| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
Add the necessary tests to verify that gnutls_psk_server_get_username()
reports the right username under TLS1.2 and TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
That includes tests with unknown usernames and connections with wrong key
and updates to fastopen.sh to use certificate auth, making it applicable
under TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
That adds support for pre-shared keys with and without Diffie-Hellman
key exchange. That's a modified version of initial Ander's patch.
Resolves #414
Resolves #125
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That allows more uniformity across encrypt/decrypt, and
across different protocol handling.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
nettle: corrected typo in version check for compatibility mode with 3.3
See merge request gnutls/gnutls!614
|
| |/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Move to draft-ietf-tls-tls13-26
Closes #409, #378, and #410
See merge request gnutls/gnutls!611
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is a requirement of draft-ietf-tls-tls13-25
Resolves #409
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, because TLS1.2 has specific requirements in the ordering of
curves/groups if certain ciphersuites (ECDHE/DHE) are present, and
by being able to eliminate them early we simplify the negotiation
for TLS1.3-only clients/servers.
Relates #378
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, when %SERVER_PRECEDENCE is given in the priority string make
sure that the negotiated curve of DH group respects the server's priorities.
That's very relevant under TLS1.3 as ciphersuite negotiation itself, where
%SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC
unlike TLS1.2 which included key exchange as well.
Resolves #378
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
| |
This is a requirement of draft-ietf-tls-tls13-26
Resolves #410
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
That is, avoid using the := syntax, set the right version variable
and use a hidden file for abi-check cache stamp.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As abi-dumper and abi-compliance-checker tools are not reliable when
run across different systems, we now compare the previous tag ABI with the
current compiled library. That is in contrast with the previous behavior
of storing the output files of abi-dumper, which can become obsolete on
a CI update.
That also moves the ABI check only on the CI, and not in the 'make dist' rule
as it takes significant time to run.
This relates to an issue reported against libidn2's use of abi-compliance-checker
but it affects gnutls as they share similar code:
https://gitlab.com/libidn/libidn2/issues/42
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
| |
That enables the nettle version macros to operate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
These tests are duplicates of fuzz/gnutls_ocsp_resp/req_parser_fuzzer
and gnutls_x509_parser_fuzzer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
Also safe-renegotiation tests were made TLS1.2-only as they do not
apply to TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This moves the test to use a specific version or test multiple
TLS versions if applicable.
Resolves #413
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
checking
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Move to draft-ietf-tls-tls-23
Closes #391, #400, #393, #389, #397, #398, #395, and #396
See merge request gnutls/gnutls!610
|
| | |
| |
| |
| |
| |
| | |
Also enabled the RSA-PSS tests.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
That also distinguishes between them by using the special random value,
and implements the version check as in draft-ietf-tls-tls13-24.
Resolves #391 #390 #392
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Relates #400
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
from "pure"
This change enhances signature algorithms to have a private key algorithm
parameter. That is, to allow signature algorithms operating with a private
key of type X while the public key is of type Y. That is useful for the
RSA-PSS signatures which are of two types; one which is seen from servers
having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
both utilize RSA-PSS private keys.
This is a draft-ietf-tls-tls13-23 change.
Resolves #400
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also version negotiation was moved to supported_versions extension,
and session ID is set by client following appendix D.4.
This is a draft-ietf-tls-tls13-22 change.
Resolves #393, #389, #397
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is a draft-ietf-tls-tls13-23 change.
Resolves #398
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also send ChangeCipherSpec messages under TLS1.3 handshake.
This is a draft-ietf-tls-tls13-22 change.
Resolves #395
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
| |
This is a draft-ietf-tls-tls13-22 change.
Resolves #396
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
