summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* released 3.4.11gnutls_3_4_11Nikos Mavrogiannopoulos2016-04-111-1/+1
|
* tests: do not enable valgrind in non-git buildsNikos Mavrogiannopoulos2016-04-111-2/+16
|
* x509 output: don't warn about insecure algorithm when unknownNikos Mavrogiannopoulos2016-04-092-3/+3
|
* tests: disable unsupported curves from compatibility checksNikos Mavrogiannopoulos2016-04-092-1/+5
| | | | This allows running make check even when compiling with disable-suiteb-curves.
* dtls: added missing dtls.h to state.cNikos Mavrogiannopoulos2016-04-091-0/+1
|
* bumped versionNikos Mavrogiannopoulos2016-04-092-2/+2
|
* doc updateNikos Mavrogiannopoulos2016-04-091-1/+1
|
* minitasn1: updated to latest git versionNikos Mavrogiannopoulos2016-04-099-356/+409
|
* doc: Replace references to select with poll and other fixesNikos Mavrogiannopoulos2016-04-081-6/+6
|
* doc: replace inaccurate sentence with reference to ↵Nikos Mavrogiannopoulos2016-04-081-3/+3
| | | | gnutls_record_discard_queued [ci skip]
* gnutls_record_get_direction: doc update [ci skip]Nikos Mavrogiannopoulos2016-04-081-11/+7
|
* tests: reduce the number of loops in x509sign-verify2Nikos Mavrogiannopoulos2016-04-081-1/+1
| | | | This enables running the test in reasonable time under valgrind.
* pkix.asn: corrected byKey definitionNikos Mavrogiannopoulos2016-04-082-2/+2
| | | | | OCSP is defined in an EXPLICIT tags module, and as such we must tag explicitly all of its tags.
* name constraints: enforce the rules for IP constraints when addingNikos Mavrogiannopoulos2016-04-051-2/+13
| | | | This will prevent gnutls from generating badly formed certificates.
* _gnutls_parse_general_name2: allow parsing empty namesNikos Mavrogiannopoulos2016-04-053-17/+39
| | | | | This allows parsing empty general names such as an empty DNSname used in name constraints.
* doc updateNikos Mavrogiannopoulos2016-04-021-0/+4
|
* ocsptool: use HTTP/1.0 for requestsNikos Mavrogiannopoulos2016-04-021-1/+1
| | | | | This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute.
* doc updateNikos Mavrogiannopoulos2016-03-311-0/+2
|
* tests: delete outfile in certtool-long-cnNikos Mavrogiannopoulos2016-03-311-1/+3
|
* tests: verify the output of name constraints IP decodingNikos Mavrogiannopoulos2016-03-313-2/+121
|
* x509/output: simplified cidr_to_string()Nikos Mavrogiannopoulos2016-03-311-33/+4
|
* x509/output: print RFC5280 CIDRs in name constraintsNikos Mavrogiannopoulos2016-03-311-9/+98
|
* doc updateNikos Mavrogiannopoulos2016-03-311-0/+3
|
* dtls: reset the record number sliding window on gnutls_record_set_state()Nikos Mavrogiannopoulos2016-03-313-4/+38
| | | | | | | | This addresses issue where gnutls_record_set_state() was called with a new state but the sliding window information was not updated, thus blocking any incoming packets. Resolves #82
* DTLS: save last valid record sequence numberNikos Mavrogiannopoulos2016-03-301-17/+24
| | | | | This will allow to report a valid number to gnutls_record_get_state() callers in case of DTLS. Reported by Fridolin Pokorny.
* gnutls_record_get_state: Allow for NULL parametersNikos Mavrogiannopoulos2016-03-291-4/+8
|
* ocsptool: don't exit with error code on verification failures when ↵Nikos Mavrogiannopoulos2016-03-241-2/+2
| | | | --ignore-errors is given
* ocsptool: exit with error on verification failuresNikos Mavrogiannopoulos2016-03-231-2/+7
|
* ocsp: gnutls_ocsp_resp_verify_direct will skip additional checks for ↵Nikos Mavrogiannopoulos2016-03-231-1/+3
| | | | | | | certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed by the same CA that signed the certificate. Reported by Thomas Klute.
* ocsptool: Allow saving responses even if verification failsNikos Mavrogiannopoulos2016-03-232-2/+8
| | | | In addition do not enter a spurious newline to responses.
* Avoid using strerror in dtls stress testMaya Rashish2016-03-231-2/+1
| | | | | Using it results in build failure on NetBSD: undefined reference to `rpl_strerror'
* Add missing header to testsuiteMaya Rashish2016-03-231-0/+1
| | | | | | | | | This causes a problem for NetBSD+clang tests, because SIGTERM and kill are undefined. Resolves #80 Signed-off-by: Maya Rashish <coypu@sdf.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2016-03-181-0/+3
|
* tests: verify that the post-client-hello callback has access to ALPN dataNikos Mavrogiannopoulos2016-03-181-0/+45
|
* handshake: parse the mandatory to parse extension prior to any callback callNikos Mavrogiannopoulos2016-03-181-7/+7
| | | | | This relates to the change of ALPN extension to mandatory to parse, and allows applications to get ALPN data prior to handshake completion.
* tests: added checks for session resumption and ALPNNikos Mavrogiannopoulos2016-03-181-8/+68
| | | | | This checks whether the ALPN extension is re-read on resumption and is negotiated.
* tests: resume: simplified structure assignment using C99 syntaxNikos Mavrogiannopoulos2016-03-181-7/+28
|
* alpn: ALPN state is per-connection, it should not be saved with session dataYuriy M. Kaminskiy2016-03-181-48/+2
| | | | | | | | | | | | | | | In addition the extension was moved to the mandatory to parse to ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not establish properties of the session, only of the connection. When session resumption or session tickets [RFC5077] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* x86-common: CPUID override will only work if CPU has already the capability ↵Nikos Mavrogiannopoulos2016-03-181-10/+56
| | | | | | | present This resolves test suite failure on CPUs with limited capabilities. Reported by Andreas Metzler.
* doc updateNikos Mavrogiannopoulos2016-03-161-0/+4
|
* gnutls_server_name_set: accept non-null terminated hostnamesNikos Mavrogiannopoulos2016-03-161-1/+22
| | | | | | | | The introduction of IDNA support introduced a regression and this function does not operate correctly when given non-null terminated strings. Reported by Tim Ruehsen. Relates #78
* tests: added check for non-null terminated server nameNikos Mavrogiannopoulos2016-03-161-10/+11
| | | | | | | This checks whether a non-null terminated server name, but with correct length is correctly accepted by gnutls_server_name_set(). Relates #78
* tests: template-test was updated for OCSP key purpose reorderingNikos Mavrogiannopoulos2016-03-151-6/+6
|
* doc updateNikos Mavrogiannopoulos2016-03-151-0/+6
|
* certtool: do not require a CA for OCSP signingNikos Mavrogiannopoulos2016-03-151-12/+14
| | | | | | | | This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute.
* abi-check: corrected type of gnutls_x509_crl_get_issuer_dnNikos Mavrogiannopoulos2016-03-133-5/+1
| | | | That will avoid any accidental ABI breakage on that symbol.
* .gitlab-ci.yml: added abi-checker ruleNikos Mavrogiannopoulos2016-03-131-0/+10
| | | | This allows to test ABI incompatibilities as soon as possible.
* Makefile: made abi-checks self-containedNikos Mavrogiannopoulos2016-03-138-13/+47881
| | | | | | That is, they no longer assume a given directory structure to exist outside git. It now includes a static dump of the symbols in 3.4.0 for x86_64 and we compare with it.
* gnutls-cli: fix invalid initialization in cert_verify_ocsp()Nikos Mavrogiannopoulos2016-03-111-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-03-081-0/+9
|
View Lorry Controller Status