Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Do not export the non-existant symbols gnutls_pkcs11_privkey_sign_hash and ↵ | Nikos Mavrogiannopoulos | 2010-12-15 | 1 | -0/+2 |
| | | | | gnutls_privkey_sign_hash. | ||||
* | documented new functions | Nikos Mavrogiannopoulos | 2010-12-13 | 1 | -1/+8 |
| | |||||
* | Added new functions. | Nikos Mavrogiannopoulos | 2010-12-13 | 1 | -0/+7 |
| | |||||
* | documented deprecated functions. | Nikos Mavrogiannopoulos | 2010-12-11 | 1 | -1/+5 |
| | |||||
* | documented previous update. | Nikos Mavrogiannopoulos | 2010-12-08 | 1 | -0/+3 |
| | |||||
* | Add. | Simon Josefsson | 2010-12-07 | 1 | -0/+3 |
| | |||||
* | Bump versions. | Simon Josefsson | 2010-12-07 | 1 | -0/+5 |
| | |||||
* | Version 2.11.6. | Simon Josefsson | 2010-12-06 | 1 | -1/+1 |
| | |||||
* | documented SSL 3.0 record version change. | Nikos Mavrogiannopoulos | 2010-12-06 | 1 | -0/+4 |
| | |||||
* | Use ASN1_NULL when writing parameters for RSA signatures. This makes us ↵ | Nikos Mavrogiannopoulos | 2010-12-05 | 1 | -0/+3 |
| | | | | comply with RFC3279. Reported by Michael Rommel. | ||||
* | Corrected buffer overflow in gnutls-serv by Tomas Mraz. | Nikos Mavrogiannopoulos | 2010-12-05 | 1 | -0/+7 |
| | | | | | | | | | | | | | The gnutls-serv uses fixed allocated buffer for the response which can be pretty long if a client certificate is presented to it and the http header is large. This causes buffer overflow and heap corruption which then leads to random segfaults or aborts. It was reported originally here: https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to snprintf so the buffer is never overflowed. | ||||
* | released 2.11.5 | Nikos Mavrogiannopoulos | 2010-12-01 | 1 | -1/+1 |
| | |||||
* | Reverted default behavior for verification and introduced ↵ | Nikos Mavrogiannopoulos | 2010-11-26 | 1 | -0/+4 |
| | | | | | | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified. | ||||
* | Typo. | Simon Josefsson | 2010-11-25 | 1 | -1/+1 |
| | |||||
* | added info | Nikos Mavrogiannopoulos | 2010-11-16 | 1 | -0/+3 |
| | |||||
* | Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL priority strings. | Nikos Mavrogiannopoulos | 2010-11-16 | 1 | -0/+4 |
| | |||||
* | Added gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to enable | Nikos Mavrogiannopoulos | 2010-11-07 | 1 | -1/+4 |
| | | | | manipulating tokens purely from PKCS #11. | ||||
* | gnutls-cli: Print channel binding only in verbose mode. | Simon Josefsson | 2010-10-16 | 1 | -0/+4 |
| | | | | | Before it printed it after the 'Compression:' output, thus breaking Emacs starttls.el string searches. | ||||
* | Bump versions. | Simon Josefsson | 2010-10-15 | 1 | -0/+5 |
| | |||||
* | Version 2.11.4. | Simon Josefsson | 2010-10-15 | 1 | -1/+1 |
| | |||||
* | Add. | Simon Josefsson | 2010-10-15 | 1 | -0/+2 |
| | |||||
* | Document channel binding API. | Simon Josefsson | 2010-10-15 | 1 | -1/+2 |
| | |||||
* | Add gnutls_session_channel_binding API. | Simon Josefsson | 2010-10-14 | 1 | -1/+9 |
| | |||||
* | Add. | Simon Josefsson | 2010-10-14 | 1 | -2/+6 |
| | |||||
* | Add. | Simon Josefsson | 2010-10-14 | 1 | -0/+4 |
| | |||||
* | Bump versions. | Simon Josefsson | 2010-10-14 | 1 | -0/+5 |
| | |||||
* | Version 2.11.3. | Simon Josefsson | 2010-10-14 | 1 | -1/+1 |
| | |||||
* | Bump versions. | Simon Josefsson | 2010-10-14 | 1 | -0/+10 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2010-10-08 | 1 | -1/+1 |
| | |||||
* | Mention new APIs. | Simon Josefsson | 2010-10-01 | 1 | -1/+2 |
| | |||||
* | updated | Nikos Mavrogiannopoulos | 2010-09-29 | 1 | -0/+3 |
| | |||||
* | Add new extended key usage ipsecIKE | Micah Anderson | 2010-09-29 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | --pkcs11-* in certtool was renamed to --p11-*. | Nikos Mavrogiannopoulos | 2010-09-27 | 1 | -0/+7 |
| | |||||
* | Corrected advertizing issue for session tickets. | Nikos Mavrogiannopoulos | 2010-09-25 | 1 | -0/+2 |
| | |||||
* | documented change | Nikos Mavrogiannopoulos | 2010-09-20 | 1 | -0/+8 |
| | |||||
* | updated for 2.11.1 | Nikos Mavrogiannopoulos | 2010-09-14 | 1 | -9/+11 |
| | |||||
* | Documented changes. | Nikos Mavrogiannopoulos | 2010-09-10 | 1 | -0/+3 |
| | |||||
* | updated NEWS. | Nikos Mavrogiannopoulos | 2010-09-08 | 1 | -0/+2 |
| | |||||
* | When the %COMPAT flag is specified, larger records that would otherwise ↵ | Nikos Mavrogiannopoulos | 2010-09-01 | 1 | -0/+3 |
| | | | | violate the TLS spec, are accepted. | ||||
* | By default lowat is set to zero. | Nikos Mavrogiannopoulos | 2010-08-20 | 1 | -0/+4 |
| | |||||
* | libnettle is the default crypto library. | Nikos Mavrogiannopoulos | 2010-08-18 | 1 | -1/+9 |
| | |||||
* | Added Camellia-128/256, SHA-224/384/512 and support for DSA2 when using nettle. | Nikos Mavrogiannopoulos | 2010-07-29 | 1 | -0/+3 |
| | |||||
* | Added RSA_NULL_SHA1 and SHA256 ciphersuites. | Nikos Mavrogiannopoulos | 2010-07-26 | 1 | -0/+2 |
| | |||||
* | Re-add old NEWS entries. | Simon Josefsson | 2010-07-25 | 1 | -0/+57 |
| | |||||
* | gnutls_x509_privkey_import() will fallback to ↵ | Nikos Mavrogiannopoulos | 2010-07-24 | 1 | -0/+4 |
| | | | | gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to decode the key. | ||||
* | Better handling of security parameters to key sizes matching (via a single ↵ | Nikos Mavrogiannopoulos | 2010-07-23 | 1 | -3/+5 |
| | | | | | | table). Added functions to return the security parameter of a private key. | ||||
* | Updated documentation and gnutls_pk_params_t mappings to ECRYPT II ↵ | Nikos Mavrogiannopoulos | 2010-07-23 | 1 | -0/+11 |
| | | | | recommendations. | ||||
* | updated NEWS | Nikos Mavrogiannopoulos | 2010-07-22 | 1 | -1/+4 |
| | |||||
* | Added support for EGD daemon in nettle's RNG. It is used if /dev/urandom | Nikos Mavrogiannopoulos | 2010-07-11 | 1 | -1/+3 |
| | | | | is not present. | ||||
* | Support scattered write using writev(). This takes | Nikos Mavrogiannopoulos | 2010-07-10 | 1 | -3/+11 |
| | | | | | | | | | advantage of the new buffering layer and allows queuing of packets and flushing them. This is currently used for handshake messages only. Performance-wise the difference of packing several TLS records in a single write doesn't seem to offer anything over ethernet (that my tests were on). Probably on links with higher latency there would be a benefit. |