| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This makes it clear that "fd" is not a file descriptor but a FILE
pointer. Suggested by Tim Rühsen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
fread_file and read_file. This also adds the following changes to be
consistent with the latest changes in Gnulib:
- the callers of fread_file and read_file to be adjusted for the FLAGS
argument
- "attribute.h" needs to be used extensively
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
Use new function to remove code duplication.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
accelerated: use AES-NI for AES-XTS when available
See merge request gnutls/gnutls!1244
|
| |
| |
| |
| | |
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces the --waitresumption command line option which makes the
client to wait for the resumption data until a ticket is received under
TLS1.3. The client will block if no ticket is received. The new option
has no effect if the option --resume is not provided.
This is useful to force the client to wait for the resumption data when
the server takes long to send the ticket, allowing the session
resumption to be tested. This is a common scenario in CI systems where
the testing machines have limited resources.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to automatically update the copyright year as this
prevents reproducible builds.
Instead, 'make update-copyright-year' has to be executed at the
start of each new year and the changes have to be pushed.
Closes #980
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
improve gnutls-cli-debug testing of old SSL 3.0 servers
See merge request gnutls/gnutls!1221
|
| |
| |
| |
| |
| |
| |
| |
| | |
in SSL 3.0)
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |
| |
| |
| |
| |
| | |
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
servers don't accept them
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
|/
|
|
|
|
|
|
| |
Previously, when gnutls-serv was executed with the --echo option, it
would exit when a message to be echoed was received. Moreover, the
server would output "Memory error" although no error occurred.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
| |
Note that there's a small modification to the behavior of the existing
--ocsp-save option: If there is no stapled OCSP response the output
file is still created and will be empty.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\
| |
| |
| |
| | |
algorithms: implement X448 key exchange and Ed448 signature scheme
See merge request gnutls/gnutls!984
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
| |
When gnutls-cli-debug is run on systems where a particular algorithm
is disabled, ensure that we don't stop the testing; in that case
we ignore the test.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
Fix building gnutls-cli (benchmark part) with GOST keys support being
disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
Support gnutls-serv when building GnuTLS with OCSP API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Use newly added gnutls_hmac_get_key_size() to get key size instead of
assuming that key size = block size (incorrect for GOST 28147 IMIT).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
certtool: always set extensions from template
See merge request gnutls/gnutls!1130
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we would only set these extensions specific with add_extension
when generating using --generate-certificate. The change makes sure these
options are considered even when generating an extension from a certificate
request. Issue reported on the mailing list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
Improvements in gnutls-cli --benchmark-tls-kx
See merge request gnutls/gnutls!1128
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is now printed in a way that separates the tests. Example:
```
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 179.19 transactions/sec
- avg. handshake time: 5.57 ms
- standard deviation: 0.57
(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 182.24 transactions/sec
- avg. handshake time: 5.48 ms
- standard deviation: 0.64
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows micro and nanoseconds to be reported if necessary,
and it changes reporting of sample variance to standard deviation
giving a possibly better overview as it is in the same units as
the average.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
gnutls-serv: do not exit on command failure
Closes #868
See merge request gnutls/gnutls!1129
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
would simply quit. This prevents using this tool in a test environment
like tlsfuzzer. Ensure that we don't quit on error.
Resolves: #868
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
_gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements
Closes #877
See merge request gnutls/gnutls!1140
|
| |/
| |
| |
| |
| |
| | |
This applies to the --verify and --verify-chain commands.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
| |
Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
support by the server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This also includes --enable-local-libopts flag to make dist
to catch future regressions.
Resolves: #867
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The status information not part of the payload data and should be
separate when using --logfile.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
| |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Previously we would omit the CRL distribution points from a non-self
signed CA certificate, even if contained in the template.
Resolves: #765
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
Update CI to F31
See merge request gnutls/gnutls!1113
|
| |
| |
| |
| |
| |
| |
| | |
This fixes compilation in Fedora 30 which ships with this
version of autogen.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
doc: describe how to make gnutls-cli quiet for pipe usage
Closes #845
See merge request gnutls/gnutls!1108
|
| |
| |
| |
| | |
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
|
|/
|
|
|
|
| |
Move closing TABLE tag after printing information on cipher and MAC.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent autogen started adding '#include <stdnoreturn.h>' into -args.h
files. However in GnuTLS tools code this results in the following
warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to
_Noreturn:
warning: '_Noreturn' attribute directive ignored
Use __noreturn__ attribute instead as does Gnulib.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
Print key size range and flags in mechanisms list.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
|
|
| |
Resolves: #840
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently gnutls-cli-debug code hardodes index of tests, after which it
will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
the server. However this number is hardcoded and thus easy to break.
This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
Two tests were added in front of tests lists without updating this
index.
So let's make this check robust by adding another test which will return
fatal error if no known protocols are supported. While we are at it,
also simplify tests loop by removing internal loop completely and
controlling opening/closing a socket with a flag.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This fixes detection in a way to work in builds outside the
source directory.
Resolves: #810
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|