gnutls:gnutls.git
2 years agolatex doc: updated copyright dates master
Nikos Mavrogiannopoulos [Wed, 4 Mar 2015 16:24:20 +0000 (17:24 +0100)]
latex doc: updated copyright dates

2 years agoupdated copyright date
Nikos Mavrogiannopoulos [Wed, 4 Mar 2015 16:23:32 +0000 (17:23 +0100)]
updated copyright date

2 years agoadded the change of priority string NORMAL in documentation
Nikos Mavrogiannopoulos [Wed, 4 Mar 2015 07:20:35 +0000 (08:20 +0100)]
added the change of priority string NORMAL in documentation

2 years agodocument the usage of a PKCS #11 trust module for verification
Nikos Mavrogiannopoulos [Wed, 4 Mar 2015 07:15:16 +0000 (08:15 +0100)]
document the usage of a PKCS #11 trust module for verification

2 years agotests: updated the suite to account for the removal of DSA by default
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 18:44:38 +0000 (19:44 +0100)]
tests: updated the suite to account for the removal of DSA by default

2 years agotests: updated the suite to account for the removal of DSA by default
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 17:52:22 +0000 (18:52 +0100)]
tests: updated the suite to account for the removal of DSA by default

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 17:51:22 +0000 (18:51 +0100)]
doc update

2 years agocross-implementation test suite was relicensed to 3-clause BSD
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 16:44:00 +0000 (17:44 +0100)]
cross-implementation test suite was relicensed to 3-clause BSD

That way the suite can be used by projects with other licenses.

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 08:34:26 +0000 (09:34 +0100)]
doc update

2 years agoDSA signatures and DHE-DSS are disabled by default
Nikos Mavrogiannopoulos [Tue, 3 Mar 2015 08:31:16 +0000 (09:31 +0100)]
DSA signatures and DHE-DSS are disabled by default

DSA was an algorithm that was never deployed on the Internet
and had, until very recently, several limitations such as
restriction of its keys to 1024 bits, SHA1-only etc. Given
that there are literally 0 internet (HTTPS) certificates using
DSA, there is no point to enable it by default and increase
our attack surface.

2 years agognutls-cli: include AES_128_CCM in benchmark-ciphers
Nikos Mavrogiannopoulos [Mon, 2 Mar 2015 07:12:28 +0000 (08:12 +0100)]
gnutls-cli: include AES_128_CCM in benchmark-ciphers

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 28 Feb 2015 11:55:09 +0000 (12:55 +0100)]
doc update

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 28 Feb 2015 11:22:10 +0000 (12:22 +0100)]
doc update

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 28 Feb 2015 08:43:16 +0000 (09:43 +0100)]
doc update

2 years agobundle inet_ntop in systems that don't have it
Nikos Mavrogiannopoulos [Sat, 28 Feb 2015 08:33:12 +0000 (09:33 +0100)]
bundle inet_ntop in systems that don't have it

2 years agoupdated auto-generated files
Nikos Mavrogiannopoulos [Fri, 27 Feb 2015 15:31:50 +0000 (16:31 +0100)]
updated auto-generated files

2 years agoremoved gnutls_pubkey_get_verify_algorithm from abstract.h
Nikos Mavrogiannopoulos [Fri, 27 Feb 2015 15:26:34 +0000 (16:26 +0100)]
removed gnutls_pubkey_get_verify_algorithm from abstract.h

2 years agocorrected typo in gnutls_handshake(), spotted by Andris Mednis
Nikos Mavrogiannopoulos [Thu, 26 Feb 2015 12:03:35 +0000 (13:03 +0100)]
corrected typo in gnutls_handshake(), spotted by Andris Mednis

2 years agodoc update: document that session_get_data() must be used in non-resumed sessions
Nikos Mavrogiannopoulos [Tue, 24 Feb 2015 09:28:26 +0000 (10:28 +0100)]
doc update: document that session_get_data() must be used in non-resumed sessions

2 years agodoc update
Nikos Mavrogiannopoulos [Mon, 23 Feb 2015 12:50:00 +0000 (13:50 +0100)]
doc update

2 years agoadded comments
Nikos Mavrogiannopoulos [Sun, 22 Feb 2015 10:47:25 +0000 (11:47 +0100)]
added comments

2 years agoUse p11_kit_uri_get_pin_value() if available in p11-kit
Nikos Mavrogiannopoulos [Sun, 22 Feb 2015 10:39:49 +0000 (11:39 +0100)]
Use p11_kit_uri_get_pin_value() if available in p11-kit

2 years agofixed handling of GNUTLS_E_INT_CHECK_AGAIN
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 11:00:13 +0000 (12:00 +0100)]
fixed handling of GNUTLS_E_INT_CHECK_AGAIN

2 years agoremoved unnecessary check and optimized function
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:50:40 +0000 (11:50 +0100)]
removed unnecessary check and optimized function

2 years agocorrected check which prevented client to sent an unacceptable for the version cipher...
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:46:13 +0000 (11:46 +0100)]
corrected check which prevented client to sent an unacceptable for the version ciphersuite

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:40:50 +0000 (11:40 +0100)]
doc update

2 years agotests: mini-key-material: avoid memory leak
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:38:49 +0000 (11:38 +0100)]
tests: mini-key-material: avoid memory leak

2 years agotests: require DTLS 1.2 when using GCM
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:35:04 +0000 (11:35 +0100)]
tests: require DTLS 1.2 when using GCM

2 years agohandle GNUTLS_E_INT_CHECK_AGAIN
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:32:36 +0000 (11:32 +0100)]
handle GNUTLS_E_INT_CHECK_AGAIN

2 years agocheck the negotiated TLS/DTLS version prior to offering a ciphersuite a server
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 10:28:57 +0000 (11:28 +0100)]
check the negotiated TLS/DTLS version prior to offering a ciphersuite a server

2 years agoremove unnecessary assert
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 09:57:14 +0000 (10:57 +0100)]
remove unnecessary assert

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 09:53:25 +0000 (10:53 +0100)]
doc update

2 years agotests: modified tests with obsolete APIs with their replacement API
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 09:51:49 +0000 (10:51 +0100)]
tests: modified tests with obsolete APIs with their replacement API

2 years agodoc: added deprecated functions into upgrade plan
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:35:21 +0000 (07:35 +0100)]
doc: added deprecated functions into upgrade plan

2 years agotests: added checks for gnutls_x509_crt_get_signature_algorithm and gnutls_x509_crt_g...
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:35:01 +0000 (07:35 +0100)]
tests: added checks for gnutls_x509_crt_get_signature_algorithm and gnutls_x509_crt_get_preferred_hash_algorithm

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:25:24 +0000 (07:25 +0100)]
doc update

2 years agoremoved gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:24:13 +0000 (07:24 +0100)]
removed gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs

2 years agoremoved gnutls_x509_crt_get_verify_algorithm()
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:13:37 +0000 (07:13 +0100)]
removed gnutls_x509_crt_get_verify_algorithm()

2 years agoremoved gnutls_pubkey_verify_hash() and gnutls_pubkey_verify_data()
Nikos Mavrogiannopoulos [Sat, 21 Feb 2015 06:07:54 +0000 (07:07 +0100)]
removed gnutls_pubkey_verify_hash() and gnutls_pubkey_verify_data()

2 years agocerttool: use unsigned for bits
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 22:47:25 +0000 (23:47 +0100)]
certtool: use unsigned for bits

2 years agocerttool/p11tool: avoid cast to function call
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 22:46:35 +0000 (23:46 +0100)]
certtool/p11tool: avoid cast to function call

2 years agocerttool: allow specifying a purpose and a hostname for chain verification
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 22:42:47 +0000 (23:42 +0100)]
certtool: allow specifying a purpose and a hostname for chain verification

2 years agotests: added check for invalid X.509 certificate
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 21:17:15 +0000 (22:17 +0100)]
tests: added check for invalid X.509 certificate

2 years agotests: added check for gnutls_record_get_state()
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 16:09:57 +0000 (17:09 +0100)]
tests: added check for gnutls_record_get_state()

2 years agoremoved unused constants
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 16:09:34 +0000 (17:09 +0100)]
removed unused constants

2 years agomemcpy fix in gnutls_record_get_state
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 15:58:41 +0000 (16:58 +0100)]
memcpy fix in gnutls_record_get_state

2 years agoremoved ltmain.sh from root
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 15:23:33 +0000 (16:23 +0100)]
removed ltmain.sh from root

2 years agodoc update
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 10:18:45 +0000 (11:18 +0100)]
doc update

2 years agoAdded gnutls_record_get_state() and gnutls_record_set_state()
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 10:16:44 +0000 (11:16 +0100)]
Added gnutls_record_get_state() and gnutls_record_set_state()

These functions allow to export the key material and sequence numbers.
That allows offloading the sending and receiving of individual records.

2 years agofixed sequence number copy
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 10:13:55 +0000 (11:13 +0100)]
fixed sequence number copy

2 years agodoc update
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 09:56:54 +0000 (10:56 +0100)]
doc update

2 years agognutls_handshake_set_hook_function: will provide the raw handshake data
Nikos Mavrogiannopoulos [Fri, 20 Feb 2015 09:56:35 +0000 (10:56 +0100)]
gnutls_handshake_set_hook_function: will provide the raw handshake data

2 years agouse explicit casts to unsigned int in the CURVE_TO_BITS et al
Nikos Mavrogiannopoulos [Wed, 18 Feb 2015 22:04:24 +0000 (23:04 +0100)]
use explicit casts to unsigned int in the CURVE_TO_BITS et al

2 years agouse cast in _gnutls_hash_fast
Nikos Mavrogiannopoulos [Wed, 18 Feb 2015 21:55:38 +0000 (22:55 +0100)]
use cast in _gnutls_hash_fast

2 years agowhen importing a certificate ensure that the signature parameters match
Nikos Mavrogiannopoulos [Tue, 17 Feb 2015 13:20:10 +0000 (14:20 +0100)]
when importing a certificate ensure that the signature parameters match

2 years agoAllow AESNI GCM accelaration in x86
Nikos Mavrogiannopoulos [Sat, 14 Feb 2015 17:02:01 +0000 (18:02 +0100)]
Allow AESNI GCM accelaration in x86

2 years agognutls-cli: added --save-cert option
Nikos Mavrogiannopoulos [Fri, 6 Feb 2015 19:22:42 +0000 (20:22 +0100)]
gnutls-cli: added --save-cert option

2 years agoadded missing prototypes
Nikos Mavrogiannopoulos [Thu, 5 Feb 2015 04:39:13 +0000 (05:39 +0100)]
added missing prototypes

2 years agohandle differently OCSP responses that are revoked and of unknown status
Nikos Mavrogiannopoulos [Wed, 4 Feb 2015 09:14:55 +0000 (10:14 +0100)]
handle differently OCSP responses that are revoked and of unknown status

2 years agocompilation fix with return on void function; reported by David Marx
Nikos Mavrogiannopoulos [Sun, 1 Feb 2015 12:35:40 +0000 (13:35 +0100)]
compilation fix with return on void function; reported by David Marx

2 years agodoc update
Nikos Mavrogiannopoulos [Thu, 29 Jan 2015 13:31:08 +0000 (14:31 +0100)]
doc update

2 years agoset the appropriate direction when _gnutls_io_write_flush() is called
Nikos Mavrogiannopoulos [Thu, 29 Jan 2015 13:21:18 +0000 (14:21 +0100)]
set the appropriate direction when _gnutls_io_write_flush() is called

2 years agotests: added check for operation under different threads and DTLS
Nikos Mavrogiannopoulos [Wed, 28 Jan 2015 09:32:16 +0000 (10:32 +0100)]
tests: added check for operation under different threads and DTLS

2 years agotests: added check for operation under different processes and DTLS
Nikos Mavrogiannopoulos [Wed, 28 Jan 2015 09:22:37 +0000 (10:22 +0100)]
tests: added check for operation under different processes and DTLS

2 years agoRevert "doc update"
Nikos Mavrogiannopoulos [Wed, 28 Jan 2015 08:57:13 +0000 (09:57 +0100)]
Revert "doc update"

This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.

2 years agoRevert "Added gnutls_record_is_async()"
Nikos Mavrogiannopoulos [Wed, 28 Jan 2015 08:56:56 +0000 (09:56 +0100)]
Revert "Added gnutls_record_is_async()"

This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.

2 years agodocumented using a session with fork or multiple threads
Nikos Mavrogiannopoulos [Wed, 28 Jan 2015 08:56:21 +0000 (09:56 +0100)]
documented using a session with fork or multiple threads

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 27 Jan 2015 12:07:19 +0000 (13:07 +0100)]
doc update

2 years agoAdded gnutls_record_is_async()
Nikos Mavrogiannopoulos [Tue, 27 Jan 2015 12:06:10 +0000 (13:06 +0100)]
Added gnutls_record_is_async()

That function indicates whether gnutls_record_recv() and
gnutls_record_send() can be used independently and in
parallel.

2 years agoprint errno in a more uniform way
Nikos Mavrogiannopoulos [Sun, 25 Jan 2015 09:17:06 +0000 (10:17 +0100)]
print errno in a more uniform way

2 years agodoc update
Nikos Mavrogiannopoulos [Sun, 25 Jan 2015 07:28:13 +0000 (08:28 +0100)]
doc update

2 years agoexported gnutls_system_recv_timeout()
Nikos Mavrogiannopoulos [Sun, 25 Jan 2015 07:27:08 +0000 (08:27 +0100)]
exported gnutls_system_recv_timeout()

2 years agosimplified _gnutls_writev() by requiring the total length
Nikos Mavrogiannopoulos [Sun, 25 Jan 2015 07:15:01 +0000 (08:15 +0100)]
simplified _gnutls_writev() by requiring the total length

2 years agoopencdk: small fixed to reduce warnings
Nikos Mavrogiannopoulos [Tue, 20 Jan 2015 08:39:44 +0000 (09:39 +0100)]
opencdk: small fixed to reduce warnings

2 years agodoc update
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 14:36:22 +0000 (15:36 +0100)]
doc update

2 years agodon't be so verbose about the OCSP nonce; it is universally unsupported
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 14:32:09 +0000 (15:32 +0100)]
don't be so verbose about the OCSP nonce; it is universally unsupported

2 years agoOCSP check the whole cert chain
Tim Ruehsen [Sat, 17 Jan 2015 13:32:35 +0000 (14:32 +0100)]
OCSP check the whole cert chain

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2 years agoon certificate import check whether the two signature algorithms match
Nikos Mavrogiannopoulos [Mon, 19 Jan 2015 08:29:31 +0000 (09:29 +0100)]
on certificate import check whether the two signature algorithms match

2 years agocross.mk: use 3.3.12
Nikos Mavrogiannopoulos [Sat, 17 Jan 2015 08:49:17 +0000 (09:49 +0100)]
cross.mk: use 3.3.12

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 17 Jan 2015 08:01:37 +0000 (09:01 +0100)]
doc update

2 years agoAdded configure option --disable-tools
Luke Dashjr [Mon, 12 Jan 2015 19:32:38 +0000 (19:32 +0000)]
Added configure option --disable-tools

2 years agocorrected typos
Nikos Mavrogiannopoulos [Fri, 16 Jan 2015 14:54:53 +0000 (15:54 +0100)]
corrected typos

Reported by Guido Kroon.

2 years agoAdded the notion of obsolete versions
Nikos Mavrogiannopoulos [Fri, 16 Jan 2015 13:16:58 +0000 (14:16 +0100)]
Added the notion of obsolete versions

That prevents using these versions as record version numbers, unless
they are the only protocol supported. This avoids the issues with
servers that have banned SSL 3.0 record versions.

2 years agoocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access
Nikos Mavrogiannopoulos [Fri, 16 Jan 2015 09:16:47 +0000 (10:16 +0100)]
ocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access

2 years agognutls_x509_crt_get_authority_info_access: doc update
Nikos Mavrogiannopoulos [Fri, 16 Jan 2015 09:15:08 +0000 (10:15 +0100)]
gnutls_x509_crt_get_authority_info_access: doc update

2 years agoocsptool-common: iterate through all AIA items prior to decidig the OCSP server
Nikos Mavrogiannopoulos [Thu, 15 Jan 2015 14:49:53 +0000 (15:49 +0100)]
ocsptool-common: iterate through all AIA items prior to decidig the OCSP server

2 years agouse a FIPS key that agree's with fedora's fipshmac
Nikos Mavrogiannopoulos [Wed, 14 Jan 2015 07:11:17 +0000 (08:11 +0100)]
use a FIPS key that agree's with fedora's fipshmac

2 years agoDCO: Added Luke Dashjr
Nikos Mavrogiannopoulos [Wed, 14 Jan 2015 21:51:55 +0000 (22:51 +0100)]
DCO: Added Luke Dashjr

2 years agosimplified text for inline-commands-prefix
Nikos Mavrogiannopoulos [Tue, 13 Jan 2015 21:47:59 +0000 (22:47 +0100)]
simplified text for inline-commands-prefix

2 years agognutls-cli: added --starttls-proto option
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 22:14:35 +0000 (23:14 +0100)]
gnutls-cli: added --starttls-proto option

2 years agopkcs11: cleanup the name of types
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 16:28:50 +0000 (17:28 +0100)]
pkcs11: cleanup the name of types

2 years agotests: updates in softhsm detection
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 16:19:48 +0000 (17:19 +0100)]
tests: updates in softhsm detection

2 years agopkcs11: when importing a public key, import it's data as well (version 2 fix)
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 16:12:56 +0000 (17:12 +0100)]
pkcs11: when importing a public key, import it's data as well (version 2 fix)

2 years agodoc update
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 16:02:03 +0000 (17:02 +0100)]
doc update

2 years agotestpkcs11: do not ignore the failure to write a trusted CA
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 10:50:53 +0000 (11:50 +0100)]
testpkcs11: do not ignore the failure to write a trusted CA

2 years agoremoved gnutls_pubkey_get_pk_* from the exported function list
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 10:17:24 +0000 (11:17 +0100)]
removed gnutls_pubkey_get_pk_* from the exported function list

2 years agotests: key-import-export: enhanced to test gnutls_pubkey_*_ecc_x962
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 09:33:21 +0000 (10:33 +0100)]
tests: key-import-export: enhanced to test gnutls_pubkey_*_ecc_x962

2 years agognutls_pubkey_t: allow the import of another parameter set without a leak
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 09:32:13 +0000 (10:32 +0100)]
gnutls_pubkey_t: allow the import of another parameter set without a leak

2 years agoremoved ABI-compatibility functions
Nikos Mavrogiannopoulos [Mon, 12 Jan 2015 09:19:47 +0000 (10:19 +0100)]
removed ABI-compatibility functions

2 years agodoc update
Nikos Mavrogiannopoulos [Fri, 9 Jan 2015 12:59:34 +0000 (13:59 +0100)]
doc update