summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| * | gnutls-cli-debug: ignore tests when algorithms are unavailableNikos Mavrogiannopoulos2020-01-182-2/+43
|/ / | | | | | | | | | | | | | | When gnutls-cli-debug is run on systems where a particular algorithm is disabled, ensure that we don't stop the testing; in that case we ignore the test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | doc update [ci skip]Nikos Mavrogiannopoulos2020-01-151-0/+3
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'override-default-priority' into 'master'Nikos Mavrogiannopoulos2020-01-138-4/+153
|\ | | | | | | | | libgnutls: Add system-wide default-priority-string override. See merge request gnutls/gnutls!1158
| * libgnutls: Add system-wide default-priority-string override.Dimitri John Ledkov2020-01-138-4/+153
| | | | | | | | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
* | Merge branch 'tmp-oid-fix' into 'master'Nikos Mavrogiannopoulos2020-01-138-50/+50
|\ \ | | | | | | | | | | | | tests: replace invalid extension OIDs with valid ones See merge request gnutls/gnutls!1153
| * | tests: replace invalid extension OIDs with valid onesNikos Mavrogiannopoulos2020-01-078-50/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libtasn1 4.15.0 or earlier allow encoding and decoding of invalid OIDs, but more recent versions may stop accepting them. Ensure that our test suite includes OIDs which can be decoded by all versions of libtasn1. Relates: https://gitlab.com/gnutls/libtasn1/issues/25 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-cli-multi-staple' into 'master'Dmitry Baryshkov2020-01-131-6/+15
|\ \ \ | | | | | | | | | | | | | | | | gnutls-cli: Log all stapled OCSP responses when running with --verbose See merge request gnutls/gnutls!1165
| * | | gnutls-cli: Log all stapled OCSP responses when running with --verboseFiona Klute2020-01-111-6/+15
| | | | | | | | | | | | | | | | Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* | | | Merge branch 'gost-prio-tests' into 'master'Dmitry Baryshkov2020-01-132-0/+4
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | tests/priorities: add tests for GOST ciphersuites enablement See merge request gnutls/gnutls!1166
| * | | | lib: fix _kx_priority_gost termination itemDmitry Eremin-Solenikov2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | tests/priorities: add tests for GOST ciphersuites enablementDmitry Eremin-Solenikov2020-01-121-0/+3
|/ / / / | | | | | | | | | | | | | | | | | | | | Add test counting GOST ciphersuites and ciphers available. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | Merge branch 'gost-priorities' into 'master'Dmitry Eremin-Solenikov2020-01-127-95/+150
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Extend GOST priority settings and documentation See merge request gnutls/gnutls!1160
| * | | | NEWS: expand documentation for GOST priority stringsDmitry Eremin-Solenikov2020-01-101-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly added GOST shortcuts. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: make priority matching less error-proneDmitry Eremin-Solenikov2020-01-101-67/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To remove possibility of using wrong length or using strncasecmp() instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care about all details. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: add new GOST-ALL shortcutDmitry Eremin-Solenikov2020-01-102-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL and GROUP-GOST-ALL. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: add more GOST shortcutsDmitry Eremin-Solenikov2020-01-095-44/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only one item, but this list will be expanded as support for GOST-CTR-ACPKM ciphersuites will be added. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | lib/priority: add SIGN-GOST-ALL keywordDmitry Eremin-Solenikov2020-01-095-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SIGN-GOST-ALL keyword containing all defined GOST signature algorithms. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | lib/priority: use c_strncasecmp() for string comparisonDmitry Eremin-Solenikov2020-01-081-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use c_strncasecmp() instead of just strncasecmp() which can be affected by locale. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | doc: document GOST priority optionsDmitry Eremin-Solenikov2020-01-081-4/+5
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | doc: document GOST cipher and MAC algorithmsDmitry Eremin-Solenikov2020-01-081-0/+11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: fix GROUP-GOST-ALL comparison lengthDmitry Eremin-Solenikov2020-01-081-1/+1
| | |/ / | |/| | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | Merge branch 'fix-fips-gost' into 'master'Dmitry Eremin-Solenikov2020-01-122-2/+3
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | Fix tests execution when FIPS mode is compiled but not enforced. See merge request gnutls/gnutls!1164
| * | | pk: set generated key algo before calling pct_testDmitry Eremin-Solenikov2020-01-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In wrap_nettle_pk_generate_keys() set params->algo before calling pct_test() as GOST sign/verify use that field. Reported-by: Daiki Ueno Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | CI: FIPS140-2 run make check without enforcing FIPS modeDmitry Eremin-Solenikov2020-01-101-0/+1
| | |/ | |/| | | | | | | | | | | | | | | | | | | Some distributions might enable --enable-fips140-mode, without actually enabling/enforcing FIPS at runtime. Catch issues in such configurations (reported by Daiki Ueno). Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Merge branch 'tmp-ocsp-revocation' into 'master'Daiki Ueno2020-01-104-1/+471
|\ \ \ | |/ / |/| | | | | | | | ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation See merge request gnutls/gnutls!1159
| * | tests: add test for revoked OCSP responsetmp-ocsp-revocationDaiki Ueno2020-01-103-1/+463
| | | | | | | | | | | | | | | | | | | | | This adds a test that exercises a failed handshake upon receipt of an OCSP response with the "revoked" status. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocationDaiki Ueno2020-01-101-0/+8
| |/ | | | | | | | | | | | | | | | | This makes the OCSP based certificate verification adhere to the convention used throughout the library: "The 'GNUTLS_CERT_INVALID' flag is always set on a verification error and more detailed flags will also be set when appropriate." Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-fix-doc' into 'master'Tim Rühsen2020-01-092-2/+4
|\ \ | | | | | | | | | | | | | | | | | | doc: clarify thread safeness in gnutls_global_init() [ci skip] Closes #900 See merge request gnutls/gnutls!1162
| * | doc: clarify thread safeness in gnutls_global_init()Nikos Mavrogiannopoulos2020-01-092-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | This documents and clarifies the thread safeness of gnutls_global_init() and its constraints. Resolves: #900 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Merge branch 'tmp-ocsp-check' into 'master'903-add-crl-and-crq-fuzzersNikos Mavrogiannopoulos2020-01-0913-39/+79
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Provide flag to identify sessions that an OCSP response was requested Closes #829 See merge request gnutls/gnutls!1131
| * | gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the ↵Nikos Mavrogiannopoulos2019-12-163-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | return type Also some documentation updates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | Provide flag to identify sessions that an OCSP response was requestedNikos Mavrogiannopoulos2019-12-1511-34/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be checked by a server application to determine whether the client has requested stapled OCSP responses. This includes minor cleanups in the status request handling code. Resolves: #829 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-check-dup-extensions' into 'master'Nikos Mavrogiannopoulos2020-01-099-37/+184
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | x509: reject certificates having duplicate extensions Closes #887 See merge request gnutls/gnutls!1145
| * | gnutls_x509_crt_get_extension_info: optimize when critical equals NULLNikos Mavrogiannopoulos2020-01-031-9/+9
| | | | | | | | | | | | | | | | | | | | | That is, do not perform the look ups necessary to calculate the value when it will not be used. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | fuzz: import certificate with and without sanity checksNikos Mavrogiannopoulos2020-01-031-0/+7
| | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | x509: reject certificates having duplicate extensionsNikos Mavrogiannopoulos2020-01-038-28/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC5280 a certificate must not include more than one instance of a particular extension. We were previously printing warnings when such extensions were found, but that is insufficient to flag such certificates. Instead, refuse to import them. Resolves: #887 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'topsrcdir' into 'master'Tim Rühsen2020-01-065-5/+5
|\ \ \ | | | | | | | | | | | | | | | | tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE See merge request gnutls/gnutls!1156
| * | | tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILEDimitri John Ledkov2020-01-065-5/+5
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Some tests, e.g. in suite/tls-fuzzer execute scripts from sub-directories, making the relative path to system.prio in the environment pointing to a non-existent file. Export system.prio testsuite file as an absolute path to avoid this issue. Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
* | | Merge branch 'estanglerbm-getrandom' into 'master'Nikos Mavrogiannopoulos2020-01-051-1/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fixes dummy getrandom() when errno = EAGAIN. Closes #892 See merge request gnutls/gnutls!1150
| * | | Fixes dummy getrandom() when errno = EAGAIN.Edward Stangler2020-01-031-1/+6
| |/ / | | | | | | | | | | | | | | | Fixes #892. Signed-off-by: Edward Stangler <estangler@bradmark.com>
* | | Merge branch 'tmp-ci-remove-command-concat' into 'master'Nikos Mavrogiannopoulos2020-01-032-55/+73
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Remove && command concatenation in .gitlab-ci.yml Closes #896 See merge request gnutls/gnutls!1152
| * | | doc: updated epub.texi from gnutls.texiNikos Mavrogiannopoulos2020-01-031-3/+7
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | .gitlab-ci.yml: identify on runtime to db2epub directoryNikos Mavrogiannopoulos2020-01-031-2/+3
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | Remove && command concatenation in .gitlab-ci.ymlTim Rühsen2020-01-031-52/+65
|/ / / | | | | | | | | | | | | | | | | | | | | | As it turns out, `set -e` doesn't work if one of the commands fail, maybe except the last command. Seen, tested and reproduced on Fedora28 image. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | | Merge branch 'tmp-check-fuzz' into 'master'Tim Rühsen2020-01-0318-99/+73
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | UB+ASAN: Fail tests if UB detected Closes #882 and #878 See merge request gnutls/gnutls!1136
| * | | .gitlab-ci.yml: merged ASAN and UBSAN runstmp-check-fuzzNikos Mavrogiannopoulos2020-01-031-35/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This in addition to merging the two CI runs, it also attempts to run the fuzz code under SHANI for CI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | Fix '-Werror=unused-const-variable=' in fuzz/Tim Rühsen2020-01-032-0/+14
| | | | | | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * | | Fix NULL ptr access in _gnutls_iov_iter_next()Tim Rühsen2020-01-031-0/+6
| | | | | | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * | | Use check_for_datefudge in testsTim Rühsen2020-01-035-38/+12
| | | | | | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * | | Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch]Tim Rühsen2020-01-032-3/+3
| | | | | | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
View Lorry Controller Status