summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* gnutls_transport_set_fastopen: added flags optionstcp-fast-openNikos Mavrogiannopoulos2016-08-084-4/+7
| | | | | This will allow minor modifications to the semantics of the function in the future, without introducing a new API.
* doc updateNikos Mavrogiannopoulos2016-08-081-0/+7
|
* Fix gnutls_pkcs12_simple_parse to always extract the complete chainstefan-fixesStefan Sørensen2016-08-081-20/+15
| | | | | | | | | gnutls_pkcs12_simple_parse was only collecting extra certificates that was possible elements of the certificate chain when the extra_certs argument was not NULL. Fix by allways collecting all the certificates, any unneeded certificates are released before returning if extra_certs is NULL anyway. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
* tests: check gnutls_certificate_get_x509_crt with more than one certificatesNikos Mavrogiannopoulos2016-08-082-30/+82
| | | | This would detect the issue in the "Fix invalid pointer operation in gnutls_certificate_get_x509_crt"
* tests: Use common ca3 test certificates in x509cert, x509dn and x509self tests.Stefan Sørensen2016-08-083-307/+32
| | | | Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
* tests: Remove zero-termination of gnutls_datum encapsulated certificatesStefan Sørensen2016-08-081-17/+17
| | | | | | This allows for memcmp comparison with certificates after processing. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
* Fix invalid pointer operation in gnutls_certificate_get_x509_crtStefan Sørensen2016-08-081-2/+2
| | | | | | | | The access to the allocated crt_list variable was missing a pointer dereference, leading to memory corruption for any certificate list with more than one element. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
* tests: added check for errors when importing illegal RSA keysNikos Mavrogiannopoulos2016-08-087-3/+345
|
* x509: call the fixup functions after loading private keysNikos Mavrogiannopoulos2016-08-082-12/+41
| | | | | That way we can better report errors which relate to illegal parameters being detected.
* nettle: use rsa_*_key_prepare on key importNikos Mavrogiannopoulos2016-08-081-10/+52
| | | | | | | | | | | Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). This patch avoids calling rsa_private_key_prepare every time we construct a nettle private key struct, because this function requires a bigint multiplication. We call that function once on private key import.
* tests: added missing backslash in key-tests MakefileNikos Mavrogiannopoulos2016-08-081-1/+1
|
* Revert "nettle: use rsa_*_key_prepare"Nikos Mavrogiannopoulos2016-08-081-32/+12
| | | | This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2.
* gnutls.h: moved all compatibility defines outside the enumNikos Mavrogiannopoulos2016-08-081-8/+11
|
* prepared for release 3.5.3Nikos Mavrogiannopoulos2016-08-082-4/+4
|
* tests: use gnutls_record_set_timeout instead of kill child processesNikos Mavrogiannopoulos2016-08-053-3/+8
| | | | | | That way we avoid issues like #118 which are caused by killing the child process, and we also avoid deadlocks by making sure that recv will terminate after a long delay.
* tests: mini-record modify in a way to be more fail safeNikos Mavrogiannopoulos2016-08-051-4/+6
| | | | | | | That is, do not kill the child, but instead switch the roles of child and parent, and add a timeout on recv to avoid infinite delays. Relates: #118
* pkcs11: is_object_pkcs11_url -> is_pkcs11_url_objectNikos Mavrogiannopoulos2016-08-052-3/+5
| | | | Renamed function for clarity.
* tests: ignore sigpipe in mini-recordNikos Mavrogiannopoulos2016-08-051-0/+1
|
* gnutls_fips140_mode_enabled: changed return type to unsignedNikos Mavrogiannopoulos2016-08-052-2/+2
|
* doc: updated contribution guide with more info on test suite [ci skip]Nikos Mavrogiannopoulos2016-08-041-2/+11
|
* gnutls_pkcs11_privkey_status: return type changed to unsignedNikos Mavrogiannopoulos2016-08-042-2/+2
|
* doc: added section on SCTP protocol [ci skip]Nikos Mavrogiannopoulos2016-08-042-0/+23
|
* tests: client-fastopen: removed seccomp conditionalNikos Mavrogiannopoulos2016-08-021-1/+1
|
* fastopen: improved error checking at connect()Nikos Mavrogiannopoulos2016-08-021-1/+1
|
* nettle: use rsa_*_key_prepareNikos Mavrogiannopoulos2016-08-011-12/+32
| | | | | | | Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions).
* gnutls_transport_set_fastopen: doc updateNikos Mavrogiannopoulos2016-07-291-7/+18
|
* doc updateNikos Mavrogiannopoulos2016-07-291-0/+5
|
* getrandom: use SYS_getrandom instead of __NR_getrandomNikos Mavrogiannopoulos2016-07-291-1/+1
| | | | | These are identical definitions, but according to syscall() SYS_getrandom is the expected value.
* x059: Fix asymmetry in name constraints intersectionMartin Ukrop2016-07-291-5/+21
| | | | | | | | - In _gnutls_name_constraints_intersect, if *_nc had a node of some type not present in _nc2, this was preserved. However, if it was vice versa (_nc2 having a type not present in *_nc), this node was discarded. - This is now fixed. - Removed redundant return value check that was accidentally left when refactoring from set_datum to explicit NULL setting. Signed-off-by: Martin Ukrop <mukrop@redhat.com>
* tests: Add and improve chain testsMartin Ukrop2016-07-291-54/+164
| | | | | | | | - Add a new chaintest testing the symmetry of merging name constraints of different types. - Rename old name_constraints_but_no_name test to match other name constraints tests. - Improve chain description of older name constraints tests. Signed-off-by: Martin Ukrop <mukrop@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2016-07-291-2/+2
|
* configure: do not generate makefiles in removed dirstests-simplificationNikos Mavrogiannopoulos2016-07-281-7/+0
|
* tests: updated paths for new location of p12 filesNikos Mavrogiannopoulos2016-07-282-5/+5
|
* tests: safe renegotiation tests are run from top dirNikos Mavrogiannopoulos2016-07-283-43/+6
|
* tests: srp tests moved outside subdirNikos Mavrogiannopoulos2016-07-283-53/+2
|
* tests: moved sha2 tests into cert-tests/Nikos Mavrogiannopoulos2016-07-2814-208/+191
|
* tests: moved ecdsa tests to key-tests/Nikos Mavrogiannopoulos2016-07-286-126/+105
|
* tests: moved dsa tests into key-tests/Nikos Mavrogiannopoulos2016-07-2811-50/+22
|
* tests: moved pkcs8 tests to key-tests/Nikos Mavrogiannopoulos2016-07-2814-49/+17
|
* tests: key-tests: moved data files into data/ subdirNikos Mavrogiannopoulos2016-07-2814-29/+33
|
* tests: moved pkcs12 tests into cert-certs/ subdirNikos Mavrogiannopoulos2016-07-2813-318/+15
|
* more files to ignoreNikos Mavrogiannopoulos2016-07-281-0/+3
|
* Require compiler to support C99Tim Rühsen2016-07-281-0/+8
|
* doc updateNikos Mavrogiannopoulos2016-07-281-0/+4
|
* Add test for gnutls_x509_crt_list_import2 with flag ↵tim-patchesTim Kosse2016-07-281-0/+11
| | | | GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED.
* gnutls_x509_crl_list_import2 was ignoring the passed flags if all CTLs in ↵Tim Kosse2016-07-281-1/+1
| | | | the list fit within the initially allocated memory.
* gnutls_certificate_get_peers may return an unsorted listNikos Mavrogiannopoulos2016-07-281-3/+6
|
* gnutls_x509_crt_list_import2 was ignoring the passed flags if all ↵Tim Kosse2016-07-281-1/+1
| | | | certificates in the list fit within the initially allocated memory.
* x509: parse_tlsfeatures: move limit check at the point of additionNikos Mavrogiannopoulos2016-07-281-5/+5
| | | | | | This prevents appending failures when verifying chains on certificates which use the maximum allowed number of features. Suggested by Tim Kosse.
* tests: removed irrelevant commentNikos Mavrogiannopoulos2016-07-281-1/+0
|
View Lorry Controller Status