| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|/ /
| |
| |
| |
| |
| |
| |
| | |
When gnutls-cli-debug is run on systems where a particular algorithm
is disabled, ensure that we don't stop the testing; in that case
we ignore the test.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
libgnutls: Add system-wide default-priority-string override.
See merge request gnutls/gnutls!1158
|
| |
| |
| |
| | |
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
|\ \
| | |
| | |
| | |
| | | |
tests: replace invalid extension OIDs with valid ones
See merge request gnutls/gnutls!1153
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
libtasn1 4.15.0 or earlier allow encoding and decoding
of invalid OIDs, but more recent versions may stop
accepting them. Ensure that our test suite includes
OIDs which can be decoded by all versions of libtasn1.
Relates:
https://gitlab.com/gnutls/libtasn1/issues/25
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
gnutls-cli: Log all stapled OCSP responses when running with --verbose
See merge request gnutls/gnutls!1165
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
tests/priorities: add tests for GOST ciphersuites enablement
See merge request gnutls/gnutls!1166
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Add test counting GOST ciphersuites and ciphers available.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Extend GOST priority settings and documentation
See merge request gnutls/gnutls!1160
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
added GOST shortcuts.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To remove possibility of using wrong length or using strncasecmp()
instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care
about all details.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL,
SIGN-GOST-ALL and GROUP-GOST-ALL.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only
one item, but this list will be expanded as support for GOST-CTR-ACPKM
ciphersuites will be added.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add SIGN-GOST-ALL keyword containing all defined GOST signature
algorithms.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use c_strncasecmp() instead of just strncasecmp() which can be affected
by locale.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Fix tests execution when FIPS mode is compiled but not enforced.
See merge request gnutls/gnutls!1164
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In wrap_nettle_pk_generate_keys() set params->algo before calling
pct_test() as GOST sign/verify use that field.
Reported-by: Daiki Ueno
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Some distributions might enable --enable-fips140-mode, without actually
enabling/enforcing FIPS at runtime. Catch issues in such configurations
(reported by Daiki Ueno).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation
See merge request gnutls/gnutls!1159
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a test that exercises a failed handshake upon receipt of an
OCSP response with the "revoked" status.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the OCSP based certificate verification adhere to the
convention used throughout the library: "The 'GNUTLS_CERT_INVALID'
flag is always set on a verification error and more detailed flags
will also be set when appropriate."
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
doc: clarify thread safeness in gnutls_global_init() [ci skip]
Closes #900
See merge request gnutls/gnutls!1162
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This documents and clarifies the thread safeness of gnutls_global_init()
and its constraints.
Resolves: #900
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Provide flag to identify sessions that an OCSP response was requested
Closes #829
See merge request gnutls/gnutls!1131
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
return type
Also some documentation updates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be
checked by a server application to determine whether the
client has requested stapled OCSP responses.
This includes minor cleanups in the status request handling code.
Resolves: #829
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
x509: reject certificates having duplicate extensions
Closes #887
See merge request gnutls/gnutls!1145
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That is, do not perform the look ups necessary to calculate the value
when it will not be used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to RFC5280 a certificate must not include more than
one instance of a particular extension. We were previously printing
warnings when such extensions were found, but that is insufficient
to flag such certificates. Instead, refuse to import them.
Resolves: #887
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE
See merge request gnutls/gnutls!1156
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests, e.g. in suite/tls-fuzzer execute scripts from
sub-directories, making the relative path to system.prio in the
environment pointing to a non-existent file. Export system.prio
testsuite file as an absolute path to avoid this issue.
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes dummy getrandom() when errno = EAGAIN.
Closes #892
See merge request gnutls/gnutls!1150
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes #892.
Signed-off-by: Edward Stangler <estangler@bradmark.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove && command concatenation in .gitlab-ci.yml
Closes #896
See merge request gnutls/gnutls!1152
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As it turns out, `set -e` doesn't work if one of the commands fail,
maybe except the last command.
Seen, tested and reproduced on Fedora28 image.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
UB+ASAN: Fail tests if UB detected
Closes #882 and #878
See merge request gnutls/gnutls!1136
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This in addition to merging the two CI runs, it also attempts
to run the fuzz code under SHANI for CI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|