Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Fix compilation of tests if nettle is not installed in standard path | Dmitry Eremin-Solenikov | 2016-10-25 | 4 | -14/+15 | |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | |||||
* | gnutls-cli-debug: corrected TLS1.2 detection | Nikos Mavrogiannopoulos | 2016-10-25 | 1 | -1/+1 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-24 | 1 | -0/+7 | |
| | ||||||
* | modified the gnutls_certificate_set_key* change | Nikos Mavrogiannopoulos | 2016-10-24 | 13 | -27/+285 | |
| | | | | | | | | | While the change was fully backwards compatible for applications that were adding a single certificate, and applications that were checking for negative errors codes, many applications do not. As this may cause incompatibility issues with software properly utilizing the previously documented API, the change is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2) in the credentials structure for the set_key functions to return an index. | |||||
* | tests: removed nohats.ca from testdane | Nikos Mavrogiannopoulos | 2016-10-22 | 1 | -1/+1 | |
| | | | | The host seems to be unreliable. | |||||
* | .travis.yml: use as many jobs as CPUs in OSX | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -2/+2 | |
| | ||||||
* | .travis.yml: do not run the public submodule checks of maint.mk | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+1 | |
| | | | | | These seem to be problematic to detect modification and are preventing the CI from operating. | |||||
* | .travis.yml: simplified the submodule checkout | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+6 | |
| | | | | The default submodule initialization in travis caused the MacOSX builds to fail. | |||||
* | Added casts to prevent compiler warnings | Nikos Mavrogiannopoulos | 2016-10-21 | 2 | -3/+5 | |
| | ||||||
* | corrected typo | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -2/+1 | |
| | ||||||
* | README.md: corrected link to travius build | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -1/+1 | |
| | ||||||
* | .travis.yml: added support for compiling in macosx | Nikos Mavrogiannopoulos | 2016-10-21 | 7 | -5/+1029 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-21 | 1 | -0/+1 | |
| | ||||||
* | tests: added checks for the new GNUTLS_NO_TICKETS flag | Nikos Mavrogiannopoulos | 2016-10-21 | 3 | -1/+577 | |
| | ||||||
* | gnutls_init: added GNUTLS_NO_TICKETS flags | Nikos Mavrogiannopoulos | 2016-10-21 | 2 | -2/+8 | |
| | | | | | | These flags allow the callers to disable the automatically enabled session tickets. This could be done only with GNUTLS_NO_EXTENSIONS which also disabled other useful extensions. | |||||
* | tests: added pkcs11-privkey-exporttmp-pkcs11-tests-update | Nikos Mavrogiannopoulos | 2016-10-20 | 2 | -1/+162 | |
| | | | | | This checks whether the public parts of RSA private and public keys can be properly extracted from a PKCS#11 module. | |||||
* | Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too | Jakub Jelen | 2016-10-20 | 1 | -2/+4 | |
| | ||||||
* | tests/pkcs11: Return also CKA_CLASS | Jakub Jelen | 2016-10-20 | 1 | -0/+12 | |
| | ||||||
* | tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS ↵ | Jakub Jelen | 2016-10-20 | 1 | -0/+59 | |
| | | | | for public keys to widen compatibility | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+10 | |
| | ||||||
* | updated auto-generated filespkcs7-time-check | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -0/+4 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-18 | 2 | -1/+3 | |
| | ||||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 | |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | |||||
* | certtool: introduce key purpose checks in p7 direct verification | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -2/+9 | |
| | ||||||
* | x509: introduced gnutls_x509_crt_check_key_purpose() | Nikos Mavrogiannopoulos | 2016-10-18 | 3 | -1/+29 | |
| | ||||||
* | gnutls_x509_crt_verify_data2: introduce constraints checks on the provided ↵ | Nikos Mavrogiannopoulos | 2016-10-18 | 5 | -13/+95 | |
| | | | | | | certificate That is check the provided certificate for validity in time and key usage. | |||||
* | tests: introduced verification constraints checks for PKCS#7 structures | Nikos Mavrogiannopoulos | 2016-10-18 | 8 | -5/+408 | |
| | | | | That is, key purpose checks and more elaborate time checks. | |||||
* | gnutls-serv: use the included known DH parameters by defaulttmp-dh-params-ffdhe | Nikos Mavrogiannopoulos | 2016-10-17 | 2 | -42/+31 | |
| | ||||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-17 | 1 | -0/+9 | |
| | ||||||
* | certtool: manpage update | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -3/+7 | |
| | ||||||
* | getfuncs-map.pl: ignore the ffdhe exported parameters | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+12 | |
| | | | | | That is ignore the new variables exported which are not functions, and thus cannot be detected by getfuncs-map.pl. | |||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -0/+24 | |
| | ||||||
* | tests: crl-test: use a unique temp file | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -4/+5 | |
| | ||||||
* | tests: added sanity check for included primes | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -2/+60 | |
| | ||||||
* | doc: discuss the set_known_dh_params and use it in the examples | Nikos Mavrogiannopoulos | 2016-10-14 | 7 | -114/+50 | |
| | ||||||
* | tests: check gnutls_psk_set_server_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+178 | |
| | ||||||
* | tests: check gnutls_anon_set_server_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+158 | |
| | ||||||
* | tests: check gnutls_certificate_set_known_dh_params | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+105 | |
| | ||||||
* | DH: introduced gnutls_*_set_known_dh_params() | Nikos Mavrogiannopoulos | 2016-10-14 | 10 | -2/+207 | |
| | | | | | | | | | | | That is, the functions gnutls_certificate_set_known_dh_params(), gnutls_anon_set_server_known_dh_params(), gnutls_psk_set_server_known_dh_params(). These functions allow to statically set the DH parameters, based on the RFC7919 FFDHE parameters. This can simplify server configuration by allowing DH without loading parameters from file. Relates #37 | |||||
* | certtool: --get-dh-params will output the FFDHE primes instead of the SRP primes | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -2/+30 | |
| | ||||||
* | DH: export the FFDHE Diffie-Hellman values | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -1/+422 | |
| | ||||||
* | .gitlab-ci.yml: use fedora's mingw-cmocka packages | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -4/+2 | |
| | ||||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+12 | |
| | ||||||
* | tests: added check for PKCS#7 catalog file parsing and data extracting | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+134 | |
| | ||||||
* | tests: updated pkcs7 text outputs to account for certtool update | Nikos Mavrogiannopoulos | 2016-10-14 | 4 | -0/+6999 | |
| | ||||||
* | certtool: --p7-info will include the PKCS#7 encoded data in PEM format | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+12 | |
| | ||||||
* | tests: replaced large test2.cat with a smaller file | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -136/+22 | |
| | ||||||
* | certtool: improve text on missing options for cert generation | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+5 | |
| | ||||||
* | Revert "certtool: improve text on missing options for cert generation" | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -5/+1 | |
| | | | | This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3. | |||||
* | handshake: set a maximum number of warning messages that can be received per ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -9/+14 | |
| | | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. |