summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Write OCSP status request debug information to logfile, if setFiona Klute2019-12-011-1/+1
| | | | | | | The status information not part of the payload data and should be separate when using --logfile. Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* Send log messages about loading client credentials to logfile, if setFiona Klute2019-12-011-2/+2
| | | | Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* certtool: always include the CRL distribution points on CAsNikos Mavrogiannopoulos2019-11-251-9/+10
| | | | | | | | | Previously we would omit the CRL distribution points from a non-self signed CA certificate, even if contained in the template. Resolves: #765 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-update-ci-to-f31' into 'master'Nikos Mavrogiannopoulos2019-11-0255-1529/+2322
|\ | | | | | | | | Update CI to F31 See merge request gnutls/gnutls!1113
| * updated to libopts 5.18.16Nikos Mavrogiannopoulos2019-10-3055-1529/+2322
| | | | | | | | | | | | | | This fixes compilation in Fedora 30 which ships with this version of autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'logfile-doc-improvement' into 'master'Nikos Mavrogiannopoulos2019-10-311-1/+1
|\ \ | |/ |/| | | | | | | | | doc: describe how to make gnutls-cli quiet for pipe usage Closes #845 See merge request gnutls/gnutls!1108
| * doc: describe how to make gnutls-cli quiet for pipe usageBjörn Jacke2019-10-251-1/+1
| | | | | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org>
* | serv: move closing TABLE tag after actual table endDmitry Eremin-Solenikov2019-10-271-1/+3
|/ | | | | | Move closing TABLE tag after printing information on cipher and MAC. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* src: fix noreturn-related warningDmitry Eremin-Solenikov2019-10-182-2/+2
| | | | | | | | | | | | | Recent autogen started adding '#include <stdnoreturn.h>' into -args.h files. However in GnuTLS tools code this results in the following warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to _Noreturn: warning: '_Noreturn' attribute directive ignored Use __noreturn__ attribute instead as does Gnulib. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* p11tool: print mechanism info in list-mechanismsDmitry Eremin-Solenikov2019-10-092-1/+61
| | | | | | Print key size range and flags in mechanisms list. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Implemented raw public key support for gnutls-serv application.Tom Vrancken2019-10-042-6/+101
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Implemented raw public key support for gnutls-cli application.Tom Vrancken2019-10-043-53/+223
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* certtool: ensure that PKCS#8 file does not contain key descriptionNikos Mavrogiannopoulos2019-09-281-3/+6
| | | | | | Resolves: #840 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-cli-debug: fix early break for no version supported checkDmitry Eremin-Solenikov2019-09-023-60/+56
| | | | | | | | | | | | | | | | Currently gnutls-cli-debug code hardodes index of tests, after which it will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by the server. However this number is hardcoded and thus easy to break. This is exactly what happened after adding %ALLOW_SMALL_RECORDS check. Two tests were added in front of tests lists without updating this index. So let's make this check robust by adding another test which will return fatal error if no known protocols are supported. While we are at it, also simplify tests loop by removing internal loop completely and controlling opening/closing a socket with a flag. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* src/Makefile.am: fix detection of .bak filesNikos Mavrogiannopoulos2019-08-051-6/+5
| | | | | | | | | This fixes detection in a way to work in builds outside the source directory. Resolves: #810 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: default to yes on signing certificates for CAstmp-sign-casNikos Mavrogiannopoulos2019-07-261-2/+2
| | | | | | | | | When asking the questions for CA certificate generation, default to yes to signing certificates. This is because that's the most common type of CAs generated and defaulting to yes eliminates the need for restart on error. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli-debug: test whether RSA key exchange is supportedNikos Mavrogiannopoulos2019-06-293-0/+27
| | | | | | Resolves: #449 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-serv: add --httpdata option to respond with fixed sized dataDaiki Ueno2019-06-192-1/+55
| | | | | | | | By default, the gnutls-server --http responds with the connection information. While this is useful for manual testing, fixed content would be more desirable for automated testing. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is requiredDaiki Ueno2019-06-193-2/+69
| | | | | | | | | | This adds a new test against the server to check if %ALLOW_SMALL_RECORDS is required to continue communicating with the server. The test is in two parts: one to check if the server accepts records with the default size (512 bytes) and the other is to check if %ALLOW_SMALL_RECORDS helps if the previuos test fails. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* gnutls-serv: add --recordsize optionDaiki Ueno2019-06-192-0/+22
| | | | | | | | This adds a means to set maximum record size to receive. If the size is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS also needs to be specified. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Do not regenerate autogen files if --enable-local-libopts is giventmp-fix-liboptsNikos Mavrogiannopoulos2019-05-291-0/+18
| | | | | | | | | | | | This addresses issue on installed systems which have autogen but use --enable-local-libopts. In these systems if the installed autogen would not match the local libopts library version compilation would fail because the auto-generated files depend on the corresponding to autogen version libopts internals. Resolves: #772 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: corrected typo in manual [ci skip]Nikos Mavrogiannopoulos2019-05-231-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: CA certificates will contain the digital signature key usage flagNikos Mavrogiannopoulos2019-05-201-1/+5
| | | | | | | | | This change ensures that all certificates will contain the digital signature key usage flag if that's specified in the template. Resolves: #767 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-serv: GERR macro will output in stderrNikos Mavrogiannopoulos2019-05-201-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Check all memory allocation in examples and certtooltmp-check-allocationsNikos Mavrogiannopoulos2019-05-141-0/+9
| | | | | | Resolves: #739 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tools: suppress ctime() error from static analysersNikos Mavrogiannopoulos2019-05-096-13/+40
| | | | | | | This function is not thread safe and can be easily misused even in single threaded scenarios (one such minor bug fixed). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Add or clean header guards in src/Tim Rühsen2019-05-0710-17/+41
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* certtool: refuse to accept an incompatible key typeNikos Mavrogiannopoulos2019-04-251-2/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: generate RSA-PSS certificates from RSA keysNikos Mavrogiannopoulos2019-04-202-16/+40
| | | | | | | | | | | | | When generating certificates it was not possible to generate an RSA-PSS certificate from an RSA key (common scenario). This fixes the certificate generation to include such a method. Ironically there was a test for this scenario but the test was limited to checking that the combination of certtool parameters succeeded; modified the test to check the textual expression of the certificate for the RSA-PSS indicators. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-p11tool-pin' into 'master'Nikos Mavrogiannopoulos2019-04-201-1/+14
|\ | | | | | | | | p11tool: copy vendor query attributes when listing privkeys See merge request gnutls/gnutls!982
| * p11tool: copy vendor query attributes when listing privkeystmp-p11tool-pinDaiki Ueno2019-04-161-1/+14
| | | | | | | | | | | | | | | | | | | | | | When listing private keys on a specified token, "pin-value" is ignored and the tool looks for GNUTLS_PIN, because it internally strips out vendor query attributes from the original URL. This also replaces the global uses of GNUTLS_PIN envvar in testpkcs11.sh to check the case where the envvar is not in effect. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | serv, cli: add --keymatexport optionDaiki Ueno2019-04-196-0/+78
| | | | | | | | | | | | | | | | This adds --keymatexport and --keymatexportsize options to both gnutls-serv and gnutls-cli. Those would be useful for testing interoperability with other implementations. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-mingw-fix' into 'master'Tim Rühsen2019-04-153-58/+69
|\ \ | |/ |/| | | | | | | | | Fix WIN32 custom push/pull functions Closes #751 See merge request gnutls/gnutls!978
| * Fix WIN32 custom push/pull functionstmp-mingw-fixTim Rühsen2019-04-113-58/+69
| | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)
* | gnutls-cli: renamed global variable nameNikos Mavrogiannopoulos2019-04-131-7/+7
|/ | | | | | | That is because the same variable name is used by local variables as well. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Update ocsptool-common.cElta Koepp2019-03-271-2/+1
|
* Detect malloc failure.Elta Koepp2019-03-271-0/+4
| | | malloc(data.size + 1) maybe returns NULL on failure.
* tools: removed unused codeNikos Mavrogiannopoulos2019-03-242-58/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls-cli: Fix output with option "--logfile"Ke Zhao2019-03-241-7/+5
| | | | | | | | The X.509 connection would still print informational message to the stdout by default. Move that output to logfile and add x509 functionality test in the test suite. Signed-off-by: Ke Zhao <kzhao@redhat.com>
* Merge branch 'tmp-remove-fixme' into 'master'Tim Rühsen2019-03-161-2/+1
|\ | | | | | | | | Removed all FIXME comments in code See merge request gnutls/gnutls!955
| * Removed all FIXME comments in code [ci skip]Nikos Mavrogiannopoulos2019-03-161-2/+1
| | | | | | | | | | | | | | | | We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful comments, obsolete ones, or comments about ideas. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | gnutls-cli: Add option "--logfile" to redirect information message outputKe Zhao2019-03-165-186/+232
|/ | | | | | | | | | | | | | | | | | | First, add an option "--logfile" so user could choose a specific file to store all the informational messages. In some cases, informational messages may cause unexpected result if the output is standard output. With this option, user could redirect these messages to a specific file. This will be helpful in testing and tracking. Second, replace printf() function with log_msg() function This log_msg() function is used when "--logfile" is enabled. Third, add a functionality test for "--logfile" option Add a test script to test if "--logfile" option works as it should be. Signed-off-by: Ke Zhao <kzhao@redhat.com>
* Use https:// in lib/, src/, and m4/Tim Rühsen2019-03-135-8/+8
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-1343-54/+54
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-fix-cli-starttls-xmpp' into 'master'Tim Rühsen2019-03-051-8/+8
|\ | | | | | | | | | | | | gnutls-cli: Fix --starttls-proto=xmpp Closes #697 See merge request gnutls/gnutls!911
| * gnutls-cli: Fix --starttls-proto=xmppTim Rühsen2019-02-181-8/+8
| | | | | | | | | | | | | | | | Fixes two issues with gnutls-cli --starttls-proto=xmpp: 1. Print 'Timeout' on timeout instead of random errno message 2. Do not wait for linefeed when using XMPP (XML) Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | gnutls-cli: fix --benchmark-ciphers type overflowAndreas Metzler2019-02-242-2/+5
|/ | | | Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Fix 32bit overflow issue in src/serv-args.defTim Rühsen2019-02-121-1/+1
| | | | | | | | | | | Fixing this warning seen on 32bit architectures: serv-args.c: In function 'doOptMaxearlydata': serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow] { 1, 4294967296 } }; ^~~~~~~~~~ Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Use inet_pton() from gnulibtmp-gnulib-ptonTim Rühsen2019-02-101-6/+6
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* build: do not generate mech-list.h if p11-kit is not availableDmitry Eremin-Solenikov2019-02-021-2/+3
| | | | | | | | | Compiling GnuTLS with no p11-kit installed will result in a serie of warnings during build time because mech-list.h will be generated even if pkcs11 tool compilation is disabled. Move mech-list.h generation to happen only if pkcs11 is enabled, thus removing these warnings. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status