summaryrefslogtreecommitdiff
path: root/lib/cert-session.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'tmp-ocsp-revocation' into 'master'Daiki Ueno2020-01-101-0/+8
|\ | | | | | | | | ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation See merge request gnutls/gnutls!1159
| * ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocationDaiki Ueno2020-01-101-0/+8
| | | | | | | | | | | | | | | | | | This makes the OCSP based certificate verification adhere to the convention used throughout the library: "The 'GNUTLS_CERT_INVALID' flag is always set on a verification error and more detailed flags will also be set when appropriate." Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Provide flag to identify sessions that an OCSP response was requestedNikos Mavrogiannopoulos2019-12-151-2/+1
|/ | | | | | | | | | | | That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be checked by a server application to determine whether the client has requested stapled OCSP responses. This includes minor cleanups in the status request handling code. Resolves: #829 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Implemented support for raw public-key functionality (RFC7250).Tom Vrancken2018-12-151-3/+15
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Renamed CHECK_AUTH macro to CHECK_AUTH_TYPE to be more clear what it checks.Tom Vrancken2018-10-181-6/+6
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Implemented RFC7250 certificate type negotiation extensions.Tom Vrancken2018-08-201-22/+20
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* doc: few improvements over certificate validation textNikos Mavrogiannopoulos2018-08-071-5/+21
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: check various parameters on resumptionNikos Mavrogiannopoulos2018-05-261-2/+7
| | | | | | | | | | | | That is, check gnutls_session_is_resumed() is functional on server side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers() and gnutls_certificate_get_ours() operate as expected, and whether session resumption fails with tickets after expiration time has passed. In addition improve function documentation by documenting the current semantics for the functions above. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* check_ocsp_response: print OCSP response actual error on debug logNikos Mavrogiannopoulos2018-02-191-0/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* x509/cert: reorganizedNikos Mavrogiannopoulos2018-02-191-2/+627
| | | | | | | Split functionality related to certificate credentials and session certificate handling in cert-cred.c and cert-session.c Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: use hsk_flags in TLS1.2 and TLS1.3Nikos Mavrogiannopoulos2018-02-191-2/+3
| | | | | | | The flags provide a more transparent view of the received and expected messages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* dh params: document DH param setting functions as deprecatedNikos Mavrogiannopoulos2017-08-221-0/+5
| | | | | | They are no longer useful after the RFC7919 DH parameter negotiation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed support for openpgp certificates and keysNikos Mavrogiannopoulos2017-06-161-32/+0
| | | | | | Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: reset cert request state on handshake initNikos Mavrogiannopoulos2017-03-211-2/+3
| | | | | | | | That addresses a bug which on client side on case of an initial handshake with a client certificate, we continue to send this certificate even if on rehandshake we were not requested with on. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_certificate_get_peers may return an unsorted listNikos Mavrogiannopoulos2016-07-281-3/+6
|
* split certificate credentials functions from ui.cNikos Mavrogiannopoulos2015-12-311-0/+240
View Lorry Controller Status