| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This makes the behavior of this priority string option well-defined
even when TLS1.3 is enabled.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
The flag %NO_EXTENSIONS is disabling extension support while being functional
See merge request gnutls/gnutls!870
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, the %NO_EXTENSIONS option is the only documented way to disable
extensions completely from a session. Clarify that message, mention that
its behavior is undefined when combine with TLS1.3, and make sure that it
is functional. The latter makes sure that safe renegotiation and extended
master secret extensions remain disabled when this flag is given.
That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
no extensions must be used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
certtool.1: fix formatting
See merge request gnutls/gnutls!892
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Apostroph at start of a line is a control character in manpages, avoid
it. Also drop wrong indent.
See https://bugs.debian.org/920215
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \
| | |
| | |
| | |
| | | |
Fix record_size_limit extension handling when resuming
See merge request gnutls/gnutls!886
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
In a resuming session record_size_limit is always renegotiated, and
thus the server should parse the extension always.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
.travis.yml: make macosx builds compile again
See merge request gnutls/gnutls!890
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
They are not necessary for building and testing the basic
test suite.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am.
The former is no longer produced by configure.ac.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls-serv: improvements in UDP server
Closes #632
See merge request gnutls/gnutls!863
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This modifies the server to deinitialize the session after use
(avoiding leaks), and to only send the hello verify request when
a client hello is seen.
This also adds a basic unit test of gnutls-serv with the --udp option.
Resolves #632
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
set_ciphersuite_list(): Use linear approach to cleanup priorities
Closes #679
See merge request gnutls/gnutls!889
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
configure.ac: check if libatomic is needed
See merge request gnutls/gnutls!878
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls source code uses the C++11 <atomic> functionality since
https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d,
which internally is implemented using the __atomic_*() gcc built-ins
On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:
../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'
on an architecture like SPARC.
To solve this, a configure.ac check is added to know if we need to
link against libatomic or not. The library is also added to gnutls.pc.
Fixes:
- http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
- http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
tests: added tests for multiple ticket reception
Closes #511
See merge request gnutls/gnutls!887
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This introduces tests for the reception (parsing) of multiple tickets
by a gnutls client. It uses the tlslite-ng server because unlike a gnutls
server, tlslite-ng does send multiple tickets in a single record. That
way we test that we can parse both ways of sending tickets.
Resolves: #511
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign
Closes #667
See merge request gnutls/gnutls!884
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to
the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However,
if the specific key is not marked for use with digital signatures (CKA_SIGN
set), then we may have still ended-up using it and fail when using it. We
now test whether CKA_SIGN is set prior to enabling such keys for PSS.
Resolves: #667
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Update gnulib
Closes #653
See merge request gnutls/gnutls!888
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #653 (printf %n crashes on Android)
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Various alert-related fixes
Closes #672
See merge request gnutls/gnutls!885
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
That is, do not send alerts for success, or for errors indicating that
an alert has been received. This changes the documented function behavior
but does not break any existing caller expectations.
Relates: #672
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Resolves: #672
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix libs.private in gnutls.pc for multiarch builds
Closes #675
See merge request gnutls/gnutls!877
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Avoid excessive CPU usage in gnutls_idna_map()
See merge request gnutls/gnutls!881
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Check for Signed-off-by: in CI
Closes #668
See merge request gnutls/gnutls!874
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
crypto-selftests.c: Fix checking return value
See merge request gnutls/gnutls!880
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix uninitialized variable in tests/x509dn.c
See merge request gnutls/gnutls!882
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
auto-generate the AUTHORS file
See merge request gnutls/gnutls!872
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The original file was unmaintained since long time. This is now
auto-generated from the git shortlog, at release time.
Relates: #606
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
certtool: data encipherment is disabled by default
See merge request gnutls/gnutls!875
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
For the TLS protocol this option is not necessary, and if enabled
by mistake (as default) and no other option is set, then the
generated key will be unusable. Thus we disable it, to generate
working keys by default.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Revert "build: remove src/*.bak from distribution"
See merge request gnutls/gnutls!869
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it
turned out to be not practical. See !862 for the discussion.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| | |
The latter is no longer available after the removal of
GNUMakefile.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
When sending no extensions do not include a zero length
See merge request gnutls/gnutls!868
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to RFC5246:
The presence of extensions can be detected by determining whether
there are bytes following the compression_method field at the end of
the ServerHello.
and as such we correct our behavior to not send the zero length bytes.
This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects
a regression of gnutls with these branches.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
