summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* build: re-indent codeDaiki Ueno2023-04-2435-3652/+3101
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gnutls-serv: add configurable timeoutATHARVA S MARATHE2023-04-042-5/+15
| | | | | | | | This adds --timeout option to gnutls-serv to control the inactivity interval, which would be useful for testing. Fixes: #1471 Signed-off-by: maratheatharva <atharvamarathe8@gmail.com>
* Merge branch 'wip/dueno/psk-username' into 'master'Daiki Ueno2023-03-301-4/+6
|\ | | | | | | | | src: print_info: prefer gnutls_psk_server_get_username2 See merge request gnutls/gnutls!1730
| * src: print_info: prefer gnutls_psk_server_get_username2Daiki Ueno2023-03-211-4/+6
| | | | | | | | | | | | | | | | gnutls_psk_server_get_username only supports NUL-terminated usernames, while we added support for non-NULL terminated usernames in d00638997fa269a975095d852633b48b2b64fbf9. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | changes to keep backward compatibilitypeonix2023-03-281-0/+3
| | | | | | | | Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
* | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONSpeonix2023-03-281-1/+1
|/ | | | Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
* remove unused extern variablesxuraoqing2023-02-281-3/+0
| | | | Signed-off-by: xuraoqing <xuraoqing@huawei.com>
* gnutls-serv: fix possible memory leakage around reallocxuraoqing2023-02-271-8/+11
| | | | Signed-off-by: xuraoqing <xuraoqing@huawei.com>
* use xrealloc replace realloc in src/serv.c which just for test.xuraoqing2023-02-131-12/+4
| | | | Signed-off-by: xuraoqing <609179072@qq.com>
* fix possible out-of-bounds accessxuraoqing2023-02-091-4/+12
| | | | Signed-off-by: xuraoqing <609179072@qq.com>
* socket: set pull/push functions on windowsZoltan Fridrich2023-02-061-0/+10
| | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Indent codeZoltan Fridrich2023-01-2735-2390/+2719
| | | | | Co-authored-by: Simon Josefsson <simon@josefsson.org> Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Replace FSF snail mail addresses with URLStefan Kangas2022-12-271-2/+1
| | | | | | | This is the latest recommendation, as described here: https://www.gnu.org/licenses/gpl-howto.html Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
* Prefer HTTPS to HTTP in URLsStefan Kangas2022-12-271-1/+1
| | | | | | | This mostly updates NEWS and license links. All links have been manually tested and confirmed working. Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
* srp: provide stubs of public functions even if SRP is disabledDaiki Ueno2022-12-162-0/+6
| | | | | | | This adds stub definitions of public SRP functions even if SRP is disabled with --disable-srp-authentication, to preserve the ABI. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/memleak-fixes' into 'master'Daiki Ueno2022-12-071-1/+3
|\ | | | | | | | | | | | | Fix memory leaks in tools and tests Closes #1433 and #1430 See merge request gnutls/gnutls!1672
| * src: fix memory leak in print_rawpk_infoDaiki Ueno2022-11-281-1/+3
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/ktls-fixes2' into 'master'Daiki Ueno2022-11-301-0/+10
|\ \ | | | | | | | | | | | | | | | | | | Minor fixes on KTLS Closes #1382 See merge request gnutls/gnutls!1673
| * | src: print KTLS enablement status in gnutls-serv/gnutls-cliDaiki Ueno2022-11-281-0/+10
| |/ | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | build: suppress GCC analyzer warningsDaiki Ueno2022-11-222-7/+9
|/ | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Reduce sensitive languageZoltan Fridrich2022-09-201-2/+2
| | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Report system config file location via gnutls-cliZoltan Fridrich2022-09-121-0/+1
| | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* src: request tls-exporter only when unique master secrets are usedDaiki Ueno2022-08-291-19/+46
| | | | | | This is to comply with RFC9266 4.2. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* srptool: resurrect default value for -iDaiki Ueno2022-08-181-2/+3
| | | | | | | | The default option value for -i (--index) was dropped during the cligen conversion. This adds it back for compatibility with the existing command line usage. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* socket: only set pull/push functions when --save-*-trace is usedDaiki Ueno2022-07-271-8/+8
| | | | | | | This allows gnutls-cli to use KTLS for the transport, unless either --save-client-trace or --save-server-trace is used. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: add __attribute__((malloc)) to safe_open_rwDaiki Ueno2022-07-201-0/+2
| | | | | | | | This silences -Wsuggest-attribute=malloc warning with GCC 12. While we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not possible to use it until Gnulib is updated. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: add NULL check on return value of realloc used in testsDaiki Ueno2022-07-201-1/+7
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gnutls-cli, gnutls-serv: print supported channel bindingZoltan Fridrich2022-04-281-2/+2
| | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* cligen: update git submoduleDaiki Ueno2022-04-151-3/+3
| | | | | | | This also reverts commit fd0e28a3 and changes how the cligen python files are included in the distribution. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* cli, serv: allow multiple --compress-cert optionsDaiki Ueno2022-03-156-36/+38
| | | | | | This eliminates the need of parsing the comma separated list manually. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Make option specification type-safeDaiki Ueno2022-03-1013-3163/+2394
| | | | | | | This switches the CLI code and documentation generation to the external cligen module, which provides more type-safe specification. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Add compress_certificate extension (RFC8879)Zoltan Fridrich2022-03-016-1/+79
| | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* certtool --generate-privkey: update warnings on RSA key sizesDaiki Ueno2022-02-031-3/+15
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gen-getopt.py: avoid struct member name clash with C keywordsDaiki Ueno2022-01-281-0/+20
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* cli: add --list-config optionDaiki Ueno2022-01-172-1/+15
| | | | | | | With this option gnutls-cli prints the build-time configuration of the library, retrieved through gnutls_get_library_config. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: avoid overriding noinst_PROGRAMSDaiki Ueno2022-01-161-4/+3
| | | | | | In src, we now have two helper programs: systemkey and dumpcfg. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: remove AutoGen .def filesDaiki Ueno2022-01-1512-4006/+0
| | | | | | | As neither the tools nor documentation depends on AutoGen, we don't need to include the AutoGen definition files. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: remove included copy of liboptsDaiki Ueno2022-01-1571-23059/+0
| | | | | | | As no tools link with libopts anymore, we don't need to include it in the distribution. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: replace autoopts/libopts with minimal config parserDaiki Ueno2022-01-154-121/+614
| | | | | | | This replaces configuration file parsing code previously provided by <autoopts/options.h>, with a minimal compatible implementation. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: generate option handling code from JSONDaiki Ueno2022-01-1426-185/+3236
| | | | | | | | | This replaces AutoGen based command-line parser with a Python script (gen-getopt.py), which takes JSON description as the input. The included JSON files were converted one-off using the parse-autogen program: https://gitlab.com/dueno/parse-autogen. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* certtool: --to-p12: use modern algorithms by defaultDaiki Ueno2022-01-072-5/+1
| | | | | | | | | Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in PKCS#12, while it is suggested to migrate to more modern algorithms, namely AES-128-CBC with PBKDF2 and SHA-256: https://bugzilla.redhat.com/show_bug.cgi?id=1759982 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* p11tool: add --mark-always-authenticate optionAlon Bar-Lev2022-01-032-0/+11
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* Port openconnect TPM2 codeNikos Mavrogiannopoulos2021-11-131-0/+4
| | | | | | | | | | This introduces transparent loading of TPM2 keys which are in PEM form by gnutls_privkey_import_x509_raw() and higher level functions which wrap it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Co-authored-by: David Woodhouse <dwmw2@infradead.org> Co-authored-by: Daiki Ueno <ueno@gnu.org>
* certtool: add x448 and x25519 for --key-typeDaniel Kahn Gillmor2021-09-172-1/+5
| | | | | | This is a simple extension of the certtool command-line interface. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* certtool: when making X25519 or X448 certs, always use "key agreement"Daniel Kahn Gillmor2021-09-171-0/+4
| | | | | | | This is related to #1227 -- but in this case, it's enforcing a requirement of RFC 8410 ยง5. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* Enable X25519 and X448 everywhere that EdDSA is supported.Daniel Kahn Gillmor2021-09-172-1/+4
| | | | | | | These are just trivial extension points where the codepath is the same for the ECDH scheme as it is for the EdDSA scheme. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* build: remove tautological if conditionsDaiki Ueno2021-09-091-1/+1
| | | | | | Spotted by LGTM. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* p11tool: mention how CKA_IDs of certs are calculated upon --writeDaiki Ueno2021-06-111-2/+3
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* certtool: order DN components by scale.Daniel Kahn Gillmor2021-05-281-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DN components are expected to be ordered by scale, with the wire format representing larger-scale components (like country or organization) before smaller-scale components (like state or organizationalUnit). The bulk of the changes here of course are changes to the target certificates in the test suite. Note that a change was necessary in tests/cert-tests/crq.sh because it tests the "interactive" mode of certtool. If any user is scripting certtool in this way, this change will cause a backwards-incompatible break. However, I think this is OK -- the supported scripted/batch mode for certtool should use a template file, and I don't think it's important to maintain a strict api on the interactive mode. The main change here is to order the DN from least-specific-to-most, in particular: country, state, locality, org, orgunit, cn, uid But I've also made an additional arbitrary choice, which is that DC (domain component) comes *after* uid. This was already the case in certificate generation, but in *request* generation, it was the other way around. I've changed request generation to match this ordering from certificate generation. Closes: #1243 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* serv: stop setting AI_ADDRCONFIG on getaddrinfoDaiki Ueno2021-05-141-5/+1
| | | | | | | | | AI_ADDRCONFIG is only useful when the NODE argument is given in the getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas Metzler in: https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206 Signed-off-by: Daiki Ueno <ueno@gnu.org>
View Lorry Controller Status