| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am.
The former is no longer produced by configure.ac.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls-serv: improvements in UDP server
Closes #632
See merge request gnutls/gnutls!863
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This modifies the server to deinitialize the session after use
(avoiding leaks), and to only send the hello verify request when
a client hello is seen.
This also adds a basic unit test of gnutls-serv with the --udp option.
Resolves #632
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
set_ciphersuite_list(): Use linear approach to cleanup priorities
Closes #679
See merge request gnutls/gnutls!889
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
configure.ac: check if libatomic is needed
See merge request gnutls/gnutls!878
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls source code uses the C++11 <atomic> functionality since
https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d,
which internally is implemented using the __atomic_*() gcc built-ins
On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:
../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'
on an architecture like SPARC.
To solve this, a configure.ac check is added to know if we need to
link against libatomic or not. The library is also added to gnutls.pc.
Fixes:
- http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
- http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
tests: added tests for multiple ticket reception
Closes #511
See merge request gnutls/gnutls!887
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This introduces tests for the reception (parsing) of multiple tickets
by a gnutls client. It uses the tlslite-ng server because unlike a gnutls
server, tlslite-ng does send multiple tickets in a single record. That
way we test that we can parse both ways of sending tickets.
Resolves: #511
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign
Closes #667
See merge request gnutls/gnutls!884
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to
the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However,
if the specific key is not marked for use with digital signatures (CKA_SIGN
set), then we may have still ended-up using it and fail when using it. We
now test whether CKA_SIGN is set prior to enabling such keys for PSS.
Resolves: #667
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Update gnulib
Closes #653
See merge request gnutls/gnutls!888
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #653 (printf %n crashes on Android)
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Various alert-related fixes
Closes #672
See merge request gnutls/gnutls!885
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
That is, do not send alerts for success, or for errors indicating that
an alert has been received. This changes the documented function behavior
but does not break any existing caller expectations.
Relates: #672
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Resolves: #672
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix libs.private in gnutls.pc for multiarch builds
Closes #675
See merge request gnutls/gnutls!877
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Avoid excessive CPU usage in gnutls_idna_map()
See merge request gnutls/gnutls!881
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Check for Signed-off-by: in CI
Closes #668
See merge request gnutls/gnutls!874
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
crypto-selftests.c: Fix checking return value
See merge request gnutls/gnutls!880
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix uninitialized variable in tests/x509dn.c
See merge request gnutls/gnutls!882
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
auto-generate the AUTHORS file
See merge request gnutls/gnutls!872
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The original file was unmaintained since long time. This is now
auto-generated from the git shortlog, at release time.
Relates: #606
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
certtool: data encipherment is disabled by default
See merge request gnutls/gnutls!875
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
For the TLS protocol this option is not necessary, and if enabled
by mistake (as default) and no other option is set, then the
generated key will be unusable. Thus we disable it, to generate
working keys by default.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Revert "build: remove src/*.bak from distribution"
See merge request gnutls/gnutls!869
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it
turned out to be not practical. See !862 for the discussion.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| | |
The latter is no longer available after the removal of
GNUMakefile.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
When sending no extensions do not include a zero length
See merge request gnutls/gnutls!868
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to RFC5246:
The presence of extensions can be detected by determining whether
there are bytes following the compression_method field at the end of
the ServerHello.
and as such we correct our behavior to not send the zero length bytes.
This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects
a regression of gnutls with these branches.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
build: install all m4 macros
See merge request gnutls/gnutls!865
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
having all m4 macros in m4/ directory enables easier autoreconf process for
downstream as dependency programs that provide these macros are not required.
both gtk-doc and guile requires huge dependency list, and currently are
required per any change (patch) in autotools.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2
Closes #659 and #645
See merge request gnutls/gnutls!854
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
algorithm.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This extends commit 51d21634 to cover the optional TLS 1.2 cases,
which RFC 8446 4.2.3 suggests: "Implementations that advertise support
for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
accept a signature using that scheme even when TLS 1.2 is negotiated".
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This alert is more appropriate according to the tlsfuzzer test:
https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
Fix _gnutls_write_new_general_name() result checking
See merge request gnutls/gnutls!866
|
| | |/ |
|
| |/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
_gnutls13_handshake_sign_data: properly fail on signing error
See merge request gnutls/gnutls!855
|
| | |
| |
| |
| |
| |
| |
| | |
When signing failed, gnutls would return an invalid signed message
(with no data) instead of failing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
ext/pre_shared_key: avoid unnecessary use of VLA for MSVC
See merge request gnutls/gnutls!861
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Gisle Vanem in:
https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
