| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
-Warith-conversion is new in GCC 10.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
Printing UTCTime really needs last 2 digits of the year.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
| |
This brings in the build fixes of parse-datetime module:
https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve'
Closes #968
See merge request gnutls/gnutls!1319
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
handshake: reject no_renegotiation alert if handshake is incomplete
Closes #1071
See merge request gnutls/gnutls!1320
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix padlock partial PHE detection and sizeof usage
Closes #1076
See merge request gnutls/gnutls!1316
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Fix optional arguments handling in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1318
|
| | |
| | |
| | |
| | |
| | |
| | | |
import.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted,
key fixup logic however checks for 3 missing arguments when updating coefficient 'u'
but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters
are missing at that point.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
improve gnutls-serv EOL processing
Closes #1073
See merge request gnutls/gnutls!1314
|
|/
|
|
|
|
| |
add option `--crlf` to gnutls-serv to disable replacing a received CRLF
by LF in echo mode (fixes #1073).
Signed-off-by: Albrecht Dreß <albrecht.dress@arcor.de>
|
|\
| |
| |
| |
| |
| |
| | |
handshake: check TLS version against modified server priorities
Closes #1054
See merge request gnutls/gnutls!1309
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The server needs to take into account of multiple factors when
determining the TLS protocol version actually being used:
- the legacy version
- "supported_versions" extension
- user_hello_func that may modify the server's priorities
Only after that it can check whether the TLS version is enabled in the
server's priorities.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
cert-session: check OCSP error responses
Closes #1062
See merge request gnutls/gnutls!1308
|
| |/
| |
| |
| |
| |
| |
| |
| | |
If the OCSP responder returns an error code, such as tryLater, we
can't proceed to examine the response bytes. In that case, just skip
the check unless the stapling is mandatory on this certificate.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_aead_cipher_decrypt: check output buffer size before writing
Closes #1049
See merge request gnutls/gnutls!1312
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
While the documentation of gnutls_aead_cipher_decrypt indicates that
the inout argument ptext_len initially holds the size that
sufficiently fits the expected output size, there was no runtime check
on that. This makes the interface robuster against misuses.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_x509_crt_export2: return 0 instead of the length
Closes #1025
See merge request gnutls/gnutls!1311
|
| | |
| | |
| | |
| | |
| | |
| | | |
This aligns the behavior to the documentation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
minitasn1: move WARN_CFLAGS setting to configure.ac
Closes #1022
See merge request gnutls/gnutls!1307
|
| |/
| |
| |
| |
| |
| |
| | |
Some compilers don't support -Wno-type-limits, while they support
-Wtype-limits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix parser output in tests/cert-tests/data/gost-cert-nogost.pem
Closes #1038
See merge request gnutls/gnutls!1310
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
When building without GOST support parsing a GOST certificate must
return an "error importing public key" message instead of key
details. This change makes tests/cert-tests/pem-decoding pass for
builds with --disable-gost.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
_gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled
See merge request gnutls/gnutls!1306
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Previously gnutls_fips140_mode_enabled() returned true, even after
selftests have failed and the library state has switched to error.
While later calls to crypto operations fails, it would be more
convenient to have a function to detect that state.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
doc: assorted typo fixes
See merge request gnutls/gnutls!1305
|
| |/
| |
| |
| |
| |
| | |
Spotted by codespell.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
cert-session: ensure that invalid flag is always set
See merge request gnutls/gnutls!1304
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
Add or clean header guards in lib/includes/gnutls/
See merge request gnutls/gnutls!993
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix two issues about certtool and passwords
Closes #933 and #888
See merge request gnutls/gnutls!1268
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Do not encrypt certificate bag if the user has specified empty password
(--password ''). Encryption can be turned on by specifying
--empty-password.
Fixes #888
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make pin_callback() use cinfo->password if it is set (via command line
or from template).
Fixes #933
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | | |
Mangle/hide GNUTLS-built ecc_scalar_random()
Closes #1016
See merge request gnutls/gnutls!1300
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we
mangle the internal version we build.
ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS.
Fixes #1016
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix invalid free in missing issuer test case error path
See merge request gnutls/gnutls!1303
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This variable is not initialized in this error path: it's only
initialized if gnutls_x509_crt_get_authority_info_access() succeeds.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Fix typo in API docs
See merge request gnutls/gnutls!1302
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|