summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* priorities: reset the profile flags when appending new flagstmp-verify-flags-updateNikos Mavrogiannopoulos2016-12-203-3/+14
| | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail.
* gnutls_session_set_verify_cert: doc updateNikos Mavrogiannopoulos2016-12-201-0/+6
|
* Revert "priorities: set the additional verify flags instead of appending them"Nikos Mavrogiannopoulos2016-12-191-1/+1
| | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-191-0/+3
|
* Merge branch 'tmp-cert-updates' into 'master' Nikos Mavrogiannopoulos2016-12-196-193/+299
|\ | | | | | | | | Updates in certificate handling on certtool See merge request !181
| * tests: added check for certtool loading CA certificates from PKCS#11Nikos Mavrogiannopoulos2016-12-193-8/+184
| |
| * certtool: document that --load-ca-certificate can be used with PKCS#11 URLsNikos Mavrogiannopoulos2016-12-191-1/+1
| |
| * certtool: load_ca_cert() can load a CA from URLsNikos Mavrogiannopoulos2016-12-191-1/+11
| |
| * certtool: unified the CA certificate loading processNikos Mavrogiannopoulos2016-12-191-183/+103
|/ | | | | | | That is, combined how CA certificates are loaded for --verify-chain, --verify and --p7-verify. It is based on the trust list high level functions, something that allows PKCS#11 URLs to be specified in --load-ca-certificate.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-192-3/+17
|
* .gitlab-ci.yml: changed buildroot to fedora25Nikos Mavrogiannopoulos2016-12-191-2/+2
|
* Merge branch 'tmp-priority-fix' into 'master' Nikos Mavrogiannopoulos2016-12-194-10/+185
|\ | | | | | | | | Fix issue with multiple calls to priority functions See merge request !195
| * tests: added check for multiple calls to gnutls_priority_set_direct()Nikos Mavrogiannopoulos2016-12-192-1/+173
| |
| * priorities: set the additional verify flags instead of appending themNikos Mavrogiannopoulos2016-12-191-1/+1
| | | | | | | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the combo could be undefined.
| * verify: print certificate on sec param failureNikos Mavrogiannopoulos2016-12-191-8/+11
|/
* Merge branch 'tmp-x509-print-fix' into 'master' Nikos Mavrogiannopoulos2016-12-1613-430/+169
|\ | | | | | | | | | | | | Updates in X.509 certificate handling Relates to #156 See merge request !192
| * x509: corrected leak in certificate printingNikos Mavrogiannopoulos2016-12-161-0/+1
| | | | | | | | | | The leak could be triggered if the certificate policies to be imported are invalid.
| * gnutls_x509_ext_import_proxy: fix issue reading the policy languageNikos Mavrogiannopoulos2016-12-161-11/+11
| | | | | | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed.
| * tests: added certificate which was causing issues in gnutls_x509_crt_print()Nikos Mavrogiannopoulos2016-12-162-1/+1
| |
| * tests: improved certder to easily load certificates from a directoryNikos Mavrogiannopoulos2016-12-1610-418/+156
| | | | | | | | | | That allows to place certificates in certs-interesting/ and these will be loaded and checked upon the new "cert" test case.
| * doc updateNikos Mavrogiannopoulos2016-12-161-1/+1
|/
* Merge branch 'tmp-src-fixes' into 'master' Nikos Mavrogiannopoulos2016-12-161-1/+1
|\ | | | | | | | | | | | | Do not add cli-args.h to cli-args.stamp Makefile target Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> See merge request !190
| * Do not add cli-args.h to cli-args.stamp Makefile targetAlexander Kanavin2016-12-161-1/+1
|/ | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
* Merge branch 'fuzzers' into 'master' Nikos Mavrogiannopoulos2016-12-155-0/+418
|\ | | | | | | | | | | | | Migrated fuzzers from the oss-repo to here. Also added a new private_key_parser fuzzer. See merge request !184
| * Describe the integrationAlex Gaynor2016-12-151-0/+3
| |
| * Move to the devel dirAlex Gaynor2016-12-155-0/+0
| |
| * Added a server fuzzerAlex Gaynor2016-12-151-0/+250
| |
| * Migrated fuzzers from the oss-repo to here.Alex Gaynor2016-12-154-0/+165
|/ | | | Also added a new private_key_parser fuzzer.
* Drop _gnutls_epoch_get_compressionDmitry Eremin-Solenikov2016-12-142-13/+0
| | | | | | This function is unused since long ago, let's drop it. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rework setting next compression methodDmitry Eremin-Solenikov2016-12-144-34/+34
| | | | | | | | Only update compression method if all internal check succeed and next epoch will use this it. Also while we are at at, actually check for _gnutls_set_compression() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rework setting next cipher suiteDmitry Eremin-Solenikov2016-12-143-40/+26
| | | | | | | | Only update cipher_suite if all internal check succeed and next epoch will use this ciphe suite. Also while we are at at, actually check for _gnutls_set_cipher_suite() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Cache MAC algorithm used for PRF functionDmitry Eremin-Solenikov2016-12-144-93/+34
| | | | | | | | Instead of spreading checks all over the GnuTLS, cache used PRF after setting the cipher suite and reference the value later. Like in _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRFDmitry Eremin-Solenikov2016-12-141-4/+4
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digestDmitry Eremin-Solenikov2016-12-141-122/+125
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rewrite SSL/TLS signing code to use combined MD5+SHA1 digestDmitry Eremin-Solenikov2016-12-141-116/+111
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Add special MD5+SHA1 digest to simplify TLS signature codeDmitry Eremin-Solenikov2016-12-143-1/+41
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to ↵Nikos Mavrogiannopoulos2016-12-141-3/+4
| | | | | | GNUTLS_E_DECRYPTION_FAILED This makes the function's return values simpler to handle.
* configure.ac: remove autogen'erated files only if necessaryDmitry Eremin-Solenikov2016-12-141-1/+1
| | | | | | | | Currently autogen'erated files will be removed on each call to configure. However this would break the build if one of previous make invocations have created corresponding stamp files. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* bumped versions and added news entry for 3.6.0 [ci skip]Nikos Mavrogiannopoulos2016-12-143-3/+9
|
* README.md: added information on the 3.5.x buildsNikos Mavrogiannopoulos2016-12-141-0/+1
|
* tests: added test for PKCS#8 encrypted key decodingNikos Mavrogiannopoulos2016-12-133-8/+89
| | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.
* pkcs8: ensure that the correct error code is returned on decryption failureNikos Mavrogiannopoulos2016-12-131-0/+1
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-102-8/+27
|
* doc: updated to documentation of certtool [ci skip]Nikos Mavrogiannopoulos2016-12-091-5/+5
| | | | This corrects options which incorrectly mentioned they support URLs.
* x509: better documented gnutls_trust_list_flags_tNikos Mavrogiannopoulos2016-12-093-7/+34
|
* tests: disable ASAN leak checks on suite testsNikos Mavrogiannopoulos2016-12-091-4/+5
| | | | | These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address.
* tests: disable ASAN leak checks on certificate testsNikos Mavrogiannopoulos2016-12-091-0/+3
| | | | | These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address.
* tests: enhanced long-session-id testtmp-long-session-id-updateNikos Mavrogiannopoulos2016-12-091-14/+8
| | | | | | This ensures that no leaks exist during exit (to avoid asan failures), and that we test for the specific error code that gnutls_handshake() is expected to return.
* handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID sizeNikos Mavrogiannopoulos2016-12-091-1/+1
| | | | This is a more sensible error code to return on invalid packet.
* tests: eliminate compilation warning in crq-basic [ci skip]Nikos Mavrogiannopoulos2016-12-091-1/+1
|
View Lorry Controller Status