| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The check introduced by commit
12f4abc02e718e2ab0f7ae80b3026a29028536e7 prevents the same smart card
drivers being accessed from multiple drivers, but also prevents using
multiple different tokens configured to be used with p11-kit's
"remote:" option.
This reverts that behavior but adds a new flag to opt for the check.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
bootstrap: update from Gnulib
Closes #1143
See merge request gnutls/gnutls!1384
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Reported by Tim Rühsen in:
https://gitlab.com/gnutls/gnutls/-/issues/577
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| |/
|/|
| |
| | |
Fix test error with nettle in non-default location
See merge request gnutls/gnutls!1386
|
| |/
|
|
|
|
|
|
| |
Move #include <nettle/memxor.h> from gnutls_int.h to lib/cipher.c, drop
now superfluous NETTLE_CFLAGS from CPPFLAGS of multiple tests #including
gnutls_int.h.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |
|
|
|
|
|
| |
This used to run on a dedicated FreeBSD runner, which is no longer
maintained.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| | |
handshake: TLS 1.3: don't generate session ID in resumption mode
See merge request gnutls/gnutls!1381
|
| | |
| |
| |
| |
| |
| | |
Otherwise the tests block forever, even if the child exits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The commit e0bb98e1f71f94691f600839ff748d3a9f469d3e revealed that the
previous code always generated session ID in the TLS 1.3 middlebox
compatibility mode even when the handshake is being resumed.
This could cause a difference in PSK binder calculation if the server
sends an HRR in the resumption handshake.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In middlebox compatibiltiy mode, TLS 1.3 client simulates the TLS 1.2
resumption handshake, so checking session ID for resumption is
pointless. This worked previously because the client always generated
new random value even in a true resumption handshake, but didn't
update the session parameters properly.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having those constants could cause wrong impression that there is a
third possible value.
To reproduce the changes other than lib/gnutls_int.h:
for i in `git ls-files lib`; do
sed -i
-e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_FALSE\|!= *RESUME_TRUE\)/!\1/' \
-e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_TRUE\|!= *RESUME_FALSE\)/\1/' \
-e 's/RESUME_TRUE/true/' \
-e 's/RESUME_FALSE/false/' \
$i
done
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | | |
tests/gnutls-cli-debug.sh: don't unset system priority settings
See merge request gnutls/gnutls!1387
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the test is exercised, GNUTLS_SYSTEM_PRIORITY_FILE is set in many
places, such as TESTS_ENVIRONMENT tests/Makefile.am or a packaging
system that runs the test in a restricted environment. Unsetting it
after a temporary use forces the remaining part of the test to use the
default system priority, which might not be the intention of the user.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
Closes #1131
See merge request gnutls/gnutls!1370
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
regression, where duplicate certificates in a certificate chain are no
longer ignored but treated as a non-contiguous segment and that
results in calling the issuer callback, or a verification failure.
This adds a mechanism to record certificates already seen in the
chain, and skip them while still allow the caller to inject missing
certificates.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Andreas Metzler <ametzler@debian.org>
|
| |\ \
| | |
| | |
| | |
| | | |
Doc: Add missing algorithm keywords to priority string table
See merge request gnutls/gnutls!1385
|
| |/ /
| |
| |
| | |
Signed-off-by: Markus Gasser <m@sad.bz>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
tests: remove hand-written parallelism
Closes #1099
See merge request gnutls/gnutls!1372
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the test used to launch multiple tests in background and
then join them using shell primitives. That approach makes the test
slower as it cannot benefit from the automake's parallel test harness,
as well as it makes diagnostic harder because the lines in the log
file mix up.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the test used to launch multiple tests in background and
then join them using shell primitives. That approach makes the test
slower as it cannot benefit from the automake's parallel test harness,
as well as it makes diagnostic harder because the lines in the log
file mix up.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| |/
|/|
| |
| | |
Verify that cert_list_size > 0 and cert_list != NULL
See merge request gnutls/gnutls!1379
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As ca_list_size is used in malloc, ensure that ca_list_size > 0.
If ca_list_size > 0, then ca_list cannot be NULL. Make these
assumptions explicit with argument condition check.
Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls_certificate_set_x509_key() assumes that cert_list != NULL and
cert_list_size > 0. These assumptions are evident as cert_list_size is
used for malloc and cert_list[0] is accessed. Make those assumptions
explicit with argument condition check.
Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
fips: avoid memleak in (EC)DH internal APIs
See merge request gnutls/gnutls!1380
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There were some confusions of gnutls_pk_params_clear and
gnutls_pk_params_release, as well as the number of parameters to scan
in the gnutls_pk_params_st structure.
Flagged by address sanitizer:
==354688==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 192 byte(s) in 12 object(s) allocated from:
#0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
#1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
#2 0x7ffcb8495f07 ([stack]+0x1ef07)
Direct leak of 160 byte(s) in 10 object(s) allocated from:
#0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
#1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
gnutls_certificate_set_x509_key(): deinitialize pcerts array elements during cleanup
See merge request gnutls/gnutls!1378
|
| |/ /
| |
| |
| |
| |
| |
| | |
In gnutls_certificate_set_x509_key() cleanup, the pcert elements should
be deinitialized, freeing pcert's pubkey and cert fields.
Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
configure: Remove -no_weak_links from LDFLAGS after detecting function availability
Closes #966
See merge request gnutls/gnutls!1376
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
availability
This reverts commit 945a48993dcdd9ead17216e55c59db209923ea5e
and fixes the original issue (#966) differently.
This makes sure that when targeting a version of macOS less than
10.12, we won't pick up and unconditionally use functions that
only appeared later, when building with Xcode 11.4 or newer.
(With Xcode 11.4 or newer, the fix from 945a48993dcdd9 caused
-no_weak_links not be added, affecting the function availability
tests.)
Signed-off-by: Martin Storsjo <martin@martin.st>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
gnulib: update git submodule
Closes #1138
See merge request gnutls/gnutls!1374
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This brings in the fix for building with autoconf 2.70:
https://lists.gnu.org/archive/html/bug-gnulib/2020-12/msg00091.html
Suggested by Jan Palus in:
https://gitlab.com/gnutls/gnutls/-/issues/1138
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | | |
CI pipeline rework - using stages and inheritance
See merge request gnutls/gnutls!1366
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Stanislav Zidek <szidek@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use Github Actions for MacOS CI
Closes #1140
See merge request gnutls/gnutls!1375
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Static analysis in CI checks if this is up to date, and fails if
not. This fixes the failure.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Replaced by Github Actions workflow added in
9fc73ec96fa5adfc8e9a4bd2ee9e6543ffcfe120.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
libgnutls-openssl: Clean up list of exported symbols
See merge request gnutls/gnutls!1373
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
