summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* p11tool: introduced the --mark-distrusted and --distrusted optionstmp-pkcs11-stapledNikos Mavrogiannopoulos2016-09-262-2/+20
| | | | | | This allows to mark objects as distrusted, as well as list all distrusted certificates (blacklisted) for a p11-kit trust module as: p11tool --list-all-certs --distrusted
* pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTEDNikos Mavrogiannopoulos2016-09-263-2/+30
| | | | | This allows to mark objects as distrusted, as well as to be able to list distrusted objects.
* pkcs11: only staple extensions from a trust module when they are from a ↵Nikos Mavrogiannopoulos2016-09-262-5/+14
| | | | | | | | | | | non-distrusted certificate That is, make sure that the API for stapling extensions is only used for non-distrusted (blacklisted) certificates. The reason is to avoid duplicate extension entries from the p11-kit trust database, the fact that they come from blacklisted certificates, and the fact that there is no reason to support stapled extensions for blacklisted certificates.
* p11tool: allow to export a certificate with its stapled extensionsNikos Mavrogiannopoulos2016-09-262-0/+20
|
* gnutls_oid_to_ecc_curve: fix null pointer dereferenceNikos Mavrogiannopoulos2016-09-261-1/+1
| | | | | | This addresses issue where an unknown curve would cause a null pointer dereference. This was introduced with the addition of X25519. Reported by Theofilos Petsios.
* Only send the status request extension on cert authenticationNikos Mavrogiannopoulos2016-09-231-0/+5
| | | | | That is, do not both asking for it, or replying to it, if we are not using any certificates.
* gdoc: improved the detection and display of escaped characters (@%)Nikos Mavrogiannopoulos2016-09-221-5/+13
| | | | | This allows to properly display strings like %COMPAT and @SYSTEM in the manual and the manpages.
* doc: gnutls_priority_init: fixed %COMPAT [ci skip]Nikos Mavrogiannopoulos2016-09-221-2/+2
|
* .gitlab-ci.yml: corrected debian build's dependencyNikos Mavrogiannopoulos2016-09-221-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-09-221-0/+5
|
* On client side allow signing with the signature algorithm of our certNikos Mavrogiannopoulos2016-09-223-6/+12
| | | | | | | That allows to sign for example with DSA-SHA1 as client even if we do not allow DSA-SHA1 as signature algorithm for server's certificate. This allows to use a deprecated certificate without enabling deprecated algorithms globally.
* _gnutls_session_get_sign_algo: always return GNUTLS_SIGN_UNKNOWN on failureNikos Mavrogiannopoulos2016-09-221-1/+1
|
* tests: added check for server-side ECDSA keysNikos Mavrogiannopoulos2016-09-225-7/+166
| | | | | | These tests check whether a server ECDSA key will be rejected by the client in case the client has no ECDSA signature algorithms available.
* tests: added check for client-side DSA keyNikos Mavrogiannopoulos2016-09-225-7/+184
| | | | | | This checks whether a client can use and send a DSA key, even if DSA is not enabled (which should prohibit the server from providing a DSA certificate).
* certtool: do not require a certificate to generate a PKCS#12 fileNikos Mavrogiannopoulos2016-09-222-1/+5
| | | | That is, allow generating PKCS#12 files with private keys only as well.
* .gitlab-ci.yml: added debian buildNikos Mavrogiannopoulos2016-09-201-0/+20
|
* README.md: depend on softhsm2 and net-tools on debianNikos Mavrogiannopoulos2016-09-201-2/+2
|
* tests: mini-server-name: skip invalid UTF-8 check if compiled without libidntmp-test-macrosNikos Mavrogiannopoulos2016-09-191-0/+2
| | | | | This allows the test suite to run in systems without libidn. Reported by Thomas Klausner.
* tests: added the macros test_fail() and test_success()Nikos Mavrogiannopoulos2016-09-194-43/+47
| | | | | | These macros allow test programs which run multiple checks, to report the name of the check failed. Modified mini-server-name and x509-dn-decode to use the macro.
* cfg.mk: removed invalid rule in web targetNikos Mavrogiannopoulos2016-09-191-1/+0
|
* doc updateNikos Mavrogiannopoulos2016-09-191-0/+4
|
* added debugging message when session fails due to handshake hash bufferNikos Mavrogiannopoulos2016-09-191-2/+4
|
* tests: check whether large packets are allowed on the handshakeNikos Mavrogiannopoulos2016-09-192-1/+286
|
* Do not allow sending overflowed extensions fieldNikos Mavrogiannopoulos2016-09-191-0/+3
| | | | That is, restrict the extensions to a 2^16 total size.
* tests: minor improvements in mini-extensionNikos Mavrogiannopoulos2016-09-191-1/+10
| | | | This will improve recovery from error conditions.
* Increased the maximum size allowed for handshake messages to 128kbNikos Mavrogiannopoulos2016-09-192-2/+5
| | | | | This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario.
* tests: added check for insecure keyNikos Mavrogiannopoulos2016-09-175-5/+198
| | | | | That is, a check which verified whether a connection to a server with a very small key will fail the certificate verification check.
* doc updateseparate-error-codes-for-invalid-keysNikos Mavrogiannopoulos2016-09-171-0/+2
|
* Introduced separate error codes for invalid private and public keysNikos Mavrogiannopoulos2016-09-174-19/+19
| | | | | | This allows functions like decryption and verification to report the specific issue they encountered on public key error. The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY
* .gitlab-ci.yml: no longer require gnutls-develno-gnutls-develNikos Mavrogiannopoulos2016-09-151-2/+2
| | | | This package is no longer needed to run abi-check.
* Makefile: abi-check no longer require gnutls headers to be installedNikos Mavrogiannopoulos2016-09-151-1/+3
| | | | | This addresses the issue of requiring gnutls-devel in the CI system to run abi-check.
* doc: remove the conditional self_test functionsnprocNikos Mavrogiannopoulos2016-09-141-5/+1
| | | | | | Also prevent them by re-entering the documented functions list by restricting the header files that contribute functions to the known list defined by $(HEADER_FILES).
* Makefile.am: introduced 'make files-update' ruleNikos Mavrogiannopoulos2016-09-143-4/+12
| | | | | | This rule updates the makefiles in doc/ and the kept symbol list. This allows for easier automation of the symbol change 'make dist' breakages.
* manpages: delete comparison temp fileNikos Mavrogiannopoulos2016-09-141-0/+1
|
* Makefile.am: symbol changes were made more elaborateNikos Mavrogiannopoulos2016-09-141-9/+26
| | | | | During make dist, the makefile will report the appropriate symbol change message with instructions and fail.
* updated doc and symbol files for ↵Nikos Mavrogiannopoulos2016-09-143-0/+4
| | | | gnutls_certificate_set_ocsp_status_request_function2
* Makefile.am: print the symbols.last diff on make distNikos Mavrogiannopoulos2016-09-141-1/+1
| | | | | This allows to manually verify the contents before overriding the old file.
* doc: allow creation of gnutls.epub without running epub-fixNikos Mavrogiannopoulos2016-09-141-1/+1
|
* .gitlab-ci.yml: use nproc as argument to 'make -j'Nikos Mavrogiannopoulos2016-09-141-17/+17
| | | | | That way, we use as many make processes, as the number of CPUs in the CI system.
* .gitlab-ci.yml: added build which runs 'make dist'Nikos Mavrogiannopoulos2016-09-141-0/+15
| | | | | | This tests whether the manpages, info, html, pdf and epub manual are properly generated, and whether any new functions were included into makefiles.
* doc: fixed the epub documentation generationNikos Mavrogiannopoulos2016-09-131-4/+6
|
* gnutls_certificate_set_ocsp_status_request_file: mention version it was enhancedNikos Mavrogiannopoulos2016-09-131-0/+3
|
* doc: corrected typoNikos Mavrogiannopoulos2016-09-131-1/+1
|
* Add ECDHE-* to the priority string docs for key exchange algorithmsAlex Monk2016-09-131-1/+1
| | | | | | | GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18) The other two were added in 2.99.2 (released 2011-05-26) Signed-off-by: Alex Monk <krenair@gmail.com>
* doc updateNikos Mavrogiannopoulos2016-09-131-0/+4
|
* .gitlab-ci.yml: added check for position dependent codeNikos Mavrogiannopoulos2016-09-131-4/+9
|
* Makefile.am: added check for position dependent codeNikos Mavrogiannopoulos2016-09-131-0/+7
| | | | | This check will verify that the generated library doesn't contain position dependent code. It depends on elf utilities.
* openssl asm: reverted to AESNI-x86 code to gnutls 3.4.x codeNikos Mavrogiannopoulos2016-09-133-2193/+1283
| | | | The newer code was creating position dependent code.
* tests: added checks to verify server understanding of UTF8 hostnamesidna-serverNikos Mavrogiannopoulos2016-09-125-3/+393
| | | | | This verifies whether a server can understand and serve requests which contain UTF-8 server names.
* tests: set_key: fixed the time overrideNikos Mavrogiannopoulos2016-09-121-2/+2
|
View Lorry Controller Status