Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | released 3.5.4gnutls_3_5_4 | Nikos Mavrogiannopoulos | 2016-09-08 | 1 | -2/+3 |
| | |||||
* | .gitlab-ci.yml: corrected wrong operation in minimal build | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -1/+1 |
| | |||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-09-07 | 3 | -0/+8 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-07 | 2 | -6/+8 |
| | |||||
* | bumped versions | Nikos Mavrogiannopoulos | 2016-09-07 | 2 | -3/+3 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -0/+2 |
| | |||||
* | tests: do not run pkcs12-utf8 under windowspkcs12-ucs2 | Nikos Mavrogiannopoulos | 2016-09-07 | 2 | -2/+5 |
| | | | | | This test required to pass UTF8 data under command line, and that doesn't seem to work under windows. | ||||
* | _gnutls_ucs2_to_utf8: corrected use of WideCharToMultiByte in windows | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -2/+3 |
| | |||||
* | tests: added debugging info in conv-utf8 | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -1/+24 |
| | |||||
* | tests: don't build cmocka tests with libutils - they conflict | Nikos Mavrogiannopoulos | 2016-09-06 | 2 | -13/+17 |
| | |||||
* | .gitlab-ci.yml: keep config.log in windows builds | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -2/+2 |
| | |||||
* | .gitlab-ci.yml: corrected typo for libidn installation in windows64 | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -1/+1 |
| | |||||
* | .gitlab-ci.yml: install our internal cmocka for windows | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -0/+2 |
| | |||||
* | tests: added unit tests of _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 | Nikos Mavrogiannopoulos | 2016-09-06 | 2 | -1/+113 |
| | |||||
* | libgnutls.map: export _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 for testing | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -0/+3 |
| | |||||
* | pkcs12: enhanced to allow encrypting using UCS2 passwords | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -40/+42 |
| | | | | | That is use _gnutls_utf8_to_ucs2() to convert the provided password to UCS2. | ||||
* | _gnutls_ucs2_to_utf8: fixed null termination check in windows code | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -1/+1 |
| | |||||
* | Added _gnutls_utf8_to_ucs2() | Nikos Mavrogiannopoulos | 2016-09-06 | 2 | -1/+153 |
| | | | | This function allows to convert between UTF8 to UCS2 big-endian. | ||||
* | tests: added tests for PKCS#12 decoding with UTF8 passwords | Nikos Mavrogiannopoulos | 2016-09-06 | 4 | -2/+82 |
| | |||||
* | pkcs7 encryption: corrected memory leaks | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -2/+2 |
| | |||||
* | Makefile: local-code-coverage-output always succeeds | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -1/+1 |
| | |||||
* | x509: Adjust IP name constraints behavior | Martin Ukrop | 2016-09-06 | 2 | -46/+24 |
| | | | | | | | - Modified IPv4/IPv6 interaction in name constraints -- IPv4 and IPv6 no have empty intersection (previously: were treated independently). - Current behavior is more conservative -- in case of IPv4 constraint cert, subcerts will not be able to have IPv6 addresses. - Tests updated accordingly. - Behavior now matches NSS. | ||||
* | tests: added checks to verify behavior in writing pkcs11 objects | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -0/+20 |
| | | | | | That is, verify that private keys are marked as private by default, and public objects are marked as non-private by default. | ||||
* | p11tool: eliminated memory leak in --list options | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -0/+2 |
| | |||||
* | p11tool: do not mark written objects as private by default | Nikos Mavrogiannopoulos | 2016-09-06 | 2 | -5/+10 |
| | | | | | That is, when --mark-private or --no-mark-private are not specified, set non-private for public objects and private for private ones. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -0/+4 |
| | |||||
* | minitasn1: updated to latest git version | Nikos Mavrogiannopoulos | 2016-09-05 | 2 | -8/+8 |
| | |||||
* | _gnutls_encode_ber_rs_raw: simplified | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -15/+10 |
| | | | | That is, use a single allocation for temporary data. | ||||
* | .gitlab-ci.yml: use fedora24 with address sanitizer | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -20/+18 |
| | | | | | The fix in fbb9618b25b77c65e24a6ce224d53bc9a0b81457 addresses the problems with asan in fedora24. | ||||
* | tests: use LSAN_OPTIONS instead of ASAN_OPTIONS | Nikos Mavrogiannopoulos | 2016-09-05 | 2 | -2/+2 |
| | | | | | New versions of address sanitizer do not parse this file otherwise. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -0/+5 |
| | |||||
* | tests: corrected detection of 64-bit systems in softhsm.h | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -2/+2 |
| | |||||
* | tests: added check for PKCS#11 signature validity | Nikos Mavrogiannopoulos | 2016-09-05 | 2 | -1/+240 |
| | | | | | | That is, tests whether our generated DSASignatureValue with PKCS#11 contains r, s values that are non-negative, i.e., are zero padded when necessary. This utilizes _gnutls_decode_ber_rs_raw(). | ||||
* | Introduced helper function _gnutls_decode_ber_rs_raw() | Nikos Mavrogiannopoulos | 2016-09-05 | 3 | -0/+49 |
| | |||||
* | _gnutls_encode_ber_rs_raw: zero-pad values when necessary | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -13/+46 |
| | | | | | | | This addresses issue when encoding values obtained via PKCS#11 which may not be necessarily padded. Resolves #122 | ||||
* | tests: template-test: use uniform way to detect 32-bit systems | Nikos Mavrogiannopoulos | 2016-09-03 | 1 | -1/+1 |
| | |||||
* | .gitlab-ci.yml: use the gitlab.com shared runners | Nikos Mavrogiannopoulos | 2016-09-02 | 2 | -79/+154 |
| | | | | | | | This removes the need to administer custom runners (except for the FreeBSD runner which cannot run under Linux), makes the testing on other platforms such as Debian simpler, and allows merge requests to pass through the CI. | ||||
* | Import DTLS sliding window validation from OpenConnect ESP code | David Woodhouse | 2016-09-02 | 4 | -79/+123 |
| | | | | | | | | | | | In this implementation, the end of the sliding window is always advanced to the latest received packet, and we accept up to 64 packets before that one. We no longer refuse to accept packets because they are *too* far ahead of what we've already seen. Some of the test cases are fixed up accordingly. This matches the code in OpenConnect esp-seqno.c at commit 314ac65. | ||||
* | tools: Use correct include dir with minitasn | Jussi Kukkonen | 2016-08-31 | 1 | -0/+1 |
| | | | | This allows compiling certtool without libtasn headers. | ||||
* | nettle: removed unused variable in windows rng | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -2/+0 |
| | |||||
* | tests: don't run danetool.sh when not compiled with dane support | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -1/+4 |
| | |||||
* | tests: mini-dtls-record: modified expected order to account for new SW behavior | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -1/+1 |
| | |||||
* | dtls: ensure that the DTLS window doesn't get stalled | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -1/+9 |
| | | | | | That is ensure that it is forwarded at least one place if more than 16 packets have been received since the first one. | ||||
* | tests: enhance the DTLS window unit test to account for lost packets | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -1/+35 |
| | | | | | | This adds tests for cases where many lost packets are encountered, such as 50% of the packets received, as well as 3 consequent packets being lost. | ||||
* | README.md: added coverage report [ci skip] | Nikos Mavrogiannopoulos | 2016-08-29 | 1 | -0/+2 |
| | |||||
* | gnutls_pkcs12_simple_parse: set the key value to null on failure | David Woodhouse | 2016-08-29 | 1 | -1/+3 |
| | |||||
* | tests: added basic operational check of gnutls_ocsp_resp_get_single() | Nikos Mavrogiannopoulos | 2016-08-28 | 1 | -1/+44 |
| | |||||
* | gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks | Nikos Mavrogiannopoulos | 2016-08-28 | 1 | -59/+76 |
| | | | | | | Simplified and optimized the function operation, by removing unecessary memory allocations, as well as eliminate memory leaks on certain error cases. | ||||
* | ocsp: corrected the comparison of the serial size in OCSP response | Nikos Mavrogiannopoulos | 2016-08-27 | 1 | -0/+1 |
| | | | | | | | Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't. Reported by Stefan Buehler. | ||||
* | tools: eliminated memory leaks in deinitialization | Nikos Mavrogiannopoulos | 2016-08-26 | 3 | -2/+5 |
| |