gnutls:gnutls.git
4 years agodoc update gnutls_3_0_x-2
Nikos Mavrogiannopoulos [Thu, 14 Nov 2013 02:28:05 +0000 (03:28 +0100)]
doc update

4 years agocorrected bug in gnutls-cli when used on IPv6 addresses.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 15:42:18 +0000 (16:42 +0100)]
corrected bug in gnutls-cli when used on IPv6 addresses.

4 years agowrite the proper key ID in the token
Nikos Mavrogiannopoulos [Sun, 10 Nov 2013 07:13:34 +0000 (08:13 +0100)]
write the proper key ID in the token

4 years agodoc update
Nikos Mavrogiannopoulos [Sat, 9 Nov 2013 22:03:19 +0000 (23:03 +0100)]
doc update

4 years agodo not traverse PKCS #11 tokens that were not requested.
Nikos Mavrogiannopoulos [Sat, 9 Nov 2013 21:34:15 +0000 (22:34 +0100)]
do not traverse PKCS #11 tokens that were not requested.

4 years agoRevert "Assign very weak level to priority string NONE only."
Nikos Mavrogiannopoulos [Tue, 5 Nov 2013 20:40:27 +0000 (21:40 +0100)]
Revert "Assign very weak level to priority string NONE only."

This reverts commit d4a5b119d5b1f7e0e142f742b9900952c2c1b7b4.

4 years agoAssign very weak level to priority string NONE only.
Nikos Mavrogiannopoulos [Tue, 5 Nov 2013 20:35:26 +0000 (21:35 +0100)]
Assign very weak level to priority string NONE only.

4 years agodoc update
Nikos Mavrogiannopoulos [Sat, 2 Nov 2013 07:36:13 +0000 (08:36 +0100)]
doc update

4 years agoDo not print private key parameters when exporting an encrypted private key.
Nikos Mavrogiannopoulos [Sat, 2 Nov 2013 07:32:56 +0000 (08:32 +0100)]
Do not print private key parameters when exporting an encrypted private key.

4 years agoAvoid depending on hash order in gdoc.
Adam Sampson [Tue, 16 Jul 2013 13:17:18 +0000 (14:17 +0100)]
Avoid depending on hash order in gdoc.

Previously, gdoc had a hash of regexp replacements for each output
format, and applied the replacements in the order that "keys" returned
for the hash. However, not all orders are safe -- and now that Perl 5.18
randomises hash order per-process, it only worked sometimes!

For example, this order is OK:

'is a #gnutls_session_t structure.'
'\@([A-Za-z0-9_]+)\s*' -> 'is a #gnutls_session_t structure.'
'\%([A-Za-z0-9_]+)' -> 'is a #gnutls_session_t structure.'
'\#([A-Za-z0-9_]+)' -> 'is a @code{gnutls_session_t}  structure.'
'([A-Za-z0-9_]+\(\))' -> 'is a @code{gnutls_session_t}  structure.'

This one, however, winds up producing invalid texinfo:

'is a #gnutls_session_t structure.'
'\%([A-Za-z0-9_]+)' -> 'is a #gnutls_session_t structure.'
'([A-Za-z0-9_]+\(\))' -> 'is a #gnutls_session_t structure.'
'\#([A-Za-z0-9_]+)' -> 'is a @code{gnutls_session_t}  structure.'
'\@([A-Za-z0-9_]+)\s*' -> 'is a  @code{code} {gnutls_session_t}  structure.'

This patch turns the hash into a list, so the replacements will always
be done in the intended order.

Signed-off-by: Adam Sampson <ats@offog.org>
4 years agodoc update
Nikos Mavrogiannopoulos [Mon, 21 Oct 2013 18:05:12 +0000 (20:05 +0200)]
doc update

4 years agocorrected type of path_len
Nikos Mavrogiannopoulos [Mon, 21 Oct 2013 17:55:21 +0000 (19:55 +0200)]
corrected type of path_len

4 years agoautogen'ed files update
Nikos Mavrogiannopoulos [Fri, 4 Oct 2013 17:30:47 +0000 (19:30 +0200)]
autogen'ed files update

4 years agodoc update
Nikos Mavrogiannopoulos [Fri, 4 Oct 2013 17:21:46 +0000 (19:21 +0200)]
doc update

4 years agoFix srptool issues
Attila Molnar [Fri, 4 Oct 2013 15:21:49 +0000 (17:21 +0200)]
Fix srptool issues

From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Tue, 1 Oct 2013 13:42:10 +0200
Subject: [PATCH 2/2] srptool: Fix segfault when an invalid group parameter
 index is given

If no group with the given index was found in the password conf file
srptool crashed instead of reporting the error because the return value of
fgets() wasn't validated before it was passed to atoi().

Signed-off-by: Attila Molnar <attilamolnar@hush.com>
4 years agoFix srptool issues
Attila Molnar [Fri, 4 Oct 2013 15:19:34 +0000 (17:19 +0200)]
Fix srptool issues

From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Tue, 1 Oct 2013 13:40:01 +0200
Subject: [PATCH 1/2] srptool: Fix inability to add users to tpasswd and broken
 -i switch

Signed-off-by: Attila Molnar <attilamolnar@hush.com>
4 years agoreleased 3.0.32
Nikos Mavrogiannopoulos [Sat, 31 Aug 2013 08:56:50 +0000 (11:56 +0300)]
released 3.0.32

4 years agofix version numbers and avoid rebuild of documentation.
Nikos Mavrogiannopoulos [Tue, 27 Aug 2013 17:15:19 +0000 (20:15 +0300)]
fix version numbers and avoid rebuild of documentation.

4 years agoAdded missing files.
Nikos Mavrogiannopoulos [Tue, 27 Aug 2013 17:12:50 +0000 (20:12 +0300)]
Added missing files.

4 years agoSync with TP.
Nikos Mavrogiannopoulos [Tue, 27 Aug 2013 17:05:18 +0000 (20:05 +0300)]
Sync with TP.

4 years agodoc update
Nikos Mavrogiannopoulos [Sun, 25 Aug 2013 09:24:04 +0000 (12:24 +0300)]
doc update

4 years agoonly register current session when not resuming
Nikos Mavrogiannopoulos [Sun, 25 Aug 2013 09:07:39 +0000 (12:07 +0300)]
only register current session when not resuming

4 years agoinitialize the digest after output on padlock.
Nikos Mavrogiannopoulos [Sat, 27 Apr 2013 12:08:55 +0000 (15:08 +0300)]
initialize the digest after output on padlock.

4 years agoAdded priority string VERS-DTLS-ALL
Nikos Mavrogiannopoulos [Sat, 13 Apr 2013 15:57:43 +0000 (17:57 +0200)]
Added priority string VERS-DTLS-ALL

4 years agoupdated documentation
Nikos Mavrogiannopoulos [Fri, 26 Apr 2013 21:29:43 +0000 (00:29 +0300)]
updated documentation

4 years agoDo not handle MAC and hash reset separately. It is implied by nettle's output functions.
Nikos Mavrogiannopoulos [Fri, 26 Apr 2013 21:37:07 +0000 (00:37 +0300)]
Do not handle MAC and hash reset separately. It is implied by nettle's output functions.

4 years agoguile: Make builds parallel-safe.
Ludovic Courtès [Sun, 15 Sep 2013 21:30:31 +0000 (23:30 +0200)]
guile: Make builds parallel-safe.

Reported by Andreas Metzler <ametzler@bebt.de>.

4 years agoremoved unused code
Nikos Mavrogiannopoulos [Sat, 3 Aug 2013 19:44:40 +0000 (21:44 +0200)]
removed unused code

4 years agoDo not try to parse arbitrary objects as certificates.
Nikos Mavrogiannopoulos [Sat, 3 Aug 2013 18:02:25 +0000 (20:02 +0200)]
Do not try to parse arbitrary objects as certificates.

4 years agoguile: Use `LOG_COMPILER', as required by Automake 1.12+. gnutls_3_0_31
Ludovic Courtès [Thu, 6 Jun 2013 14:09:27 +0000 (16:09 +0200)]
guile: Use `LOG_COMPILER', as required by Automake 1.12+.

4 years agodoc update
Nikos Mavrogiannopoulos [Fri, 12 Jul 2013 18:48:50 +0000 (20:48 +0200)]
doc update

4 years agobumped version
Nikos Mavrogiannopoulos [Fri, 12 Jul 2013 18:46:23 +0000 (20:46 +0200)]
bumped version

4 years agopkcs11: Use the correct attribute length for CKA_TRUSTED
Stef Walter [Thu, 4 Jul 2013 14:15:03 +0000 (16:15 +0200)]
pkcs11: Use the correct attribute length for CKA_TRUSTED

CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
are done with the attribute byte values, we need to get the length
exactly right.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4 years agoguile: tests: Use `port->fdes' rather than `fileno'.
Ludovic Courtès [Thu, 27 Jun 2013 22:39:35 +0000 (00:39 +0200)]
guile: tests: Use `port->fdes' rather than `fileno'.

This has no practical impact, but it's a better way to express that we
don't want the file descriptors closed behind our back.

4 years agoguile: Keep a weak reference on objects aggregated by other objects.
Ludovic Courtès [Thu, 27 Jun 2013 22:42:44 +0000 (00:42 +0200)]
guile: Keep a weak reference on objects aggregated by other objects.

Before, in cases such as `set-anonymous-server-dh-parameters!' where the
C object beneath CRED keeps a pointer to the C object beneath DH_PARAMS,
DH_PARAMS could be garbage-collected before CRED, leading to the
destruction of the underlying C object.

Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.

4 years agodoc update
Nikos Mavrogiannopoulos [Wed, 19 Jun 2013 21:07:09 +0000 (23:07 +0200)]
doc update

4 years agoenforce the maximum TLS size when setting MTU
Nikos Mavrogiannopoulos [Wed, 19 Jun 2013 21:02:45 +0000 (23:02 +0200)]
enforce the maximum TLS size when setting MTU

4 years agoreleased 3.0.30 gnutls_3_0_30
Nikos Mavrogiannopoulos [Sat, 1 Jun 2013 11:04:49 +0000 (13:04 +0200)]
released 3.0.30

4 years agoupdated libopts generated files
Nikos Mavrogiannopoulos [Sat, 1 Jun 2013 11:02:49 +0000 (13:02 +0200)]
updated libopts generated files

4 years agoupdated libopts
Nikos Mavrogiannopoulos [Sat, 1 Jun 2013 11:00:13 +0000 (13:00 +0200)]
updated libopts

4 years agocheck for suse's CA bundle file
Nikos Mavrogiannopoulos [Sat, 1 Jun 2013 10:42:01 +0000 (12:42 +0200)]
check for suse's CA bundle file

4 years agoSync with TP.
Nikos Mavrogiannopoulos [Wed, 29 May 2013 21:27:00 +0000 (23:27 +0200)]
Sync with TP.

4 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 May 2013 19:23:47 +0000 (21:23 +0200)]
doc update

4 years agoallow ciphersuites with elliptic curves even when using SSL 3.0.
Nikos Mavrogiannopoulos [Wed, 29 May 2013 19:20:07 +0000 (21:20 +0200)]
allow ciphersuites with elliptic curves even when using SSL 3.0.

This works around a bug on openssl in certain Debian systems.

4 years agobumped version
Nikos Mavrogiannopoulos [Wed, 29 May 2013 17:56:11 +0000 (19:56 +0200)]
bumped version

4 years agocorrected AEAD tag size
Nikos Mavrogiannopoulos [Wed, 29 May 2013 17:24:48 +0000 (19:24 +0200)]
corrected AEAD tag size

4 years agomore precise calculation of DTLS overhead
Nikos Mavrogiannopoulos [Wed, 29 May 2013 16:53:23 +0000 (18:53 +0200)]
more precise calculation of DTLS overhead

4 years agoupdated gnulib
Nikos Mavrogiannopoulos [Wed, 29 May 2013 17:39:45 +0000 (19:39 +0200)]
updated gnulib

4 years agoavoid global_init
Nikos Mavrogiannopoulos [Wed, 29 May 2013 17:37:05 +0000 (19:37 +0200)]
avoid global_init

4 years agoremoved unsupported ciphersuites
Nikos Mavrogiannopoulos [Wed, 29 May 2013 17:11:53 +0000 (19:11 +0200)]
removed unsupported ciphersuites

4 years agoCheck overhead in DTLS.
Nikos Mavrogiannopoulos [Wed, 29 May 2013 16:45:31 +0000 (18:45 +0200)]
Check overhead in DTLS.

4 years agodoc update
Nikos Mavrogiannopoulos [Sat, 25 May 2013 18:47:11 +0000 (20:47 +0200)]
doc update

4 years agorevive gnutls_handshake_get_last_in(). Report by Mann Ern Kang.
Nikos Mavrogiannopoulos [Sat, 25 May 2013 18:45:28 +0000 (20:45 +0200)]
revive gnutls_handshake_get_last_in(). Report by Mann Ern Kang.

4 years agocorrected signal() call
Nikos Mavrogiannopoulos [Tue, 21 May 2013 19:31:45 +0000 (21:31 +0200)]
corrected signal() call

4 years agocorrected memory leak in padlock_hash_fast()
Nikos Mavrogiannopoulos [Tue, 16 Apr 2013 16:59:41 +0000 (18:59 +0200)]
corrected memory leak in padlock_hash_fast()

4 years agomake a short list of the available PK algorithms
Nikos Mavrogiannopoulos [Tue, 2 Apr 2013 18:08:42 +0000 (20:08 +0200)]
make a short list of the available PK algorithms

4 years agoupdated
Nikos Mavrogiannopoulos [Wed, 27 Mar 2013 17:56:41 +0000 (18:56 +0100)]
updated

4 years agoWhen in compatibility mode allow for a wrong version in the RSA PMS.
Nikos Mavrogiannopoulos [Wed, 27 Mar 2013 17:50:11 +0000 (18:50 +0100)]
When in compatibility mode allow for a wrong version in the RSA PMS.

4 years agoset release date gnutls_3_0_29
Nikos Mavrogiannopoulos [Fri, 22 Mar 2013 18:06:57 +0000 (19:06 +0100)]
set release date

4 years agoFixes in openpgp handshake with fingerprints. Reported by Joke de Buhr.
Nikos Mavrogiannopoulos [Thu, 21 Mar 2013 16:50:09 +0000 (17:50 +0100)]
Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr.

4 years agocorrect issue with the (deprecated) external key signing and TLS 1.2
Nikos Mavrogiannopoulos [Thu, 21 Mar 2013 15:46:30 +0000 (16:46 +0100)]
correct issue with the (deprecated) external key signing and TLS 1.2

4 years agosearch only for slots with tokens and avoid caching to prevent issues with multiple...
Nikos Mavrogiannopoulos [Sun, 17 Mar 2013 08:33:42 +0000 (09:33 +0100)]
search only for slots with tokens and avoid caching to prevent issues with multiple threads.

4 years agoupdated
Nikos Mavrogiannopoulos [Sat, 16 Mar 2013 11:50:11 +0000 (12:50 +0100)]
updated

4 years agoavoid internal error
Nikos Mavrogiannopoulos [Sat, 16 Mar 2013 11:35:00 +0000 (12:35 +0100)]
avoid internal error

4 years agobumped version
Nikos Mavrogiannopoulos [Sat, 16 Mar 2013 11:05:05 +0000 (12:05 +0100)]
bumped version

4 years agoupdated
Nikos Mavrogiannopoulos [Sat, 16 Mar 2013 11:02:57 +0000 (12:02 +0100)]
updated

4 years agoscan slots on PKCS #11 providers only when needed, not on initialization.
Nikos Mavrogiannopoulos [Sat, 16 Mar 2013 11:00:30 +0000 (12:00 +0100)]
scan slots on PKCS #11 providers only when needed, not on initialization.

4 years agoremoved
Nikos Mavrogiannopoulos [Fri, 8 Mar 2013 20:05:40 +0000 (21:05 +0100)]
removed

4 years agoreturn unimplemented feature on encounter of a known but unsupported url
Nikos Mavrogiannopoulos [Fri, 8 Mar 2013 17:40:06 +0000 (18:40 +0100)]
return unimplemented feature on encounter of a known but unsupported url

4 years agoAdded hash-pjw-bare in gl which is used by minitasn1. Reported by David Woodhouse.
Nikos Mavrogiannopoulos [Wed, 6 Mar 2013 18:17:48 +0000 (19:17 +0100)]
Added hash-pjw-bare in gl which is used by minitasn1. Reported by David Woodhouse.

4 years agoFixes in cpu and cross-compilation detection
Nikos Mavrogiannopoulos [Wed, 6 Mar 2013 10:22:09 +0000 (11:22 +0100)]
Fixes in cpu and cross-compilation detection

4 years agocheck revocation prior to reading local certs.
Nikos Mavrogiannopoulos [Wed, 6 Mar 2013 09:53:46 +0000 (10:53 +0100)]
check revocation prior to reading local certs.

4 years agodeinitialize certificate and use internal function name for gnutls_x509_trust_list_re...
Nikos Mavrogiannopoulos [Wed, 6 Mar 2013 03:14:17 +0000 (04:14 +0100)]
deinitialize certificate and use internal function name for gnutls_x509_trust_list_remove_cas

4 years agoupdated
Nikos Mavrogiannopoulos [Tue, 5 Mar 2013 22:02:09 +0000 (23:02 +0100)]
updated

4 years agobackported configure check for trust store.
Nikos Mavrogiannopoulos [Tue, 5 Mar 2013 22:01:02 +0000 (23:01 +0100)]
backported configure check for trust store.

4 years agocorrectly remove revoked certificates. That required quite some backports from the...
Nikos Mavrogiannopoulos [Tue, 5 Mar 2013 20:46:26 +0000 (21:46 +0100)]
correctly remove revoked certificates. That required quite some backports from the 3.1 branch.

4 years agoCheck for revoked certs in android and do not add. Suggested by David Woodhouse.
Nikos Mavrogiannopoulos [Tue, 5 Mar 2013 19:07:10 +0000 (20:07 +0100)]
Check for revoked certs in android and do not add. Suggested by David Woodhouse.

4 years agolower the priority of the DHE_* ciphersuites.
Nikos Mavrogiannopoulos [Tue, 5 Mar 2013 14:14:21 +0000 (15:14 +0100)]
lower the priority of the DHE_* ciphersuites.

4 years agohandle the interesting variance between directories
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 23:46:06 +0000 (00:46 +0100)]
handle the interesting variance between directories

4 years agoinclude config.h
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 06:00:15 +0000 (07:00 +0100)]
include config.h

4 years agoconfigure.ac updates
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:45:38 +0000 (06:45 +0100)]
configure.ac updates

4 years agoUpdated gnulib.
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:43:20 +0000 (06:43 +0100)]
Updated gnulib.

4 years agoload CA certificates in Android 4.x systems.
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:39:22 +0000 (06:39 +0100)]
load CA certificates in Android 4.x systems.

4 years agogl_EARLY called earlier
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:36:22 +0000 (06:36 +0100)]
gl_EARLY called earlier

4 years agoremoved Werror flags
Nikos Mavrogiannopoulos [Mon, 4 Mar 2013 05:34:24 +0000 (06:34 +0100)]
removed Werror flags

4 years agoupdated
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 10:16:02 +0000 (11:16 +0100)]
updated

4 years agoSelect CPU optimizations based on target cpu rather than the host.
Nikos Mavrogiannopoulos [Sat, 2 Mar 2013 09:57:04 +0000 (10:57 +0100)]
Select CPU optimizations based on target cpu rather than the host.

4 years agouse ARCFOUR by default on PKCS #12 file generation
Nikos Mavrogiannopoulos [Fri, 1 Mar 2013 19:44:03 +0000 (20:44 +0100)]
use ARCFOUR by default on PKCS #12 file generation

4 years agoFixed gnutls_pkcs11_reinit() to reinitialize all modules.
Nikos Mavrogiannopoulos [Mon, 18 Feb 2013 22:48:43 +0000 (23:48 +0100)]
Fixed gnutls_pkcs11_reinit() to reinitialize all modules.

4 years agoupdated
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 20:44:36 +0000 (21:44 +0100)]
updated

4 years agocorrected gnutls_pubkey_verify_data()
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 19:30:30 +0000 (20:30 +0100)]
corrected gnutls_pubkey_verify_data()

4 years agoreduced hash table size
Nikos Mavrogiannopoulos [Wed, 13 Feb 2013 16:57:43 +0000 (17:57 +0100)]
reduced hash table size

4 years agoDN variable 'T' was expanded to 'title' gnutls_3_0_28
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:20:33 +0000 (10:20 +0100)]
DN variable 'T' was expanded to 'title'

4 years agoprepared release
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:21:13 +0000 (09:21 +0100)]
prepared release

4 years agodocumented fix
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:09:51 +0000 (09:09 +0100)]
documented fix

4 years agoFixes to avoid a timing attack in TLS CBC record parsing.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 02:08:04 +0000 (03:08 +0100)]
Fixes to avoid a timing attack in TLS CBC record parsing.

4 years agoAdded GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA to specify trusted CA certificates.
Nikos Mavrogiannopoulos [Sun, 3 Feb 2013 09:36:57 +0000 (10:36 +0100)]
Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA to specify trusted CA certificates.

4 years agosimplified DB storing
Nikos Mavrogiannopoulos [Fri, 1 Feb 2013 19:22:09 +0000 (20:22 +0100)]
simplified DB storing

4 years agoremove function is not required to add or retrieve from db.
Nikos Mavrogiannopoulos [Fri, 1 Feb 2013 19:05:05 +0000 (20:05 +0100)]
remove function is not required to add or retrieve from db.

4 years agoFixes in server side of DTLS-0.9.
Nikos Mavrogiannopoulos [Thu, 31 Jan 2013 19:16:44 +0000 (20:16 +0100)]
Fixes in server side of DTLS-0.9.