summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* p11tool: --initialize will no longer reset user PINtmp-pkcs11-updatesNikos Mavrogiannopoulos2016-11-101-23/+1
| | | | | | | That is because it only resetted the user PIN and not the admin PIN, while at the same time it had problems to cope with the case where the URL changed between token initialization and PIN setting (which is the case if --label is provided to --initialize).
* p11tool: added options to initialize a user and admin's PINNikos Mavrogiannopoulos2016-11-104-3/+70
|
* _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning successNikos Mavrogiannopoulos2016-11-071-0/+1
| | | | | This will prevent verification to succeed if the system is in error state.
* fips140-2: moved PCT-test in wrap_nettle_generate_keysNikos Mavrogiannopoulos2016-11-072-94/+100
| | | | | This allows it to run in any potential scenario, i.e., any call of _gnutls_pk_generate_keys().
* doc updateNikos Mavrogiannopoulos2016-11-061-0/+3
|
* .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9Nikos Mavrogiannopoulos2016-11-061-7/+5
|
* bumped the version of the minimum required libtasn1Nikos Mavrogiannopoulos2016-11-061-1/+1
| | | | | We now require the latest version that supports OIDs with elements that are longer than 32-bits.
* tests: added check for the decoding of certificates with long OIDsNikos Mavrogiannopoulos2016-11-063-2/+238
| | | | That is, OIDs which have an element which exceeds 2^32.
* symbol-check: do not compare against symbols not exported by usNikos Mavrogiannopoulos2016-11-041-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+9
|
* tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE setNikos Mavrogiannopoulos2016-11-041-4/+4
|
* priorities: added CHACHA20-POLY1305 to SECURE setNikos Mavrogiannopoulos2016-11-041-0/+2
|
* released 3.5.6Nikos Mavrogiannopoulos2016-11-041-1/+1
|
* bumped versionsNikos Mavrogiannopoulos2016-11-042-3/+3
|
* symbols.last: updated auto-generated fileNikos Mavrogiannopoulos2016-11-041-1/+0
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+5
|
* tests: added test to ensure that gnutls_rnd() is not called during ↵Nikos Mavrogiannopoulos2016-11-042-1/+70
| | | | initialization
* doc: explicitly state that rng self_test mustn't require rng initializationNikos Mavrogiannopoulos2016-11-042-2/+3
|
* deprecated _gnutls_rnd() in favor of exported gnutls_rnd()Nikos Mavrogiannopoulos2016-11-0418-28/+25
|
* rng: split initialization in preinit and initNikos Mavrogiannopoulos2016-11-047-41/+83
| | | | | | | | This makes gnutls to initialize its random generator on the first call to gnutls_rnd(). That prevents blocking due to getrandom() on a constructor; that change allows to use gnutls-linked applications even in early boot in systems where getrandom() blocks waiting for entropy.
* _gnutls_rnd_check: call _rnd_system_entropy_check directlyNikos Mavrogiannopoulos2016-11-044-26/+3
|
* x509: removed unused IDNA fileNikos Mavrogiannopoulos2016-11-021-41/+0
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-11-021-0/+8
|
* handshake: log advertized versionNikos Mavrogiannopoulos2016-11-021-0/+2
|
* algorithms.h: removed exported prototype from internal headerNikos Mavrogiannopoulos2016-11-021-1/+0
|
* doc updateNikos Mavrogiannopoulos2016-11-022-22/+25
|
* doc updateNikos Mavrogiannopoulos2016-11-011-0/+5
|
* tests: added decoding of multi-value DNNikos Mavrogiannopoulos2016-11-013-6/+97
|
* x509_dn: forbid non-supported escaped chars on DN encodingNikos Mavrogiannopoulos2016-10-311-14/+21
|
* tests: enhanced RFC4514 with arbitrary escaped stringsNikos Mavrogiannopoulos2016-10-311-0/+27
|
* x509_dn: allow arbitrary escaped stringsNikos Mavrogiannopoulos2016-10-311-3/+15
| | | | | In addition fail encoding on unescaped '+'. We do not support it for DN encoding.
* tests: modified to account for backwards-encoded DN (according to RFC4514)Nikos Mavrogiannopoulos2016-10-3125-39/+40
|
* tests: removed old README fileNikos Mavrogiannopoulos2016-10-312-14/+1
| | | | The description in the file had no relevance to the existing tests.
* gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property ↵Nikos Mavrogiannopoulos2016-10-311-12/+64
| | | | | | | | | of RFC4514 When converting an RFC4514 string to a DN ensure that the elements are encoded in reverse order, as required by the RFC. Resolves #111
* Encode string DNs backwards according to RFC4514Nikos Mavrogiannopoulos2016-10-311-28/+36
| | | | | | | This makes the output string from functions such as gnutls_x509_crt_get*dn() to comply with RFC4514 requirements in DN element order. Relates #111
* Updated issue templates [ci skip]Nikos Mavrogiannopoulos2016-10-311-3/+4
|
* Added issue templates [ci skip]Nikos Mavrogiannopoulos2016-10-312-0/+31
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-10-301-4/+10
|
* nettle: renamed system random generator-related files for claritytmp-mini-rng-additionsNikos Mavrogiannopoulos2016-10-295-4/+8
|
* tests: introduced checks for gnutls_rnd() in multi-threaded scenarioNikos Mavrogiannopoulos2016-10-292-1/+128
|
* tests: introduced sanity checks in rng-forkNikos Mavrogiannopoulos2016-10-291-2/+3
|
* drbg-aes-self-test: corrected free callNikos Mavrogiannopoulos2016-10-291-1/+1
|
* tests: check for gnutls 3.3.x compatibilitytmp-status-response-rollbackNikos Mavrogiannopoulos2016-10-272-1/+347
| | | | | | That is, check whether the status request extension is not sent by the server, if the server does not hold a status response. We require that behavior to be backwards compatible with gnutls 3.3.x.
* Reverted the behavior of sending a status request extension even without a ↵Nikos Mavrogiannopoulos2016-10-274-44/+83
| | | | | | | | | | | | | | | response That is, we no longer reply to a client's hello with a status request, with a status request extension. Although that behavior which was introduced in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility issues with gnutls 3.3.x branch. That is because versions prior 3.3.26 translates the presence of the extension as a guarrantee that the status response data will be sent. Even though, that is false assumption we replicate the previous behavior to allow such clients to connect to a gnutls 3.5.x server. Relates !66
* tests: do not enable testpkcs11.sh twiceDmitry Eremin-Solenikov2016-10-271-1/+1
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* starttls: search for chat in sbin if it is not present in PATHDmitry Eremin-Solenikov2016-10-271-2/+17
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Fix autoconf warnings in libopts.m4Dmitry Eremin-Solenikov2016-10-271-12/+12
| | | | | | | | | | | | | | | | | | | | Without this patch Autoconf will spam console with the following kind of messages: configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from... ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from... ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from... src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from... src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from... src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from... src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from... configure.ac:650: the top level Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* cfg.mk: fix m4 files removalDmitry Eremin-Solenikov2016-10-271-3/+3
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* tests: better check for gnutls_ecc_curve_get resultNikos Mavrogiannopoulos2016-10-261-1/+3
|
* Terminate handshake if only unknown or disabled signatures are advertized by ↵Nikos Mavrogiannopoulos2016-10-262-8/+8
| | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1.
View Lorry Controller Status