| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation
See merge request gnutls/gnutls!1159
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the OCSP based certificate verification adhere to the
convention used throughout the library: "The 'GNUTLS_CERT_INVALID'
flag is always set on a verification error and more detailed flags
will also be set when appropriate."
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be
checked by a server application to determine whether the
client has requested stapled OCSP responses.
This includes minor cleanups in the status request handling code.
Resolves: #829
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
That is, check gnutls_session_is_resumed() is functional on server
side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers()
and gnutls_certificate_get_ours() operate as expected, and whether session
resumption fails with tickets after expiration time has passed.
In addition improve function documentation by documenting the current
semantics for the functions above.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
Split functionality related to certificate credentials and
session certificate handling in cert-cred.c and cert-session.c
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The flags provide a more transparent view of the received
and expected messages.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
They are no longer useful after the RFC7919 DH parameter negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Resolves #178
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That addresses a bug which on client side on case of an initial
handshake with a client certificate, we continue to send this
certificate even if on rehandshake we were not requested with on.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|