Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | corrected dategnutls_3_4_4 | Nikos Mavrogiannopoulos | 2015-08-10 | 1 | -1/+1 |
| | |||||
* | include all cert-tests into dist | Nikos Mavrogiannopoulos | 2015-08-09 | 1 | -8/+7 |
| | |||||
* | updated auto-generated files for new functions | Nikos Mavrogiannopoulos | 2015-08-09 | 3 | -0/+12 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-08-09 | 1 | -2/+3 |
| | |||||
* | p11tool: test-sign will not fail if a pubkey is not found | Nikos Mavrogiannopoulos | 2015-08-06 | 1 | -0/+2 |
| | |||||
* | key decoding: set key to null for consistency | Nikos Mavrogiannopoulos | 2015-08-04 | 1 | -1/+3 |
| | |||||
* | key decoding: simplify decoding logic by removing the fallback | Nikos Mavrogiannopoulos | 2015-08-04 | 1 | -25/+24 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-08-04 | 1 | -0/+3 |
| | |||||
* | key decoding: corrected regression with PKCS #8 key decoding | Nikos Mavrogiannopoulos | 2015-08-04 | 1 | -0/+14 |
| | | | | Reported by Daniel Berrange. | ||||
* | tests: added check for decoding of a PKCS #8 key as fallback | Nikos Mavrogiannopoulos | 2015-08-04 | 2 | -1/+75 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-08-03 | 1 | -0/+4 |
| | |||||
* | pkcs11: set the CKA_TOKEN attribute on generated public keys | Nikos Mavrogiannopoulos | 2015-08-03 | 2 | -2/+10 |
| | | | | | That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag, to simulate the previous behavior. | ||||
* | cfg.mk: fix order of arguments in gnulib-tool | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -1/+1 |
| | |||||
* | tests: added check for the fallback SCSV | Nikos Mavrogiannopoulos | 2015-08-01 | 2 | -1/+359 |
| | |||||
* | handshake: check inappropriate fallback against the configured max version | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -3/+3 |
| | | | | | That allows to operate on a server which is explicitly configured to utilize earlier than TLS 1.2 versions. | ||||
* | corrected GNUTLS_E_INAPPROPRIATE_FALLBACK error code | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -0/+3 |
| | |||||
* | copy_ciphersuites: use definition for reserved ciphersuites | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -3/+3 |
| | |||||
* | handshake: add FALLBACK_SCSV priority option | Alessandro Ghedini | 2015-08-01 | 5 | -1/+23 |
| | | | | | This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507. | ||||
* | handshake: check for TLS_FALLBACK_SCSV | Alessandro Ghedini | 2015-08-01 | 5 | -20/+39 |
| | | | | | | | | If TLS_FALLBACK_SCSV was sent by the client during the handshake, and the advertised protocol version is lower than GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal alert and abort the handshake. This mechanism was defined in RFC7507. | ||||
* | use the gettext-h gnulib module | Nikos Mavrogiannopoulos | 2015-08-01 | 55 | -2267/+252 |
| | |||||
* | tests: added missing certtool-long-cn | Nikos Mavrogiannopoulos | 2015-08-01 | 1 | -0/+53 |
| | |||||
* | safe renegotiation: simulate receiving the extension on receival of SCSV | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -0/+1 |
| | |||||
* | made data2hex() safer, and eliminated mem leak | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -8/+12 |
| | |||||
* | tests: added check for proper handling of very long CNs | Nikos Mavrogiannopoulos | 2015-07-31 | 2 | -5/+354 |
| | |||||
* | tests: added check for server sending (or not) status request messages | Nikos Mavrogiannopoulos | 2015-07-31 | 3 | -1/+698 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -0/+3 |
| | |||||
* | updated the required gettext version to match the macros from gnulib | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -1/+1 |
| | |||||
* | safe renegotiation: handle case where client didn't send any extension | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -0/+4 |
| | | | | That was affected by the "don't try to send extensions we didn't receive". | ||||
* | tpm: avoid warning | Nikos Mavrogiannopoulos | 2015-07-31 | 1 | -1/+1 |
| | |||||
* | As server don't try to send extensions we didn't receive. | Nikos Mavrogiannopoulos | 2015-07-31 | 3 | -29/+36 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -0/+2 |
| | |||||
* | tpm: use gnutls_hex_decode for uuid decoding | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -2/+5 |
| | |||||
* | psk: use gnutls_hex_decode2 for key decoding | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -11/+4 |
| | |||||
* | system-keys-win: use gnutls_hex_decode for ID decoding | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -1/+4 |
| | |||||
* | openpgp: use gnutls_hex_decode for keyid decoding | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -2/+8 |
| | |||||
* | DN decoding: use gnutls_hex_encode | Nikos Mavrogiannopoulos | 2015-07-21 | 1 | -8/+14 |
| | |||||
* | Introduced gnutls_hex_encode2() and gnutls_hex_decode2() | Nikos Mavrogiannopoulos | 2015-07-21 | 7 | -13/+277 |
| | | | | | These also use safer hex decoding functions which don't skip invalid input. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -2/+4 |
| | |||||
* | x509: simplified data to hex conversion in unknown DN names | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -47/+13 |
| | |||||
* | gnutls_prf_rfc5705: Allow for non-null context and zero context length | Nikos Mavrogiannopoulos | 2015-07-20 | 2 | -1/+5 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2015-07-20 | 3 | -4/+7 |
| | |||||
* | tests: added cross-check between gnutls_prf_rfc5705() and gnutls_prf() | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -0/+25 |
| | |||||
* | removed legacy libgcrypt flags | Nikos Mavrogiannopoulos | 2015-07-20 | 3 | -3/+1 |
| | |||||
* | gnutls_prf_rfc5705: optimize in the common use case, by avoiding malloc | Nikos Mavrogiannopoulos | 2015-07-20 | 2 | -12/+15 |
| | | | | Also don't handle specially the case of non-NULL context and context_size of zero. | ||||
* | ignore more files | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -0/+10 |
| | |||||
* | p11tool: fix documentation for --generate-ecc and generate-dsa | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -4/+4 |
| | |||||
* | gnutls_prf_rfc5705: mention the version it was introduced at | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -0/+2 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2015-07-20 | 1 | -0/+10 |
| | |||||
* | tests: added check for gnutls_prf() and gnutls_prf_rfc5705 | Nikos Mavrogiannopoulos | 2015-07-20 | 2 | -1/+435 |
| |