| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
That is, do not include non-function names.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This allows the existing reproducers which contain certificates which
are rejected by sanity checks, to still be used to detect regressions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This functions allows specifying flags to the certificate object.
In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY
which allows to ignore sanity checks at the import of the certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This error code indicates an issue in the time fields of certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That will refuse to import certificates which their time field
is not in GMT, or contain fractional seconds.
Resolves: #169
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Fractional seconds in GeneralizedTime are prohibited by RFC5280.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That certificate contains a GeneralizedTime with fractional
seconds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That is, check whether the creation of invalid V2 or V1 certificates
will be detected, and that the correct error codes are returned.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, do not sign X.509 certificates which have fields that
shouldn't be present on their corresponding version.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Refuse to import X.509v1 certificates which have fields that didn't
exist in X.509v1 specification. That is the issuerUniqueID and
subjectUniqueID fields.
Resolves: #168
Resolves: #167
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
The libidn2 versions available do not include libidn2.pc,
thus the inclusion was causing problems when using pkg-config.
Instead we include -lidn2 in Libs.private.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
The less CPU intensive tasks were moved to earlier stage, and the
CPU intensive tasks are only spawned only after basic syntax and
ABI checks have succeeded.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
FreeBSD does know alloca() but has no such header
Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>
|
|
|
|
|
|
|
|
| |
This documents the gnutls_set_default_priority() function, and
how it is intended to be combined with an application that utilizes
priority strings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That is a legacy cipher that is no longer needed to be
included as backup cipher.
Resolves #120
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
That reads SAN and IAN early on import, significantly reducing
the running time of functions which iterate over the alternative
names of a certificate, e.g., gnutls_x509_crt_check_hostname().
Relates #165
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Removed unbound and other minor fixes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That is, do not utilize a standard C function name as variable name.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
could have returned zero number of elements with a pointer that was uninitialized.
Ensure that an initialized (i.e., null in that case), pointer is always returned.
Reported by Jeremy Harris.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
That is, when compiling without heartbeat support, compilation
could fail due to the dummy wrapper not returning the right
type.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Reported by Thorsten Glaser and Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This reflects better the fact that this function returns
a boolean.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is allow domains of the form 'großes.xn--fa-hia.de'. The
drawback is that we may not err early on invalid formatted
names. We however delegate any such decisions to libidn2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
In addition to adding a link to travis build for 3.5.x branch removed
link on 3.4.x branch. It is no longer active.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Document how to calculate the total TLS data transmitted.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(),
we also add support for case insensitive punycode header.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
Ensure safe operation even with broken libidn2, and make
sure that we properly allocate memory to caller, even on complex
library configuration.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This script which allows running the fuzzying tests
locally using american fuzzy lop.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
In addition group together the tests which require libidn2 >= 0.14.
This allows the tests to succeed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|