| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This tests CRL verification with certtool --verify-crl on correct
and incorrect cases.
Relates #564
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
This fixes the messages printed for the generation of a CRL, and
makes the return code of the CRL verification depending on the
verification result.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
| |
This corrects the variable name used in the sizeof argument
for realloc. This does not alter the actual allocation size,
but rather it fixes a logic error.
Relates: #554
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When the server's NewSessionTicket gets lost while the ChangeCipherSpec
goes through, the client did not request retransmission by retransmitting
his last flight, and the handshake was blocked. This commit addresses
the issue and adds a reproducer.
Resolves #543
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Andreas Schwab <schwab@suse.de>
|
|
|
|
|
|
|
|
|
|
|
| |
That is, we allow priority strings which do not enable any groups to
work, by disabling TLS1.3. For example
'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
is still operational, but no TLS1.3 is enabled when specified.
Resolves: #549
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Use gnutls_strdup() in library code
See merge request gnutls/gnutls!742
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
|
|
|
| |
The 'issue' should be fixed already. Even if not, it has to
addressed in gnulib.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
tls13/psk_ext_parser: simplify the iterator interface
See merge request gnutls/gnutls!736
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we used a pattern like this:
uint32_t obfuscated_ticket_age, ticket_age_add;
time_t ticket_age;
ticket_age = obfuscated_ticket_age - ticket_age_add;
if (ticket_age < 0) {
...
}
This always evaluates to false, because subtraction between unsigned
integers yields an unsigned integer. Let's do the comparison before
subtraction and also use correct types for representing time: uint32_t
for protocol time and time_t for system time.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
| |
Previously it was unclear whether psk_ext_parser_st is stateful or
not. This change introduces the simpler API to iterate over the
immutable data (psk_ext_parser_st), following the iterator pattern.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Remove --no-git from ./bootstrap
See merge request gnutls/gnutls!739
|
|/
|
|
|
|
|
|
| |
This removes the --no-git option as bootstrap itself does not use
the remote repository for cloning. At least as long $GNULIB_SRCDIR
points to a recent enough local gnulib git repo.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| |
| |
| | |
Update library to use the final RFC8446 version numbers
Closes #542 and #359
See merge request gnutls/gnutls!730
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we could end-up with a TLS1.3 connection if the TLS1.3
ID was seen on the wire. We now explicitly fallback to TLS1.2
when we see a protocol with TLS1.3 semantics in an SSL2.0 or
in the legacy version of the client hello.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Relates #542
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Resolves #359
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
| |
This adds support of the final RFC numbers.
Resolves #542
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
RFC7250 certificate type negotiation
See merge request gnutls/gnutls!498
|
|/
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|\
| |
| |
| |
| |
| |
| | |
record_size_limit extension
Closes #524
See merge request gnutls/gnutls!733
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements the record_size_limit extension as defined in RFC 8449.
Although it obsoletes the max_record_size extension, for compatibility
reasons GnuTLS still sends it on certain occasions. For example, when
the new size is representable as the codepoint defined for
max_record_size.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
| |
As the extension data is always stored in
session->security_parameters.max_record_send_size, it shouldn't be
necessary to track it with the private data.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Fix gnutls_session_resumption_requested
Closes #546
See merge request gnutls/gnutls!735
|
|/
|
|
|
|
|
|
|
| |
This makes gnutls_session_resumption_requested() functional under
TLS1.3 and introduces a unit test of the function.
Resolves #546
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
.gitlab-ci.yml: use --no-git to bootstrap
Closes #547
See merge request gnutls/gnutls!737
|
|/
|
|
|
|
|
|
|
| |
That is, to reduce CI time, and avoid failures due to
non-availability of the gnulib git repo.
Resolves #547
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This mirror is updated hourly and is hosted on gitlab, meaning
less dependency on external sites downtime.
Resolves: #547
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Fix two typos (overriden/guarranteed)
See merge request gnutls/gnutls!734
|
|/
|
|
| |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\
| |
| |
| |
| | |
doc: document the non-portability of NONE priority string
See merge request gnutls/gnutls!731
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
Fixes for issues identified by static analyzers
Closes #518
See merge request gnutls/gnutls!729
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This addresses issue with travis compilation on MacOSX.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
gnutls_memset: use explicit_bzero
Closes #230
See merge request gnutls/gnutls!728
|
|/
|
|
|
|
|
|
|
| |
That is, use the glibc function when available and the second
parameter is zero.
Resolves #230
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
use a consistent method to mark fall-through in switch cases
Closes #306
See merge request gnutls/gnutls!726
|