gnutls:gnutls.git
9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:03:56 +0000 (06:03 +0100)]
updated

9 years agocall gl_EARLY earlier, and add AM_PROG_AR.
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 04:55:37 +0000 (05:55 +0100)]
call gl_EARLY earlier, and add AM_PROG_AR.

9 years agocorrected link
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 04:45:57 +0000 (05:45 +0100)]
corrected link

9 years agoremoved Werror from automake rules
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 20:12:08 +0000 (21:12 +0100)]
removed Werror from automake rules

9 years agoAdded flag
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 09:06:35 +0000 (10:06 +0100)]
Added flag

9 years agoremoved
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 09:06:12 +0000 (10:06 +0100)]
removed

9 years agochanges to avoid compilation of programs that cannot be.
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 09:00:18 +0000 (10:00 +0100)]
changes to avoid compilation of programs that cannot be.

9 years agomore simplifications to gnutls_x509_trust_list_add_system_trust()
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 08:35:59 +0000 (09:35 +0100)]
more simplifications to gnutls_x509_trust_list_add_system_trust()

9 years agoupdated
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 00:32:50 +0000 (01:32 +0100)]
updated

9 years agocorrected reading from directory.
Nikos Mavrogiannopoulos [Sun, 3 Mar 2013 00:23:45 +0000 (01:23 +0100)]
corrected reading from directory.

9 years agognutls_x509_trust_list_add_system_trust() was made to work in android 4.x.
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 23:58:59 +0000 (00:58 +0100)]
gnutls_x509_trust_list_add_system_trust() was made to work in android 4.x.

9 years agoupdated
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 10:15:36 +0000 (11:15 +0100)]
updated

9 years agoMore cleanups in gnutls_x509_trust_list_add_system_trust()
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 10:13:51 +0000 (11:13 +0100)]
More cleanups in gnutls_x509_trust_list_add_system_trust()

9 years agoSelect CPU optimizations based on target cpu rather than the host.
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 09:57:04 +0000 (10:57 +0100)]
Select CPU optimizations based on target cpu rather than the host.

9 years agosome simplifications in gnutls_x509_trust_list_add_system_trust()
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 09:18:45 +0000 (10:18 +0100)]
some simplifications in gnutls_x509_trust_list_add_system_trust()

9 years agoUse ARCFOUR cipher by default to be compatible with devices like android that don...
Nikos Mavrogiannopoulos [Fri, 1 Mar 2013 19:42:18 +0000 (20:42 +0100)]
Use ARCFOUR cipher by default to be compatible with devices like android that don't support AES

9 years agoAdded verify flags for DANE to enforce verification and restrict it to a field.
Nikos Mavrogiannopoulos [Fri, 1 Mar 2013 15:54:12 +0000 (16:54 +0100)]
Added verify flags for DANE to enforce verification and restrict it to a field.

9 years agoadded empty ChangeLog
Nikos Mavrogiannopoulos [Thu, 28 Feb 2013 23:40:24 +0000 (00:40 +0100)]
added empty ChangeLog

9 years agoupdated gnulib
Nikos Mavrogiannopoulos [Thu, 28 Feb 2013 23:05:36 +0000 (00:05 +0100)]
updated gnulib

9 years agoAdded gnutls_pkcs11_privkey_status
Nikos Mavrogiannopoulos [Wed, 27 Feb 2013 19:41:06 +0000 (20:41 +0100)]
Added gnutls_pkcs11_privkey_status

9 years agoupdated gnutls_3_1_9
Nikos Mavrogiannopoulos [Wed, 27 Feb 2013 19:09:45 +0000 (20:09 +0100)]
updated

9 years agobumped version
Nikos Mavrogiannopoulos [Wed, 27 Feb 2013 18:19:47 +0000 (19:19 +0100)]
bumped version

9 years agosmall optimizations in session storage
Nikos Mavrogiannopoulos [Wed, 27 Feb 2013 16:01:12 +0000 (17:01 +0100)]
small optimizations in session storage

9 years agono need to memset during session deinit.
Nikos Mavrogiannopoulos [Wed, 27 Feb 2013 16:00:57 +0000 (17:00 +0100)]
no need to memset during session deinit.

9 years agofixed nonce generation after fork().
Nikos Mavrogiannopoulos [Tue, 26 Feb 2013 22:41:26 +0000 (23:41 +0100)]
fixed nonce generation after fork().

9 years agoSmall fixes.
Nikos Mavrogiannopoulos [Tue, 26 Feb 2013 22:38:14 +0000 (23:38 +0100)]
Small fixes.

9 years agoAdded gnutls_pkcs11_privkey_status().
Nikos Mavrogiannopoulos [Mon, 25 Feb 2013 21:05:42 +0000 (22:05 +0100)]
Added gnutls_pkcs11_privkey_status().

9 years agodoc update
Nikos Mavrogiannopoulos [Sun, 24 Feb 2013 17:33:24 +0000 (18:33 +0100)]
doc update

9 years agowhen verifying a DANE CA constraint make sure that the provided chain is actually...
Nikos Mavrogiannopoulos [Sun, 24 Feb 2013 17:33:09 +0000 (18:33 +0100)]
when verifying a DANE CA constraint make sure that the provided chain is actually a chain.

9 years agodoc update
Nikos Mavrogiannopoulos [Sun, 24 Feb 2013 11:18:31 +0000 (12:18 +0100)]
doc update

9 years agomention enable-in in p11-kit config.
Nikos Mavrogiannopoulos [Thu, 21 Feb 2013 21:03:40 +0000 (22:03 +0100)]
mention enable-in in p11-kit config.

9 years agoMoved gnutls_hex_(en|de)code functions from lib/gnutls_psk.c to lib/gnutls_str.c...
Jaak Ristioja [Wed, 20 Feb 2013 10:46:34 +0000 (12:46 +0200)]
Moved gnutls_hex_(en|de)code functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix compilation of certtool when PSK is disabled.

These are rather generic functions by nature, so it would be reasonable
to include them in GnuTLS even if PSK support is disabled.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years agoprint info on reinitializor error.
Nikos Mavrogiannopoulos [Tue, 19 Feb 2013 07:00:48 +0000 (08:00 +0100)]
print info on reinitializor error.

9 years agoDocumented the DANE situation in gnutls. Suggested by Gabor Toth.
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 23:05:57 +0000 (00:05 +0100)]
Documented the DANE situation in gnutls. Suggested by Gabor Toth.

9 years agoFixed gnutls_pkcs11_reinit() to reinitialize all modules.
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 22:48:43 +0000 (23:48 +0100)]
Fixed gnutls_pkcs11_reinit() to reinitialize all modules.

9 years agoreturn proper error
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 22:00:36 +0000 (23:00 +0100)]
return proper error

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 20:43:28 +0000 (21:43 +0100)]
updated

9 years agouse set_int when needed
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 20:36:54 +0000 (21:36 +0100)]
use set_int when needed

9 years agoUse gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 18:22:07 +0000 (19:22 +0100)]
Use gnutls_realloc_fast everywhere. Suggested by David Woodhouse.

9 years agobetter cleanup on error on export case
Nikos Mavrogiannopoulos [Sun, 17 Feb 2013 08:26:52 +0000 (09:26 +0100)]
better cleanup on error on export case

9 years agocorrected parsing issue in XMPP data when in a subject alternative name
Nikos Mavrogiannopoulos [Sat, 16 Feb 2013 23:30:59 +0000 (00:30 +0100)]
corrected parsing issue in XMPP data when in a subject alternative name

9 years agocleaned up the PIN calling in TPM
Nikos Mavrogiannopoulos [Sat, 16 Feb 2013 09:17:58 +0000 (10:17 +0100)]
cleaned up the PIN calling in TPM

9 years agoAdded convenience functions to avoid ugly casting in simple programs.
Nikos Mavrogiannopoulos [Sat, 16 Feb 2013 08:53:03 +0000 (09:53 +0100)]
Added convenience functions to avoid ugly casting in simple programs.

9 years agobe more explicit in DTLS examples to account for LARGE_PACKET error
Nikos Mavrogiannopoulos [Fri, 15 Feb 2013 19:53:40 +0000 (20:53 +0100)]
be more explicit in DTLS examples to account for LARGE_PACKET error

9 years agofix two minor memory leaks when PKCS#11 is in use
Daniel Kahn Gillmor [Sat, 16 Feb 2013 05:03:38 +0000 (00:03 -0500)]
fix two minor memory leaks when PKCS#11 is in use

9 years agodocumented fix
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 20:09:48 +0000 (21:09 +0100)]
documented fix

9 years agocorrected export of functions
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 20:08:58 +0000 (21:08 +0100)]
corrected export of functions

9 years agodocumented fix
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 19:40:21 +0000 (20:40 +0100)]
documented fix

9 years agocorrected gnutls_pubkey_verify_data()
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 19:30:30 +0000 (20:30 +0100)]
corrected gnutls_pubkey_verify_data()

9 years agoreduced hash table size
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 16:57:26 +0000 (17:57 +0100)]
reduced hash table size

9 years agodoc update
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 19:45:01 +0000 (20:45 +0100)]
doc update

9 years agoAdded const
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 19:20:49 +0000 (20:20 +0100)]
Added const

9 years agognutls_handshake_set_server_random -> gnutls_handshake_set_random
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 19:09:20 +0000 (20:09 +0100)]
gnutls_handshake_set_server_random -> gnutls_handshake_set_random

9 years agotimespec_sub_ms -> _gnutls_timespec_sub_ms
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 18:45:18 +0000 (19:45 +0100)]
timespec_sub_ms -> _gnutls_timespec_sub_ms

9 years agoAdded gnutls_handshake_set_server_random
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 18:43:30 +0000 (19:43 +0100)]
Added gnutls_handshake_set_server_random

9 years agoproperly set close-on-exec.
Nikos Mavrogiannopoulos [Tue, 12 Feb 2013 08:54:05 +0000 (09:54 +0100)]
properly set close-on-exec.

9 years agoavoid ptrdiff_t
Nikos Mavrogiannopoulos [Mon, 11 Feb 2013 08:29:38 +0000 (09:29 +0100)]
avoid ptrdiff_t

9 years agocerttool's --to-p12 will now ask for a password to generate PKCS #12 files.
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 20:52:05 +0000 (21:52 +0100)]
certtool's --to-p12 will now ask for a password to generate PKCS #12 files.

That is when provided an encrypted key file. Reported by Yan Fiz.

9 years agoprefer plain RSA to DHE-RSA and DHE-DSS
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 12:16:09 +0000 (13:16 +0100)]
prefer plain RSA to DHE-RSA and DHE-DSS

9 years agoremoved duplicate gnutls_3_1_8
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 11:46:56 +0000 (12:46 +0100)]
removed duplicate

9 years agosmall updates
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 11:21:55 +0000 (12:21 +0100)]
small updates

9 years agoslow tests moved at the end of the suite
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 11:40:11 +0000 (12:40 +0100)]
slow tests moved at the end of the suite

9 years agosimplified cleaning-up in _gnutls_stream_read and _gnutls_dgram_read
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 11:18:01 +0000 (12:18 +0100)]
simplified cleaning-up in _gnutls_stream_read and _gnutls_dgram_read

9 years agocorrected extract_digest_info
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 11:00:03 +0000 (12:00 +0100)]
corrected extract_digest_info

9 years agoIn client side the verify callback is always being called.
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 10:52:21 +0000 (11:52 +0100)]
In client side the verify callback is always being called.

9 years agofurther relaxed security levels
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 10:46:21 +0000 (11:46 +0100)]
further relaxed security levels

9 years agoAdd option to disable generation of any documentation for GnuTLS.
Jaak Ristioja [Tue, 29 Jan 2013 09:27:23 +0000 (11:27 +0200)]
Add option to disable generation of any documentation for GnuTLS.

9 years agoPrevent libdane pkgconfig stuff from being installed if libdane support is disabled.
Jaak Ristioja [Tue, 29 Jan 2013 08:48:14 +0000 (10:48 +0200)]
Prevent libdane pkgconfig stuff from being installed if libdane support is disabled.

9 years agoupdates for 3.1.8
Nikos Mavrogiannopoulos [Sun, 10 Feb 2013 10:24:14 +0000 (11:24 +0100)]
updates for 3.1.8

9 years agoRestored 3.1.6 defaults and documented fix.
Nikos Mavrogiannopoulos [Sat, 9 Feb 2013 18:22:25 +0000 (19:22 +0100)]
Restored 3.1.6 defaults and documented fix.

9 years agoreduced the very weak DH level to 768 bits to not reject popular sites that operate...
Nikos Mavrogiannopoulos [Sat, 9 Feb 2013 18:11:10 +0000 (19:11 +0100)]
reduced the very weak DH level to 768 bits to not reject popular sites that operate on that level.

9 years agoadded debugging message to indicate the number of bits.
Nikos Mavrogiannopoulos [Sat, 9 Feb 2013 17:47:05 +0000 (18:47 +0100)]
added debugging message to indicate the number of bits.

9 years agoDo not call the certificate verification callback if certificates are ignored.
Nikos Mavrogiannopoulos [Sat, 9 Feb 2013 12:21:58 +0000 (13:21 +0100)]
Do not call the certificate verification callback if certificates are ignored.

9 years agoavoid memset on the whole record header length
Nikos Mavrogiannopoulos [Fri, 8 Feb 2013 09:55:18 +0000 (10:55 +0100)]
avoid memset on the whole record header length

9 years agofixed issue in gnutls_x509_privkey_import2()
Nikos Mavrogiannopoulos [Thu, 7 Feb 2013 18:16:43 +0000 (19:16 +0100)]
fixed issue in gnutls_x509_privkey_import2()

9 years agoreference TPMURI
Nikos Mavrogiannopoulos [Tue, 5 Feb 2013 18:25:08 +0000 (19:25 +0100)]
reference TPMURI

9 years agoupdated doc
Nikos Mavrogiannopoulos [Tue, 5 Feb 2013 18:19:24 +0000 (19:19 +0100)]
updated doc

9 years agocorrected typo
Nikos Mavrogiannopoulos [Tue, 5 Feb 2013 18:07:41 +0000 (19:07 +0100)]
corrected typo

9 years agocorrected wrap_nettle_hash_algorithm() to work with arbitrary key sizes.
Nikos Mavrogiannopoulos [Tue, 5 Feb 2013 18:05:59 +0000 (19:05 +0100)]
corrected wrap_nettle_hash_algorithm() to work with arbitrary key sizes.

9 years agoAdded a magic number in front session DB data.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 18:24:50 +0000 (19:24 +0100)]
Added a magic number in front session DB data.

9 years agoCorrected typo. Reported by Mark Brand.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 17:12:31 +0000 (18:12 +0100)]
Corrected typo. Reported by Mark Brand.

9 years agoupdate gnutls_3_1_7
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 10:00:22 +0000 (11:00 +0100)]
update

9 years agotest update
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:44:02 +0000 (10:44 +0100)]
test update

9 years agoupdate
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:35:58 +0000 (10:35 +0100)]
update

9 years agoupdated doc
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:05:41 +0000 (10:05 +0100)]
updated doc

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:42:27 +0000 (09:42 +0100)]
updated

9 years agodoc update
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:30:25 +0000 (09:30 +0100)]
doc update

9 years agodocument limitation
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:30:05 +0000 (09:30 +0100)]
document limitation

9 years agoMake sure we don't fail if writing gets interrupted
Alfredo Pironti [Thu, 24 Jan 2013 12:46:15 +0000 (13:46 +0100)]
Make sure we don't fail if writing gets interrupted

9 years agodisable heartbeat test if it isn't included.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:26:50 +0000 (09:26 +0100)]
disable heartbeat test if it isn't included.

9 years agodocumented fix
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:09:46 +0000 (09:09 +0100)]
documented fix

9 years agopostpone the change
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 07:57:58 +0000 (08:57 +0100)]
postpone the change

9 years agoRevert "license is again LGPLv2.1"
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 07:57:44 +0000 (08:57 +0100)]
Revert "license is again LGPLv2.1"

This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.

9 years agoupdated test
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 07:57:10 +0000 (08:57 +0100)]
updated test

9 years agoFixes to avoid a timing attack in TLS CBC record parsing.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 02:08:04 +0000 (03:08 +0100)]
Fixes to avoid a timing attack in TLS CBC record parsing.

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 01:59:00 +0000 (02:59 +0100)]
updated

9 years agoonly register heartbeat if it is enabled.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 01:51:26 +0000 (02:51 +0100)]
only register heartbeat if it is enabled.

9 years agolicense is again LGPLv2.1
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 01:46:38 +0000 (02:46 +0100)]
license is again LGPLv2.1

9 years agoupdated heartbeat code, and made it optional.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 01:24:29 +0000 (02:24 +0100)]
updated heartbeat code, and made it optional.

9 years agocorrected typo
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 00:55:43 +0000 (01:55 +0100)]
corrected typo