summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Use the IANA assigned padding extension number.Nikos Mavrogiannopoulos2014-04-071-1/+3
|
* updated patch to take account of function renamesNikos Mavrogiannopoulos2014-04-052-6/+6
|
* set the same flags in the second searchNikos Mavrogiannopoulos2014-04-051-0/+1
|
* The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag is specific to p11-kit ↵Nikos Mavrogiannopoulos2014-04-041-0/+11
| | | | trust modules.
* Perform time check when removing a certificate in ↵Nikos Mavrogiannopoulos2014-04-041-4/+20
| | | | | | _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
* When verifying, check for the same certificate in the pkcs11 trusted list, ↵Nikos Mavrogiannopoulos2014-04-042-0/+22
| | | | | | | | | not only the issuer When the certificate list verifying ends in a non self-signed certificate, and the self-signed isn't in our pkcs11 trusted list, make sure that we search for the non-self-signed as well. This affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS #11 trust module.
* When verifying check for the same certificate in the trusted list, not only ↵Nikos Mavrogiannopoulos2014-04-031-0/+23
| | | | | | | | | | the issuer When the certificate list verifying ends in a non self-signed certificate, and the self-signed isn't in our trusted list, make sure that we search for the non-self-signed in our list as well. This affects, gnutls_x509_trust_list_verify_crt() and makes its results identical to gnutls_x509_crt_list_verify().
* corrected version numbers.Nikos Mavrogiannopoulos2014-04-021-1/+1
|
* corrected version numberNikos Mavrogiannopoulos2014-03-311-1/+1
|
* doc updateNikos Mavrogiannopoulos2014-03-311-2/+2
|
* cleaned up documentation of gnutls_record_send()Nikos Mavrogiannopoulos2014-03-311-10/+10
|
* make gnutls_record_uncork() more DTLS friendly.Nikos Mavrogiannopoulos2014-03-311-1/+14
|
* Check explicitly for the errors gnutls_record_uncork() should recover from.Nikos Mavrogiannopoulos2014-03-281-1/+1
|
* do not consider wildcards in non-ascii names.Nikos Mavrogiannopoulos2014-03-271-1/+15
|
* set the invalid flag when the owner is unexpected.Nikos Mavrogiannopoulos2014-03-201-1/+1
|
* Changed the behaviour in wildcard acceptance in certificates.Nikos Mavrogiannopoulos2014-03-202-0/+11
| | | | | | | | | Wildcards are only accepted when there are more than two domain components after the wildcard. This will prevent accepting certificates from CAs that issued '*.com', or 'www.*'. Conflicts: tests/hostname-check.c
* export _gnutls_vasprintf that is used by xssl.Nikos Mavrogiannopoulos2014-03-111-0/+1
| | | | Report and patch by Tobias Gruetzmacher.
* set correct value if foundNikos Mavrogiannopoulos2014-03-081-0/+1
|
* ciphersuites that utilize SHA256 or SHA384 are only available in TLS 1.0Nikos Mavrogiannopoulos2014-03-081-39/+39
| | | | | | The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated under SSL 3.0, it will during MAC initialization.
* explicit type conversions when neededNikos Mavrogiannopoulos2014-03-085-50/+51
|
* more clang warning fixesNikos Mavrogiannopoulos2014-03-086-7/+10
|
* silence some warningsNikos Mavrogiannopoulos2014-03-081-2/+2
|
* clang warning fixesNikos Mavrogiannopoulos2014-03-084-7/+16
|
* Ensure failure when no base64 data have been read. Suggested by Ramkumar ↵Nikos Mavrogiannopoulos2014-03-061-6/+11
| | | | Chinchani.
* xssl compilation fix; patch by Colin LeroyNikos Mavrogiannopoulos2014-03-061-1/+1
|
* Fixed checking the length of a null stringJason Spafford2014-03-061-3/+3
| | | | | | | | in cdk_strlist_add, it would check the strlen of the 'string' parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
* check the blacklist for certificates provided in ↵gnutls_3_2_12Nikos Mavrogiannopoulos2014-03-021-0/+8
| | | | | | | gnutls_x509_trust_list_verify_named_crt(). Conflicts: lib/x509/verify-high.c
* print message before failing when the pull timeout function isn't replaced.Nikos Mavrogiannopoulos2014-03-021-1/+3
|
* Allow all ciphersuites in SSL3.0 when they are available in TLS1.0Nikos Mavrogiannopoulos2014-02-281-79/+79
|
* corrected return codes.Nikos Mavrogiannopoulos2014-02-281-11/+24
|
* Corrected error checking in _gnutls_x509_ext_gen_proxyCertInfoNikos Mavrogiannopoulos2014-02-281-3/+3
|
* removed not trusted message; reported by Michel Briand.Nikos Mavrogiannopoulos2014-02-261-4/+0
|
* combined initializationNikos Mavrogiannopoulos2014-02-221-5/+4
|
* reinitialize the handshake timers when gnutls_handshake() is called.Nikos Mavrogiannopoulos2014-02-182-1/+5
|
* Corrected bug in gnutls_pcert_list_import_x509_raw().Nikos Mavrogiannopoulos2014-02-151-4/+5
| | | | | | The bug caused gnutls_pcert_list_import_x509_raw() to crash if gnutls_x509_crt_list_import() would fail with the provided data. Reported by Dmitriy Anisimkov.
* ensure that the issuer in present in a trusted module.Nikos Mavrogiannopoulos2014-02-131-1/+1
|
* removed flag GNUTLS_PKCS11_TOKEN_TRUSTED_UINTNikos Mavrogiannopoulos2014-02-132-27/+1
|
* Added flag GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().Nikos Mavrogiannopoulos2014-02-132-2/+11
|
* Use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only ↵Nikos Mavrogiannopoulos2014-02-131-19/+2
| | | | | | | trusted modules are used. Conflicts: lib/x509/verify.c
* Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE.Nikos Mavrogiannopoulos2014-02-133-8/+19
| | | | | | This flag can be used to ensure that the object request lies on a marked as trusted PKCS #11 module. The marking is done on p11-kit configuration.
* mark trusted p11-kit modules as trusted.Nikos Mavrogiannopoulos2014-02-131-0/+5
| | | | | Conflicts: lib/pkcs11.c
* Fix bug that prevented the rejection of v1 intermediate CA certificates.Nikos Mavrogiannopoulos2014-02-121-1/+4
| | | | Reported by Suman Jana.
* do not redefine the _gnutls_x86_cpuid_s symbolNikos Mavrogiannopoulos2014-02-103-5/+2
|
* removed unimplemented API.Nikos Mavrogiannopoulos2014-02-031-2/+0
|
* when using a PKCS #11 module for verification ensure that it has been marked ↵Nikos Mavrogiannopoulos2014-02-031-0/+19
| | | | a trusted module in p11-kit.
* Added flag GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain ↵Nikos Mavrogiannopoulos2014-02-032-6/+37
| | | | p11-kit's P11_KIT_MODULE_TRUSTED flag.
* When setting multiple initial keywords in a priority string, the security ↵Nikos Mavrogiannopoulos2014-02-031-16/+12
| | | | level set is the one of the lowest security.
* consider the initial keyword set even when it's set to NONE.Nikos Mavrogiannopoulos2014-02-021-0/+1
|
* When two initial keywords are specified then treat the second as having the ↵Nikos Mavrogiannopoulos2014-02-021-1/+3
| | | | | | '+' modifier. This will handle SECURE256:SECURE128 the same way as SECURE256:+SECURE128.
* corrected typoNikos Mavrogiannopoulos2014-02-011-1/+1
|
View Lorry Controller Status