-031-0/+5
|
* doc: fixed example with DTLS timeoutsNikos Mavrogiannopoulos2015-05-031-2/+1
|
* updated minitasn1Nikos Mavrogiannopoulos2015-04-282-2/+3
|
* doc updateNikos Mavrogiannopoulos2015-04-251-1/+4
|
* tests: added reproducer for the MD5 acceptance issueNikos Mavrogiannopoulos2015-04-252-1/+366
| | | | | | | | Reported by Karthikeyan Bhargavan. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html Conflicts: tests/Makefile.am
* before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is ↵Nikos Mavrogiannopoulos2015-04-251-1/+5
| | | | enabled
* _gnutls_session_sign_algo_enabled: do not consider any values from the ↵Nikos Mavrogiannopoulos2015-04-251-17/+1
| | | | extension data to decide acceptable algorithms
* set the value used by gnutls_certificate_client_get_request_status prior to ↵Nikos Mavrogiannopoulos2015-04-251-5/+5
| | | | | | | selecting certificate That allows gnutls_certificate_client_get_request_status() to be properly operating from the callback. Reported by Anton Lavrentiev.
* fixed doc: reported by Anton LavrentievNikos Mavrogiannopoulos2015-04-221-3/+3
|
* doc updateNikos Mavrogiannopoulos2015-04-211-0/+13
|
* gnutls_certificate_get_ours: will return the certificate even if a callback ↵Nikos Mavrogiannopoulos2015-04-211-1/+1
| | | | | | | was used This corrects a bug where this function would not work, when gnutls_certificate_set_retrieve_function2() was used.
* ensure that the X.509 version number is one byte onlyNikos Mavrogiannopoulos2015-04-211-1/+1
|
* Check for invalid length in the X.509 version fieldNikos Mavrogiannopoulos2015-04-201-1/+10
| | | | | If such an invalid length is detected, reject the certificate. Reported by Hanno Böck.
* tests: mini-loss-time: ignore sigpipeNikos Mavrogiannopoulos2015-03-301-0/+1
|
View Lorry Controller Status