Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: check whether large packets are allowed on the handshakemax-handshake-recv | Nikos Mavrogiannopoulos | 2016-09-19 | 2 | -1/+286 |
| | |||||
* | do not allow sending overflowed extensions field | Nikos Mavrogiannopoulos | 2016-09-19 | 1 | -0/+3 |
| | | | | That is, restrict the extensions to a 2^16 total size. | ||||
* | tests: minor improvements in mini-extension | Nikos Mavrogiannopoulos | 2016-09-19 | 1 | -1/+10 |
| | | | | This will improve recovery from error conditions. | ||||
* | Increased the maximum size allowed for handshake messages to 96kb | Nikos Mavrogiannopoulos | 2016-09-19 | 1 | -1/+1 |
| | | | | | This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario. | ||||
* | tests: added check for insecure key | Nikos Mavrogiannopoulos | 2016-09-17 | 5 | -5/+198 |
| | | | | | That is, a check which verified whether a connection to a server with a very small key will fail the certificate verification check. | ||||
* | doc updateseparate-error-codes-for-invalid-keys | Nikos Mavrogiannopoulos | 2016-09-17 | 1 | -0/+2 |
| | |||||
* | Introduced separate error codes for invalid private and public keys | Nikos Mavrogiannopoulos | 2016-09-17 | 4 | -19/+19 |
| | | | | | | This allows functions like decryption and verification to report the specific issue they encountered on public key error. The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY | ||||
* | .gitlab-ci.yml: no longer require gnutls-develno-gnutls-devel | Nikos Mavrogiannopoulos | 2016-09-15 | 1 | -2/+2 |
| | | | | This package is no longer needed to run abi-check. | ||||
* | Makefile: abi-check no longer require gnutls headers to be installed | Nikos Mavrogiannopoulos | 2016-09-15 | 1 | -1/+3 |
| | | | | | This addresses the issue of requiring gnutls-devel in the CI system to run abi-check. | ||||
* | doc: remove the conditional self_test functionsnproc | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -5/+1 |
| | | | | | | Also prevent them by re-entering the documented functions list by restricting the header files that contribute functions to the known list defined by $(HEADER_FILES). | ||||
* | Makefile.am: introduced 'make files-update' rule | Nikos Mavrogiannopoulos | 2016-09-14 | 3 | -4/+12 |
| | | | | | | This rule updates the makefiles in doc/ and the kept symbol list. This allows for easier automation of the symbol change 'make dist' breakages. | ||||
* | manpages: delete comparison temp file | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -0/+1 |
| | |||||
* | Makefile.am: symbol changes were made more elaborate | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -9/+26 |
| | | | | | During make dist, the makefile will report the appropriate symbol change message with instructions and fail. | ||||
* | updated doc and symbol files for ↵ | Nikos Mavrogiannopoulos | 2016-09-14 | 3 | -0/+4 |
| | | | | gnutls_certificate_set_ocsp_status_request_function2 | ||||
* | Makefile.am: print the symbols.last diff on make dist | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -1/+1 |
| | | | | | This allows to manually verify the contents before overriding the old file. | ||||
* | doc: allow creation of gnutls.epub without running epub-fix | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -1/+1 |
| | |||||
* | .gitlab-ci.yml: use nproc as argument to 'make -j' | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -17/+17 |
| | | | | | That way, we use as many make processes, as the number of CPUs in the CI system. | ||||
* | .gitlab-ci.yml: added build which runs 'make dist' | Nikos Mavrogiannopoulos | 2016-09-14 | 1 | -0/+15 |
| | | | | | | This tests whether the manpages, info, html, pdf and epub manual are properly generated, and whether any new functions were included into makefiles. | ||||
* | doc: fixed the epub documentation generation | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -4/+6 |
| | |||||
* | gnutls_certificate_set_ocsp_status_request_file: mention version it was enhanced | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -0/+3 |
| | |||||
* | doc: corrected typo | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -1/+1 |
| | |||||
* | Add ECDHE-* to the priority string docs for key exchange algorithms | Alex Monk | 2016-09-13 | 1 | -1/+1 |
| | | | | | | | GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18) The other two were added in 2.99.2 (released 2011-05-26) Signed-off-by: Alex Monk <krenair@gmail.com> | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -0/+4 |
| | |||||
* | .gitlab-ci.yml: added check for position dependent code | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -4/+9 |
| | |||||
* | Makefile.am: added check for position dependent code | Nikos Mavrogiannopoulos | 2016-09-13 | 1 | -0/+7 |
| | | | | | This check will verify that the generated library doesn't contain position dependent code. It depends on elf utilities. | ||||
* | openssl asm: reverted to AESNI-x86 code to gnutls 3.4.x code | Nikos Mavrogiannopoulos | 2016-09-13 | 3 | -2193/+1283 |
| | | | | The newer code was creating position dependent code. | ||||
* | tests: added checks to verify server understanding of UTF8 hostnamesidna-server | Nikos Mavrogiannopoulos | 2016-09-12 | 5 | -3/+393 |
| | | | | | This verifies whether a server can understand and serve requests which contain UTF-8 server names. | ||||
* | tests: set_key: fixed the time override | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -2/+2 |
| | |||||
* | tests: set_key: enabled failure_mode test | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -1/+6 |
| | | | | Also eliminated memory leaks related to it. | ||||
* | Added IDNA support in server side | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -4/+24 |
| | | | | | | Any server names provided to server side by the gnutls_certificate_set_* functions, are converted to IDNA format for comparison with client provided values. | ||||
* | doc updatecleanups | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -0/+19 |
| | |||||
* | .gitlab-ci.yml: restrict the freebsd builds to local branches only | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -0/+4 |
| | |||||
* | Add SIGN-ECDSA-SHA* to the priority strings docs | Alex Monk | 2016-09-12 | 1 | -4/+5 |
| | | | | | | There were added in version 2.99.2, 2011-05-26 Signed-off-by: Alex Monk <krenair@gmail.com> | ||||
* | gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -2/+11 |
| | | | | | That is, ensure that we keep no local references that are shared with the caller, and that we properly free all initialized values. | ||||
* | tests: check key mismatch on gnutls_certificate_set_*key | Nikos Mavrogiannopoulos | 2016-09-12 | 2 | -4/+92 |
| | | | | | That is, check whether these functions can successfully recover from such condition, without leaks or double freeing. | ||||
* | tests: added unit testing for ↵ | Nikos Mavrogiannopoulos | 2016-09-12 | 2 | -1/+238 |
| | | | | gnutls_certificate_set_ocsp_status_request_function2 | ||||
* | tests: added unit tests for gnutls_certificate_set_x509_key() | Nikos Mavrogiannopoulos | 2016-09-12 | 3 | -109/+289 |
| | | | | | In addition these tests verify that the expected index is returned and that can be used with gnutls_certificate_get_crt_raw() afterwards. | ||||
* | tests: enhanced set_x509_key tests to include index verification | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -41/+53 |
| | | | | | That is, verify that correct indexes are returned, and these can be used with gnutls_certificate_get_crt_raw() afterwards. | ||||
* | tests: enhanced set_x509_key_file tests to include index verification | Nikos Mavrogiannopoulos | 2016-09-12 | 3 | -30/+123 |
| | | | | | That is, verify that correct indexes are returned, and these can be used with gnutls_certificate_get_crt_raw() afterwards. | ||||
* | tests: more checks for functionality of ↵ | Nikos Mavrogiannopoulos | 2016-09-12 | 3 | -4/+255 |
| | | | | | | | | | gnutls_certificate_set_ocsp_status_request_file This introduces checks for the cases where gnutls_certificate_set_ocsp_status_request_file() is called with multiple indexes, to set an OCSP response for different certificates. The tests then verify whether the expected OCSP response is received. | ||||
* | Added gnutls_certificate_set_ocsp_status_request_function2 | Nikos Mavrogiannopoulos | 2016-09-12 | 8 | -77/+156 |
| | | | | | | | | | | | That introduces a new function to allow setting an OCSP status request handling function per certificate. Furthermore it repurposes the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file. The changes above allow setting a different OCSP status response file per certificate, and a different function. The indexes they rely on to associate with existing certs are the indexes returned by the gnutls_certificate_set_key() and friends functions. | ||||
* | All the key and chain set functions return an index | Nikos Mavrogiannopoulos | 2016-09-12 | 2 | -20/+29 |
| | | | | | | | When setting key and certificate material to a gnutls_certificate_credentials_t structure, the corresponding set functions will return an index. That index could be used later either on the get functions, or when setting corresponding data (e.g., an OCSP response). | ||||
* | doc: clarifications in gnutls_certificate_set_ocsp_status_request_function() | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -4/+3 |
| | |||||
* | Typo fixes found by lintian. | Andreas Metzler | 2016-09-12 | 2 | -2/+2 |
| | | | | incosistent, ommited | ||||
* | .gitlab-ci.yml: added code-coverage output to clang build | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -1/+2 |
| | |||||
* | .gitlab-ci.yml: the code-coverage command will always succeed | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -6/+12 |
| | | | | This works around random failures while calculating the code coverage. | ||||
* | .gitlab-ci.yml: moved commonly installed packages into the before_script field | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -29/+10 |
| | |||||
* | .gitlab-ci.yml: added syntax check build | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -0/+13 |
| | |||||
* | cfg.mk: revived 'make release' | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -45/+11 |
| | |||||
* | several spacing fixes to keep syntax-check happy | Nikos Mavrogiannopoulos | 2016-09-11 | 210 | -2821/+2962 |
| |