gnutls:gnutls.git
9 years agouse gnulib to detect iconv.
Nikos Mavrogiannopoulos [Tue, 20 Nov 2012 08:23:24 +0000 (09:23 +0100)]
use gnulib to detect iconv.

9 years agocheck for either iconv or libiconv.
Nikos Mavrogiannopoulos [Tue, 20 Nov 2012 08:07:31 +0000 (09:07 +0100)]
check for either iconv or libiconv.

9 years agosimplified parsing
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 23:58:42 +0000 (00:58 +0100)]
simplified parsing

9 years agoprint header only on the first policy
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 23:58:23 +0000 (00:58 +0100)]
print header only on the first policy

9 years agocerttool is able to set certificate policies via a template
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 23:12:14 +0000 (00:12 +0100)]
certtool is able to set certificate policies via a template

9 years agoAdded gnutls_x509_crt_set_policy()
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 23:11:12 +0000 (00:11 +0100)]
Added gnutls_x509_crt_set_policy()

9 years agodoc update
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 21:02:00 +0000 (22:02 +0100)]
doc update

9 years agoanother rename
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 20:53:53 +0000 (21:53 +0100)]
another rename

9 years agocorrected win32 UCS2 conversion.
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 20:40:20 +0000 (21:40 +0100)]
corrected win32 UCS2 conversion.

9 years agosimplified naming
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 20:37:05 +0000 (21:37 +0100)]
simplified naming

9 years agodocumented update
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 20:30:36 +0000 (21:30 +0100)]
documented update

9 years agomention the extension OID
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 17:15:38 +0000 (18:15 +0100)]
mention the extension OID

9 years agoupdated certificates to parse 2.5.29.32.
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 17:15:01 +0000 (18:15 +0100)]
updated certificates to parse 2.5.29.32.

9 years agohandle visiblestring.
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 17:13:49 +0000 (18:13 +0100)]
handle visiblestring.

9 years agoAdded simple check for bmpstring decoding.
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 16:59:36 +0000 (17:59 +0100)]
Added simple check for bmpstring decoding.

9 years agoAdded _gnutls_ucs2_to_utf8() for windows (untested)
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 16:41:44 +0000 (17:41 +0100)]
Added _gnutls_ucs2_to_utf8() for windows (untested)

9 years agoIf _gnutls_ucs2_to_utf8() handle the data as non-printable (fallback to previous...
Nikos Mavrogiannopoulos [Mon, 19 Nov 2012 16:11:29 +0000 (17:11 +0100)]
If _gnutls_ucs2_to_utf8() handle the data as non-printable (fallback to previous behavior).

9 years agodoc update
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 23:10:55 +0000 (00:10 +0100)]
doc update

9 years agodocumented updates
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 18:53:16 +0000 (19:53 +0100)]
documented updates

9 years agocheck for iconv
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 18:53:08 +0000 (19:53 +0100)]
check for iconv

9 years agomap the whole ascii set
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 18:52:27 +0000 (19:52 +0100)]
map the whole ascii set

9 years agoHandle BMPString in DNs.
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 18:38:38 +0000 (19:38 +0100)]
Handle BMPString in DNs.

9 years agoAdded functions to parse the certificate policies extention.
Nikos Mavrogiannopoulos [Sun, 18 Nov 2012 18:31:54 +0000 (19:31 +0100)]
Added functions to parse the certificate policies extention.

Added gnutls_x509_crt_get_policy() etc. In addition several updated in the
handling of strings in X.509 structures.

9 years agodoc updates
Nikos Mavrogiannopoulos [Sat, 17 Nov 2012 15:49:15 +0000 (16:49 +0100)]
doc updates

9 years agoupdated doc
Nikos Mavrogiannopoulos [Fri, 16 Nov 2012 20:25:53 +0000 (21:25 +0100)]
updated doc

9 years agodocumented update
Nikos Mavrogiannopoulos [Fri, 16 Nov 2012 20:21:48 +0000 (21:21 +0100)]
documented update

9 years agoupdated
Nikos Mavrogiannopoulos [Thu, 15 Nov 2012 23:00:11 +0000 (00:00 +0100)]
updated

9 years agoAdded small text
Nikos Mavrogiannopoulos [Thu, 15 Nov 2012 22:41:58 +0000 (23:41 +0100)]
Added small text

9 years agoprint-ciphersuites was a very useful too for debugging this. Now it is even built.
Tim Kosse [Thu, 15 Nov 2012 18:57:02 +0000 (19:57 +0100)]
print-ciphersuites was a very useful too for debugging this. Now it is even built.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoDon't read past the last list entry in _add_priority, doing so adds algorithms that...
Tim Kosse [Thu, 15 Nov 2012 18:57:01 +0000 (19:57 +0100)]
Don't read past the last list entry in _add_priority, doing so adds algorithms that shouldn't be added and can even lead to a segfault.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agotried to beautify output of danetool
Nikos Mavrogiannopoulos [Wed, 14 Nov 2012 22:29:08 +0000 (23:29 +0100)]
tried to beautify output of danetool

9 years agocorrected description.
Nikos Mavrogiannopoulos [Wed, 14 Nov 2012 17:13:31 +0000 (18:13 +0100)]
corrected description.

9 years agocorrected typo
Nikos Mavrogiannopoulos [Wed, 14 Nov 2012 17:11:41 +0000 (18:11 +0100)]
corrected typo

9 years agodoc update
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 17:24:50 +0000 (18:24 +0100)]
doc update

9 years agooptimizations in list import
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 17:24:33 +0000 (18:24 +0100)]
optimizations in list import

9 years agoWhen listing all objects of a type, restrict their class to the specified.
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 17:24:04 +0000 (18:24 +0100)]
When listing all objects of a type, restrict their class to the specified.

9 years agoAdded some help on failure.
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 17:03:17 +0000 (18:03 +0100)]
Added some help on failure.

9 years agopkcs11_find_object made static.
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 16:58:09 +0000 (17:58 +0100)]
pkcs11_find_object made static.

9 years agoget_bits() does not always warn.
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 16:40:41 +0000 (17:40 +0100)]
get_bits() does not always warn.

9 years agowhen generating a PKCS #11 private key print the public key.
Nikos Mavrogiannopoulos [Mon, 12 Nov 2012 00:31:08 +0000 (01:31 +0100)]
when generating a PKCS #11 private key print the public key.

9 years agoThe pubkey-info option can be combined with the load-privkey to extract the public...
Nikos Mavrogiannopoulos [Sun, 11 Nov 2012 19:40:38 +0000 (20:40 +0100)]
The pubkey-info option can be combined with the load-privkey to extract the public key of a private key.

9 years agocorrected verification examples
Nikos Mavrogiannopoulos [Sun, 11 Nov 2012 18:07:39 +0000 (19:07 +0100)]
corrected verification examples

9 years agoremoved OCSP extension from TODO
Nikos Mavrogiannopoulos [Sat, 10 Nov 2012 20:46:54 +0000 (21:46 +0100)]
removed OCSP extension from TODO

9 years agobuild: only run the dane cert test if dane is enabled.
Diego Elio Pettenò [Sat, 10 Nov 2012 01:41:45 +0000 (17:41 -0800)]
build: only run the dane cert test if dane is enabled.

This fixes a test failure when disabling dane support.

Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agolast changes for release. gnutls_3_1_4
Nikos Mavrogiannopoulos [Sat, 10 Nov 2012 00:00:32 +0000 (01:00 +0100)]
last changes for release.

9 years agoupdated
Nikos Mavrogiannopoulos [Fri, 9 Nov 2012 23:25:09 +0000 (00:25 +0100)]
updated

9 years agoCorrected indication of OCSP check failure.
Nikos Mavrogiannopoulos [Fri, 9 Nov 2012 16:21:29 +0000 (17:21 +0100)]
Corrected indication of OCSP check failure.

9 years agoThe status-request option was eliminated. Check OCSP only when the status response...
Nikos Mavrogiannopoulos [Fri, 9 Nov 2012 16:12:52 +0000 (17:12 +0100)]
The status-request option was eliminated. Check OCSP only when the status response in the handshake was invalid.

9 years agoAdded Martin
Nikos Mavrogiannopoulos [Fri, 9 Nov 2012 16:06:19 +0000 (17:06 +0100)]
Added Martin

9 years agoupdated
Nikos Mavrogiannopoulos [Fri, 9 Nov 2012 16:04:35 +0000 (17:04 +0100)]
updated

9 years agoremove @cindex from the invoke-* files.
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:35:00 +0000 (23:35 +0100)]
remove @cindex from the invoke-* files.

9 years agodoc updates
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:29:57 +0000 (23:29 +0100)]
doc updates

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:08:46 +0000 (23:08 +0100)]
doc update

9 years agoAllow easier marking of insecure algorithms.
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 16:57:01 +0000 (17:57 +0100)]
Allow easier marking of insecure algorithms.

9 years agoremoved debugging
Nikos Mavrogiannopoulos [Wed, 7 Nov 2012 20:59:05 +0000 (21:59 +0100)]
removed debugging

9 years agokey usage violations are tolerated.
Nikos Mavrogiannopoulos [Wed, 7 Nov 2012 20:55:36 +0000 (21:55 +0100)]
key usage violations are tolerated.

9 years agoRemoved GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP parsing errors.
Nikos Mavrogiannopoulos [Wed, 7 Nov 2012 20:49:49 +0000 (21:49 +0100)]
Removed GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP parsing errors.

9 years agodoc update
Nikos Mavrogiannopoulos [Wed, 7 Nov 2012 17:55:25 +0000 (18:55 +0100)]
doc update

9 years agognutls-cli-debug uses server name indication.
Nikos Mavrogiannopoulos [Wed, 7 Nov 2012 17:30:17 +0000 (18:30 +0100)]
gnutls-cli-debug uses server name indication.

9 years agoupdated
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 23:45:40 +0000 (00:45 +0100)]
updated

9 years agoDo not succeed if no MKI was received.
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 22:19:50 +0000 (23:19 +0100)]
Do not succeed if no MKI was received.

The gnutls_srtp_get_mki() function succeeds only when the MKI was received by the peer.
Also store the received MKI -if any- in the session resumption data.

9 years agoAdded gnutls_ocsp_status_request_is_checked().
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 22:07:12 +0000 (23:07 +0100)]
Added gnutls_ocsp_status_request_is_checked().

9 years agoWhen verifying an OCSP response included in TLS don't fail if the response is old.
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 21:47:02 +0000 (22:47 +0100)]
When verifying an OCSP response included in TLS don't fail if the response is old.

That is to avoid creating more problems for a server that included an
old response, from a server that included none.
Also renamed: Too old -> Superseded.

9 years agoupdated
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 21:28:24 +0000 (22:28 +0100)]
updated

9 years agodoc update
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 21:10:10 +0000 (22:10 +0100)]
doc update

9 years agoupdated doc
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 20:36:35 +0000 (21:36 +0100)]
updated doc

9 years agoAdded gnutls_srtp_get_mki() and gnutls_srtp_set_mki().
Nikos Mavrogiannopoulos [Tue, 6 Nov 2012 14:52:16 +0000 (15:52 +0100)]
Added gnutls_srtp_get_mki() and gnutls_srtp_set_mki().

9 years agoset an upper limit to SRTP profiles in hello message.
Nikos Mavrogiannopoulos [Mon, 5 Nov 2012 21:06:05 +0000 (22:06 +0100)]
set an upper limit to SRTP profiles in hello message.

9 years agoAdded conditional to disable DTLS-SRTP support.
Nikos Mavrogiannopoulos [Mon, 5 Nov 2012 20:44:44 +0000 (21:44 +0100)]
Added conditional to disable DTLS-SRTP support.

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 5 Nov 2012 20:44:26 +0000 (21:44 +0100)]
updated

9 years agocorrected SRTP profile names
Nikos Mavrogiannopoulos [Mon, 5 Nov 2012 20:38:50 +0000 (21:38 +0100)]
corrected SRTP profile names

9 years agosimplified profile selection
Nikos Mavrogiannopoulos [Mon, 5 Nov 2012 20:35:50 +0000 (21:35 +0100)]
simplified profile selection

9 years agobetter printing
Nikos Mavrogiannopoulos [Sun, 4 Nov 2012 16:37:44 +0000 (17:37 +0100)]
better printing

9 years agoverify all possible entries
Nikos Mavrogiannopoulos [Sun, 4 Nov 2012 16:34:23 +0000 (17:34 +0100)]
verify all possible entries

9 years agodanetool doc fix
Nikos Mavrogiannopoulos [Sun, 4 Nov 2012 16:31:10 +0000 (17:31 +0100)]
danetool doc fix

9 years agoAdded HMAC prefix to SRTP profiles and updated documentation.
Nikos Mavrogiannopoulos [Sun, 4 Nov 2012 16:22:39 +0000 (17:22 +0100)]
Added HMAC prefix to SRTP profiles and updated documentation.

9 years agoseparate entries.
Nikos Mavrogiannopoulos [Sun, 4 Nov 2012 12:01:01 +0000 (13:01 +0100)]
separate entries.

9 years agoundefine macro from win32 headers which clashes autogened macros.
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 19:17:01 +0000 (20:17 +0100)]
undefine macro from win32 headers which clashes autogened macros.

9 years agobumped version and removed unused dependency
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 19:07:18 +0000 (20:07 +0100)]
bumped version and removed unused dependency

9 years agoadded new functions
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 19:03:40 +0000 (20:03 +0100)]
added new functions

9 years agobumped version
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 18:58:48 +0000 (19:58 +0100)]
bumped version

9 years agodisable libdane when cross-building.
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 18:58:37 +0000 (19:58 +0100)]
disable libdane when cross-building.

9 years agognutls_srtp_get_keys() returns the size of the key material
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 15:08:49 +0000 (16:08 +0100)]
gnutls_srtp_get_keys() returns the size of the key material

9 years agocorrected copyright
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 13:21:30 +0000 (14:21 +0100)]
corrected copyright

9 years agoremoved gnutls_certificate_update_verify_flags
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:55:56 +0000 (13:55 +0100)]
removed gnutls_certificate_update_verify_flags

9 years agocheck pathlen constraints.
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:46:25 +0000 (13:46 +0100)]
check pathlen constraints.

9 years agoupdated test
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:23:49 +0000 (13:23 +0100)]
updated test

9 years agofiles to ignore
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:18:13 +0000 (13:18 +0100)]
files to ignore

9 years agoAdded verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:11:46 +0000 (13:11 +0100)]
Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN

The default is now GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, and
removed gnutls_certificate_update_verify_flags().

9 years agosmall optimization in CRL check
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 12:01:08 +0000 (13:01 +0100)]
small optimization in CRL check

9 years agoCheck the key usage bits during certificate verification.
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 09:38:28 +0000 (10:38 +0100)]
Check the key usage bits during certificate verification.

9 years agoCRL verification includes the time checks.
Nikos Mavrogiannopoulos [Fri, 2 Nov 2012 09:24:16 +0000 (10:24 +0100)]
CRL verification includes the time checks.

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 23:16:17 +0000 (00:16 +0100)]
doc update

9 years agodocumented update
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 23:08:58 +0000 (00:08 +0100)]
documented update

9 years agoAdded gnutls_srtp_get_keys().
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 23:04:08 +0000 (00:04 +0100)]
Added gnutls_srtp_get_keys().

9 years agocorrected typos
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 22:06:50 +0000 (23:06 +0100)]
corrected typos

9 years agognutls_srtp_get_profile_by_name -> gnutls_srtp_get_profile_id
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 22:04:20 +0000 (23:04 +0100)]
gnutls_srtp_get_profile_by_name -> gnutls_srtp_get_profile_id

9 years agoFix typos in error messages
Martin Storsjo [Thu, 1 Nov 2012 20:49:00 +0000 (22:49 +0200)]
Fix typos in error messages

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agobetter verification messages.
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 21:48:25 +0000 (22:48 +0100)]
better verification messages.

9 years agooptimized printing
Nikos Mavrogiannopoulos [Thu, 1 Nov 2012 21:48:11 +0000 (22:48 +0100)]
optimized printing