| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
When handshake is in progress, do not override the default TLS
version in the session. This allows gnutls_priority_set to be called
in the post_client_hello function without breaking the handshake.
Resolves #580
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Use ASCII version of strcasecmp() in library code
Closes #570
See merge request gnutls/gnutls!764
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
strcasecmp() has side effects in some locales.
What we really need is c_strcasecmp() from Gnulib for comparing
ASCII strings.
Fixes #570
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \
| | |
| | |
| | |
| | | |
tlsfuzzer: add missing script
See merge request gnutls/gnutls!759
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests
pass.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3
option was passed. We will run these tests anyway from
gnutls-nocert-ssl3.json, so disable them here.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adapt tls-fuzzer-common.sh script to be able to run tests in case
srcdir != builddir.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us
catch issues in legacy code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing
in the source tree. Add it back.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Move common code to tls-fuzzer-common.sh to ease further adjustments.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
usage of random port for server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing
usage of random port for server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make tlsproxy/buffer.c compilable by gcc 4.4.7
Closes #577
See merge request gnutls/gnutls!763
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
manpage generation cleanup
See merge request gnutls/gnutls!760
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This API is no longer functional and is only available as stubs
for backwards binary compatibility.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Recognize parameters of the form unsigned char name[8], and
do not print obscure warnings. Furthermore gdoc will fail
when a function parameter is not described or when no
function is found. This addresses the generation of undetected
errors in generated manpages.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |/
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
_gnutls_check_key_purpose: eliminated dead code
Closes #573
See merge request gnutls/gnutls!762
|
| |/
|
|
|
|
| |
Resolves #573
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
mech-list.h: generate unique entries
See merge request gnutls/gnutls!761
|
| |/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
| |
The NetBSD default shell cannot handle the UTF-8 strings we use
in that script.
Resolves #544
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
As the protocol has been finalized, and the implementation is
stable and interoperable, there is no need to enable it conditionally.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Provide a less restrictive PKCS#11 search of certificates
Closes #569
See merge request gnutls/gnutls!757
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This addresses the problem where the CA certificate doesn't
have a subject key identifier whereas the end certificates
have an authority key identifier.
Resolves #569
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls-cli enables CRL validation on startup
Closes #564
See merge request gnutls/gnutls!752
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also makes the failure in adding CRLs or CAs, a fatal error.
Resolves #564
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| | |
This allows an application to be notified of the addition of invalid
CRLs in the trust list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
Session ticket key rotation with TOTP
Closes #184
See merge request gnutls/gnutls!695
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We were previously only relying on the client's view of the
ticket lifetime for TLS1.3 tickets. This makes sure that we
only resume tickets that the server considers valid and consolidates
the expiration time checks to _gnutls_check_resumed_params().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This introduces session ticket key rotation on server side. The
key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
Resolves #184
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
| |\ \
| | |
| | |
| | |
| | | |
Remove auto-generated src/mech-list.h from repo
See merge request gnutls/gnutls!753
|
| |/ /
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \
| | |
| | |
| | |
| | | |
Fix issue introduced in 20886264fe
See merge request gnutls/gnutls!756
|
| |/ /
| |
| |
| |
| |
| |
| | |
This makes _gnutls_resolve_priorities() return a string that is always
allocated with the gnutls memory functions.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This clarifies the format that parameters in the EdDSA curves
will be returned, and also ensures that the import/export
functions fail on unsupported curves.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
GOST endianness
See merge request gnutls/gnutls!755
|
| | |
| |
| |
| |
| |
| |
| | |
OpenSSL and other libraries print MSB first, when printing GOST public
keys. Let's return to this convention.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
OpenSSL and other libraries print MSB first, when printing GOST public
keys. Let's return to this convention.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
GOST R 34.10 native format is little endian. It is better for the
application code to use native format data to interface library, rather
than convert buffers on their own.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |/
|
|
|
|
|
| |
Add little endian counterpart to _gnutls_mpi_dprint and
_gnutls_mpi_dprint_le.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| | |
gnutls.h: correct GOST R number references
See merge request gnutls/gnutls!750
|
| |/
|
|
|
|
|
|
|
| |
Fix numeric GOST R ids used in documentation, too many numbers:
- GOST R 34.11 is digest function
- GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest
- GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Setting $SUBMODULE_NOFETCH to a non-empty value adds
--no-fetch to the git command (for CI speedup).
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
