Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | priorities: reset the profile flags when appending new flagstmp-verify-flags-update | Nikos Mavrogiannopoulos | 2016-12-20 | 3 | -3/+14 |
| | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail. | ||||
* | gnutls_session_set_verify_cert: doc update | Nikos Mavrogiannopoulos | 2016-12-20 | 1 | -0/+6 |
| | |||||
* | Revert "priorities: set the additional verify flags instead of appending them" | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -0/+3 |
| | |||||
* | Merge branch 'tmp-cert-updates' into 'master' | Nikos Mavrogiannopoulos | 2016-12-19 | 6 | -193/+299 |
|\ | | | | | | | | | Updates in certificate handling on certtool See merge request !181 | ||||
| * | tests: added check for certtool loading CA certificates from PKCS#11 | Nikos Mavrogiannopoulos | 2016-12-19 | 3 | -8/+184 |
| | | |||||
| * | certtool: document that --load-ca-certificate can be used with PKCS#11 URLs | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | |||||
| * | certtool: load_ca_cert() can load a CA from URLs | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+11 |
| | | |||||
| * | certtool: unified the CA certificate loading process | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -183/+103 |
|/ | | | | | | | That is, combined how CA certificates are loaded for --verify-chain, --verify and --p7-verify. It is based on the trust list high level functions, something that allows PKCS#11 URLs to be specified in --load-ca-certificate. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-19 | 2 | -3/+17 |
| | |||||
* | .gitlab-ci.yml: changed buildroot to fedora25 | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -2/+2 |
| | |||||
* | Merge branch 'tmp-priority-fix' into 'master' | Nikos Mavrogiannopoulos | 2016-12-19 | 4 | -10/+185 |
|\ | | | | | | | | | Fix issue with multiple calls to priority functions See merge request !195 | ||||
| * | tests: added check for multiple calls to gnutls_priority_set_direct() | Nikos Mavrogiannopoulos | 2016-12-19 | 2 | -1/+173 |
| | | |||||
| * | priorities: set the additional verify flags instead of appending them | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 |
| | | | | | | | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the combo could be undefined. | ||||
| * | verify: print certificate on sec param failure | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -8/+11 |
|/ | |||||
* | Merge branch 'tmp-x509-print-fix' into 'master' | Nikos Mavrogiannopoulos | 2016-12-16 | 13 | -430/+169 |
|\ | | | | | | | | | | | | | Updates in X.509 certificate handling Relates to #156 See merge request !192 | ||||
| * | x509: corrected leak in certificate printing | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -0/+1 |
| | | | | | | | | | | The leak could be triggered if the certificate policies to be imported are invalid. | ||||
| * | gnutls_x509_ext_import_proxy: fix issue reading the policy language | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -11/+11 |
| | | | | | | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. | ||||
| * | tests: added certificate which was causing issues in gnutls_x509_crt_print() | Nikos Mavrogiannopoulos | 2016-12-16 | 2 | -1/+1 |
| | | |||||
| * | tests: improved certder to easily load certificates from a directory | Nikos Mavrogiannopoulos | 2016-12-16 | 10 | -418/+156 |
| | | | | | | | | | | That allows to place certificates in certs-interesting/ and these will be loaded and checked upon the new "cert" test case. | ||||
| * | doc update | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -1/+1 |
|/ | |||||
* | Merge branch 'tmp-src-fixes' into 'master' | Nikos Mavrogiannopoulos | 2016-12-16 | 1 | -1/+1 |
|\ | | | | | | | | | | | | | Do not add cli-args.h to cli-args.stamp Makefile target Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> See merge request !190 | ||||
| * | Do not add cli-args.h to cli-args.stamp Makefile target | Alexander Kanavin | 2016-12-16 | 1 | -1/+1 |
|/ | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||||
* | Merge branch 'fuzzers' into 'master' | Nikos Mavrogiannopoulos | 2016-12-15 | 5 | -0/+418 |
|\ | | | | | | | | | | | | | Migrated fuzzers from the oss-repo to here. Also added a new private_key_parser fuzzer. See merge request !184 | ||||
| * | Describe the integration | Alex Gaynor | 2016-12-15 | 1 | -0/+3 |
| | | |||||
| * | Move to the devel dir | Alex Gaynor | 2016-12-15 | 5 | -0/+0 |
| | | |||||
| * | Added a server fuzzer | Alex Gaynor | 2016-12-15 | 1 | -0/+250 |
| | | |||||
| * | Migrated fuzzers from the oss-repo to here. | Alex Gaynor | 2016-12-15 | 4 | -0/+165 |
|/ | | | | Also added a new private_key_parser fuzzer. | ||||
* | Drop _gnutls_epoch_get_compression | Dmitry Eremin-Solenikov | 2016-12-14 | 2 | -13/+0 |
| | | | | | | This function is unused since long ago, let's drop it. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Rework setting next compression method | Dmitry Eremin-Solenikov | 2016-12-14 | 4 | -34/+34 |
| | | | | | | | | Only update compression method if all internal check succeed and next epoch will use this it. Also while we are at at, actually check for _gnutls_set_compression() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Rework setting next cipher suite | Dmitry Eremin-Solenikov | 2016-12-14 | 3 | -40/+26 |
| | | | | | | | | Only update cipher_suite if all internal check succeed and next epoch will use this ciphe suite. Also while we are at at, actually check for _gnutls_set_cipher_suite() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Cache MAC algorithm used for PRF function | Dmitry Eremin-Solenikov | 2016-12-14 | 4 | -93/+34 |
| | | | | | | | | Instead of spreading checks all over the GnuTLS, cache used PRF after setting the cipher suite and reference the value later. Like in _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRF | Dmitry Eremin-Solenikov | 2016-12-14 | 1 | -4/+4 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digest | Dmitry Eremin-Solenikov | 2016-12-14 | 1 | -122/+125 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Rewrite SSL/TLS signing code to use combined MD5+SHA1 digest | Dmitry Eremin-Solenikov | 2016-12-14 | 1 | -116/+111 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Add special MD5+SHA1 digest to simplify TLS signature code | Dmitry Eremin-Solenikov | 2016-12-14 | 3 | -1/+41 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to ↵ | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -3/+4 |
| | | | | | | GNUTLS_E_DECRYPTION_FAILED This makes the function's return values simpler to handle. | ||||
* | configure.ac: remove autogen'erated files only if necessary | Dmitry Eremin-Solenikov | 2016-12-14 | 1 | -1/+1 |
| | | | | | | | | Currently autogen'erated files will be removed on each call to configure. However this would break the build if one of previous make invocations have created corresponding stamp files. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | bumped versions and added news entry for 3.6.0 [ci skip] | Nikos Mavrogiannopoulos | 2016-12-14 | 3 | -3/+9 |
| | |||||
* | README.md: added information on the 3.5.x builds | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+1 |
| | |||||
* | tests: added test for PKCS#8 encrypted key decoding | Nikos Mavrogiannopoulos | 2016-12-13 | 3 | -8/+89 |
| | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. | ||||
* | pkcs8: ensure that the correct error code is returned on decryption failure | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -0/+1 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-10 | 2 | -8/+27 |
| | |||||
* | doc: updated to documentation of certtool [ci skip] | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -5/+5 |
| | | | | This corrects options which incorrectly mentioned they support URLs. | ||||
* | x509: better documented gnutls_trust_list_flags_t | Nikos Mavrogiannopoulos | 2016-12-09 | 3 | -7/+34 |
| | |||||
* | tests: disable ASAN leak checks on suite tests | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -4/+5 |
| | | | | | These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address. | ||||
* | tests: disable ASAN leak checks on certificate tests | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -0/+3 |
| | | | | | These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address. | ||||
* | tests: enhanced long-session-id testtmp-long-session-id-update | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -14/+8 |
| | | | | | | This ensures that no leaks exist during exit (to avoid asan failures), and that we test for the specific error code that gnutls_handshake() is expected to return. | ||||
* | handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID size | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -1/+1 |
| | | | | This is a more sensible error code to return on invalid packet. | ||||
* | tests: eliminate compilation warning in crq-basic [ci skip] | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -1/+1 |
| |