| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
It was no longer being used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This allows compilation with -Werror even if openpgp is disabled.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The flag --enable-openpgp-authenticationcan be used to revert
this change.
Resolves #178
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Removed the dependency on git2cl and utilize git log directly.
git2cl seems to provide incorrect output.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
They both require access to the same port and thus cannot
be run in parallel.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This enhances the testsuite by running all the tlsfuzzer
fuzzer tests which require certificates from server.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.
|
|
|
|
|
|
|
| |
Travis build seem to fail for some reason since pkg-config is already
installed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This test was failing because datefudge couldn't run under win32.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This allows to re-run failed builds on the depending stages
during that time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
It was already being included in Requires.private. Reported
by Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
| |
We were previously exporting certificates with serial number being
zero, which is not allowed by RFC5280.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This is a unit test for GNUTLS_DT_IP_ADDRESS as used in
gnutls_certificate_verify_peers().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This allows verifying an IP address using gnutls_certificate_verify_peers()
or gnutls_x509_trust_list_verify_crt2().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This is a unit test for:
"gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally"
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Do not fallback to checking the CN of a certificate for a hostname
if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2().
This behavioral change is in order to satisfy the RFC6125 requirement
of not falling back to CN in that case. Reported by Suphannee Sivakorn.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This flag when provided to the gnutls_x509_crt_check_hostname2() function
(and its callers), will prevent IP matching of the subject alternative
name. This can be utilized by applications which directly check for
IP addresses using gnutls_x509_crt_check_ip().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function allows to directly verify IP addresses on a certificate.
That is a first step towards making gnutls_x509_crt_check_hostname2()
not verify IP addresses.
Based on discussion and suggestion by Suphannee Sivakorn. See
https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html
Relates #185
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That ensures that when loading a certificate pair with SHA1, when
SHA1 is disabled will not cause the server to fail to load.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, ensure that results from all verification functions,
including gnutls_pubkey_verify_data2(), will be consistent with
SHA1 and other algorithms deprecation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That ensures that overrides like using broken algorithms are considered
in OCSP validation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, whether the generated gnutls.pc will function for
compiling and linking.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
Used common definitions from cert-common.h for certificates,
and improved error detection in tls-rehandshake-cert-2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That is, check whether if on initial handshake the server requests
a certificate, but on the following rehandshake he doesn't, whether
the client behaves as expected. This tests:
1f685db853db6e48c77c6dbde0cdf716a7303baa
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That addresses a bug which on client side on case of an initial
handshake with a client certificate, we continue to send this
certificate even if on rehandshake we were not requested with on.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722.
The time() syscall is also implemented as syscall() and is in
fact performing better than gettime().
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
The gnulib gettime() maps to gettimeofday() or clock_gettime()
which are both implemented as fast system calls - see vdso(7)-
and as such are available without a switch to kernel mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The time(0) is quite cheap on modern operating systems, and thus we
can rely on it to provide improved assurance in the output randomness.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since ac3de8f5, when all openpgp functionality was deprecated, a
library user including gnutls/abstract.h gets warnings about
deprecated declarations, like this:
gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations]
gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED;
This warning is emitted since the gnutls_openpgp_set_recv_key_function
prototype uses the deprecated typedef gnutls_openpgp_recv_key_func.
By omitting the deprecation attribute from this individual
typedef, we avoid the spurious warnings in calling code which just
includes gnutls/abstract.h without actually using anything related
to openpgp.
Signed-off-by: Martin Storsjo <martin@martin.st>
|