Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | renamed system/iconv.c -> str-iconv.ctmp-idna-print | Nikos Mavrogiannopoulos | 2016-11-25 | 2 | -1/+1 | |
| | | | | | | We no longer use the system's functionality for converting between charsets (we use libunistring), hence it is no longer suitable for the wrappers to stay in system/. | |||||
* | x509: when printing ACE DNSnames ensure the actual name is also printed | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -7/+17 | |
| | ||||||
* | tests: added unit tests of of _gnutls_idna_reverse_map | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -16/+33 | |
| | ||||||
* | introduced _gnutls_idna_reverse_map() | Nikos Mavrogiannopoulos | 2016-11-25 | 3 | -0/+66 | |
| | | | | This function allows mapping ACE formatted domains to UTF-8. | |||||
* | Combined checks for printable characterstmp-idna-write | Nikos Mavrogiannopoulos | 2016-11-25 | 2 | -20/+6 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+4 | |
| | ||||||
* | tests: updated crt_apis to include setting UTF-8 SAN | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -1/+54 | |
| | ||||||
* | tests: updated crq_apis to include setting UTF-8 SAN | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -17/+62 | |
| | ||||||
* | gnutls_idna_map: check for printable data prior to mapping | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+4 | |
| | ||||||
* | gnutls_x509_aia_set: IDNA encode when needed | Nikos Mavrogiannopoulos | 2016-11-25 | 3 | -31/+47 | |
| | ||||||
* | When writing alternative names to certificates ensure we write in ACE format | Nikos Mavrogiannopoulos | 2016-11-25 | 11 | -16/+129 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+4 | |
| | ||||||
* | tests: added pkcs7 verification with struct generated from openssl (with keyid) | Nikos Mavrogiannopoulos | 2016-11-25 | 4 | -3/+107 | |
| | ||||||
* | tests: added pkcs7 verification with struct generated from openssl | Nikos Mavrogiannopoulos | 2016-11-25 | 4 | -3/+101 | |
| | ||||||
* | doc: added certificate for ECC with any purpose | Nikos Mavrogiannopoulos | 2016-11-25 | 2 | -1/+18 | |
| | ||||||
* | pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch | Nikos Mavrogiannopoulos | 2016-11-25 | 3 | -1/+8 | |
| | | | | In addition introduce a new error code to warn about no embedded data. | |||||
* | pkcs7: only print signer's issuer DN when DN has contents | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -1/+2 | |
| | ||||||
* | pkcs7: added recursive discovery of structure's signer | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -94/+282 | |
| | | | | | This uses the PKCS#7 certificate list as a pool of certificates to generate a certificate chain that leads to our root CAs. | |||||
* | pkcs7: on data verification failure log the signer | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+1 | |
| | ||||||
* | tests: added complex verification example using PKCS#7 | Nikos Mavrogiannopoulos | 2016-11-25 | 4 | -2/+193 | |
| | | | | That uses multiple intermediate certificates from the PKCS#7 structure. | |||||
* | doc: updated gnutls_x509_trust_list_verify_crt2() | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -10/+13 | |
| | ||||||
* | pkcs7: pass the verification flags down to ↵ | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -2/+3 | |
| | | | | | | | gnutls_x509_trust_list_verify_crt2, in find_signer() This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when verifying PKCS#7 structures. | |||||
* | pkcs7: corrected iteration over stored certificates | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -1/+1 | |
| | | | | | This allows to use all possibly stored certificates on chain discovery, not only the first. | |||||
* | pkcs7: added debug logging on verification discovery | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+3 | |
| | ||||||
* | errors.h: added _gnutls_reason_log | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+12 | |
| | ||||||
* | errors.h: added _gnutls_cert_log | Nikos Mavrogiannopoulos | 2016-11-25 | 1 | -0/+13 | |
| | | | | This log function allows to easily log the name of a certificate. | |||||
* | certtool: One if check is enough | Andreas Schneider | 2016-11-24 | 1 | -6/+4 | |
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> | |||||
* | corrected log message [ci skip] | Nikos Mavrogiannopoulos | 2016-11-24 | 1 | -2/+2 | |
| | ||||||
* | gnutls_idna_map was prefixed with underscore to avoid clashes with exported ↵tmp-mini-idna2003-update | Nikos Mavrogiannopoulos | 2016-11-23 | 4 | -10/+11 | |
| | | | | symbols | |||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-11-23 | 1 | -0/+16 | |
| | ||||||
* | avoid the use of c_isascii() and use c_isprint() | Nikos Mavrogiannopoulos | 2016-11-23 | 3 | -3/+3 | |
| | | | | | That latter detects correctly the printable characters we are interested in. | |||||
* | tests: added unit tests for gnutls_idna_map() | Nikos Mavrogiannopoulos | 2016-11-23 | 2 | -1/+97 | |
| | ||||||
* | IDNA code re-organization | Nikos Mavrogiannopoulos | 2016-11-23 | 11 | -159/+168 | |
| | | | | | | That introduces the internal function gnutls_idna_map(), which utilizes libidn and libunistring to convert hostnames to IDNA ACE form. | |||||
* | tests: updated outputs to reflect new fingerprint/keyid formatstmp-add-sha256 | Nikos Mavrogiannopoulos | 2016-11-22 | 14 | -58/+58 | |
| | ||||||
* | tests: made tmp files unique | Nikos Mavrogiannopoulos | 2016-11-22 | 2 | -10/+11 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-22 | 1 | -0/+6 | |
| | ||||||
* | Align the printing of a certificate's fingerprint with the key ID printing | Nikos Mavrogiannopoulos | 2016-11-22 | 1 | -12/+21 | |
| | ||||||
* | Print a key's or certificate's key ID with SHA256 in addition to SHA1 | Nikos Mavrogiannopoulos | 2016-11-22 | 2 | -57/+60 | |
| | ||||||
* | certtool: address compiler warnings | Nikos Mavrogiannopoulos | 2016-11-22 | 1 | -1/+1 | |
| | ||||||
* | doc: document the RFC7613 normalization of passwords [ci skip] | Nikos Mavrogiannopoulos | 2016-11-22 | 3 | -1/+17 | |
| | ||||||
* | unistring: include only the required categoriestmp-uninorm-remove-unused-categories | Nikos Mavrogiannopoulos | 2016-11-21 | 136 | -17261/+537 | |
| | | | | In addition fix the license text of the included library. | |||||
* | server_name: log server name sent | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -0/+2 | |
| | ||||||
* | x509/output: improve log message on embedded null | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -1/+1 | |
| | ||||||
* | build-aux: added unused-parameter.htmp-uninorm | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -0/+36 | |
| | ||||||
* | .gitlab-ci.yml: explicitly specify --with-included-unistring when needed | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -6/+6 | |
| | ||||||
* | hooks.m4: corrected typo | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -1/+1 | |
| | ||||||
* | .gitlab-ci.yml: ignore syntax-check issues caused by included unistring | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -1/+2 | |
| | ||||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-11-21 | 1 | -0/+9 | |
| | ||||||
* | unconditionally include unistring code | Nikos Mavrogiannopoulos | 2016-11-21 | 6 | -385/+23 | |
| | | | | | | That simplifies internationalization support, at the cost of including a version of libunistring, which is used on systems which do not ship it. | |||||
* | lib: added unistring sub-library | Nikos Mavrogiannopoulos | 2016-11-21 | 159 | -2/+34296 | |
| |