| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
That ensures that there are no overflows in the subsequent
calculations.
Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
Relates: #159
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That triggers a heap buffer overflow:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test suite unnecessarily failed on systems without netstat because
it was assumed to be present. Instead of simply checking for its
presence and indicating an unsupported test, however, the ss utility
can be used as a drop-in replacement. When netstat/net-tools is not
present, the ss utility from iproute2 still stands a fair chance of
existing, and they also have similar enough semantics that they can be
used interchangeably in the test suite.
The functions in tests/scripts/common.sh that used netstat
(wait_for_port, wait_for_free_port) now use new functions,
check_if_port_in_use and check_if_port_listening, to abstract the call
to netstat/ss. The eval'd variable GETPORT also used netstat, and has
been updated accordingly.
The new port-checking functions use another new function,
have_port_finder, which takes care of the details of selecting ss
(preferred) or netstat, or fails otherwise.
Signed-off-by: Rical Jasan <ricaljasan@pacific.net>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
images are required also by the html documentation.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
That is, do not include non-function names.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
This allows the existing reproducers which contain certificates which
are rejected by sanity checks, to still be used to detect regressions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This functions allows specifying flags to the certificate object.
In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY
which allows to ignore sanity checks at the import of the certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
This error code indicates an issue in the time fields of certificate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That will refuse to import certificates which their time field
is not in GMT, or contain fractional seconds.
Resolves: #169
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Fractional seconds in GeneralizedTime are prohibited by RFC5280.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That certificate contains a GeneralizedTime with fractional
seconds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
That is, check whether the creation of invalid V2 or V1 certificates
will be detected, and that the correct error codes are returned.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, do not sign X.509 certificates which have fields that
shouldn't be present on their corresponding version.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Refuse to import X.509v1 certificates which have fields that didn't
exist in X.509v1 specification. That is the issuerUniqueID and
subjectUniqueID fields.
Resolves: #168
Resolves: #167
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, added X.509v1 certificates with attributes that shouldn't
have been presented (valid for X.509v2 only).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
The libidn2 versions available do not include libidn2.pc,
thus the inclusion was causing problems when using pkg-config.
Instead we include -lidn2 in Libs.private.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
The less CPU intensive tasks were moved to earlier stage, and the
CPU intensive tasks are only spawned only after basic syntax and
ABI checks have succeeded.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
|
|
| |
FreeBSD does know alloca() but has no such header
Signed-off-by: Marcin Cieślak <saper@SAPER.INFO>
|
| |
|
|
|
|
|
|
| |
This documents the gnutls_set_default_priority() function, and
how it is intended to be combined with an application that utilizes
priority strings.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That is a legacy cipher that is no longer needed to be
included as backup cipher.
Resolves #120
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
That reads SAN and IAN early on import, significantly reducing
the running time of functions which iterate over the alternative
names of a certificate, e.g., gnutls_x509_crt_check_hostname().
Relates #165
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Removed unbound and other minor fixes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
That is, do not utilize a standard C function name as variable name.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
could have returned zero number of elements with a pointer that was uninitialized.
Ensure that an initialized (i.e., null in that case), pointer is always returned.
Reported by Jeremy Harris.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
That is, when compiling without heartbeat support, compilation
could fail due to the dummy wrapper not returning the right
type.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Reported by Thorsten Glaser and Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This reflects better the fact that this function returns
a boolean.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
That is allow domains of the form 'großes.xn--fa-hia.de'. The
drawback is that we may not err early on invalid formatted
names. We however delegate any such decisions to libidn2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
In addition to adding a link to travis build for 3.5.x branch removed
link on 3.4.x branch. It is no longer active.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Document how to calculate the total TLS data transmitted.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(),
we also add support for case insensitive punycode header.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
Ensure safe operation even with broken libidn2, and make
sure that we properly allocate memory to caller, even on complex
library configuration.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
