Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | released 3.4.11gnutls_3_4_11 | Nikos Mavrogiannopoulos | 2016-04-11 | 1 | -1/+1 |
| | |||||
* | tests: do not enable valgrind in non-git builds | Nikos Mavrogiannopoulos | 2016-04-11 | 1 | -2/+16 |
| | |||||
* | x509 output: don't warn about insecure algorithm when unknown | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -3/+3 |
| | |||||
* | tests: disable unsupported curves from compatibility checks | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -1/+5 |
| | | | | This allows running make check even when compiling with disable-suiteb-curves. | ||||
* | dtls: added missing dtls.h to state.c | Nikos Mavrogiannopoulos | 2016-04-09 | 1 | -0/+1 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2016-04-09 | 2 | -2/+2 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-09 | 1 | -1/+1 |
| | |||||
* | minitasn1: updated to latest git version | Nikos Mavrogiannopoulos | 2016-04-09 | 9 | -356/+409 |
| | |||||
* | doc: Replace references to select with poll and other fixes | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -6/+6 |
| | |||||
* | doc: replace inaccurate sentence with reference to ↵ | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -3/+3 |
| | | | | gnutls_record_discard_queued [ci skip] | ||||
* | gnutls_record_get_direction: doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -11/+7 |
| | |||||
* | tests: reduce the number of loops in x509sign-verify2 | Nikos Mavrogiannopoulos | 2016-04-08 | 1 | -1/+1 |
| | | | | This enables running the test in reasonable time under valgrind. | ||||
* | pkix.asn: corrected byKey definition | Nikos Mavrogiannopoulos | 2016-04-08 | 2 | -2/+2 |
| | | | | | OCSP is defined in an EXPLICIT tags module, and as such we must tag explicitly all of its tags. | ||||
* | name constraints: enforce the rules for IP constraints when adding | Nikos Mavrogiannopoulos | 2016-04-05 | 1 | -2/+13 |
| | | | | This will prevent gnutls from generating badly formed certificates. | ||||
* | _gnutls_parse_general_name2: allow parsing empty names | Nikos Mavrogiannopoulos | 2016-04-05 | 3 | -17/+39 |
| | | | | | This allows parsing empty general names such as an empty DNSname used in name constraints. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-02 | 1 | -0/+4 |
| | |||||
* | ocsptool: use HTTP/1.0 for requests | Nikos Mavrogiannopoulos | 2016-04-02 | 1 | -1/+1 |
| | | | | | This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -0/+2 |
| | |||||
* | tests: delete outfile in certtool-long-cn | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -1/+3 |
| | |||||
* | tests: verify the output of name constraints IP decoding | Nikos Mavrogiannopoulos | 2016-03-31 | 3 | -2/+121 |
| | |||||
* | x509/output: simplified cidr_to_string() | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -33/+4 |
| | |||||
* | x509/output: print RFC5280 CIDRs in name constraints | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -9/+98 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-31 | 1 | -0/+3 |
| | |||||
* | dtls: reset the record number sliding window on gnutls_record_set_state() | Nikos Mavrogiannopoulos | 2016-03-31 | 3 | -4/+38 |
| | | | | | | | | This addresses issue where gnutls_record_set_state() was called with a new state but the sliding window information was not updated, thus blocking any incoming packets. Resolves #82 | ||||
* | DTLS: save last valid record sequence number | Nikos Mavrogiannopoulos | 2016-03-30 | 1 | -17/+24 |
| | | | | | This will allow to report a valid number to gnutls_record_get_state() callers in case of DTLS. Reported by Fridolin Pokorny. | ||||
* | gnutls_record_get_state: Allow for NULL parameters | Nikos Mavrogiannopoulos | 2016-03-29 | 1 | -4/+8 |
| | |||||
* | ocsptool: don't exit with error code on verification failures when ↵ | Nikos Mavrogiannopoulos | 2016-03-24 | 1 | -2/+2 |
| | | | | --ignore-errors is given | ||||
* | ocsptool: exit with error on verification failures | Nikos Mavrogiannopoulos | 2016-03-23 | 1 | -2/+7 |
| | |||||
* | ocsp: gnutls_ocsp_resp_verify_direct will skip additional checks for ↵ | Nikos Mavrogiannopoulos | 2016-03-23 | 1 | -1/+3 |
| | | | | | | | certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed by the same CA that signed the certificate. Reported by Thomas Klute. | ||||
* | ocsptool: Allow saving responses even if verification fails | Nikos Mavrogiannopoulos | 2016-03-23 | 2 | -2/+8 |
| | | | | In addition do not enter a spurious newline to responses. | ||||
* | Avoid using strerror in dtls stress test | Maya Rashish | 2016-03-23 | 1 | -2/+1 |
| | | | | | Using it results in build failure on NetBSD: undefined reference to `rpl_strerror' | ||||
* | Add missing header to testsuite | Maya Rashish | 2016-03-23 | 1 | -0/+1 |
| | | | | | | | | | This causes a problem for NetBSD+clang tests, because SIGTERM and kill are undefined. Resolves #80 Signed-off-by: Maya Rashish <coypu@sdf.org> | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -0/+3 |
| | |||||
* | tests: verify that the post-client-hello callback has access to ALPN data | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -0/+45 |
| | |||||
* | handshake: parse the mandatory to parse extension prior to any callback call | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -7/+7 |
| | | | | | This relates to the change of ALPN extension to mandatory to parse, and allows applications to get ALPN data prior to handshake completion. | ||||
* | tests: added checks for session resumption and ALPN | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -8/+68 |
| | | | | | This checks whether the ALPN extension is re-read on resumption and is negotiated. | ||||
* | tests: resume: simplified structure assignment using C99 syntax | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -7/+28 |
| | |||||
* | alpn: ALPN state is per-connection, it should not be saved with session data | Yuriy M. Kaminskiy | 2016-03-18 | 1 | -48/+2 |
| | | | | | | | | | | | | | | | In addition the extension was moved to the mandatory to parse to ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not establish properties of the session, only of the connection. When session resumption or session tickets [RFC5077] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | x86-common: CPUID override will only work if CPU has already the capability ↵ | Nikos Mavrogiannopoulos | 2016-03-18 | 1 | -10/+56 |
| | | | | | | | present This resolves test suite failure on CPUs with limited capabilities. Reported by Andreas Metzler. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-16 | 1 | -0/+4 |
| | |||||
* | gnutls_server_name_set: accept non-null terminated hostnames | Nikos Mavrogiannopoulos | 2016-03-16 | 1 | -1/+22 |
| | | | | | | | | The introduction of IDNA support introduced a regression and this function does not operate correctly when given non-null terminated strings. Reported by Tim Ruehsen. Relates #78 | ||||
* | tests: added check for non-null terminated server name | Nikos Mavrogiannopoulos | 2016-03-16 | 1 | -10/+11 |
| | | | | | | | This checks whether a non-null terminated server name, but with correct length is correctly accepted by gnutls_server_name_set(). Relates #78 | ||||
* | tests: template-test was updated for OCSP key purpose reordering | Nikos Mavrogiannopoulos | 2016-03-15 | 1 | -6/+6 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-15 | 1 | -0/+6 |
| | |||||
* | certtool: do not require a CA for OCSP signing | Nikos Mavrogiannopoulos | 2016-03-15 | 1 | -12/+14 |
| | | | | | | | | This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. | ||||
* | abi-check: corrected type of gnutls_x509_crl_get_issuer_dn | Nikos Mavrogiannopoulos | 2016-03-13 | 3 | -5/+1 |
| | | | | That will avoid any accidental ABI breakage on that symbol. | ||||
* | .gitlab-ci.yml: added abi-checker rule | Nikos Mavrogiannopoulos | 2016-03-13 | 1 | -0/+10 |
| | | | | This allows to test ABI incompatibilities as soon as possible. | ||||
* | Makefile: made abi-checks self-contained | Nikos Mavrogiannopoulos | 2016-03-13 | 8 | -13/+47881 |
| | | | | | | That is, they no longer assume a given directory structure to exist outside git. It now includes a static dump of the symbols in 3.4.0 for x86_64 and we compare with it. | ||||
* | gnutls-cli: fix invalid initialization in cert_verify_ocsp() | Nikos Mavrogiannopoulos | 2016-03-11 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-03-08 | 1 | -0/+9 |
| |