summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove typedef'ing ssize_t in gnutls.htmp-ssize-tTim Rühsen2019-02-122-19/+4
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-gnulib-pton' into 'master'Tim Rühsen2019-02-1012-300/+20
|\ | | | | | | | | Use inet_pton() from gnulib See merge request gnutls/gnutls!913
| * Use inet_pton() from gnulibtmp-gnulib-ptonTim Rühsen2019-02-1012-300/+20
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tmp-gitlab-triage' into 'master'Tim Rühsen2019-02-101-0/+71
|\ \ | | | | | | | | | | | | .triage-policies.yml: added [ci skip] See merge request gnutls/gnutls!908
| * | .triage-policies.yml: added [ci skip]tmp-gitlab-triageNikos Mavrogiannopoulos2019-02-041-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a set of policies regarding issues and merge requests to be enforced by the gitlab-triage bot. That is: - Issues without any label for more than a month are marked with needs attention label - Issues with needinfo label are closed if they are not updated within a month - Merge requests marked as WIP with no update within 5 months are closed. These rules are not enforced automatically; we have to schedule a run of the gitlab-triage bot. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Merge branch 'tmp-enforce-gnulib-rules-for-lib' into 'master'Tim Rühsen2019-02-091-1/+11
|\ \ \ | | | | | | | | | | | | | | | | bootstrap: refuse to bootstrap if any new dependencies bring gnulib's network stack See merge request gnutls/gnutls!919
| * | | bootstrap: refuse to bootstrap if any dependencies bring gnulib's network stacktmp-enforce-gnulib-rules-for-libNikos Mavrogiannopoulos2019-02-091-1/+11
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | If gnulib's network stack is brought (due to a dependency) in the library it will make the library unusable to non-gnulib using applications. This prevents windows applications for example to use gnutls, and so on. Even more it is quite hard to catch that issue because our testsuite uses gnulib as well. Instead we try to catch the these modules at import time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-key-usage' into 'master'Nikos Mavrogiannopoulos2019-02-0815-59/+320
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | When negotiating TLS1.3 enforce certificate key usage Closes #690 See merge request gnutls/gnutls!902
| * | _gnutls_gen_rawpk_crt: corrected the use of asserttmp-key-usageNikos Mavrogiannopoulos2019-02-061-9/+10
| | | | | | | | | | | | | | | | | | | | | The API could return 0 or 1 matching certificates. The case of zero can only happen in client side. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | raw public keys: apply the key usage bits the same way as X.509Nikos Mavrogiannopoulos2019-02-065-6/+142
| | | | | | | | | | | | | | | | | | | | | That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | Fallback to TLS 1.2 when incompatible with signature certs are providedNikos Mavrogiannopoulos2019-02-067-34/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This only takes into account certificates in the credentials structure. If certificates are provided in a callback, these must be checked by the provider. For that we assume that the credentials structure is filled when associated with a session; if not then the fallback mechanism will not work and the handshake will fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | Enforce the certificate key usage restrictions on all casesNikos Mavrogiannopoulos2019-02-0610-16/+104
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Before we would not perform any checks under TLS1.3 or when client certificates are sent, assuming that the certificates used will always be signing ones. However if the user sets up incorrectly a decryption certificate we would use it for signing. This fix makes sure that an error is returned early when these scenarios are detected. Resolves: #690 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'tmp-gnulib-ntop' into 'master'Tim Rühsen2019-02-086-264/+4
|\ \ | |/ |/| | | | | Use inet_ntop() from gnulib See merge request gnutls/gnutls!912
| * Use inet_ntop() from gnulibtmp-gnulib-ntopTim Rühsen2019-02-076-264/+4
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'fix-nettle-check' into 'master'Nikos Mavrogiannopoulos2019-02-041-2/+2
|\ | | | | | | | | build: pass NETTLE_LIBS together with HOGWEED_LIBS See merge request gnutls/gnutls!903
| * build: pass NETTLE_LIBS together with HOGWEED_LIBSDmitry Eremin-Solenikov2019-02-021-2/+2
| | | | | | | | | | | | | | libhogweed might depend on exact non-system-wide nettle, so let's pass NETTLE_LIBS flags together when using HOGWEED_LIBS. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'fix-pkcs11-mechs' into 'master'Nikos Mavrogiannopoulos2019-02-041-2/+3
|\ \ | | | | | | | | | | | | build: do not generate mech-list.h if p11-kit is not available See merge request gnutls/gnutls!904
| * | build: do not generate mech-list.h if p11-kit is not availableDmitry Eremin-Solenikov2019-02-021-2/+3
| |/ | | | | | | | | | | | | | | | | Compiling GnuTLS with no p11-kit installed will result in a serie of warnings during build time because mech-list.h will be generated even if pkcs11 tool compilation is disabled. Move mech-list.h generation to happen only if pkcs11 is enabled, thus removing these warnings. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-fix-sni-error' into 'master'Tim Rühsen2019-01-318-10/+18
|\ \ | | | | | | | | | | | | | | | | | | Amend error code when SNI name is not accepted Closes #683 See merge request gnutls/gnutls!891
| * | Add GNUTLS_E_RECEIVED_DISALLOWED_NAME for illegal SNI namesTim Rühsen2019-01-318-10/+18
|/ / | | | | | | | | | | | | | | | | | | An illegal/disallowed SNI server name previously generated the misleading message "An illegal parameter has been received.". This commit changes it to "A disallowed SNI server name has been received.". Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'nettle-stdint' into 'master'Tim Rühsen2019-01-301-1/+1
|\ \ | | | | | | | | | | | | lib/nettle: replace nettle-stdint.h with just stdint.h See merge request gnutls/gnutls!901
| * | lib/nettle: replace nettle-stdint.h with just stdint.hDmitry Eremin-Solenikov2019-01-301-1/+1
| |/ | | | | | | | | | | | | Nettle library is going to drop nettle-stdint.h. Replace this include with with just <stdint.h>. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-update-glimport-and-docs' into 'master'Tim Rühsen2019-01-302-21/+10
|\ \ | |/ |/| | | | | Fix 'make glimport' and update CONTRIBUTING.md See merge request gnutls/gnutls!900
| * Fix 'make glimport' and update CONTRIBUTING.mdtmp-update-glimport-and-docsTim Rühsen2019-01-282-21/+10
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-fix-guile-unused-var' into 'master'Dmitry Eremin-Solenikov2019-01-281-4/+4
|\ | | | | | | | | Fix unused var warning in guile/src/core.c See merge request gnutls/gnutls!895
| * Fix unused var warning in guile/src/core.ctmp-fix-guile-unused-varTim Rühsen2019-01-251-4/+4
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'guile' into 'master'Tim Rühsen2019-01-271-0/+1
|\ \ | | | | | | | | | | | | build: detect previous supported guile See merge request gnutls/gnutls!898
| * | build: detect previous supported guileAlon Bar-Lev2019-01-271-0/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent change in the m4 macro of guile enforces latest guile: --- AC_DEFUN([GUILE_PROGS], [_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])" if test -z "$_guile_required_version"; then _guile_required_version=2.2 fi --- The result: --- checking for guile-snarf... /usr/bin/guile-snarf checking for guild... /usr/bin/guild checking for guile-2.2... no checking for guile2.2... no checking for guile-2... no checking for guile2... no checking for guile... /usr/bin/guile checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found --- Probably best to specify the supported version explicitly when calling GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the existing packages. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* | Merge branch 'gitignore' into 'master'Tim Rühsen2019-01-271-2/+5
|\ \ | |/ |/| | | | | .gitignore: add test files See merge request gnutls/gnutls!899
| * .gitignore: add test filesAlon Bar-Lev2019-01-271-2/+5
|/ | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* Merge branch 'tmp-fix-abi-check' into 'master'Nikos Mavrogiannopoulos2019-01-251-1/+1
|\ | | | | | | | | Fix abi-check failure See merge request gnutls/gnutls!896
| * Fix abi-check failuretmp-fix-abi-checkTim Rühsen2019-01-251-1/+1
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* NEWS: updatedgnutls_3_6_6Nikos Mavrogiannopoulos2019-01-251-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: remove .bak files before autogeneratingNikos Mavrogiannopoulos2019-01-251-0/+2
| | | | | | | This avoids errors due to files pre-existing but not being writable. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* bumped versionsNikos Mavrogiannopoulos2019-01-253-3/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: require guile-2.2 for releaseNikos Mavrogiannopoulos2019-01-251-0/+1
| | | | | | | | | That's because guile.m4 from previous releases has issues with the latest version. Resolves: #631 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* priorities: when %NO_EXTENSIONS is specified disable TLS1.3Nikos Mavrogiannopoulos2019-01-254-6/+13
| | | | | | | This makes the behavior of this priority string option well-defined even when TLS1.3 is enabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fix-no-extensions' into 'master'Nikos Mavrogiannopoulos2019-01-244-5/+11
|\ | | | | | | | | The flag %NO_EXTENSIONS is disabling extension support while being functional See merge request gnutls/gnutls!870
| * The flag %NO_EXTENSIONS is disabling extension support while being functionaltmp-fix-no-extensionsNikos Mavrogiannopoulos2019-01-104-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | That is, the %NO_EXTENSIONS option is the only documented way to disable extensions completely from a session. Clarify that message, mention that its behavior is undefined when combine with TLS1.3, and make sure that it is functional. The latter makes sure that safe renegotiation and extended master secret extensions remain disabled when this flag is given. That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when no extensions must be used. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-ametzler-certtool-manpage-formatting' into 'master'Tim Rühsen2019-01-241-5/+4
|\ \ | | | | | | | | | | | | certtool.1: fix formatting See merge request gnutls/gnutls!892
| * | certtool.1: fix formattingAndreas Metzler2019-01-241-5/+4
|/ / | | | | | | | | | | | | | | Apostroph at start of a line is a control character in manpages, avoid it. Also drop wrong indent. See https://bugs.debian.org/920215 Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* | Merge branch 'tmp-record-size-limit-fixes' into 'master'Daiki Ueno2019-01-248-6/+461
|\ \ | | | | | | | | | | | | Fix record_size_limit extension handling when resuming See merge request gnutls/gnutls!886
| * | tlsfuzzer: update to the latest upstream for record_size_limit testsDaiki Ueno2019-01-244-1/+23
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | tests: check record_size_limit is reset after resumptionDaiki Ueno2019-01-233-1/+427
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | constate: don't restore max_record_recv_size from resumed dataDaiki Ueno2019-01-231-3/+8
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | ext/record_size_limit: mark it as mandatory extensionDaiki Ueno2019-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | | In a resuming session record_size_limit is always renegotiated, and thus the server should parse the extension always. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | ext/record_size_limit: reject too large extension payloadDaiki Ueno2019-01-231-0/+2
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'tmp-fix-macosx' into 'master'Nikos Mavrogiannopoulos2019-01-243-3/+5
|\ \ \ | | | | | | | | | | | | | | | | .travis.yml: make macosx builds compile again See merge request gnutls/gnutls!890
| * | | configure.ac: fix substitution for libatomictmp-fix-macosxDmitry Eremin-Solenikov2019-01-241-1/+4
| | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | .travis.yml: avoid installing submodulesNikos Mavrogiannopoulos2019-01-231-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | They are not necessary for building and testing the basic test suite. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status