| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
This adds --timeout option to gnutls-serv to control the inactivity
interval, which would be useful for testing.
Fixes: #1471
Signed-off-by: maratheatharva <atharvamarathe8@gmail.com>
|
|\
| |
| |
| |
| | |
src: print_info: prefer gnutls_psk_server_get_username2
See merge request gnutls/gnutls!1730
|
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls_psk_server_get_username only supports NUL-terminated usernames,
while we added support for non-NULL terminated usernames in
d00638997fa269a975095d852633b48b2b64fbf9.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
|
|/
|
|
| |
Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
|
|
|
|
| |
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
|
|
|
|
| |
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
|
|
|
|
| |
Signed-off-by: xuraoqing <609179072@qq.com>
|
|
|
|
| |
Signed-off-by: xuraoqing <609179072@qq.com>
|
|
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
|
| |
Co-authored-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
|
|
|
| |
This is the latest recommendation, as described here:
https://www.gnu.org/licenses/gpl-howto.html
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
|
|
|
|
|
|
| |
This mostly updates NEWS and license links. All links have been
manually tested and confirmed working.
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
|
|
|
|
|
|
| |
This adds stub definitions of public SRP functions even if SRP is
disabled with --disable-srp-authentication, to preserve the ABI.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Fix memory leaks in tools and tests
Closes #1433 and #1430
See merge request gnutls/gnutls!1672
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Minor fixes on KTLS
Closes #1382
See merge request gnutls/gnutls!1673
|
| |/
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
|
|
| |
This is to comply with RFC9266 4.2.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
The default option value for -i (--index) was dropped during the
cligen conversion. This adds it back for compatibility with the
existing command line usage.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This allows gnutls-cli to use KTLS for the transport, unless either
--save-client-trace or --save-server-trace is used.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
This silences -Wsuggest-attribute=malloc warning with GCC 12. While
we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not
possible to use it until Gnulib is updated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
|
|
|
| |
This also reverts commit fd0e28a3 and changes how the cligen python
files are included in the distribution.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
This eliminates the need of parsing the comma separated list manually.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This switches the CLI code and documentation generation to the
external cligen module, which provides more type-safe specification.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
With this option gnutls-cli prints the build-time configuration of the
library, retrieved through gnutls_get_library_config.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
In src, we now have two helper programs: systemkey and dumpcfg.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
As neither the tools nor documentation depends on AutoGen, we don't
need to include the AutoGen definition files.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
As no tools link with libopts anymore, we don't need to include it in
the distribution.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This replaces configuration file parsing code previously provided by
<autoopts/options.h>, with a minimal compatible implementation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
| |
This replaces AutoGen based command-line parser with a Python
script (gen-getopt.py), which takes JSON description as the input.
The included JSON files were converted one-off using the parse-autogen
program: https://gitlab.com/dueno/parse-autogen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
| |
Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in
PKCS#12, while it is suggested to migrate to more modern algorithms,
namely AES-128-CBC with PBKDF2 and SHA-256:
https://bugzilla.redhat.com/show_bug.cgi?id=1759982
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This introduces transparent loading of TPM2 keys which are in PEM
form by gnutls_privkey_import_x509_raw() and higher level functions
which wrap it.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Co-authored-by: David Woodhouse <dwmw2@infradead.org>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
This is a simple extension of the certtool command-line interface.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
| |
This is related to #1227 -- but in this case, it's enforcing a
requirement of RFC 8410 ยง5.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
| |
These are just trivial extension points where the codepath is the same
for the ECDH scheme as it is for the EdDSA scheme.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
| |
Spotted by LGTM.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DN components are expected to be ordered by scale, with the wire format
representing larger-scale components (like country or organization) before
smaller-scale components (like state or organizationalUnit).
The bulk of the changes here of course are changes to the target
certificates in the test suite.
Note that a change was necessary in tests/cert-tests/crq.sh because it
tests the "interactive" mode of certtool. If any user is scripting
certtool in this way, this change will cause a backwards-incompatible
break. However, I think this is OK -- the supported scripted/batch
mode for certtool should use a template file, and I don't think it's
important to maintain a strict api on the interactive mode.
The main change here is to order the DN from least-specific-to-most,
in particular:
country, state, locality, org, orgunit, cn, uid
But I've also made an additional arbitrary choice, which is that DC
(domain component) comes *after* uid. This was already the case in
certificate generation, but in *request* generation, it was the other
way around. I've changed request generation to match this ordering
from certificate generation.
Closes: #1243
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
|
|
| |
AI_ADDRCONFIG is only useful when the NODE argument is given in the
getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas
Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|