Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | tpmtool: added newline in error messages | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -8/+8 | |
| | ||||||
* | tpm: backported improvements from master branch | Nikos Mavrogiannopoulos | 2016-12-13 | 9 | -81/+290 | |
| | | | | | | * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop | |||||
* | doc: updated to documentation of certtool [ci skip] | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -3/+3 | |
| | | | | This corrects options which incorrectly mentioned they support URLs. | |||||
* | Don't trash DER CRQ output with text data | Nikos Mavrogiannopoulos | 2016-12-07 | 1 | -2/+2 | |
| | | | | Backported patch from master. | |||||
* | doc updategnutls_3_3_x-set-id | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+7 | |
| | ||||||
* | tests: backported test suite for p11tool --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+52 | |
| | ||||||
* | p11tool: added --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -0/+79 | |
| | ||||||
* | added gnutls_pkcs11_obj_set_info() | Nikos Mavrogiannopoulos | 2016-11-29 | 5 | -0/+183 | |
| | | | | | This function allows setting information such as the CKA_ID and the CKA_LABEL of an object. | |||||
* | tests: check whether PKCS #11 ID set on copy/generation is correct | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -2/+10 | |
| | ||||||
* | p11tool: allow setting the CKA_ID on object initialization/generation | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -15/+54 | |
| | ||||||
* | exported new functions | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+3 | |
| | ||||||
* | pkcs11: enhanced key generation functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -16/+65 | |
| | ||||||
* | enhanced copy functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -29/+110 | |
| | ||||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+1 | |
| | | | | Include the trailing zero into the size calculation. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -0/+3 | |
| | ||||||
* | tests: added pkcs12 check with openssl generated structure and long password | Nikos Mavrogiannopoulos | 2016-11-28 | 3 | -2/+2 | |
| | ||||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -1/+1 | |
| | | | | That affects passwords which exceed 32 characters. | |||||
* | _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success | Nikos Mavrogiannopoulos | 2016-11-07 | 1 | -0/+1 | |
| | | | | | This will prevent verification to succeed if the system is in error state. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -0/+8 | |
| | ||||||
* | Terminate handshake if only unknown or disabled signatures are advertized by ↵ | Nikos Mavrogiannopoulos | 2016-10-27 | 2 | -8/+8 | |
| | | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -0/+9 | |
| | ||||||
* | certificate status requestion response is optional according to RFC6066 | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -1/+1 | |
| | ||||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 | |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | |||||
* | tests: added check to verify that the server will bail out after many alerts | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+224 | |
| | ||||||
* | tests: added check to verify that the server will bail out after receiving ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+172 | |
| | | | | only alerts | |||||
* | tests: backported the common certs from master | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -11/+825 | |
| | ||||||
* | handshake: set a maximum number of warning messages that can be received per ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -9/+14 | |
| | | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. | |||||
* | record: disallow parsing of alert messages prior to session start | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+6 | |
| | ||||||
* | certtool: improve text on missing options for cert generation | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+5 | |
| | ||||||
* | p11tool: avoid asking the security officer PIN twice on initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+3 | |
| | ||||||
* | p11tool: improved messages on token initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -7/+15 | |
| | ||||||
* | p11tool: corrected check of PIN existance in token initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -2/+2 | |
| | ||||||
* | tests: link tests which utilize nettle with nettlegnutls_3_3_25 | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -0/+2 | |
| | ||||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-10-09 | 2 | -0/+6 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -1/+1 | |
| | ||||||
* | TLS extensions: only cache the extension IDs from exts that the server supports | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -3/+9 | |
| | | | | | | | That avoids imposing any artificial limits on the number of extensions that a server can handle. Resolves #136 | |||||
* | certtool: added safety net when generating a certificate request | Nikos Mavrogiannopoulos | 2016-10-07 | 1 | -1/+5 | |
| | | | | | | That is, do not allow specifying --generate-request --load-pubkey without specifying --load-privkey. Previously if --load-pubkey would have been used, it would have been ignored, causing confusion to the users. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-19 | 1 | -0/+4 | |
| | ||||||
* | Increased the maximum size allowed for handshake messages to 128kb | Nikos Mavrogiannopoulos | 2016-09-19 | 2 | -2/+5 | |
| | | | | | This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -0/+4 | |
| | ||||||
* | gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures | Nikos Mavrogiannopoulos | 2016-09-12 | 1 | -1/+10 | |
| | | | | | That is, ensure that we keep no local references that are shared with the caller, and that we properly free all initialized values. | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -1/+6 | |
| | ||||||
* | _gnutls_ucs2_to_utf8: fixed use of WideCharToMultiByte in windows | Nikos Mavrogiannopoulos | 2016-09-07 | 1 | -2/+2 | |
| | ||||||
* | ocsptool: do not enter a spurious newline to responses. | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -1/+0 | |
| | ||||||
* | tests: verify that unique IDs are generated as expectedgnutls_3_3_x-unique-id | Nikos Mavrogiannopoulos | 2016-09-05 | 4 | -1/+120 | |
| | ||||||
* | certtool: Allow writing unique IDs in generated certificates | Nikos Mavrogiannopoulos | 2016-09-05 | 4 | -0/+66 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -1/+4 | |
| | ||||||
* | bumped version | Nikos Mavrogiannopoulos | 2016-09-05 | 2 | -4/+4 | |
| | ||||||
* | Added gnutls_x509_crt_set_issuer_unique_id() and ↵ | Nikos Mavrogiannopoulos | 2016-09-05 | 3 | -18/+98 | |
| | | | | gnutls_x509_crt_set_subject_unique_id() | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-05 | 1 | -0/+5 | |
| |