| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Regenerate asm files with -fPIC
Closes #818
See merge request gnutls/gnutls!1081
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
as option. Set -fPIC for the same files as openssl does.
Closes #818
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
certtool: ensure that PKCS#8 file does not contain key description
Closes #840
See merge request gnutls/gnutls!1076
|
| |/
|
|
|
|
| |
Resolves: #840
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
GOST-CNT split, part 1
See merge request gnutls/gnutls!1072
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
x509: add support for Russian extensions defined for qualified certificate
See merge request gnutls/gnutls!1075
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
tests: add verbose logging to server-kx-neg tests
See merge request gnutls/gnutls!1078
|
| | | |/
| |/|
| | |
| | |
| | |
| | | |
Add support for verbose logging to tls*-server-kx-neg tests.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
ocsp: test suite and doc improvements
Closes #836
See merge request gnutls/gnutls!1066
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_certificate_set_ocsp_status_request_file2: corrected documentation
This corrects the documented return code in gnutls_certificate_set_ocsp_status_request_file2
and the applicability of gnutls_ocsp_status_request_is_checked.
Resolves: #836
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This checks whether gnutls_ocsp_status_request_is_checked() is functional
on server-side verification.
Relates: #829
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This tests gnutls_certificate_verify_peers2() operation in server
side.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This ensures that this function has functional tests.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ext/supported_versions: reorder client precedence if necessary
Closes #837
See merge request gnutls/gnutls!1074
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
If the client advertises TLS < 1.2 before TLS 1.3 and the server is
configured with TLS 1.3 enabled, the server should select TLS 1.3;
otherwise the client will disconnect when seeing downgrade sentinel.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
gnutls_session_get_data2: fix operation without a timeout callback
Closes #823
See merge request gnutls/gnutls!1068
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When TLS1.3 was introduced, gnutls_session_get_data2 was modified
to assume that the callbacks set included the timeout one which was
not previously necessary except for some special cases. This corrects
that issue and makes sure that gnutls_session_get_data2() does not
fail (but not necessarily succeed), if that timeout callback is not
set.
Resolves: #823
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
fix nettle 3.5 issues/warnings
Closes #835
See merge request gnutls/gnutls!1067
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That is, ensure that the registered cipher is called at least
once in the program. That is, to make this test fail if the registration
API ever become deprecated/no-op.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That is, it no longer uses the deprecated API, and it is also
removed to cipher-alignment for clarity.
Resolves: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
We already depend on nettle 3.4.1 which provides that symbol,
ensure that we use it consistently.
Relates: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
pkcs11-mock: updated license based on upstream project [ci skip]
See merge request gnutls/gnutls!1065
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on the relicense of the original project:
https://github.com/Pkcs11Interop/pkcs11-mock
Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
Add support for Guile 3.0
See merge request gnutls/gnutls!1020
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
previously-supported versions.
* doc/gnutls-guile.texi (Guile Preparations): Update list of supported
versions.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |/
|
|
|
|
|
|
| |
This makes sure we don't load the user's ~/.guile.
* doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |\
| |
| |
| |
| | |
maint: Include Guile's M4 macros.
See merge request gnutls/gnutls!1061
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
as well.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | |
| |
| |
| |
| |
| | |
'configure'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures 'GUILE_PKG' & co. behaves as we want. Previously we had
problem in CI when using 'guile.m4' coming from potentially old distro
packages, as discussed in issue !1020:
https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890
* m4/guile.m4: New file, from Guile's 'stable-2.2' branch,
commit 9846178c69445142ef0b9432417453d2d4de6635.
* .x-sc_prohibit_test_minus_ao: New file.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Do not forbid excess random padding in TLS1.x CBC ciphersuites
Closes #811
See merge request gnutls/gnutls!1054
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The atypical padding check is complementary to the existing
GnuTLS 2.12.x interop test.
This commit also upgrades to the latest version, and adds new TLS1.3
tests as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since some point in 3.6.x we updated the calculation of maximum record size,
however that did not include the possibility of random record padding available
for CBC ciphersuites which exceeds the maximum. This commit allows for larger
sizes for these ciphersuites to account for random padding as applied by
gnutls 2.12.x.
Resolves: #811
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |/
| |
| |
| |
| |
| | |
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
gnutls_int.h: make DECR_LEN neutral to signedness
See merge request gnutls/gnutls!1056
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
DECR_LEN was previously implemented in a way that it first decrements
the given length and then checks whether the result is negative. This
requires the caller to properly coerce the length argument to a signed
integer, before invoking the macro.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
priority: fix loop which removes systemwide disabled KX algos
See merge request gnutls/gnutls!1064
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fix c&p error in KX-removal loop.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
