summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* handshake: do not send TLS extensions under DTLS and vice versatmp-prohibit-tls-dtls-mixNikos Mavrogiannopoulos2018-05-1725-57/+401
| | | | | | | | | | That is, introduce the notion of TLS-only and DTLS-only extensions, providing a framework to prevent sending extensions which are registered for example for TLS 1.3, under DTLS and vice versa. Resolves #440 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLONikos Mavrogiannopoulos2018-05-176-8/+345
| | | | | | This allows parsing extensions from a DTLS client hello. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: fix serv location in testcompat-main-opensslNikos Mavrogiannopoulos2018-05-161-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite: add missing file to distAndreas Metzler2018-05-151-1/+2
| | | | Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Allow running of test against installed gnutls-servAndreas Metzler2018-05-151-1/+2
| | | | Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* gnutls_certificate_set_retrieve_function3: updated documentationtmp-pkcs11-pcertNikos Mavrogiannopoulos2018-05-122-15/+11
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filesNikos Mavrogiannopoulos2018-05-123-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pcert: added functionality to retrieve listsNikos Mavrogiannopoulos2018-05-1212-32/+695
| | | | | | | | | That introduces gnutls_pcert_list_import_x509_file() and gnutls_x509_crt_list_import_url(). Resolves #373 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: sanity-cpp: fixes for win32Nikos Mavrogiannopoulos2018-05-121-2/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: bumped version of cache due to addition of CXXFLAGSNikos Mavrogiannopoulos2018-05-121-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: fix failures in cxx exampleNikos Mavrogiannopoulos2018-05-121-2/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cxx: bring few modern functions, and allow to get the raw sessionNikos Mavrogiannopoulos2018-05-122-0/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'master' into 'master'Nikos Mavrogiannopoulos2018-05-126-44/+306
|\ | | | | | | | | | | | | New C++ interfaces for passing flags while construction Closes #438 See merge request gnutls/gnutls!637
| * New constructors for classes client_session() and server_session() provide ↵Philippe Widmer2018-05-106-44/+306
|/ | | | | | passing flags. Closes #438. Signed-off-by: Philippe Widmer <pw@earthwave.ch>
* tests: mini-record-timing: updated to work under newer gnutls [ci skip]Nikos Mavrogiannopoulos2018-05-101-13/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: key_update: improved error checking and increased timeouttmp-move-ci-to-f28Nikos Mavrogiannopoulos2018-05-101-4/+10
| | | | | | That is to avoid reaching the maximum number of key updates per second. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: moved fedora CI builds to F28Nikos Mavrogiannopoulos2018-05-091-3/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: testcompat-openssl: disable DSS ciphersuites under SSL3.0Nikos Mavrogiannopoulos2018-05-091-59/+64
| | | | | | | | Previously if openssl wouldn't support DSS, we would only disable DSS under TLS1.0 or later, not under SSL 3.0. This fixes interoperability with Fedora28 openssl. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: optimized the abi-check configure stepNikos Mavrogiannopoulos2018-05-092-4/+7
| | | | | | | Also ensured that the same build flags are applied in both builds for ABI checking. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* several updates to address issues found by clang static analyzerNikos Mavrogiannopoulos2018-05-096-10/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* nettle: fix casts which result to warnings in newer gccNikos Mavrogiannopoulos2018-05-091-4/+14
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: updated for GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER from handshakeNikos Mavrogiannopoulos2018-05-071-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* handshake: use GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER consistentlyNikos Mavrogiannopoulos2018-05-073-3/+4
| | | | | | | | | Also treat GNUTLS_E_ILLEGAL_PARAMETER as a synonym if returned during a connection. Relates #442 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* CONTRIBUTING.md: documented status of C++ library [ci skip]Nikos Mavrogiannopoulos2018-05-071-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: cookie: fixed exit condition [ci skip]Nikos Mavrogiannopoulos2018-05-071-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-05-071-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: fixes in win32 buildsNikos Mavrogiannopoulos2018-05-071-3/+3
| | | | | | Relates #439 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: honor --ask-pass when loading a private keyNikos Mavrogiannopoulos2018-05-075-15/+50
| | | | | | | | | This also improves the password prompt when the password requested is not for a smart card. Resolves: #436 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: Disable full test suite for cross buildsMichael Weiser2018-05-071-1/+1
| | | | | | Disable the full test suite for cross CI builds to speed them up. Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
* .gitlab-ci.yml: Expire all build log artifactsMichael Weiser2018-05-071-0/+4
| | | | Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
* Use configured CC for pkg-config testMichael Weiser2018-05-072-2/+4
| | | | | | | Using the configured compiler aids in running the test suite under qemu or in a multlib scenario. Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
* Add Debian-based qemu cross CI targetsMichael Weiser2018-05-071-2/+44
| | | | Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
* updated-auto-generated filesNikos Mavrogiannopoulos2018-05-052-344/+376
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzzer: added fresh TLS1.3 server traceNikos Mavrogiannopoulos2018-05-051-0/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-serv: all skipping DTLS cookie requestNikos Mavrogiannopoulos2018-05-052-33/+44
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-cli: corrected data written by server traceNikos Mavrogiannopoulos2018-05-051-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: post handshake auth: test more combinationsNikos Mavrogiannopoulos2018-05-041-17/+42
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* post_handshake_auth: send extension irrespective of certificates being presentNikos Mavrogiannopoulos2018-05-041-1/+1
| | | | | | | | The feature does not necessarily require certificates to be present and an empty cert can be presented. Furthermore, the certificates can be set later on the credentials structure. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-openssl-suite' into 'master'Nikos Mavrogiannopoulos2018-05-0431-198/+1040
|\ | | | | | | | | | | | | Added testsuite for TLS1.3 interoperability with openssl Closes #228 and #427 See merge request gnutls/gnutls!621
| * updated auto-generated filesNikos Mavrogiannopoulos2018-05-042-72/+136
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added interop tests with openssl under TLS1.3Nikos Mavrogiannopoulos2018-05-0412-7/+677
| | | | | | | | | | | | | | | | | | | | | | | | | | This adds interoperability tests for: * PSK with elliptic curve DHE * RSA,RSA-PSS,secp256r1,ed25519 server certificate * RSA,RSA-PSS,secp256r1,ed25519 client certificate * X25519,SECP256R1 key share exchange * key share with HRR Relates #328 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * doc: clarified re-handshake details under TLS1.2 serverNikos Mavrogiannopoulos2018-05-041-1/+5
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tls13/certificate_request: corrected check of duplicate signature algorithmsNikos Mavrogiannopoulos2018-05-044-22/+45
| | | | | | | | | | | | | | | | | | | | Made the check local when parsing a certificate request, as we may receive multiple requests when post-handshake authentication is in place. Furthermore check whether this extension has been received as this is a mandatory one. In addition handle a memory leak when multiple peer certificates are set. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * gnutls_reauth: doc updateNikos Mavrogiannopoulos2018-05-041-1/+3
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * gnutls-cli: enhanced tool for TLS1.3 optionsNikos Mavrogiannopoulos2018-05-045-21/+91
| | | | | | | | | | | | | | This patch allows a client to enable post-handshake authentication, perform re-key and restrict the sent key shares. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * tls13/certificate: send empty certificate instead of skippingNikos Mavrogiannopoulos2018-05-041-25/+24
| | | | | | | | | | | | | | | | | | | | According to TLS1.3 spec: The server's certificate_list MUST always be non-empty. A client will send an empty certificate_list if it does not have an appropriate certificate to send in response to the server's authentication request. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * _gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiatedNikos Mavrogiannopoulos2018-05-041-6/+2
| | | | | | | | | | | | | | | | That is, if we are performing PSK under TLS1.3, don't bother checking whether the certificate is compatible with the ciphersuite; there isn't any. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tls13/certificate_verify: corrected context in signatures in client sideNikos Mavrogiannopoulos2018-05-041-7/+24
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * _gnutls13_handshake_sign_data: avoid unnecessary copyNikos Mavrogiannopoulos2018-05-041-6/+9
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * handshake: cleanup in TLS1.3 initial secret calculationNikos Mavrogiannopoulos2018-05-041-15/+3
| | | | | | | | | | | | That eliminates duplicate code in server hello parsing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status