| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
That is, check whether the creation of invalid V2 or V1 certificates
will be detected, and that the correct error codes are returned.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, do not sign X.509 certificates which have fields that
shouldn't be present on their corresponding version.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Refuse to import X.509v1 certificates which have fields that didn't
exist in X.509v1 specification. That is the issuerUniqueID and
subjectUniqueID fields.
Resolves: #168
Resolves: #167
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
The libidn2 versions available do not include libidn2.pc,
thus the inclusion was causing problems when using pkg-config.
Instead we include -lidn2 in Libs.private.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
The less CPU intensive tasks were moved to earlier stage, and the
CPU intensive tasks are only spawned only after basic syntax and
ABI checks have succeeded.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
FreeBSD does know alloca() but has no such header
Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>
|
|
|
|
|
|
|
|
| |
This documents the gnutls_set_default_priority() function, and
how it is intended to be combined with an application that utilizes
priority strings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That is a legacy cipher that is no longer needed to be
included as backup cipher.
Resolves #120
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
That reads SAN and IAN early on import, significantly reducing
the running time of functions which iterate over the alternative
names of a certificate, e.g., gnutls_x509_crt_check_hostname().
Relates #165
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Removed unbound and other minor fixes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That is, do not utilize a standard C function name as variable name.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
could have returned zero number of elements with a pointer that was uninitialized.
Ensure that an initialized (i.e., null in that case), pointer is always returned.
Reported by Jeremy Harris.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
That is, when compiling without heartbeat support, compilation
could fail due to the dummy wrapper not returning the right
type.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Reported by Thorsten Glaser and Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This reflects better the fact that this function returns
a boolean.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is allow domains of the form 'großes.xn--fa-hia.de'. The
drawback is that we may not err early on invalid formatted
names. We however delegate any such decisions to libidn2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
In addition to adding a link to travis build for 3.5.x branch removed
link on 3.4.x branch. It is no longer active.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Document how to calculate the total TLS data transmitted.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(),
we also add support for case insensitive punycode header.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
Ensure safe operation even with broken libidn2, and make
sure that we properly allocate memory to caller, even on complex
library configuration.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This script which allows running the fuzzying tests
locally using american fuzzy lop.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
In addition group together the tests which require libidn2 >= 0.14.
This allows the tests to succeed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This separates the directions that are tested (utf-8 -> punycode
and vice versa).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
That allows to compile with libidn even if libidn2 is present, and
can be used to check IDNA2003 support.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
... or unless we are in release build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That is added 3.4.0, 3.4.17 and 3.5.8.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
That is, whether p11tool will do the right thing and figure the proper
ID to use for a certificate object, if the public key is available.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
That is when writing a certificate which has a corresponding public key,
or private key in the token, ensure that we use the same ID for the
objects. That eases the work of someone writing objects to certificates,
and does not require him to manually detect the object IDs.
Resolves #160
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
|
|
| |
building with --disable-tools should not cause test failure.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|