summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: added certificate to reproduce memory leaktmp-fix-leak-cert-printingNikos Mavrogiannopoulos2017-01-022-1/+1
| | | | | | | Found by oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156
* x509: address leak in print_altname - cert printingNikos Mavrogiannopoulos2017-01-021-1/+3
|
* Corrected a leak in OpenPGP sub-packet parsing.Alex Gaynor2017-01-023-1/+8
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* doc: fixed copyright date in gnutls.texiNikos Mavrogiannopoulos2017-01-021-2/+2
|
* gnutls_rnd: document the available values of level [ci skip]Nikos Mavrogiannopoulos2017-01-021-1/+3
| | | | This enables using the function by only checking the man page.
* pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-fix-pkcs11-verificationNikos Mavrogiannopoulos2016-12-311-0/+11
| | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set.
* Attempt to fix a leak in OpenPGP cert parsing.Alex Gaynor2016-12-313-1/+7
|
* tests: enable all the ciphersuite in openssl cli for DSS checksfix-compat-testsNikos Mavrogiannopoulos2016-12-311-3/+3
|
* certtool: improved error reporting on file errorNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: don't check against 3DES if disabled in opensslNikos Mavrogiannopoulos2016-12-311-3/+8
|
* tests: do not pass the -dhparams to openssl 1.1.0; it doesn't workNikos Mavrogiannopoulos2016-12-311-1/+8
|
* tests: simplified DH params formatNikos Mavrogiannopoulos2016-12-311-33/+9
| | | | Also switch to RFC7919 DH params.
* tests: corrected type in openssl compat testsNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: added common variable for DH parametersNikos Mavrogiannopoulos2016-12-313-31/+33
|
* tests: fixed paths in compat testsNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: better termination checking in compat testsNikos Mavrogiannopoulos2016-12-312-3/+22
| | | | | This ensures that the exit code of all spawned processes is checked.
* cfg.mk: exclude devel/ subdirectory from syntax checksNikos Mavrogiannopoulos2016-12-311-1/+1
|
* certtool: properly report unencrypted PKCS#8 keys in --p8-infoNikos Mavrogiannopoulos2016-12-301-0/+4
|
* fuzz: added decrypted PKCS#8 keysNikos Mavrogiannopoulos2016-12-303-0/+0
|
* fuzz: added PKCS#8 keys with low iteration countNikos Mavrogiannopoulos2016-12-309-0/+3
| | | | | This makes sure that the fuzzer will not timeout while trying to decode keys.
* submodules: use the github mirror of opensslNikos Mavrogiannopoulos2016-12-281-1/+1
|
* Do not infinite loop if an EOF occurs while skipping a PGP packetAlex Gaynor2016-12-284-5/+59
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* Added a fuzzer for OpenPGP cert parsingAlex Gaynor2016-12-281-0/+47
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* fuzz: document the convention for initial valuesNikos Mavrogiannopoulos2016-12-281-0/+3
|
* fuzz: Added initial values for DN, PKCS8 and X.509 testsNikos Mavrogiannopoulos2016-12-2811-0/+5
|
* Added a parser for PKCS7 importing and printingAlex Gaynor2016-12-261-0/+47
|
* fuzz: added X.509 DN parserNikos Mavrogiannopoulos2016-12-242-1/+53
|
* fuzz: added PKCS#8 private key parserNikos Mavrogiannopoulos2016-12-241-0/+54
|
* configure: introduced --with-priority-string optiontmp-default-prio-stringNikos Mavrogiannopoulos2016-12-212-1/+7
| | | | | This allows specifying the priority string to be used with gnutls_set_default_priority() on configure time.
* priorities: reset the profile flags when appending new flagsNikos Mavrogiannopoulos2016-12-203-3/+14
| | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail.
* gnutls_session_set_verify_cert: doc updateNikos Mavrogiannopoulos2016-12-201-0/+6
|
* Revert "priorities: set the additional verify flags instead of appending them"Nikos Mavrogiannopoulos2016-12-191-1/+1
| | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-191-0/+3
|
* Merge branch 'tmp-cert-updates' into 'master' Nikos Mavrogiannopoulos2016-12-196-193/+299
|\ | | | | | | | | Updates in certificate handling on certtool See merge request !181
| * tests: added check for certtool loading CA certificates from PKCS#11Nikos Mavrogiannopoulos2016-12-193-8/+184
| |
| * certtool: document that --load-ca-certificate can be used with PKCS#11 URLsNikos Mavrogiannopoulos2016-12-191-1/+1
| |
| * certtool: load_ca_cert() can load a CA from URLsNikos Mavrogiannopoulos2016-12-191-1/+11
| |
| * certtool: unified the CA certificate loading processNikos Mavrogiannopoulos2016-12-191-183/+103
|/ | | | | | | That is, combined how CA certificates are loaded for --verify-chain, --verify and --p7-verify. It is based on the trust list high level functions, something that allows PKCS#11 URLs to be specified in --load-ca-certificate.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-192-3/+17
|
* .gitlab-ci.yml: changed buildroot to fedora25Nikos Mavrogiannopoulos2016-12-191-2/+2
|
* Merge branch 'tmp-priority-fix' into 'master' Nikos Mavrogiannopoulos2016-12-194-10/+185
|\ | | | | | | | | Fix issue with multiple calls to priority functions See merge request !195
| * tests: added check for multiple calls to gnutls_priority_set_direct()Nikos Mavrogiannopoulos2016-12-192-1/+173
| |
| * priorities: set the additional verify flags instead of appending themNikos Mavrogiannopoulos2016-12-191-1/+1
| | | | | | | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the combo could be undefined.
| * verify: print certificate on sec param failureNikos Mavrogiannopoulos2016-12-191-8/+11
|/
* Merge branch 'tmp-x509-print-fix' into 'master' Nikos Mavrogiannopoulos2016-12-1613-430/+169
|\ | | | | | | | | | | | | Updates in X.509 certificate handling Relates to #156 See merge request !192
| * x509: corrected leak in certificate printingNikos Mavrogiannopoulos2016-12-161-0/+1
| | | | | | | | | | The leak could be triggered if the certificate policies to be imported are invalid.
| * gnutls_x509_ext_import_proxy: fix issue reading the policy languageNikos Mavrogiannopoulos2016-12-161-11/+11
| | | | | | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed.
| * tests: added certificate which was causing issues in gnutls_x509_crt_print()Nikos Mavrogiannopoulos2016-12-162-1/+1
| |
| * tests: improved certder to easily load certificates from a directoryNikos Mavrogiannopoulos2016-12-1610-418/+156
| | | | | | | | | | That allows to place certificates in certs-interesting/ and these will be loaded and checked upon the new "cert" test case.
| * doc updateNikos Mavrogiannopoulos2016-12-161-1/+1
|/
View Lorry Controller Status