summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* gnutls_x509_trust_list_add_system_trust: Add macOS keychain supportDavid Caldwell2017-04-063-1/+77
| | | | | | | | | | | | Also don't check for a default_trust_store_file in configure when building on macOS (unless explicitly asked to with --with-default-trust-store-file=xxx), because otherwise it finds /etc/ssl/cert.pem: This file is new (since 10.12.2?), which means libraries built on the newest OS version wouldn't work the same way on an older versions (and vice versa). "/etc/ssl/cert.pem" also doesn't seem to reflect additions and deletions from the user's or system's trusted roots keychain (in my limited testing). Signed-off-by: David Caldwell <david@porkrind.org>
* Rename uint64 to gnutls_uint64 to avoid conflict with macOSDavid Caldwell2017-04-0611-48/+48
| | | | Signed-off-by: David Caldwell <david@porkrind.org>
* mpi: openpgp integer scanning was put into conditionalNikos Mavrogiannopoulos2017-04-053-3/+15
| | | | | | | That is, no longer include that code when compiling without openpgp support. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Moved all openpgp-related variables and definitions into ifdef blocksNikos Mavrogiannopoulos2017-04-052-7/+9
| | | | | | This allows compilation with -Werror even if openpgp is disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* OpenPGP authentication is disabled by defaultNikos Mavrogiannopoulos2017-04-053-10/+11
| | | | | | | | | The flag --enable-openpgp-authenticationcan be used to revert this change. Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tools: remove outfile when exited on errorNikos Mavrogiannopoulos2017-04-058-375/+439
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: added examples on verifying certificatesNikos Mavrogiannopoulos2017-04-051-3/+17
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: improved documentationNikos Mavrogiannopoulos2017-04-053-30/+66
| | | | | | Incorporated comments made in Lenka Horakova's thesis study. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for PKCS#12 with file that uses PBES1 with no salttmp-pkcs12-zero-salt-fixNikos Mavrogiannopoulos2017-04-043-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-04-041-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: add unit test for PKCS#12 with file that uses SHA512 for MACNikos Mavrogiannopoulos2017-04-043-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs12: increased the maximum salt sizeNikos Mavrogiannopoulos2017-04-041-1/+2
| | | | | | This accomodates for files which have salt sizes up to 256 bytes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_pkcs12_string_to_key: allow SHA384 and SHA512Nikos Mavrogiannopoulos2017-04-041-28/+38
| | | | | | | The previous implementation of the function was restricted to SHA1 and SHA256. Extended to allow SHA384 and SHA512 as well. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* PKCS#12: added support for files with zero salt length in MACNikos Mavrogiannopoulos2017-04-042-21/+19
| | | | | | | Resolves #191 Resolves #190 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for PKCS#12 with file with no salt in MACNikos Mavrogiannopoulos2017-04-043-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: verify that the encryption OID is printedNikos Mavrogiannopoulos2017-04-044-3/+68
| | | | | | | | That is, verify whether certtool --p12-info will print the actual encryption OID on unsupported files, rather than the generic PBES2 algorithm. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pkcs8_info: return the encryption algorithm OID on failureNikos Mavrogiannopoulos2017-04-043-6/+13
| | | | | | | | | | When failing to import a structure due to an unsupported encryption algorithm OID, return the unsupported OID instead of the generic PBES2 OID. Resolves: #193 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_transport_set_pull_timeout_function: doc update [ci skip]Nikos Mavrogiannopoulos2017-04-041-5/+9
| | | | | | | Clarified when this function should be set. Based on suggestion by Sean Greenslade. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Use NORMAL priority for SSLv23_*_method.Andreas Metzler2017-04-031-2/+2
| | | | | | | Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for SSLv23_*_methods. http://bugs.debian.org/857436
* .gitlab-ci.yml: renamed dist build to doc-disttmp-reduce-stagesNikos Mavrogiannopoulos2017-04-021-1/+1
| | | | | | This better describes the name of the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: combined minimal and no-tools buildsNikos Mavrogiannopoulos2017-04-021-21/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: combined static analyser runsNikos Mavrogiannopoulos2017-04-021-23/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: reduced builds and stagesNikos Mavrogiannopoulos2017-04-021-62/+33
| | | | | | That is an improvement to run the CI faster. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added unit test for gnutls_priority_get_cipher_suite_indexNikos Mavrogiannopoulos2017-04-028-3/+174
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-cli: eliminate leak on --list optionNikos Mavrogiannopoulos2017-04-011-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_priority_get_cipher_suite_index: fixed returned protocolsNikos Mavrogiannopoulos2017-04-011-5/+23
| | | | | | | | | That is no longer return indexes for ciphersuites which would not have been available due to TLS version mismatch in the priorities cache. Resolves #146 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: Copy template out of ${srcdir}Matt Turner2017-04-011-2/+2
| | | | | | Otherwise, out of tree builds will fail to copy the template. Signed-off-by: Matt Turner <mattst88@gmail.com>
* gnutls_cipher_get_tag_size: document behavior on non-AEAD ciphersNikos Mavrogiannopoulos2017-03-311-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: make a note that parts of the crypto API are in Core APINikos Mavrogiannopoulos2017-03-311-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added checks with problematic PKCS#12 filesNikos Mavrogiannopoulos2017-03-315-2/+69
| | | | | | | These check whether parsing of unsupported files (e.g., with RC2-128), will succeed. This serves as functionality check for gnutls_pkcs8_info. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pkcs8_info: do not free oid on GNUTLS_E_UNKNOWN_CIPHER_TYPENikos Mavrogiannopoulos2017-03-311-1/+5
| | | | | | | The documented behavior of the function was to return a valid OID in that case. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-03-301-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: dropped .clcopying from dist files [ci skip]Nikos Mavrogiannopoulos2017-03-291-1/+1
| | | | | | It is no longer being used. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Simplified the generation of ChangeLog [ci skip]Nikos Mavrogiannopoulos2017-03-293-12/+3
| | | | | | | Removed the dependency on git2cl and utilize git log directly. git2cl seems to provide incorrect output. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added global locks on tls-fuzzer testsNikos Mavrogiannopoulos2017-03-283-0/+13
| | | | | | | They both require access to the same port and thus cannot be run in parallel. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cert: ensure that there are no leftovers in certificate msgNikos Mavrogiannopoulos2017-03-281-1/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* testsuite: added tlsfuzzer certificate requiring testsNikos Mavrogiannopoulos2017-03-283-1/+113
| | | | | | | This enhances the testsuite by running all the tlsfuzzer fuzzer tests which require certificates from server. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILEDNikos Mavrogiannopoulos2017-03-281-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: updated pkcs12 corpusNikos Mavrogiannopoulos2017-03-288-0/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: added PKCS#12 file parser fuzzerNikos Mavrogiannopoulos2017-03-275-35/+67
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-03-271-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ocsp-test: disable under windowsNikos Mavrogiannopoulos2017-03-261-2/+3
| | | | | | This test was failing because datefudge couldn't run under win32. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Revert "ocsp-test: disable under windows"Nikos Mavrogiannopoulos2017-03-261-5/+0
| | | | This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.
* .travis.yml: no longer install pkg-configNikos Mavrogiannopoulos2017-03-261-1/+1
| | | | | | | Travis build seem to fail for some reason since pkg-config is already installed. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* ocsp-test: disable under windowsNikos Mavrogiannopoulos2017-03-261-0/+5
| | | | | | This test was failing because datefudge couldn't run under win32. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: increase time of artifact expirationNikos Mavrogiannopoulos2017-03-251-1/+1
| | | | | | | This allows to re-run failed builds on the depending stages during that time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls.pc: Removed P11_KIT_LIBS from Libs.privateNikos Mavrogiannopoulos2017-03-251-1/+1
| | | | | | | It was already being included in Requires.private. Reported by Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls.pc: don't include zlib twice in private libsNikos Mavrogiannopoulos2017-03-242-2/+5
|
* tests: create-chain.sh: do not explicitly set serialNikos Mavrogiannopoulos2017-03-231-4/+0
| | | | | | | We were previously exporting certificates with serial number being zero, which is not allowed by RFC5280. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-03-232-4/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status