| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
Use inet_pton() from gnulib
See merge request gnutls/gnutls!913
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
.triage-policies.yml: added [ci skip]
See merge request gnutls/gnutls!908
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a set of policies regarding issues and merge requests
to be enforced by the gitlab-triage bot. That is:
- Issues without any label for more than a month are marked
with needs attention label
- Issues with needinfo label are closed if they are not updated
within a month
- Merge requests marked as WIP with no update within 5 months
are closed.
These rules are not enforced automatically; we have to schedule
a run of the gitlab-triage bot.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
bootstrap: refuse to bootstrap if any new dependencies bring gnulib's network stack
See merge request gnutls/gnutls!919
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If gnulib's network stack is brought (due to a dependency) in the library
it will make the library unusable to non-gnulib using applications. This
prevents windows applications for example to use gnutls, and so on. Even
more it is quite hard to catch that issue because our testsuite uses
gnulib as well. Instead we try to catch the these modules at import time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
When negotiating TLS1.3 enforce certificate key usage
Closes #690
See merge request gnutls/gnutls!902
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The API could return 0 or 1 matching certificates. The case of zero
can only happen in client side.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That is, we require a signing certificate when negotiating
TLS1.3, or when sending a client certificate (on all cases).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This only takes into account certificates in the credentials structure.
If certificates are provided in a callback, these must be checked by
the provider. For that we assume that the credentials structure is
filled when associated with a session; if not then the fallback mechanism
will not work and the handshake will fail.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, we require a signing certificate when negotiating
TLS1.3, or when sending a client certificate (on all cases).
Before we would not perform any checks under TLS1.3 or when client
certificates are sent, assuming that the certificates used will always
be signing ones. However if the user sets up incorrectly a decryption
certificate we would use it for signing. This fix makes sure that an
error is returned early when these scenarios are detected.
Resolves: #690
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
Use inet_ntop() from gnulib
See merge request gnutls/gnutls!912
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
build: pass NETTLE_LIBS together with HOGWEED_LIBS
See merge request gnutls/gnutls!903
|
| |
| |
| |
| |
| |
| |
| | |
libhogweed might depend on exact non-system-wide nettle, so let's pass
NETTLE_LIBS flags together when using HOGWEED_LIBS.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
build: do not generate mech-list.h if p11-kit is not available
See merge request gnutls/gnutls!904
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Compiling GnuTLS with no p11-kit installed will result in a serie of
warnings during build time because mech-list.h will be generated even if
pkcs11 tool compilation is disabled. Move mech-list.h generation to
happen only if pkcs11 is enabled, thus removing these warnings.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Amend error code when SNI name is not accepted
Closes #683
See merge request gnutls/gnutls!891
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
An illegal/disallowed SNI server name previously generated
the misleading message "An illegal parameter has been received.".
This commit changes it to
"A disallowed SNI server name has been received.".
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
lib/nettle: replace nettle-stdint.h with just stdint.h
See merge request gnutls/gnutls!901
|
| |/
| |
| |
| |
| |
| |
| | |
Nettle library is going to drop nettle-stdint.h. Replace this include
with with just <stdint.h>.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| |/
|/|
| |
| | |
Fix 'make glimport' and update CONTRIBUTING.md
See merge request gnutls/gnutls!900
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
Fix unused var warning in guile/src/core.c
See merge request gnutls/gnutls!895
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
build: detect previous supported guile
See merge request gnutls/gnutls!898
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A recent change in the m4 macro of guile enforces latest guile:
---
AC_DEFUN([GUILE_PROGS],
[_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])"
if test -z "$_guile_required_version"; then
_guile_required_version=2.2
fi
---
The result:
---
checking for guile-snarf... /usr/bin/guile-snarf
checking for guild... /usr/bin/guild
checking for guile-2.2... no
checking for guile2.2... no
checking for guile-2... no
checking for guile2... no
checking for guile... /usr/bin/guile
checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found
---
Probably best to specify the supported version explicitly when calling
GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the
existing packages.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\ \
| |/
|/|
| |
| | |
.gitignore: add test files
See merge request gnutls/gnutls!899
|
|/
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\
| |
| |
| |
| | |
Fix abi-check failure
See merge request gnutls/gnutls!896
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This avoids errors due to files pre-existing but not being
writable.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
That's because guile.m4 from previous releases has issues
with the latest version.
Resolves: #631
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This makes the behavior of this priority string option well-defined
even when TLS1.3 is enabled.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
The flag %NO_EXTENSIONS is disabling extension support while being functional
See merge request gnutls/gnutls!870
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, the %NO_EXTENSIONS option is the only documented way to disable
extensions completely from a session. Clarify that message, mention that
its behavior is undefined when combine with TLS1.3, and make sure that it
is functional. The latter makes sure that safe renegotiation and extended
master secret extensions remain disabled when this flag is given.
That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
no extensions must be used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
certtool.1: fix formatting
See merge request gnutls/gnutls!892
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Apostroph at start of a line is a control character in manpages, avoid
it. Also drop wrong indent.
See https://bugs.debian.org/920215
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| | |
| | |
| | |
| | | |
Fix record_size_limit extension handling when resuming
See merge request gnutls/gnutls!886
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In a resuming session record_size_limit is always renegotiated, and
thus the server should parse the extension always.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
.travis.yml: make macosx builds compile again
See merge request gnutls/gnutls!890
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
They are not necessary for building and testing the basic
test suite.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|