Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | priorities: when without AES acceleration prefer stream ciphers (i.e., CHACHA20) | Nikos Mavrogiannopoulos | 2016-05-06 | 3 | -5/+41 | |
| | ||||||
* | doc: updated documentation on rehandshake and GNUTLS_ALLOW_ID_CHANGE [ci skip] | Nikos Mavrogiannopoulos | 2016-05-05 | 1 | -6/+10 | |
| | ||||||
* | tests: use the 'b' modifier for writing binary data in set_x509_key_file_der | Nikos Mavrogiannopoulos | 2016-05-04 | 1 | -1/+1 | |
| | | | | This allows the test to operate properly on windows systems. | |||||
* | tests: avoid the usage of tmpnam() | Nikos Mavrogiannopoulos | 2016-05-04 | 6 | -66/+78 | |
| | | | | | Use a simpler version which is confined within the testsuite build directories. | |||||
* | tests: disable checks with tmpnam() on windows | Nikos Mavrogiannopoulos | 2016-05-04 | 2 | -0/+23 | |
| | ||||||
* | tests: fixed 64-bit check for time_t in mini-x509 | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -1/+1 | |
| | ||||||
* | tests: added check for gnutls_certificate_set_x509_simple_pkcs12_file | Nikos Mavrogiannopoulos | 2016-05-03 | 3 | -1/+203 | |
| | ||||||
* | .gitignore: more files to ignore | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+3 | |
| | ||||||
* | tests: added check of gnutls_certificate_set_x509_key_file2 with DER input | Nikos Mavrogiannopoulos | 2016-05-03 | 2 | -1/+119 | |
| | ||||||
* | tests: enhanced set_x509_key_file check | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -4/+64 | |
| | | | | | That now verifies that the input is the same as the data stored in the credentials as well checks for valid operation. | |||||
* | tests: mini-x509: include the legacy verification functions into the check | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -108/+72 | |
| | ||||||
* | tests: added check for gnutls_certificate_set_key() | Nikos Mavrogiannopoulos | 2016-05-03 | 2 | -1/+127 | |
| | ||||||
* | gnutls_certificate_set_key: duplicate the provided memory | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -2/+11 | |
| | | | | That is, do not assume that a heap allocated value is provided. | |||||
* | .gitlab-ci.yml: enabled coverage run in the x86 build | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -3/+4 | |
| | ||||||
* | tests: do not block server errors in testdsa from being printed out | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -5/+7 | |
| | | | | Also added a delay prior to launching next server instance. | |||||
* | .gitignore: more test files to ignore | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+18 | |
| | ||||||
* | pkcs11: find_ext_cb: eliminated memory leak | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+1 | |
| | ||||||
* | pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already ↵ | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -35/+37 | |
| | | | | | | | running While some modules implicitly terminated the previous run, this is not something that PKCS#11 modules are expected to typically do. | |||||
* | pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be ↵ | Nikos Mavrogiannopoulos | 2016-05-03 | 1 | -0/+18 | |
| | | | | | | | | | respected by imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url() or gnutls_x509_crt_import_url() will be able to be extracted with their extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() and friends. | |||||
* | tests: added a basic PKCS#11 mock module | Nikos Mavrogiannopoulos | 2016-05-03 | 6 | -0/+3193 | |
| | | | | | | This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -1/+3 | |
| | ||||||
* | _gnutls_x509_crt_cpy: optimized and simplified | Nikos Mavrogiannopoulos | 2016-05-02 | 4 | -35/+26 | |
| | ||||||
* | exported gnutls_x509_crt_equals() and gnutls_x509_crt_equals2() | Nikos Mavrogiannopoulos | 2016-05-02 | 8 | -52/+73 | |
| | | | | | These functions provide a way to compare parsed certificates. They were used internally and they are quite useful to be made available. | |||||
* | gnutls_pkcs11_obj_get_exts: updated documentation | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -3/+6 | |
| | ||||||
* | gnutls_x509_crt_import_url: updated documentation for new function name | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -7/+5 | |
| | ||||||
* | gnutls_pkcs11_add_provider: clarified params description | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -1/+1 | |
| | ||||||
* | tests: added checks on PKCS#1 digest info encoding/decoding | Nikos Mavrogiannopoulos | 2016-05-02 | 2 | -1/+209 | |
| | ||||||
* | gnutls_decode_ber_digest_info: return more precise error code on unknown hash | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -1/+1 | |
| | | | | | That is instead of returning GNUTLS_E_UNKNOWN_ALGORITHM on unknown hash, return GNUTLS_E_UNKNOWN_HASH_ALGORITHM. | |||||
* | errors.h: removed terminating colon on gnutls_assert() output | Nikos Mavrogiannopoulos | 2016-05-02 | 1 | -1/+1 | |
| | ||||||
* | doc: updated PKCS #11 documentation | Nikos Mavrogiannopoulos | 2016-05-01 | 2 | -18/+54 | |
| | ||||||
* | gnutls_certificate_get_crt_raw: doc update | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -2/+2 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -0/+2 | |
| | ||||||
* | doc: mention the version after which gnutls_pem_base64_en/decode2() are ↵ | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -0/+12 | |
| | | | | available | |||||
* | tests: use one-time files in crlcoverage | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -3/+3 | |
| | ||||||
* | tests: check whether the randomly generate port is used | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -1/+7 | |
| | ||||||
* | .gitlab-ci.yml: enabled the code coverage checks in the valgrind and ubsan ↵ | Nikos Mavrogiannopoulos | 2016-04-30 | 1 | -3/+5 | |
| | | | | targets | |||||
* | tests: enhanced the key-import-export tests | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -49/+246 | |
| | | | | This check now includes the abstract privkey import/export interfaces. | |||||
* | corrected import issue in gnutls_privkey_import_ecc_raw | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -1/+1 | |
| | ||||||
* | x509/privkey: in raw import functions set the parameter's algorithm type | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+3 | |
| | ||||||
* | srp base64: return proper gnutls errors codes on error rather than -1 | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -4/+4 | |
| | ||||||
* | tests: added checks for base64 functions | Nikos Mavrogiannopoulos | 2016-04-29 | 3 | -1/+389 | |
| | ||||||
* | .gitlab-ci.yml: added code coverage run | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -4/+8 | |
| | | | | | This enhances a test to print the code coverage of the test suite, which in turn is being used/reported by gitlab CI interface. | |||||
* | ax_code_coverage.m4: updated to latest version | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -30/+85 | |
| | ||||||
* | libtasn1: updated to latest version | Nikos Mavrogiannopoulos | 2016-04-29 | 3 | -6/+12 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -5/+9 | |
| | ||||||
* | errors.h: gnutls_assert() will log the function name in addition to ↵ | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -1/+1 | |
| | | | | | | | filename/line This is quite necessary after the filenames were simplified and we have filenames with identical names in the directory structure. | |||||
* | tests: added check for SRP ID change during rehandshake | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -1/+275 | |
| | | | | | The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. | |||||
* | tests: added check for PSK ID change during rehandshake | Nikos Mavrogiannopoulos | 2016-04-29 | 2 | -1/+192 | |
| | | | | | The tests make sure that username changes are allowed if the flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. | |||||
* | handshake: enhance same certificate checks to apply to PSK/SRP username | Nikos Mavrogiannopoulos | 2016-04-29 | 13 | -47/+141 | |
| | | | | | | That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites. | |||||
* | tests: added 'PFS' and 'SUITEB128' into the list of checked priority strings | Nikos Mavrogiannopoulos | 2016-04-29 | 1 | -0/+2 | |
| |