gnutls:gnutls.git
9 years agoUpdated gnulib and added hash-pjw-bare
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 18:02:44 +0000 (20:02 +0200)]
Updated gnulib and added hash-pjw-bare

9 years agoAdded test to verify that callbacks are being actually called.
Nikos Mavrogiannopoulos [Tue, 2 Oct 2012 17:28:42 +0000 (19:28 +0200)]
Added test to verify that callbacks are being actually called.

9 years agocheck the first response.
Nikos Mavrogiannopoulos [Mon, 1 Oct 2012 19:33:24 +0000 (21:33 +0200)]
check the first response.

9 years agognutls_ocsp_resp_check_crt() accepts the response index.
Nikos Mavrogiannopoulos [Mon, 1 Oct 2012 19:32:51 +0000 (21:32 +0200)]
gnutls_ocsp_resp_check_crt() accepts the response index.

9 years agodoc update
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:20:53 +0000 (00:20 +0200)]
doc update

9 years agoAdded gnutls_x509_crl_reason_flags_t.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:19:03 +0000 (00:19 +0200)]
Added gnutls_x509_crl_reason_flags_t.

9 years agoread revocation reason
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 22:18:43 +0000 (00:18 +0200)]
read revocation reason

9 years agosimplified doc
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 20:59:12 +0000 (22:59 +0200)]
simplified doc

9 years agognutls_ocsp_resp_check_crt was moved to 3.0 symbols and documented update.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 16:10:17 +0000 (18:10 +0200)]
gnutls_ocsp_resp_check_crt was moved to 3.0 symbols and documented update.

9 years agodocumented gnutls_ocsp_resp_check_crt().
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 14:34:32 +0000 (16:34 +0200)]
documented gnutls_ocsp_resp_check_crt().

9 years agoThe OCSP response file is now set on the credentials and other additions.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 14:22:33 +0000 (16:22 +0200)]
The OCSP response file is now set on the credentials and other additions.

Changed OCSP function prototypes for almost all status_request functions
to move the response file and callback to the certificate credentials structure.
Added gnutls_ocsp_resp_check_crt() to check whether a response corresponds
to a given certificate.

9 years agodocumented fix
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 11:12:37 +0000 (13:12 +0200)]
documented fix

9 years agoPrint debugging information even when an extension is not parsed.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:57:01 +0000 (12:57 +0200)]
Print debugging information even when an extension is not parsed.

9 years agoFixed the receipt of session tickets during session resumption.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:53:37 +0000 (12:53 +0200)]
Fixed the receipt of session tickets during session resumption.

Reported by danblack
http://savannah.gnu.org/support/?108146

9 years agobetter output in resume
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:04:45 +0000 (12:04 +0200)]
better output in resume

9 years agosimplified handshake states.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 10:04:22 +0000 (12:04 +0200)]
simplified handshake states.

9 years agoVerify callback is run in either side.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:52:24 +0000 (10:52 +0200)]
Verify callback is run in either side.

9 years agoremoved unused functions.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:21:53 +0000 (10:21 +0200)]
removed unused functions.

9 years agoPack and unpack the status request extension data on resumption.
Nikos Mavrogiannopoulos [Sun, 30 Sep 2012 08:06:01 +0000 (10:06 +0200)]
Pack and unpack the status request extension data on resumption.

9 years agoUse the server's OCSP provided data when verifying a certificate's validity.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 17:00:19 +0000 (19:00 +0200)]
Use the server's OCSP provided data when verifying a certificate's validity.

9 years agoThe certificate verification callback is being run after the certificate status respo...
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 16:54:15 +0000 (18:54 +0200)]
The certificate verification callback is being run after the certificate status response is received.

9 years agodocumented updates
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 15:50:28 +0000 (17:50 +0200)]
documented updates

9 years agoupdated OCSP status request.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 12:26:05 +0000 (14:26 +0200)]
updated OCSP status request.

9 years agoSession ID is correctly read.
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 12:07:46 +0000 (14:07 +0200)]
Session ID is correctly read.

9 years agoCorrected signed-to-unsigned comparisons
Nikos Mavrogiannopoulos [Fri, 28 Sep 2012 11:14:31 +0000 (13:14 +0200)]
Corrected signed-to-unsigned comparisons

9 years agoImplement status_request OCSP extension.
Simon Josefsson [Tue, 17 Apr 2012 12:31:09 +0000 (14:31 +0200)]
Implement status_request OCSP extension.

10 years agoAdded Olga and Ilya to authors.
Nikos Mavrogiannopoulos [Thu, 27 Sep 2012 15:40:40 +0000 (17:40 +0200)]
Added Olga and Ilya to authors.

10 years agomore files to ignore
Nikos Mavrogiannopoulos [Thu, 27 Sep 2012 15:16:44 +0000 (17:16 +0200)]
more files to ignore

10 years agoupdated heartbeat text
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 21:28:36 +0000 (23:28 +0200)]
updated heartbeat text

10 years agomore files to ignore
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:50:35 +0000 (20:50 +0200)]
more files to ignore

10 years agoreleased 3.1.2 gnutls_3_1_2
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:32:44 +0000 (20:32 +0200)]
released 3.1.2

10 years agoHandle heartbeat packets with zero payload, and account for the payload length when...
Nikos Mavrogiannopoulos [Wed, 26 Sep 2012 18:19:48 +0000 (20:19 +0200)]
Handle heartbeat packets with zero payload, and account for the payload length when sending a heartbeat of fixed size.

10 years agobenchmark time was increased.
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 19:27:30 +0000 (21:27 +0200)]
benchmark time was increased.

10 years agoUpdated to minitasn1 3.0
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 19:16:39 +0000 (21:16 +0200)]
Updated to minitasn1 3.0

10 years agoupdated cross.mk
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 15:22:09 +0000 (17:22 +0200)]
updated cross.mk

10 years agoadded missing tpm.h header
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 15:11:22 +0000 (17:11 +0200)]
added missing tpm.h header

10 years agoAll external libraries that were in LDFLAGS are moved into LIBADD/LDADD.
Nikos Mavrogiannopoulos [Tue, 25 Sep 2012 14:51:44 +0000 (16:51 +0200)]
All external libraries that were in LDFLAGS are moved into LIBADD/LDADD.

It also fixes order within LIBADD/LDADD so that libtool objects go first.
Patch by Bartosz Brachaczek.

10 years agoupdated copyright
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:47:42 +0000 (20:47 +0200)]
updated copyright

10 years agoopenpgp doc update
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:44:48 +0000 (20:44 +0200)]
openpgp doc update

10 years agoAdded boilerplate.
Nikos Mavrogiannopoulos [Mon, 24 Sep 2012 18:13:27 +0000 (20:13 +0200)]
Added boilerplate.

10 years agosimplified calculations
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 21:17:00 +0000 (23:17 +0200)]
simplified calculations

10 years agodocumented fix
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:43 +0000 (19:06 +0200)]
documented fix

10 years agoreduced verbosity and better debugging.
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:17 +0000 (19:06 +0200)]
reduced verbosity and better debugging.

10 years agoCorrected bug in PGP subpacket encoding
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:00 +0000 (19:06 +0200)]
Corrected bug in PGP subpacket encoding

10 years agoAdded script to check against randomly generated certificates.
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 14:34:25 +0000 (16:34 +0200)]
Added script to check against randomly generated certificates.

10 years agoremoved unused label
Nikos Mavrogiannopoulos [Sat, 22 Sep 2012 12:28:00 +0000 (14:28 +0200)]
removed unused label

10 years agodoc updates
Nikos Mavrogiannopoulos [Sat, 22 Sep 2012 12:09:49 +0000 (14:09 +0200)]
doc updates

10 years agoAdded a test of heartbeat ping exchange.
Nikos Mavrogiannopoulos [Sat, 22 Sep 2012 12:09:25 +0000 (14:09 +0200)]
Added a test of heartbeat ping exchange.

10 years agoseveral cleanups
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 23:45:33 +0000 (01:45 +0200)]
several cleanups

10 years agocorrected bug in gnutls_x509_privkey_sign_data
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 22:59:40 +0000 (00:59 +0200)]
corrected bug in gnutls_x509_privkey_sign_data

10 years agoAll openpgp code moved within ENABLE_OPENPGP
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 19:36:56 +0000 (21:36 +0200)]
All openpgp code moved within ENABLE_OPENPGP

10 years agoupdated makefiles
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 17:46:39 +0000 (19:46 +0200)]
updated makefiles

10 years agoCorrectly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasm...
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 17:05:29 +0000 (19:05 +0200)]
Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasmition of handshake data.

10 years agoAllow for pinging until timeout.
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 07:16:57 +0000 (09:16 +0200)]
Allow for pinging until timeout.

10 years agocorrected time
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 07:15:14 +0000 (09:15 +0200)]
corrected time

10 years agodocumented update
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 07:08:36 +0000 (09:08 +0200)]
documented update

10 years agofixed copyright
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 07:02:22 +0000 (09:02 +0200)]
fixed copyright

10 years agoBetter handling of timeouts.
Nikos Mavrogiannopoulos [Fri, 21 Sep 2012 07:00:01 +0000 (09:00 +0200)]
Better handling of timeouts.

10 years agoGTK-DOC fixes.
Simon Josefsson [Thu, 20 Sep 2012 23:21:50 +0000 (01:21 +0200)]
GTK-DOC fixes.

10 years agoMore GTK-DOC warning fixes.
Simon Josefsson [Thu, 20 Sep 2012 23:19:19 +0000 (01:19 +0200)]
More GTK-DOC warning fixes.

10 years agoAlso include tpm.h in GTK-DOC manual.
Simon Josefsson [Thu, 20 Sep 2012 23:09:40 +0000 (01:09 +0200)]
Also include tpm.h in GTK-DOC manual.

10 years agoFix GTK-DOC warnings.
Simon Josefsson [Thu, 20 Sep 2012 22:57:30 +0000 (00:57 +0200)]
Fix GTK-DOC warnings.

10 years agoCleanup warning flags.
Simon Josefsson [Thu, 20 Sep 2012 22:55:05 +0000 (00:55 +0200)]
Cleanup warning flags.

10 years agobumped versions
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 21:41:01 +0000 (23:41 +0200)]
bumped versions

10 years agodoc update
Nikos Mavrogiannopoulos [Tue, 18 Sep 2012 19:50:35 +0000 (21:50 +0200)]
doc update

10 years agoupdated
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 21:36:59 +0000 (23:36 +0200)]
updated

10 years agoupdates in heartbeat support
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 21:36:00 +0000 (23:36 +0200)]
updates in heartbeat support

10 years agoupdated documentation
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 21:06:06 +0000 (23:06 +0200)]
updated documentation

10 years agoupdated tests for new security levels
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 21:01:17 +0000 (23:01 +0200)]
updated tests for new security levels

10 years agoseveral updates in the heartbeat handling code.
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 20:59:49 +0000 (22:59 +0200)]
several updates in the heartbeat handling code.

10 years agoCorrected issues
Nikos Mavrogiannopoulos [Thu, 20 Sep 2012 16:51:54 +0000 (18:51 +0200)]
Corrected issues

10 years agoDrop -Winline.
Simon Josefsson [Thu, 20 Sep 2012 08:41:36 +0000 (10:41 +0200)]
Drop -Winline.

10 years agocorrected usage of defines
Nikos Mavrogiannopoulos [Wed, 19 Sep 2012 16:30:09 +0000 (18:30 +0200)]
corrected usage of defines

10 years agodoc/manpages is handled the same as doc/
Nikos Mavrogiannopoulos [Tue, 18 Sep 2012 21:00:40 +0000 (23:00 +0200)]
doc/manpages is handled the same as doc/

10 years agocompare-makefile is only executed during make dist.
Nikos Mavrogiannopoulos [Tue, 18 Sep 2012 20:47:14 +0000 (22:47 +0200)]
compare-makefile is only executed during make dist.

10 years agoDEFAULT_* -> DEFAULT_MAX_*
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 22:05:50 +0000 (00:05 +0200)]
DEFAULT_* -> DEFAULT_MAX_*

10 years agoMAX_CERTS_TO_SORT -> DEFAULT_VERIFY_DEPTH
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 22:04:38 +0000 (00:04 +0200)]
MAX_CERTS_TO_SORT -> DEFAULT_VERIFY_DEPTH

10 years agocorrected default
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 18:26:30 +0000 (20:26 +0200)]
corrected default

10 years agoIncreased security levels by adding insecure.
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 18:19:42 +0000 (20:19 +0200)]
Increased security levels by adding insecure.

10 years agoAllow negatives in enumerations.
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 18:07:54 +0000 (20:07 +0200)]
Allow negatives in enumerations.

10 years agodo not complain on overlength strings
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 17:46:29 +0000 (19:46 +0200)]
do not complain on overlength strings

10 years agognutls_session_enable_compatibility_mode() is equivalent to %COMPAT priority string.
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 17:45:18 +0000 (19:45 +0200)]
gnutls_session_enable_compatibility_mode() is equivalent to %COMPAT priority string.

10 years agoWarn on certificate with weak security levels. (re)introduces GNUTLS_SEC_PARAM_WEAK.
Nikos Mavrogiannopoulos [Mon, 17 Sep 2012 17:55:50 +0000 (19:55 +0200)]
Warn on certificate with weak security levels. (re)introduces GNUTLS_SEC_PARAM_WEAK.

10 years agoAdded verification flags GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, which is enabled by...
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 21:02:35 +0000 (23:02 +0200)]
Added verification flags GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, which is enabled by default for verifying TLS sessions.

10 years agoremoved a now redundant chain check
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 20:50:09 +0000 (22:50 +0200)]
removed a now redundant chain check

10 years agoAdded function to sort the provided certificate chain prior to verification.
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 20:47:44 +0000 (22:47 +0200)]
Added function to sort the provided certificate chain prior to verification.

10 years agoavoid duplicate asn1 structure initialization.
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 19:41:50 +0000 (21:41 +0200)]
avoid duplicate asn1 structure initialization.

10 years agoupdated minitasn1
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 19:21:28 +0000 (21:21 +0200)]
updated minitasn1

10 years agoUse the pkg-config macro to find libtasn1.
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 19:20:04 +0000 (21:20 +0200)]
Use the pkg-config macro to find libtasn1.

10 years agocorrected typo
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 19:02:47 +0000 (21:02 +0200)]
corrected typo

10 years agosmall updates
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 18:50:35 +0000 (20:50 +0200)]
small updates

10 years agoremoved old libtasn1 requirements
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 18:48:36 +0000 (20:48 +0200)]
removed old libtasn1 requirements

10 years agoMAX_NAME_SIZE -> MAX_SERVER_NAME_SIZE
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 18:48:18 +0000 (20:48 +0200)]
MAX_NAME_SIZE -> MAX_SERVER_NAME_SIZE

10 years agocorrected sign
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 09:28:01 +0000 (11:28 +0200)]
corrected sign

10 years agocorrected prototypes
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 09:24:01 +0000 (11:24 +0200)]
corrected prototypes

10 years agouse a %STATELESS_COMPRESSION priority string instead of gnutls_init() flag.
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 09:21:45 +0000 (11:21 +0200)]
use a %STATELESS_COMPRESSION priority string instead of gnutls_init() flag.

10 years agocorrected missing parameter
Nikos Mavrogiannopoulos [Sun, 16 Sep 2012 09:19:12 +0000 (11:19 +0200)]
corrected missing parameter

10 years agoKey usage violations are allowed when the COMPAT keyword is specified.
Nikos Mavrogiannopoulos [Sat, 15 Sep 2012 18:21:02 +0000 (20:21 +0200)]
Key usage violations are allowed when the COMPAT keyword is specified.

I've noticed in the SSL observatory data that most key usage bits in
a certificate are set randomly (e.g., there are DSA certificates marked
for encryption, and most RSA certificates marked for signature only are used
for encryption anyway). There is no point of being strict in such environment.

10 years agoDo not ask unnecessary questions when signing a certificate (request).
Nikos Mavrogiannopoulos [Sat, 15 Sep 2012 18:13:39 +0000 (20:13 +0200)]
Do not ask unnecessary questions when signing a certificate (request).

10 years agomingw32 support. Based on patch by LRN.
Nikos Mavrogiannopoulos [Sat, 15 Sep 2012 11:43:28 +0000 (13:43 +0200)]
mingw32 support. Based on patch by LRN.