summaryrefslogtreecommitdiff
path: root/lib/auth.c
Commit message (Collapse)AuthorAgeFilesLines
* server auth: disable TLS 1.3 if no signature algorithm is usableDaiki Ueno2019-05-201-0/+4
| | | | | | | | | | This is a server side counterpart of 005a4d04145707daad9588acedfdb5f6cd97c80c. Instead of signalling an error when no algorithm is usable in TLS 1.3, it downgrades the session to TLS 1.2 with a warning. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Remove redundant resets of variables after free()Tim Rühsen2019-02-221-3/+0
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fallback to TLS 1.2 when incompatible with signature certs are providedNikos Mavrogiannopoulos2019-02-061-0/+23
| | | | | | | | | | This only takes into account certificates in the credentials structure. If certificates are provided in a callback, these must be checked by the provider. For that we assume that the credentials structure is filled when associated with a session; if not then the fallback mechanism will not work and the handshake will fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Renamed _gnutls_auth_info_set() to _gnutls_auth_info_init().Tom Vrancken2018-10-181-1/+1
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* handshake: store session parameters in TLS1.3 ticketNikos Mavrogiannopoulos2018-05-261-0/+9
| | | | | | | This allows a TLS1.3 server to obtain certificate or other information from the client on a resumed session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_auth_get_type: simplifiedNikos Mavrogiannopoulos2018-05-261-16/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS 1.3: Introduced TLS 1.3 session resumptionAnder Juaristi2018-05-261-22/+2
| | | | | | | | | | | | | | | | | This introduces session resumption under TLS 1.3. For that, it enables the psk_ke_modes extension when we enable session tickets. It enables sending session tickets in addition to PSK usernames. The detection of resumption vs pure PSK is done by comparing the indexes sent with the index received by the server. TLS 1.3 session tickets are always sent to the peer unless the GNUTLS_NO_TICKETS is specified. Resolves #290 Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Signed-off-by: Daiki Ueno <dueno@redhat.com>
* ext/status_request: allow more than a single OCSP response to be receivedNikos Mavrogiannopoulos2018-02-191-3/+8
| | | | | | | | | | That change allows for arbitrary number of OCSP responses which is required in TLS1.3. The received list is now stored in auth structure, and thus packed with it on resumption data. The status response extension data, are now only used on server side, when temporarily storing the OCSP response to send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_auth*_get_type: use gnutls_kx_get to retrieve key exchangeNikos Mavrogiannopoulos2018-02-191-6/+14
| | | | | | | That allows the functions to operate under TLS 1.3 which have no key exchange as part of the ciphersuite. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_auth_*: check cs parameter for validity prior to useNikos Mavrogiannopoulos2017-08-181-1/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: simplified contents by keeping pointer to ↵Nikos Mavrogiannopoulos2017-08-021-9/+7
| | | | | | | | | cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: Fix some typosAttila Molnar2016-02-061-1/+1
|
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-0/+427
View Lorry Controller Status