2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/intprops.h, src/libopts/m4/libopts.m4,
src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
src/libopts/version.c: updated to libopts 5.18.4
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: placed all rusage variables into HAVE_GETRUSAGE
block
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: rnd: if RUSAGE_THREAD fails try RUSAGE_SELF
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/session_ticket.c: use wait and retransmit when receiving
session tickets
2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions Conflicts: lib/gnutls_handshake.c
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
infinite loop on handshake
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h:
restrict the number of non-fatal errors gnutls_handshake() can
return
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Restore cross-reference in
'set-session-priorities!' docstring. This had been destroyed in 32d90395.
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the
'server-name-type' enum type.
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: cleaned up memory deallocation in
read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported
by Joseph Peruski.
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
set the invalid status" This reverts commit d29a0027fd554ee1aa92c186c6040f53f15cdab7.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: optimized escaped comma handling
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
escaped commas
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
implementation
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
Lee
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
allocations and keep a pointer to the DER data for DN Conflicts: lib/x509/crl.c lib/x509/x509.c
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
importing a CRL keep the DER data
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
importing a certificate, keep the DER data Conflicts: lib/x509/verify.c
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
included libtasn1
2014-08-29 Tristan Matthews <le.businessman@gmail.com>
* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/autoopts.h: check for stdnoreturn.h presence
2014-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/tpmtool.1: auto-generated file update
2014-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: released 3.2.17
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: tolerate a finished packet with
errors in DTLS
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: in DTLS discard only messages that
cause unexpected packet errors
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c: updated minitasn1
2014-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: use the windows API in windows even if iconv is
available
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: configure: print error message when nettle is 3.0 or
later
2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/hostname-check.c: tests: check that
gnutls_x509_crt_check_hostname() will correctly use the last CN when
multiple
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: when checking the hostname of a
certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
tests: test the decoding of a PKCS #12 structure with SHA256 MAC Conflicts: tests/pkcs12-decode/pkcs12
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
keys tests for new internal API
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
verification with structures that support other than HMAC-SHA1 MACs. Conflicts: lib/x509/pkcs12_encr.c
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/pkcs11_privkey.c: improve compatibility in pkcs11 key
generation * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
CAMELLIA to the list of default ciphers
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: pkcs8: initialize parameters on
decryption
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/windows-config.h, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
src/libopts/load.c, src/libopts/m4/libopts.m4,
src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
src/libopts/nested.c, src/libopts/numeric.c,
src/libopts/option-value-type.c, src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
updated to libopts 5.18.3
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, build-aux/gendocs.sh, gl/m4/dup2.m4,
gl/m4/gnulib-common.m4, gl/m4/intl.m4, gl/m4/po.m4,
gl/m4/printf.m4, gl/m4/valgrind-tests.m4, gl/select.c,
gl/tests/fcntl.in.h, maint.mk, src/gl/Makefile.am,
src/gl/alloca.in.h, src/gl/c-ctype.c, src/gl/c-ctype.h,
src/gl/errno.in.h, src/gl/error.c, src/gl/error.h,
src/gl/exitfail.c, src/gl/exitfail.h, src/gl/gettext.h,
src/gl/gettime.c, src/gl/gettimeofday.c, src/gl/intprops.h,
src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_time_h.m4,
src/gl/m4/sys_types_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4,
src/gl/m4/timespec.m4, src/gl/m4/tm_gmtoff.m4,
src/gl/m4/unistd_h.m4, src/gl/m4/warn-on-use.m4,
src/gl/m4/wchar_t.m4, src/gl/m4/xalloc.m4, src/gl/malloca.c,
src/gl/malloca.h, src/gl/mktime.c, src/gl/msvc-inval.c,
src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
src/gl/parse-datetime.h, src/gl/parse-datetime.y,
src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
updated gnulib
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
the library
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.16
2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: use const return value in ip_to_string
2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
returned on reinitialization
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
CKA_EC_PARAMS when generating an ECDSA key Conflicts: lib/pkcs11.c
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Skip DANE entries that may contain unknown
info That would allow skipping any future entries without failing.
Reported by Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by
Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
and private objects, and there is no one-size fits all policy. Thus
allow a proper failure and warn the user that so-login may be
required.
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero
length.
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
gnutls_pkcs11_privkey_generate2(): corrected public key extraction
(for ECDSA keys)
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
security officer's PIN
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: mention that IPv4 and IPv6 address
comparison is since 3.2.16.
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
and IPv6 address matching.
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/hostname-check.c: tests: Added test cases for IPv4/6
matching.
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/x509/rfc2818_hostname.c:
gnutls_x509_crt_check_hostname() checks text ip addresses as well. That aligns the documentation with the implementation.
2014-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
addresses. The old dumb code is used in systems that don't have that function.
2014-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: initialize str to NULL
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool: Do not allow a newline as PIN.
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
is zero.
2014-06-15 Attila Molnar <attilamolnar@hush.com>
* lib/gnutls_state.c: doc: Corrections for
gnutls_handshake_set_hook_function()
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: Do not call the user_hello_func multiple
times when performing ticket resumption.
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: When decoding of a DN string fails, treat it as
unknown string and print its hex value.
2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
http://savannah.gnu.org/support/?108592
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/cipher-test.c: include config.h
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/gstr.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h: updated libtasn1
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Prevent memory corruption due to server
hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: Fix capitalisation of ia5String
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: increased the maximum certificate size buffer in the
PKCS #11 subsystem.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: check the return code of getpwuid_r() Reported by Viktor Dukhovni.
2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
reported by Matt McCutchen.
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Do not allow null strings to be read from ASN.1
structures. This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
zero if data is NULL and memory buffer size is not sufficient.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: check for correct error codes in
print_extensions().
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
When assigning the TLS version, double check that it is valid.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509.c: backported signature checks
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
gnutls_set_default_priority() in examples.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
correct signature size rather than the max.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: Print the openpgp DN only when
gnutls_openpgp_crt_get_name() failed appropriately.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected error checking in
gnutls_x509_crt_get_extension_data()
2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: Allow null list_size argument in
gnutls_certificate_get_peers()
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/slow/Makefile.am: tests/slow: add -I flags necessary for
out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
subdirectory of the current working directory. When an out-of-source
build is performed, the files reside in a subdirectory of source
directory instead. Set PKCS12PATH to that directory in order to fix
the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c: Addressed memory leak in status request
extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/safe_renegotiation.c: Avoid memory leak in safe
renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/ecdhe.c: cleanup in the initialization of ECDH
parameters.
2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: Eliminated memory leak on failed curve
assignment. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: if dane verification is used but not PKIX
only check the end certificate.
2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c: certtool: check for null prior to checking
for empty passwd
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Do not use autogen's file option for input
parameters. Instead use a string. We check the file for validity and autogen's
check was imposing rules such as normal file (as opposed to a
device), that were not needed.
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
not widely supported. Conflicts: src/certtool-common.c
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srp.c: initialize to null the SRP extension data on
allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct and cleaned up mpz_t access. Conflicts: lib/nettle/mpi.c lib/nettle/pk.c
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct.
2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated included libtasn1.
2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
enable linking with nettle-mini
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/safe_renegotiation.c: removed redundant code. Reported by
David Binderman.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: only fail DANE verification if status is non-zero
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
certificate using DANE if there is at least one entry that matches
the certificate. This corrects the previous behavior that was rejecting the
certificate if there were multiple entries and one couldn't be
validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
verification methods.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: DANE verification is advisory when tofu is being used.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: documentation update.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: initialize the asn1 pointers.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-x86-ssse3.c,
lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
avoid clashes with system headers.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: gnutls-cli will no longer allow the session to proceed
if DANE verification fails.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
build-aux/useless-if-before-free, build-aux/vc-list-files,
doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
gl/tests/test-base64.c, gl/tests/test-binary-io.c,
gl/tests/test-bind.c, gl/tests/test-byteswap.c,
gl/tests/test-c-ctype.c, gl/tests/test-close.c,
gl/tests/test-connect.c, gl/tests/test-dup2.c,
gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
gl/tests/test-float.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fseek.c,
gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
gl/tests/test-func.c, gl/tests/test-fwrite.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
gl/tests/test-getline.c, gl/tests/test-getpeername.c,
gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-ioctl.c, gl/tests/test-listen.c,
gl/tests/test-lstat.c, gl/tests/test-lstat.h,
gl/tests/test-memchr.c, gl/tests/test-netdb.c,
gl/tests/test-netinet_in.c, gl/tests/test-open.c,
gl/tests/test-open.h, gl/tests/test-pathmax.c,
gl/tests/test-perror.c, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-read-file.c,
gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
gl/tests/test-select.c, gl/tests/test-select.h,
gl/tests/test-send.c, gl/tests/test-sendto.c,
gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
gl/tests/test-sockets.c, gl/tests/test-stat.c,
gl/tests/test-stat.h, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
gl/tests/test-strerror_r.c, gl/tests/test-string.c,
gl/tests/test-strings.c, gl/tests/test-strnlen.c,
gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
gl/tests/test-sys_wait.h, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk: updated gnulib
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_psk.c: eliminated the leak of hint when deallocating
the credentials.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: When checking for data to be received use
the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
Reported and investigated by JMRecio.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool.c: added newlines to p11tool error messages
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane-params.c, libdane/dane.c: removed unneeded include
file
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
any input state.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
lib/verify-tofu.c: several bug fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/sign.c,
lib/x509/x509.c: several bug fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
reported from coverity in opencdk.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: correctly check for message upper limit.
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
only CRLs in gnutls_x509_trust_list_add_trust_file().
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: Added the PFS priority string.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am: removed double entry
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
updates
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am: do not build ecore when cross-compiling
for windows.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: corrected configure test for pthread_mutex_lock
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am: avoid checking or linking with
libpthread in windows
2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.13
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Use the IANA assigned padding extension number.
2014-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool.c: When the --provider option is given, initialize
PKCS #11 prior to calling gnutls_global_init(). This ensures that the PKCS #11 subsystem will not be initialized
twice.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: eliminate memory leak
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c, lib/x509/verify.c: updated patch to take
account of function renames
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: set the same flags in the second search
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: fixed bashisms
2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509.c: Enhanced test to check that the correct number
of certificates is received
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
is specific to p11-kit trust modules.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Perform time check when removing a certificate
in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our pkcs11 trusted list,
make sure that we search for the non-self-signed as well. This
affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
#11 trust module.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: the chainverify test ensures that there is no
diverge between different verification functions.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Updated documentation on null-password and
password options of certtool.
2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: changed the behavior in
certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
output. The previous behavior of encrypting using an empty password
can be replicated using --empty-password.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: When verifying check for the same
certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our trusted list, make
sure that we search for the non-self-signed in our list as well.
This affects, gnutls_x509_trust_list_verify_crt() and makes its
results identical to gnutls_x509_crt_list_verify().
2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
GnuTLS can be redistributed. Update the README to reflect this change.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: corrected version numbers.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-shared-key.texi: doc update
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: corrected version number
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
uncork usage under DTLS.
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_record.c: doc update
2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: Added test for CVE-2014-0092
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: cleaned up documentation of
gnutls_record_send()
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
friendly.
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: Check explicitly for the errors
gnutls_record_uncork() should recover from.
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: do not consider wildcards in non-ascii names.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: set the invalid flag when the owner is
unexpected.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Changed the behaviour in wildcard acceptance
in certificates. Wildcards are only accepted when there are more than two domain
components after the wildcard. This will prevent accepting
certificates from CAs that issued '*.com', or 'www.*'. Conflicts: tests/hostname-check.c
2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: export _gnutls_vasprintf that is used by xssl. Report and patch by Tobias Gruetzmacher.
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: updated
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp_passwd.c: set correct value if found
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
under SSL 3.0, it will during MAC initialization.
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
when needed
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
src/certtool-common.c: more clang warning fixes
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: silence some warnings
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
lib/verify-tofu.c: clang warning fixes
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Kevin Cernekee <cernekee@gmail.com>
* doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
$(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/extras.c: Ensure failure when no base64 data have been
read. Suggested by Ramkumar Chinchani.
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
* lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, m4/hooks.m4: released 3.2.12.1
2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/crywrap/crywrap.c: added missing declaration
2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: fixed more memory leaks in crywrap
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: addressed memory leak in crywrap.c
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: check the blacklist for certificates
provided in gnutls_x509_trust_list_verify_named_crt(). Conflicts: lib/x509/verify-high.c
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
configure option. Conflicts: doc/cha-library.texi
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: updated option for TPM
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: print message before failing when the pull
timeout function isn't replaced.
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: override select in windows systems as well
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: added release date
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
when they are available in TLS1.0
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention SHA384 as MAC option
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/serv-args.def: documented the defaults
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def: Add required priorities
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: corrected return codes.
2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Corrected error checking in
_gnutls_x509_ext_gen_proxyCertInfo
2014-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: removed not trusted message; reported by Michel
Briand.
2014-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
* src/cli-args.def, src/cli.c: New option --stricttofu for
gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
certificate changes. I added the option --stricttofu that omits the
question and fails instead. The contribution is in accordance to the "Developer's Certificate of
Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: combined initialization
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool.c: When verifying a response and a signer isn't
provided assume that the signer is the issuer.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
check if it is available on the reply.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: fix small leak
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: Verify in example that the sent
nonce matches the received nonce. Reported by Benny Baumann.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
handshake timers when gnutls_handshake() is called.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
catch a timeout issue in handshake().
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: Removed reference to NEW_PADDING.
2014-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: require p11-kit 0.20.0 or later.
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c: Corrected bug in
gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
gnutls_x509_crt_list_import() would fail with the provided data.
Reported by Dmitriy Anisimkov.
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: corrected suppressions file
2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.11
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, m4/hooks.m4: bumped version
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: ensure that the issuer in present in a trusted
module.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Use the
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
trusted modules are used. Conflicts: lib/x509/verify.c
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
marked as trusted PKCS #11 module. The marking is done on p11-kit
configuration.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: mark trusted p11-kit modules as trusted. Conflicts: lib/pkcs11.c
2014-02-12 Marcus Meissner <meissner@suse.de>
* src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
for the ipv6 address fails, this loop would fail and abort the
socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added test for pathlen constraints.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added check for v1 intermediate CA
certificate
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Fix bug that prevented the rejection of v1
intermediate CA certificates. Reported by Suman Jana.
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* maint.mk: updated indent cmd
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk: corrected indent parameters
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
do not redefine the _gnutls_x86_cpuid_s symbol
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: only test ZLIB if it is enabled
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: check errors from
gnutls_priority_set_direct().
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
certtool option to allow asking for passwords even when in batch
mode.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: use newlines in error printing
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: removed unimplemented API.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: when using a PKCS #11 module for verification
ensure that it has been marked a trusted module in p11-kit.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
p11-kit's P11_KIT_MODULE_TRUSTED flag.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: When setting multiple initial keywords in a
priority string, the security level set is the one of the lowest
security.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
reference manual to remove individual indexes that were not working.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: consider the initial keyword set even when
it's set to NONE.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: When two initial keywords are specified
then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
SECURE256:+SECURE128.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected typo
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
extension. This is an extension that is defined to be sent by the client but
there are servers that include it as well. Most other
implementations tolerate this behavior so we do.
2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
requirements for all ciphersuites that are not GCM.
2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/manpages/Makefile.am: released 3.2.10
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: Corrected prototype.
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_hash_int.c: Added sanity check in hash_init() and
mac_init(). Conflicts: lib/gnutls_hash_int.c
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_db.c, lib/libgnutls.map: doc update + rename of
function
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_db_get_cache_expiration() Conflicts: lib/libgnutls.map
2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: reduce nonce overhead generation.
2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected typo
2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c: correctly read the magic number and timestamp;
report and patch by Jonathan Roudiere
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: fixed null pointer derefence when printing a
name and an LDAP description isn't present for the OID
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
gnutls_realloc_fast to false positives
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: removed functions that don't exist from the
list of exported
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
to release verify that the exported functions in the .map file match
the headers.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: exported missing functions
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: exported gnutls_x509_policy_release
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: reduced number of system calls within the random
mutexes.
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: use RUSAGE_THREAD to obtain rusage stats to
avoid becoming a bottleneck on processes with many threads
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: corrected push/pull function setting
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: removed usage of %zu.
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphersuites.sh: corrected test
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: always set subkey status
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suppressions.valgrind: added nettle's suppressions
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: simplified client hello generation
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_int.h: %COMPAT implies %DUMBFW
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: use a single buffer to generate the client
hello.
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: when freeing priority_cache make sure it is
set to NULL
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
description.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
set_pkcs12_cred test. Conflicts: tests/set_pkcs12_cred.c
2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/Makefile.am,
lib/x509/verify.c: gnutls_pkcs11_crt_is_known will not be exported
in this version. It is replaced by the internal
_gnutls_pkcs11_crt_is_known().
2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
servers Without this patch, a TLS 1.2-only server will not be properly
investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
--x509certfile=server/x509.pem --priority
'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
localhost Resolving 'localhost'... Connecting to '::1:5556'...
Checking for SSL 3.0 support... no Checking whether %COMPAT is
required... yes Checking for TLS 1.0 support... no Checking for TLS
1.1 support... no Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... yes Checking whether we need to
disable TLS 1.2... N/A Checking whether we need to disable TLS
1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-06 Nils Maier <maierman@web.de>
* lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
full packet before setting priv->expect_cstatus = 0, or else
CERTIFCATE STATUS packets won't be processed in subsequent calls at
all, leaving them in the buffer and therefore causing later
connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
looking for a trusted certificate.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: use gnutls_strdup
2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
and distrust (blacklists).
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
Added gnutls_pkcs11_crt_exists() Conflicts: lib/pkcs11_int.h
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: more sensible names in find data private structures.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
GNUTLS_PKCS11_ISSUER_ANY is not specified.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c: unified PKCS#11 debug messages
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
Updated PKCS #11 support for
gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
importing all CAs. That way it allows verification on the spot
without requiring the gnutls to restart in case of a blacklisted CA. Conflicts: lib/x509/verify-high.c
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added documentation for force autogen to
generate correct texinfo code.
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
flag to force security office login to the card
2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: removed extra newline
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
the current size of the client hello.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: do not pad when the client hello size is
sufficiently small.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
padding if the hello data are already too long.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: export only xssl symbols; small patch by Andreas
Metzler.
2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
* src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: do not specify a default class when searching
for objects to delete This fixed issue when trying to delete all the keys in a token by
using the token URL.
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: updated txt
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: print warning when no token name is provided
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: Added userPrincipalName
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: corrected key ID size check
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: doc update
2013-12-22 Alon Bar-Lev <alon.barlev@gmail.com>
* configure.ac: build: fix librt requirement The librt is added by the gl m4 macros, AC_CHECK_FUNCS to will not
fail to find functions. Move the AC_CHECK_FUNCS above gl initialization. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added aliases list-privkeys and list-keys
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: undefine select as well in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: do not use the gnulib wrappers in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
set the gnulib functions for recv and send.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c, tests/mini-dtls-record.c,
tests/mini-handshake-timeout.c: corrected some tests to operate
silently under valgrind
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: corrected leak
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
time.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: corrected check
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed debugging
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12_s2k.c: corrected paths
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
pkcs11_get_random was renamed
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: removed note from
files that don't use it
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: gnu note for stack only used in ELF
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
files
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am: use the correct sources in win32
systems
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: simplified deps
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: unconditionally generate the libopts
makefile
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/manpages/Makefile.am: released 3.2.8
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ecc.c: disable the non-suiteb curves when requested
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
prime size as well. Conflicts: lib/auth/dh_common.c
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped lib version
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi: updated to account the file format p11-kit
expects
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-xssl.c, tests/pkcs12_simple.c: Skip tests that require
the non-suiteb curves. Conflicts: lib/crypto-selftests-pk.c
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
curves). Conflicts: configure.ac
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/mac.c: Avoid verbose logging
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/system.c: Added configure option
--with-default-blacklist-file This option allows to specify a file containing blacklisted
certificates.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify-high2.c:
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
black list. When a CA or certificate is removed from the trusted list, it is
also added in a blacklist to ensure that it will not be accepted due
to interdependency (e.g., it is a subordinate CA), or because it is
not a CA.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Corrected documentation for
gnutls_x509_trust_list_add_trust_*
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-padlock.h,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
lib/accelerated/x86/x86-common.c: reorganized source files. Conflicts: lib/accelerated/x86/aes-x86.c
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
AESNI is available without PCLMUL, then use AES-NI in GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
AESNI
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c:
use better names for files
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
PCLMUL isn't available use the SSSE3 implementation of AES to
optimize GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: removed the estream salsa20 from benchmarks
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
devel/perlasm/aes-ssse3-x86.pl.license,
devel/perlasm/aes-ssse3-x86_64.pl,
devel/perlasm/aes-ssse3-x86_64.pl.license,
devel/perlasm/aesni-x86.pl.license,
devel/perlasm/aesni-x86_64.pl.license,
devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
devel/perlasm/cpuid-x86_64.pl.license,
devel/perlasm/e_padlock-x86.pl.license,
devel/perlasm/e_padlock-x86_64.pl.license,
devel/perlasm/ghash-x86.pl.license,
devel/perlasm/ghash-x86_64.pl.license,
devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
devel/perlasm/openssl-cpuid-x86.pl.license,
devel/perlasm/ppc-xlate.pl.license,
devel/perlasm/sha1-ssse3-x86.pl.license,
devel/perlasm/sha1-ssse3-x86_64.pl.license,
devel/perlasm/sha256-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86_64.pl.license,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
Hamburg's SSSE3 AES implementation.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-x86.c: removed function that isn't yet
introduced
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: use subdir-objects
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
devel/perlasm/sha1-ssse3-x86.pl,
devel/perlasm/sha1-ssse3-x86_64.pl,
devel/perlasm/sha256-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86_64.pl,
lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-avx-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-avx-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
implementations
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
Utilize the optimized SHA functions in Padlock HMAC.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: check for
out-of-bounds check before actual values. Based on Jared Wong's
patch in master.
2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
minor phrasing improvements in docs
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
gnu-ism in Makefiles
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: added new function
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: provide imprecise time as gmt time.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: added newlines in error reporting
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: Detect the presence of posix locks even without
linked to libpthread.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
for camellia-gcm.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: remove bashism.
2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: updated links in reference.
Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
updated addresses and URLs. Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
by Ben de Graaff.
2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/certtool.cfg: updated example certtool.cfg
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: check for alternative unbound root key files.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am: Do not link gnutls against librt
unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
auto-generated asm files. This fixes a valgrind complaint when
AES-NI is in use.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
devel/perlasm/x86nasm.pl: updated perlasm files
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
autogenerated files
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version and updated e-mail
address
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: use
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/args-std.def: handle centrally more variables
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
manpage generation (and information stored to it).
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c: certtool's --verify option
if not supplied with a CA list, will use the system's CA list.
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: cast the expiration time to time_t
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
for the 'no well defined' expiration time.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/tests/Makefile.am, gl/tests/strerror-override.c,
gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
module.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/egd.c: better use of errno
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/epub.tex, doc/latex/gnutls.tex,
doc/scripts/mytexi2latex: use eurosym package for euro symbol
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.7
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check NEED_LIBOPTS
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: updated autogenerated files.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac: corrected check of usage of local libopts when
autogen isn't present
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_compress.c: disallow any compression in DTLS
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
mini-deflate was combined with mini-record-2
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
lib/gnutls_record.h: Corrected bug which affected compressed
records. Less space was provided for decryption than the required causing
disconnection issues when compression was used. The issue was
pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
max_decrypted_size() and max_record_recv_size().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c: check return code of gnutls_rnd().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
session tickets.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: fixed for win32
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: added assert to trace errors.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: link all programs with libgnu_gpl to avoid
conflicts from header files.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
Added progname module which is used by error().
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: safer usage of strerror
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
libopts
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: corrected libopts patch
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/error.c: removed unneed line
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore xssl manpages
2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
secure128 level.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: generate ChangeLog after doc/ is checked.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs.pl: made more clever to ignore inline
function body.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported gnutls_est_record_overhead_size
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
function is not updated if it is already set.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: updated glimport
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
Added self checks for new date reading functionality
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, src/Makefile.am, src/certtool-args.def,
src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
activation_date and expiration_date options to certtool template
file.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
src/gl/strerror-override.c, src/gl/strerror-override.h,
src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
src/gl/xmalloc.c: Added a gnulib with GPL components for use by
applications.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/base64.c, gl/intprops.h,
gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
maint.mk: Added intprops module
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
corrected bug reporting address.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-certtool.texi,
doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi: force serialized generation of
invoke-*texi, to avoid autogen issue.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
for overflows when setting time and allow a time of -1.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, tests/cert-tests/Makefile.am,
tests/cert-tests/template-overflow.pem,
tests/cert-tests/template-overflow.tmpl,
tests/cert-tests/template-overflow2.pem,
tests/cert-tests/template-overflow2.tmpl,
tests/cert-tests/template-test: Dates and time that would overflow
the GeneralTime are also truncated. We may need to revise that
around 9999 CE.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
(time_t)-1 will set to the no well-defined expiration date value.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: correctly set the ciphersuite when the
set_premaster interface is used.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: check for a valid blocksize prior to entering
loop
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
if set to a number will enable logging to stderr.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: removed unneeded definition
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: doc update
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.h: define GNUTLS_PATH_MAX globally.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: corrected
issue with a not-yet-valid certificate
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
addresses.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
with fedora's openssl
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: print whether the local libopts or libtasn1 are
being used.
2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/pkcs11.c: Revert "[PATCH] Update to use new
p11-kit APIs" This reverts commit 8131d73270eac89e4eec69b2228156b02dd5e8de. Avoid
requiring the new p11-kit for the 3.2 branch.
2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat: do not run on clippled versions of openssl
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
test
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.c: always exit when fail is called.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
string option. This works around issues when connecting behind some firewalls.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
Andreas Metzler.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
of GNUTLS_PKCS11_PIN.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-certs/ca-tmpl,
tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
tests/suite/pkcs11-certs/client-tmpl,
tests/suite/pkcs11-certs/client.crt,
tests/suite/pkcs11-certs/client.key,
tests/suite/pkcs11-certs/server-tmpl,
tests/suite/pkcs11-certs/server.crt,
tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
test suite for PKCS #11 cards (not executed automatically).
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
self-signed certificates present in the chain
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: simplified checks
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c, src/p11tool-args.def: Allow getting the PIN from the
GNUTLS_PKCS11_PIN environment variable.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
Added export-chain option to p11tool
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls_pubkey.c,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
The latter function allows to obtain the issuer of a certificate
stored in a token. While traversing tokens, use the URL provided by the user, to avoid
looking for objects in unrelated tokens.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: test before copy
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
function prototypes to account for the new indentation.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
indentation in headers.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac: stribute the autogen'erated files as
.bak and enable them only if local libopts is being used.
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/alert-printlist.c, doc/common.c, doc/common.h,
doc/errcodes.c, doc/examples/ex-alert.c,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
doc/examples/ex-x509-info.c, doc/examples/examples.h,
doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
lib/algorithms.h, lib/algorithms/cert_types.c,
lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
lib/algorithms/protocols.c, lib/algorithms/publickey.c,
lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
lib/ext/server_name.h, lib/ext/session_ticket.c,
lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
lib/ext/status_request.c, lib/ext/status_request.h,
lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/gnutls_compress.c, lib/gnutls_compress.h,
lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/gnutls_rsa_export.c, lib/gnutls_session.c,
lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
lib/opencdk/packet.h, lib/opencdk/pubkey.c,
lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c,
lib/opencdk/stream.h, lib/opencdk/types.h,
lib/opencdk/write-packet.c, lib/openpgp/compat.c,
lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
lib/x509/extensions.c, lib/x509/key_decode.c,
lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
lib/x509/verify-high.c, lib/x509/verify-high.h,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
libdane/errors.c, libdane/includes/gnutls/dane.h,
src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool-common.c, src/certtool-common.h,
src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
src/common.c, src/common.h, src/crywrap/crywrap.c,
src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
tests/certder.c, tests/certificate_set_x509_crl.c,
tests/certuniqueid.c, tests/chainverify-unsorted.c,
tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
tests/cve-2008-4989.c, tests/cve-2009-1415.c,
tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
tests/mini-overhead.c, tests/mini-record-2.c,
tests/mini-record-range.c, tests/mini-record.c,
tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
tests/mini-termination.c, tests/mini-x509-2.c,
tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
tests/openpgp-auth2.c, tests/openpgp-keyring.c,
tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
tests/suite/ecore/src/include/Eina.h,
tests/suite/ecore/src/include/eina_accessor.h,
tests/suite/ecore/src/include/eina_array.h,
tests/suite/ecore/src/include/eina_benchmark.h,
tests/suite/ecore/src/include/eina_binshare.h,
tests/suite/ecore/src/include/eina_config.h,
tests/suite/ecore/src/include/eina_convert.h,
tests/suite/ecore/src/include/eina_counter.h,
tests/suite/ecore/src/include/eina_cpu.h,
tests/suite/ecore/src/include/eina_error.h,
tests/suite/ecore/src/include/eina_file.h,
tests/suite/ecore/src/include/eina_fp.h,
tests/suite/ecore/src/include/eina_hamster.h,
tests/suite/ecore/src/include/eina_hash.h,
tests/suite/ecore/src/include/eina_inlist.h,
tests/suite/ecore/src/include/eina_iterator.h,
tests/suite/ecore/src/include/eina_lalloc.h,
tests/suite/ecore/src/include/eina_list.h,
tests/suite/ecore/src/include/eina_log.h,
tests/suite/ecore/src/include/eina_magic.h,
tests/suite/ecore/src/include/eina_main.h,
tests/suite/ecore/src/include/eina_matrixsparse.h,
tests/suite/ecore/src/include/eina_mempool.h,
tests/suite/ecore/src/include/eina_module.h,
tests/suite/ecore/src/include/eina_quadtree.h,
tests/suite/ecore/src/include/eina_rbtree.h,
tests/suite/ecore/src/include/eina_rectangle.h,
tests/suite/ecore/src/include/eina_safety_checks.h,
tests/suite/ecore/src/include/eina_sched.h,
tests/suite/ecore/src/include/eina_str.h,
tests/suite/ecore/src/include/eina_strbuf.h,
tests/suite/ecore/src/include/eina_stringshare.h,
tests/suite/ecore/src/include/eina_tiler.h,
tests/suite/ecore/src/include/eina_trash.h,
tests/suite/ecore/src/include/eina_types.h,
tests/suite/ecore/src/include/eina_unicode.h,
tests/suite/ecore/src/include/eina_ustrbuf.h,
tests/suite/ecore/src/include/eina_ustringshare.h,
tests/suite/ecore/src/lib/Ecore.h,
tests/suite/ecore/src/lib/Ecore_Getopt.h,
tests/suite/ecore/src/lib/ecore.c,
tests/suite/ecore/src/lib/ecore_anim.c,
tests/suite/ecore/src/lib/ecore_app.c,
tests/suite/ecore/src/lib/ecore_events.c,
tests/suite/ecore/src/lib/ecore_exe.c,
tests/suite/ecore/src/lib/ecore_getopt.c,
tests/suite/ecore/src/lib/ecore_glib.c,
tests/suite/ecore/src/lib/ecore_idle_enterer.c,
tests/suite/ecore/src/lib/ecore_idle_exiter.c,
tests/suite/ecore/src/lib/ecore_idler.c,
tests/suite/ecore/src/lib/ecore_job.c,
tests/suite/ecore/src/lib/ecore_main.c,
tests/suite/ecore/src/lib/ecore_pipe.c,
tests/suite/ecore/src/lib/ecore_poll.c,
tests/suite/ecore/src/lib/ecore_private.h,
tests/suite/ecore/src/lib/ecore_signal.c,
tests/suite/ecore/src/lib/ecore_thread.c,
tests/suite/ecore/src/lib/ecore_time.c,
tests/suite/ecore/src/lib/ecore_timer.c,
tests/suite/ecore/src/lib/eina_accessor.c,
tests/suite/ecore/src/lib/eina_array.c,
tests/suite/ecore/src/lib/eina_benchmark.c,
tests/suite/ecore/src/lib/eina_binshare.c,
tests/suite/ecore/src/lib/eina_chained_mempool.c,
tests/suite/ecore/src/lib/eina_convert.c,
tests/suite/ecore/src/lib/eina_counter.c,
tests/suite/ecore/src/lib/eina_cpu.c,
tests/suite/ecore/src/lib/eina_error.c,
tests/suite/ecore/src/lib/eina_file.c,
tests/suite/ecore/src/lib/eina_fp.c,
tests/suite/ecore/src/lib/eina_hamster.c,
tests/suite/ecore/src/lib/eina_hash.c,
tests/suite/ecore/src/lib/eina_inlist.c,
tests/suite/ecore/src/lib/eina_iterator.c,
tests/suite/ecore/src/lib/eina_lalloc.c,
tests/suite/ecore/src/lib/eina_list.c,
tests/suite/ecore/src/lib/eina_log.c,
tests/suite/ecore/src/lib/eina_magic.c,
tests/suite/ecore/src/lib/eina_main.c,
tests/suite/ecore/src/lib/eina_matrixsparse.c,
tests/suite/ecore/src/lib/eina_mempool.c,
tests/suite/ecore/src/lib/eina_module.c,
tests/suite/ecore/src/lib/eina_private.h,
tests/suite/ecore/src/lib/eina_quadtree.c,
tests/suite/ecore/src/lib/eina_rbtree.c,
tests/suite/ecore/src/lib/eina_rectangle.c,
tests/suite/ecore/src/lib/eina_safety_checks.c,
tests/suite/ecore/src/lib/eina_sched.c,
tests/suite/ecore/src/lib/eina_share_common.c,
tests/suite/ecore/src/lib/eina_share_common.h,
tests/suite/ecore/src/lib/eina_str.c,
tests/suite/ecore/src/lib/eina_strbuf.c,
tests/suite/ecore/src/lib/eina_strbuf_common.c,
tests/suite/ecore/src/lib/eina_strbuf_common.h,
tests/suite/ecore/src/lib/eina_stringshare.c,
tests/suite/ecore/src/lib/eina_tiler.c,
tests/suite/ecore/src/lib/eina_unicode.c,
tests/suite/ecore/src/lib/eina_ustrbuf.c,
tests/suite/ecore/src/lib/eina_ustringshare.c,
tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c:
reindented code
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: doc update
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
gnutls_x509_privkey_generate() allow specifying an explicit curve.
2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: enable --outder for certtool
--dh-info "certool --dh-info --outder" produces PEM-encoded output without
this patch.
2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/certtool-args.def, src/certtool-common.c: enable --inder for
certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
without this patch.
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/tpmtool.1: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: use srcdir as prefix
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: removed unneeded command
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: print the flags used for libopts
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: delete libopts generated files if system libopts is
being used
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h:
separated the TLS IV size and the cipher IV size.
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, src/libopts/Makefile.am: fixes in libopts
compilation
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: make sure that .def files will be re-read on the
compiling system.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
src/libopts/compat/strchr.c, src/libopts/configfile.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
5.18.2
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: better logging
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
parsing.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: removed debugging info
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: do not set any default level
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: Assign very weak level to priority string
NONE only.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi: doc update
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore auto-generated files
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
src/libopts/option-value-type.c, src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
src/tpmtool-args.h: removed autogenerated files
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/Makefile.am: If autogen and libopts are present
then use the system's libopts.
2013-11-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/args-std.def, src/certtool-args.def, src/cli-args.def,
src/danetool-args.def, src/psk-args.def, src/srptool-args.def:
argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
documentation places two dots (for example "specify a password
file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing
dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is
committed to git will probably will also need to be refreshed (or
removed from git entirely and generated from the definitions during
build, which might be cleaner).
2013-11-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/tests.c: fix DHE parameter output for gnutls-cli-debug
--verbose gnutls_handshake() was failing during test_dhe_group, with an error
of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the
handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c, tests/mini-deflate.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
server side.
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
a warning as it is the same as not setting it. Reported by Daniel
Kahn Gillmor.
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Do not print private key parameters when exporting
an encrypted private key.
2013-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.
2013-05-21 Stef Walter <stefw@redhat.com>
* configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later.
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated win32 makefile
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: win32 fix
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: include proper header file for uint8_t
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.6
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: corrected example
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: debug_log -> record_log
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Duplicate messages moved from audit log to
debug log. There are networks where this is extremely common.
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi:
replaced ':' in anchor names (texinfo doesn't like it).
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc update
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: simplified code
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
gl/tests/macros.h, gl/tests/strerror-override.h,
gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Removed unused parameter.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: Better DANE test output.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: reindented code
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Reorganized main loop in dane_raw_tlsa
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: Added proper newlines to errors.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: corrected typo
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/Makefile.am,
tests/suite/ciphersuite/README,
tests/suite/ciphersuite/registry-ciphers.js,
tests/suite/ciphersuite/registry-ciphers.xslt,
tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh,
tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: Added a proper termination of
session to avoid issues with premature termination.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/dtls/Makefile.am: we now explicitly check for
librt.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
tests/pkcs8-decode/Makefile.am,
tests/rsa-md5-collision/Makefile.am,
tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
tests/slow/Makefile.am, tests/srp/Makefile.am,
tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
environment in all tests
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: removed unneeded diff option
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki, tests/cert-tests/dane,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
a parameter allowing to override it.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: LC_ALL is set to C to have predictable outputs
in tests.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: simplified test
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
DSA-SHA1.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi: p11tool text updated.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
doc/examples/print-ciphersuites.c: removed warnings
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: removed warnings
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
via trousers is now enabled by default.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
--generate-random to p11tool.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/publickey.c, lib/algorithms/sign.c,
lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.
2013-10-24 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/publickey.c: Added new fallback OID for RSA
certificates.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Corrected number in
GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
by another ciphersuite in the same document.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
ciphersuites
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
were renamed to ARCFOUR_128
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: Increased minimum acceptable DH key to
767 bits.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: updated priorities for new ciphersuites
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added ciphersuite
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: Applied small patch by Jeremie
Courreges-Anglas to avoid usage of error().
2013-10-24 Alon Bar-Lev <alon.barlev@gmail.com>
* src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
or better to TLS1.0 or later.
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
the default priority levels, and prioritized GCM over CBC
everywhere.
2013-10-23 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized
from a source other than libunbound/DNS, as then the DNSSEC root key
would not be used anyway. Worse, if we failed to read the DNSSEC
root key, this would create a failure even though for applications
that do not use DNSSEC (but do use DANE/TLSA) such a failure would
be totally harmless.
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
changes prior to release
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: corrected ciphersuite numbers in priorities
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: corrected libdane doc
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: Added description for umac
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped version
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: rearrangement
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Removed the _WITH_ from
ciphersuites names.
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h: Added Camellia with GCM
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
ciphersuites from RFC6367.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
ciphersuites from RFC6367.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added more ciphersuites from
RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
GNUTLS_RSA_PSK_NULL_SHA384.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added new ciphersuites from
RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384,
GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
and GNUTLS_DH_ANON_AES_256_GCM_SHA384.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: corrected type of path_len
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/libdane.map: exported symbols
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, libdane/dane.c: small fixes
2013-10-21 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
dane_verify_crt_raw to allow direct verification of a certificate
chain against a dane_query_t (for example, as provided by the new
dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped dane library version
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-21 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
dane_raw_tlsa to allow initialization of dane_query_t from DANE
records based on external DNS resolutions. Also fixing a buffer
overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/complex-cert.pem,
tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c:
Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
places (e.g. in the output of "certtool -i"), and "Public Key ID" in
other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output
consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
gnutls_certificate_get_crt_raw() to return the raw certificate as
present in the credentials structure.
2013-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
length calculation
2013-10-09 Ludovic Courtès <ludo@gnu.org>
* guile/modules/gnutls/build/priorities.scm, guile/src/core.c:
guile: Fix possible stack overflows.
2013-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
src/srptool.c: Corrected possible buffer overruns in included
programs and examples. Corrected possible buffer overruns in included programs and
examples. Reported by Pedro Ribeiro <pedrib@gmail.com>.
2013-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected typo
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h:
autogen'ed files update
2013-10-04 Attila Molnar <attilamolnar@hush.com>
* src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
an invalid group parameter index is given If no group with the given index was found in the password conf file
srptool crashed instead of reporting the error because the return
value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2013-10-04 Attila Molnar <attilamolnar@hush.com>
* src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
src/cli-args.h: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h:
autogen'ed files update
2013-10-03 Raj Raman <rajramanca@gmail.com>
* src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>
2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
error()
2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: include config.h in tpm.c
2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/it.po.in: Sync with TP.
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: define subgroup bits for the weak and
export parameters, to allow DH group generation.
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: document the version macros
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: verbose is everywhere unsigned
2013-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed limitation as this has been
resolved
2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update
2013-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2013-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: doc update
2013-09-15 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Use intermediary files when
generating code.
2013-09-15 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler <ametzler@bebt.de>.
2013-09-10 Tobias Polzer <tobias.polzer@fau.de>
* lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: libopts is linked prior to libgnu to solve issue
in win32. Initial patch by Tomasz Gajewski.
2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
and gnutls_handshake_get_last_out() for correctness.
2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: Ignore non-fatal handshake alerts.
2013-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-record-timing.c: silence warning about return
code
2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher_int.c: updates in record packet encoding.
2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-2.c: Test the null cipher as well.
2013-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: added comments
2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.
2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
gnulib's error()
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes.c: record-sizes can only work properly with a
stream cipher.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: corrected max_user_send_size() for DTLS.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-2.c: test for excessive records being correctly
send
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h,
lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
accepts the actual pad rather than the intended data. Corrections in
sending records with %NEW_PADDING.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
updated gnulib
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: removed dane.nox.su from the good list
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: explicitly initialize the log functions
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-record-2.c: Added test to send
variable packet sizes.
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: doc update
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: simplified pad calculation
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: mention RSA-PSK
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c: author update
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c:
Improvements in RSA-PSK.
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, m4/hooks.m4: released 3.2.4
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/Makefile.am: added missing file
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c: indented code
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
RSA-PSK key exchange.
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c:
Optimizations in RSA-PSK by removing unneeded code.
2013-06-29 Frank Morgner <morgner@informatik.hu-berlin.de>
* lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/algorithms/kx.c, lib/algorithms/publickey.c,
lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
e3c245b951530a92fc610a130faf167a37461073
f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: arcfour is restored in the top of the
performance priority.
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-cert-status.c: removed unused function
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
the correct operation of gnutls_certificate_server_set_request().
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: Corrected
gnutls_certificate_server_set_request().
2013-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/vi.po.in: Sync with TP.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume.c: Try 3 resumption attempts and try also session db
and ticket.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: only register current session when not
resuming
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: do not duplicate tests for null.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: remove ifdefs for session tickets
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
Nicolai Stange.
2013-08-18 Stefan Bühler <stbuehler@web.de>
* lib/algorithms/ciphersuites.c, tests/priorities.c: add some
RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges
2013-08-18 Stefan Bühler <stbuehler@web.de>
* tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
tests/mini-alpn.c, tests/mini-deflate.c,
tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
tests/mini-dtls-large.c, tests/mini-dtls-record.c,
tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
tests/mini-loss-time.c, tests/mini-overhead.c,
tests/mini-record-range.c, tests/mini-record.c,
tests/mini-rehandshake.c, tests/mini-termination.c,
tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
tests/resume-dtls.c, tests/resume.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c:
fix transport parameter casts in tests
2013-08-24 Andreas Metzler <ametzler@downhill.at.eu.org>
* tests/sha2/sha2: Clean up after test.
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: Corrected access of temp file.
Reported by Thomas Witt.
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: No longer recommend the use of RC4
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
lib/gnutls_priority.c: AES-GCM is preferred always
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
src/certtool.c, src/cli-debug.c, src/cli.c,
src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
src/srptool.c, src/tpmtool.c: included programs no longer depend on
GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
in the library.
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
gl/dirname.h, gl/dosname.h, gl/dup2.c, gl/errno.in.h, gl/error.c,
gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h,
gl/float.c, gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c,
gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c,
gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c,
gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h,
gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h,
gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettimeofday.c,
gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c,
gl/inet_pton.c, gl/intprops.h, gl/isnan.c, gl/isnand-nolibm.h,
gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c,
gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
gl/strchrnul.valgrind, gl/strdup.c, gl/strerror-override.c,
gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
gl/tests/Makefile.am, gl/tests/dosname.h, gl/tests/fpucw.h,
gl/tests/infinity.h, gl/tests/intprops.h, gl/tests/malloca.c,
gl/tests/malloca.h, gl/tests/malloca.valgrind,
gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c,
gl/tests/strerror-override.c, gl/tests/strerror-override.h,
gl/tests/strerror.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
gl/tests/test-dirent.c, gl/tests/test-environ.c,
gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
gl/tests/test-fseterr.c, gl/tests/test-getopt.c,
gl/tests/test-getopt.h, gl/tests/test-getopt_long.h,
gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
gl/tests/test-math.c, gl/tests/test-printf-frexp.c,
gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h,
gl/tests/test-printf-posix.output, gl/tests/test-rawmemchr.c,
gl/tests/test-setenv.c, gl/tests/test-signbit.c,
gl/tests/test-sleep.c, gl/tests/test-strchrnul.c,
gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
gl/tests/unsetenv.c, gl/time.in.h, gl/time_r.c, gl/u64.h,
gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c,
gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c,
gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, src/certtool.c,
src/cli-debug.c, src/cli.c, src/danetool.c, src/ocsptool-common.c,
src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
src/srptool.c, src/tpmtool.c: gnulib only contains lgplv2 modules
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/de.po.in, po/vi.po.in: Sync with TP.
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: removed unused code
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: Do not try to parse arbitrary objects as
certificates.
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: don't ignore errors when copying
resumption values
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention that new padding is currently a
gnutls extension
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/libopts/makeshell.c: do not require localtime
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: added mkdir
2013-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c: inverse check for cipher ok and priority.
2013-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: documented parameters
2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: no need to keep separate priority lists for
export ciphersuites (they are no longer available).
2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
priority string option.
2013-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.3
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: allow empty fragments with padding.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes-range.c: corrected test
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/record-sizes-range.c: Added test for the
range functionality.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
calculation in AEAD ciphers.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Correctly report unicode status in win32 API
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: correctly link with librt when needed.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
when needed.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/snippet/unused-parameter.h, configure.ac,
gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
gl/iconv_open-solaris.gperf, gl/iconv_open.c,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
components. This removes the gnulib iconv, and uses libc or libiconv if needed.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.3pre0
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
calculate the overhead.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_constate.h,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
function is now called before epoch change. This allows enabling certain features, such as the new record
padding, prior to exchanging finished messages.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes.c: test sending and receiving the maximum
allowed TLS buffer size.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: corrected guile-site-dir option. Patch by Steve
Erhart.
2013-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.h: Do not count pad and MAC as received data.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: simplified decrypted data allocation.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h:
small optimizations.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
mode allow for larger record sizes than the maximum.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini.c, tests/record-sizes.c: Updated
mini test.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
unacceptable chars.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: test also the number of ciphers.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added helper functions to export the available
ciphers in a priority structure
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/priorities.c: Added a test that checks
whether the priorities behave as expected (depends on the supported
ciphersuite numbers)
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: When adding a bulk of priorities make sure
they don't replace the whole list. Reported by Stefan Buehler.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: updated doc
2013-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Ignore non-ascii characters in
configuration file. This is a quick fix for
http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html
2013-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: make sure that the .info files are as new as the pdfs
and html.
2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
server example updated to include OCSP stapling
2013-07-16 Matt Whitlock <matt@whitlock.name>
* lib/gnutls_buffers.c: avoid leaking a buffer element when
_gnutls_stream_read returns 0
2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2013-07-17 Stefan Bühler <stbuehler@web.de>
* lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual
length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and
might lead to invalid memory accesses as the loop won't stop until
it finds either the algorithm identifier or 0.
2013-07-17 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
on _WIN32. socketpair isn't provided on Windows, so these tests should just
exit 77. Note that resume-dtls.c already had a guard like this -- I've
rewritten it to match the others, but socketpair (presumably!) isn't
the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
connections. Besides simplifying the code, this also makes it possible to run
"make check" in parallel -- previously this didn't work because
several tests were trying to bind the same port. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Detect socket() error responses
correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output
format, and applied the replacements in the order that "keys"
returned for the hash. However, not all orders are safe -- and now
that Perl 5.18 randomises hash order per-process, it only worked
sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
#gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
@code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
@code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
#gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
@code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
@code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will
always be done in the intended order. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
reliable transports to avoid unexpected packet loss.
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: Link with librt when needed. Reported by Joern
Clausen.
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
for the additional version variable.
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated w32 makefile
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
gl/tests/ignore-value.h, gl/tests/malloca.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk:
updated gnulib
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.2
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: doc update
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: typo fix
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: gnutls-cli -l prints the supported digest algorithms
as well.
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected return value.
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Check for nanosleep in librt, when not in libc.
Reported by Joern Clausen.
2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: corrected typo
2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: updated
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: try to reduce memory in internal structure
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
tests/mini-x509-callbacks.c: Allow hooks to be called before or
after generation/receiving.
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Gustavo Zacarias <gustavo@zacarias.com.ar>
* lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: make sure that the hook function is always
called.
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: New functions added
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: When resuming a session send only the
mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by
Peter Dettman.
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: corrected typo
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: Include MKI size in size calculations for the
extension. This prevents a parsing error when MKI is being used. Reported by
Gábor Tatárka.
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark.h: Fix for NetBSD systems that do not have
CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.
2013-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: make sure that a valid number of days is entered
2013-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/DCO.txt: Added DCO
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: added new functions
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-hello-verify.c: simplified structure
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected issue in client hello verify.
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.
2013-07-04 Stef Walter <stefw@redhat.com>
* lib/pkcs11.c: pkcs11: Use the correct attribute length for
CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
are done with the attribute byte values, we need to get the length
exactly right. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509-callbacks.c: updated for new callback format
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: corrected typo
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: when removing a cipher priority, make sure
the order is kept
2013-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in:
gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size
2013-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: doc update
2013-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/eo.po.in, po/fi.po.in: Sync with TP.
2013-06-28 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Keep a weak reference on objects
aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where
the C object beneath CRED keeps a pointer to the C object beneath
DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
2013-06-28 Ludovic Courtès <ludo@gnu.org>
* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
than `fileno'. This has no practical impact, but it's a better way to express that
we don't want the file descriptors closed behind our back.
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
documented private extensions
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
only to post-processing or generation of messages.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: documented dtls behavior.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c: make sure that no DTLS MTU size can
exceed 2^14.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets
2013-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/cs.po.in: Sync with TP.
2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh_primes.c: check for zero values when import DH
parameters.
2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in:
Sync with TP.
2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/mini-x509-callbacks.c: Added
gnutls_handshake_set_hook_function() to allow hooks on arbitrary
handshake messages.
2013-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/announce.txt: added BCC to avoid forgetting it in the future
2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update
2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: avoid the introduction of a new function to
disable replay protection.
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: changed port to avoid conflicts
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: small update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: removed unused var
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
auto-gen'ed files
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
gnutls_record_overhead_size2().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: doc update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
protection can now be disabled.
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: doc update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
lib/libgnutls.map: Added gnutls_cipher_get_tag_size().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/libgnutls.map: Added gnutls_certificate_set_trust_list().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
lib/gnutls_sig.c: explicit tests for non-null version
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
timeout documentation; reported by Sebastien Decugis.
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/ar-lib: updated file
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/test-driver, configure.ac: require automake 1.12.2 for
guile.
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: SECURE -> SECURE128
2013-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* guile/tests/priorities.scm: corrected priority strings
2013-06-06 Martin Storsjo <martin@martin.st>
* extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
implicitly via gnutls_int.h, if the nettle include directories
aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-06-06 Martin Storsjo <martin@martin.st>
* src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-06-06 Ludovic Courtès <ludo@gnu.org>
* guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
Automake 1.12+.
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
to libcrypto.la
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/Makefile.am: correctly place cflags
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: discourage usage of anonymous
authentication
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
m4/hooks.m4: Directly link to gmp library. Based on original patch
by Alon Bar-Lev <alon.barlev@gmail.com>.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
updates for tests to run under win32
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: null terminate strings in windows
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/pkcs12: fix windows extension
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs1-padding/Makefile.am: avoid running tests which require
datefudge in windows
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: avoid struct sigaction in win32
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: Avoid comparing the expiration date
to prevent false positive error in 32-bit systems.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pathlen: Avoid comparing the expiration date to
prevent false positive error in 32-bit systems.
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated from 3.2.1
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check for suse's CA bundle file
2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/privkey.c: call cleanup and deinit on the correct
number of parameters
2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pk.c: avoid calling clear on null values
2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
pkg-config to detect nettle
2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-xssl.c: ignore sigpipe
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
curves even when using SSL 3.0. This works around a bug on openssl
in certain Debian systems.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/LINGUAS, po/eo.po.in: Sync with TP.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-xssl.c: updated xssl.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: document sizes
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: more precise calculation of overhead
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in:
revert prototype move
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am:
doc update
2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
copy on decryption.
2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher_int.h: corrected likely()
2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
various ciphers in tests.
2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: avoid delays by using a reliable
transport layer.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: removed test file from repository
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record.c: avoid delays by using a reliable transport
layer.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
copy at encryption.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: eliminated unused variable
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
Report by Mann Ern Kang.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
simplified code by passing an mbuffer.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: always set hash length
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c:
corrected bug with _gnutls_dsa_q_to_hash() usage introduced
previously
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/algorithms.h,
lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
protocol version properties.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
lib/algorithms.h, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
lib/algorithms/protocols.c, lib/algorithms/sign.c,
lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_int.h: simplified access to cipher and mac properties
to reduce wasted cycles.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* extra/gnutls_openssl.c: modified openssl compat API to use the
exported API
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: no longer export internal hash functions
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-hello-verify.c: removed memory leak
2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions
2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mbuffers.c: avoid calloc
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: fixes in record version checking
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: use sigaction instead of signal in gnutls-cli
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Revert "break the loop when a SIGALRM has been
received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: relax check on requirement on headers
for libopts. Reported by Mark Brand.
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Improved record version checks
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
hello verify message
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mac.c: fail on wrong key sizes
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c: corrected record overhead calculations
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: more detailed error
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected resumption check
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Allow record layer packets with version less
than the negotiated. Allowing such records avoids issue in DTLS client hello request
verification.
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls.pc.in: removed undefined variable
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
gnutls_session_set_id() was added
2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: break the loop when a SIGALRM has been received
2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: configure proceeds if regex library
isn't found
2013-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: documented function behavior
2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: corrected typo
2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
lib/opencdk/sig-check.c, lib/x509/common.c,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
lib/xssl.c, libdane/dane.c: several updates
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: print message on certificate verification
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: more verbose messages
2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
* tests/eagain-common.h: When retrying gnutls_record_send due to
GNUTLS_E_AGAIN, also try passing null data and length. Tests will
fail after this patch until next patch is applied that fixes a bug
in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/gnutls_record.c: If gnutls_record_send fails with
GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
Metzler
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.0
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-gtls-examples.texi: simplified node referencing and add
NEW_PADDING in doc
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: increased revision
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: doc update
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphersuites.c: Added more options for
salsa20 ciphers
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: applied libregex patch
2013-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
comments to compile in old MacOSX systems. Reported by Ryan Schmidt.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi: doc update
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/alpn.c: clarified doc
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: updated for new autogen
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-alpn.c: updated for new api
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: updated path
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: corrected API usage.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
for the NO_APPLICATION_PROTOCOL alert for ALPN.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
src/common.c: Improved ALPN support in gnutls-cli
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h: updated libopts generated
files.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/Makefile.am, src/libopts/README,
src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
src/libopts/compat/windows-config.h, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
src/libopts/libopts.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
src/libopts/makeshell.c, src/libopts/nested.c,
src/libopts/numeric.c, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
updated libopts to autogen 5.17.3
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/cli.c: Added --alpn option to cli
2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/mac.c: Added umac-128
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
key purpose in certificate requests
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
disabled. Reported by Linus Nordberg.
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
reported by Etan Reisner.
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c:
updated include files
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: simplified code
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/anonself.c, tests/certder.c,
tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
tests/chainverify-unsorted.c, tests/chainverify.c,
tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
tests/mini-loss-time.c, tests/mini-record-range.c,
tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
tests/mini-termination.c, tests/mini-x509-2.c,
tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c,
tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/set_pkcs12_cred.c, tests/setcredcrash.c,
tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/utils.h,
tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
running tests disable PKCS #11 support to avoid detecting memory
leaks from PKCS #11 libraries.
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/Makefile.am: link explicitly to librt
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
configure.ac, gl/Makefile.am, gl/gettime.c,
gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
src/benchmark.h, tests/suite/Makefile.am,
tests/suite/mini-record-timing.c: Avoid linking the library on
librt.
2013-04-27 Stef Walter <stefw@redhat.com>
* tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
tests/cert-tests/pem-decoding: Added test for escaping rules.
2013-04-27 Stef Walter <stefw@redhat.com>
* lib/x509/common.c: Add the standard description OID to those
recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
the LDAP way, and avoid escaping hex encoded values. Report and
initial patch from Stef Walter.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h: Do not include null
terminator in DN string. When printing an unknown DN string as hex do not include the null
terminator. Reported by Stef Walter.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Link against pthread only when pthread_mutex_lock
isn't in libc
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c: initialize the digest after
output on padlock.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
src/pkcs11.c: read_yesno() accepts a default value. By default
certificates are marked as ok for signing and encryption.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
from hashes
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
separately. It is implied by nettle's output function.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: updated documentation
2013-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
src/benchmark.h: updated benchmark output
2013-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated TODO list
2013-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
pass argument on PKCS #11 keys.
2013-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/sha-padlock.c: corrected memory leak in
padlock_hash_fast()
2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: mention about experimental protocols
2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: nettle 2.7 is required
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi: doc update
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi: Added documentation on public key API.
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
string VERS-DTLS-ALL
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
m4/hooks.m4: nettle 2.7 is required
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected doc
2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27
2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
src/benchmark-tls.c: Added ESTREAM salsa20 cipher.
2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mac.c: better naming of functions
2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
implementation
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: added note about LGPLv3
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system_override.c: doc update
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: use unlikely
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
tests/mini-alpn.c: Added support for the ALPN extension.
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c: removed unused variables
2013-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
checks
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: updated
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-tokens.texi, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_certificate_set_x509_key_mem2() and
gnutls_certificate_set_x509_key_file2()
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
updates
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphers.c,
lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h:
removed TLS export key generation
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/algorithms/kx.c, lib/algorithms/publickey.c,
lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
RSA-EXPORT ciphersuites.
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
lib/algorithms/protocols.c, lib/gnutls_priority.c,
lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
support for DTLS 1.2
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/gnutls.h.in: deprecated
gnutls_privkey_sign_raw_data()
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c: updates in range handling code.
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-record-range.c: Added test for
record ranges.
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/ecdhe.c: Set the curve priority to calling derive.
2013-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: reduce the number of temp variables in ECDH
2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: print the signatures used.
2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
lib/gnutls_session_pack.c, lib/gnutls_sig.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_sign_algorithm_get_client()
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
implementation to match the rest of the library
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: updated text
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: gnutls_pong() returns zero on success.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.h: removed function that didn't exist
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-heartbeat.c: Check all error conditions.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
Joke de Buhr).
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
lib/nettle/ecc_projective_add_point_ng.c,
lib/nettle/ecc_projective_check_point.c,
lib/nettle/ecc_projective_dbl_point_3.c,
lib/nettle/ecc_projective_isneutral.c,
lib/nettle/ecc_projective_negate_point.c,
lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
code from gnutls. Use nettle's implementation.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: corrected issue in ecccertfile option
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: make a short list of the available PK
algorithms
2013-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
and verification flags to operate in RSA raw mode (as used in TLS).
2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
for a wrong version in the RSA PMS.
2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c:
convert gnutls versions to TLS major-minor in a single function.
2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/license-gnutls.txt,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/ext/status_request.h, lib/gnutlsxx.cpp,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.h: changed license headers to 2.1. Reported by
Andreas Metzler.
2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: updated copyright
2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
lib/crypto-api.c, lib/includes/gnutls/crypto.h,
lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: corrected file location
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c: use return instead of exit
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: use the proper defines
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
fingerprints. Reported by Joke de Buhr.
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c: openpgp-auth tests
gnutls_openpgp_set_recv_key_function() as well.
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
external key signing and TLS 1.2
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark.c: use clock_gettime when we can
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c: removed R20
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
src/benchmark-tls.c: Salsa20R20 -> Salsa20
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, tests/gc.c: use the exported variant of
_gnutls_hmac_fast().
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/cryptodev.c,
lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
now be used for other MAC algorithms, like UMAC. UMAC-96 and
UMAC-128 were conditionally added.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
cipher to the new padding format.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: search only for slots with tokens and avoid caching
to prevent issues with multiple threads.
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/gnutls_privkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_privkey_status()
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: avoid internal error
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: use correct type for rv
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
not on initialization.
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: documented the new configure options
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
key parameters are overwritten with zeros on deinitialization.
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib:
doc updates
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: simplified text
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_privkey_sign_raw_data()
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c: simplified code
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: gnutls-serv may run without certificate, but will
issue a warning
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: gnutls-serv issues an error if no certificate and key
pair was set.
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
2013-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
several ifdefs to avoid using disabled code.
2013-03-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
*_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509
"Key Identifiers" in GnuTLS' found either at
http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
2013-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()
2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/rsa_export.c,
lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE.
2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: removed unneeded code
2013-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: When requesting DANE data resolve a service name into a
port number. Reported by James Cloos.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: removed
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: avoid duplicate memory allocation in
_gnutls_x509_get_dn()
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/dane-test.rr: The default dane output is type 03
now.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
proper also when loading a private key.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
GNUTLS_TPMKEY_FMT_RAW
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c:
return unimplemented feature on encounter of a known but unsupported
url
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: updates in danetool
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac: Added configure option to disable the
build of tests.
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: updated example
template.
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ecore/src/lib/Ecore.h: updated
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509_b64.c: corrected allocation size
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: simplified text
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Fixes in cpu and cross-compilation detection
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: check revocation prior to reading local certs.
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: deinitialize the certificate
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: When cross compiling do not check for ca
certificates.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: auto-detect CA certificates only if
with-default-trust-store-file is not provided.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected parameters.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
tests/x509cert-tl.c: Added functions that remove certificates from a
trust list.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/includes/gnutls/dane.h: updated doc
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: Check for revoked certs in android and do not add.
Suggested by David Woodhouse.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected add_system_trust() in the unsupported
system case.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
optimizations on certificate comparisons including DN. This speeds
up CA certificate loading, and certificate verification.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: Revert "When making the hash list of the
CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: When making the hash list of the CAs avoid
calling get_raw_*_dn() which is very costly.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
allocated buffer.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Removed unused code.
2013-03-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/x509/x509_write.c: fix description of id_size parameter
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: handle the interesting variance between directories
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: test for ANDROID or __ANDROID__
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/ar-lib: updated
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls.pc.in: corrected link
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: removed Werror from automake rules
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Added flag
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, ChangeLog: removed
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
of programs that cannot be.
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: more simplifications to
gnutls_x509_trust_list_add_system_trust()
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected reading from directory.
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
to work in android 4.x.
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: More cleanups in
gnutls_x509_trust_list_add_system_trust()
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Select CPU optimizations based on target cpu rather
than the host.
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/system.c: some simplifications in
gnutls_x509_trust_list_add_system_trust()
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
compatible with devices like android that don't support AES
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-danetool.texi, libdane/dane.c,
libdane/includes/gnutls/dane.h, src/danetool-args.c,
src/danetool-args.def, src/danetool-args.h, src/danetool.c,
tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
for DANE to enforce verification and restrict it to a field.
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, ChangeLog: added empty ChangeLog
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
gl/tests/test-binary-io.c, gl/tests/test-bind.c,
gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
gl/tests/test-close.c, gl/tests/test-connect.c,
gl/tests/test-dirent.c, gl/tests/test-dup2.c,
gl/tests/test-environ.c, gl/tests/test-errno.c,
gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
gl/tests/test-fgetc.c, gl/tests/test-float.c,
gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-frexp.c,
gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
gl/tests/test-func.c, gl/tests/test-fwrite.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
gl/tests/test-getdelim.c, gl/tests/test-getline.c,
gl/tests/test-getopt.c, gl/tests/test-getopt.h,
gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
gl/tests/test-isnanl.h, gl/tests/test-listen.c,
gl/tests/test-locale.c, gl/tests/test-localename.c,
gl/tests/test-lstat.c, gl/tests/test-lstat.h,
gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
gl/tests/test-math.c, gl/tests/test-memchr.c,
gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
gl/tests/test-open.c, gl/tests/test-open.h,
gl/tests/test-pathmax.c, gl/tests/test-perror.c,
gl/tests/test-perror2.c, gl/tests/test-pipe.c,
gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
gl/tests/test-read-file.c, gl/tests/test-recv.c,
gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
gl/tests/test-select-stdin.c, gl/tests/test-select.c,
gl/tests/test-select.h, gl/tests/test-send.c,
gl/tests/test-sendto.c, gl/tests/test-setenv.c,
gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
gl/tests/test-sockets.c, gl/tests/test-stat.c,
gl/tests/test-stat.h, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
gl/tests/test-string.c, gl/tests/test-strings.c,
gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
gl/tests/test-symlink.c, gl/tests/test-symlink.h,
gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
gl/tests/test-sysexits.c, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/unistr/test-u8-mbtoucr.c,
gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk:
updated gnulib
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: Added gnutls_pkcs11_privkey_status
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-certtool.texi,
doc/manpages/Makefile.am: updated
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
lib/gnutls_session_pack.c: small optimizations in session storage
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: no need to memset during session deinit.
2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
after fork().
2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c, lib/gnutls_handshake.c,
lib/gnutls_session_pack.c: Small fixes.
2013-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
gnutls_pkcs11_privkey_status().
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: doc update
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h:
when verifying a DANE CA constraint make sure that the provided
chain is actually a chain.
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: doc update
2013-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: mention enable-in in p11-kit config.
2013-02-20 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be
reasonable to include them in GnuTLS even if PSK support is
disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: print info on reinitializor error.
2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
Suggested by Gabor Toth.
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
all modules.
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: return proper error
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: use set_int when needed
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_datum.c,
lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa.c: better cleanup on error on export case
2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected parsing issue in XMPP data when in a
subject alternative name
2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
the PIN calling in TPM
2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
functions to avoid ugly casting in simple programs.
2013-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
more explicit in DTLS examples to account for LARGE_PACKET error
2013-02-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: corrected export of functions
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: reduced hash table size
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: doc update
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
-> gnutls_handshake_set_random
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_handshake_set_server_random
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: properly set close-on-exec.
2013-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-anon.c: avoid ptrdiff_t
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: removed duplicate
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: slow tests moved at the end of the suite
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: simplified cleaning-up in
_gnutls_stream_read and _gnutls_dgram_read
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected extract_digest_info
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
side the verify callback is always being called.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: further relaxed security levels
2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
* Makefile.am, configure.ac: Add option to disable generation of any
documentation for GnuTLS.
2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
* Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am:
Prevent libdane pkgconfig stuff from being installed if libdane
support is disabled.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
documented fix.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: reduced the very weak DH level to 768
bits to not reject popular sites that operate on that level.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c: added debugging message to indicate the
number of bits.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Do not call the certificate verification
callback if certificates are ignored.
2013-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: avoid memset on the whole record header
length
2013-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/x509/privkey.c: fixed issue in
gnutls_x509_privkey_import2()
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
lib/tpm.c: reference TPMURI
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected typo
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
with arbitrary key sizes.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
a magic number in front session DB data.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cipher.c: update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/ca-no-pathlen.pem: test update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-functions.texi, doc/manpages/Makefile.am: update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c:
updated doc
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi: doc update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c: document limitation
2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
* lib/gnutls_range.c: Make sure we don't fail if writing gets
interrupted
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
included.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: postpone the change
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-record-timing.c: updated test
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
timing attack in TLS CBC record parsing.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_record.c: only register
heartbeat if it is enabled.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER: license is again LGPLv2.1
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
m4/hooks.m4: updated heartbeat code, and made it optional.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo
2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
LGPLv2.1 in the files their author's agreed to.
2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
to specify trusted CA certificates.
2013-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: added new func
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session_pack.c: corrected session resumption
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: simplified DB storing
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c:
Applied disable SNI patch from Daniel.
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: remove function is not required to add or
retrieve from db.
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/accelerated/accelerated.c,
lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86.c,
lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
lib/algorithms.h, lib/algorithms/cert_types.c,
lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
lib/algorithms/protocols.c, lib/algorithms/publickey.c,
lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h,
lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h,
lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
lib/ext/server_name.c, lib/ext/server_name.h,
lib/ext/session_ticket.c, lib/ext/session_ticket.h,
lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c,
lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
lib/gnutls_compress.h, lib/gnutls_constate.c,
lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c,
lib/gnutls_errors.h, lib/gnutls_extensions.c,
lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
lib/gnutls_handshake.c, lib/gnutls_handshake.h,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
lib/gnutls_session.c, lib/gnutls_session_pack.c,
lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h,
lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h,
lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c,
lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c,
lib/nettle/ecc_projective_check_point.c,
lib/nettle/ecc_projective_dbl_point_3.c,
lib/nettle/ecc_projective_isneutral.c,
lib/nettle/ecc_projective_negate_point.c,
lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h,
lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c,
lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h,
lib/opencdk/misc.c, lib/opencdk/new-packet.c,
lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c,
lib/opencdk/stream.h, lib/opencdk/types.h,
lib/opencdk/write-packet.c, lib/openpgp/compat.c,
lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h,
lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c,
lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h,
lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c,
lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h,
lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1
in the files their author's agreed to.
2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c, lib/gnutls_session_pack.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_db_check_entry_time().
2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: deprecated problematic function
2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c,
lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9.
2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/xssl.h: corrected typo
2013-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: uncork doesn't do anything when the session
is already in flush mode
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/.gitignore: more files to ignore
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/cover.tex: Added Alfredo
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex:
updated doc for XSSL
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c,
doc/examples/ex-client-xssl2.c: Added XSSL client examples.
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed
compilation of mini-xssl.
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated text
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Comment out new padding until it is
standardized or at least approved by the WG.
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/doc.mk: fix xssl
2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried
connections to multiple hosts. gnutls-cli-debug was trying to connect to all possible IP addresses
of the host and failed if any was unavailable. Now it tries
sequentially and accepts the first that is working. Reported by
Daniel Kahn Gillmor.
2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS: updated NEWS
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: Fix AEAD out-of-place decryption
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-record-timing.c: updated test
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c,
lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/sbuf.h, lib/includes/gnutls/xssl.h,
lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
lib/xssl.c, lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
tests/mini-sbuf.c, tests/mini-xssl.c: Added new interface.
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: propagate the error of the verify
callback.
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates
in the sbuf API.
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/crypto-backend.h, lib/gnutls_state.c,
lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c,
lib/random.h: Added gnutls_rnd_refresh().
2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h,
lib/gnutls_ui.c: Keep the legacy dh_prime_bits.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c,
lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated news
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/nettle/rnd.c: No need to cache events with the current
behavior.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: use nonces instead of random data
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-sbuf.c: free all resources
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: nonces update the internal rng state much
slower.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h,
lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in: Instead of setting directly the
number of DH bits, set a security parameter per session.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/auth/dh_common.c, lib/gnutls_int.h,
lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
lib/gnutls_ui.c: The minimum DH prime bits are now set by the
priority strings (that means they are increased for the SECURE
strings).
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: warnings doesn't imply Werror
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id()
if not openpgp.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: optimized random generator.
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check for getpid().
2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c:
_dtls_timespec_sub_ms -> timespec_sub_ms
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls.
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: reduced calls to getpid
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: use the more precise gettime() instead of
gettimeofday().
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in:
gnutls_range_split accepts pointers as arguments.
2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
* NEWS, doc/Makefile.am, lib/gnutls_range.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make
gnutls_range_split available from the GnuTLS API
2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
* .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message -
Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk.h: Some fix when disable-psk-authentication is
specified. Based on patch by Jaak Ristioja.
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: rewritten DN parsing code.
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem,
tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test:
test the DN functionality of certtool.
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/dane: dane test no longer fails if danetool isn't
compiled
2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c, lib/tpm.c, lib/x509/common.c,
lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale
dependent versions of isxxx functions.
2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/sbuf.c: allow writes of more than the maximum record data.
2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and
gnutls_uncork().
2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h,
lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline().
2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-gnutls-cli.texi: doc updates
2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c,
lib/gnutls_record.h: Small changes and a sanity check
2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp_output.c, lib/x509/output.c: print static strings
without a printf-like function.
2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c,
src/socket.h: Updated ranges patch.
2013-01-22 Alfredo Pironti <alfredo@pironti.eu>
* doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/invoke-gnutls-cli.texi, lib/Makefile.am,
lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c,
lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def,
src/cli-args.h, src/cli.c, src/socket.c, src/socket.h,
tests/mini-record.c: GnuTLS Length Hiding patch. - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or
with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when
possible. - Update documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: changed function name to
gnutls_session_force_valid.
2013-01-22 Martin Storsjo <martin@martin.st>
* lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as
well This is required when linking as static libraries on linux, for
-lrt. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: set a default error position.
2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_session_clear_invalid
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs
for sbuf API.
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added
gnutls_record_set_timeout().
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer.
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi: Updated doc
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c: corrected C parameter generation.
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated
Libs.private with all the required libraries
2013-01-21 Martin Storsjo <martin@martin.st>
* lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to
use libiconv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-21 Martin Storsjo <martin@martin.st>
* lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex
in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building
shared libraries. Currently, if building with --disable-shared on OS X, the build
fails with: CCLD gnutls-serv Undefined symbols for architecture x86_64: "__gnutls_file_mutex", referenced from: _gnutls_global_deinit in libgnutls.a(gnutls_global.o) _gnutls_global_init in libgnutls.a(gnutls_global.o) ld:
symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy
the undefined reference to _gnutls_file_mutex.o in gnutls_global.o
unless gnutls_global.o (or any other object file in the link) also
calls functions that pulls in verify-tofu.o. Since gnutls_global.o
always is linked in, but verify-tofu.o can be left out unless
someone calls the functions in it, defining the mutex in
gnutls_global.c makes sense and simplifies the dependencies. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/certtool-args.c, src/certtool-args.def,
src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
src/certtool.c, src/dh.c: Added --cprint option to certtool
2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/README.CODING_STYLE: updated coding style
2013-01-20 Alon Bar-Lev <alon.barlev@gmail.com>
* src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/Makefile.am,
tests/suite/mini-record-timing.c: Added program to estimate the
timings in different record paddings.
2013-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-danetool.texi, libdane/dane.c,
libdane/includes/gnutls/dane.h, src/danetool-args.c,
src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
--insecure flag to danetool.
2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c, tests/cert-tests/template-test.pem,
tests/cert-tests/template-utf8.pem: modified certtool order of DN
elements.
2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-sbuf.c: properly deinitialized sbuf
2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: initialize buffer before sending.
2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, tests/dn2.c: corrected test for new names and updated news.
2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, libdane/dane.c, libdane/errors.c,
libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: Added options to specify a DLV file. Suggested by
Paul Wouters.
2013-01-17 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn().
2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi: updated certtool doc
2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/TODO, doc/cha-cert-auth2.texi,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def,
src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: Added functions to directly set the DN in a
certificate or request from an RFC4514 string.
2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/Makefile.am,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c,
tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist
buffering during transmission. Added the gnutls_sbuf_t structure and accompanying functions to
enable buffering in sending application data.
2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane-params.c: corrected copyright.
2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR.
2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/egd.c: Corrected issue when an EGD device was not
found. Reported by Joshua Phillips.
2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: Added config rule
2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c: doc fix
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: doc fix
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: small updates
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/gnutls-docs.sgml: update
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crq.c: simplified naming
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/gnutls-docs.sgml: update
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c, lib/gnutls_dh_primes.c,
lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/gnutls.tex: added babel (not sure why)
2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/gnutls-docs.sgml: updated for 3.1
2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected error code
2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: corrected typo
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: updated exported function name
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/ext/new_record_padding.c,
lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed
to RANDOM_PADDING
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: corrected compression.
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: removed utf8 chars
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/gnutls.tex: updates in output
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record.c: Added checks for new record padding format.
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new
record packets.
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use
padding also if in DTLS.
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
some simplifications
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu
calculation
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
simplified decryption
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/new_record_padding.c: removed debugging
2012-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
lib/gnutls_cipher.c, lib/gnutls_extensions.c,
lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_priority.c, lib/gnutls_record.c,
lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added a new record padding mechanism. It is negotiated via an extension and record data are now formatted
as: ciphered-struct { opaque pad<0..2^16-1> opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is
always 0 modulo the block size in block ciphers to avoid any need
for additional padding. Added extension to negotiate new record padding.
2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added
test for duplicate packet detection in DTLS.
2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding
window implementation.
2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Termination when expecting an alert is
handled gracefully in DTLS.
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: living in the past
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, m4/hooks.m4: bumped library version
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated news
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am,
lib/tpm.c: If trousers is not present define the TPM functions but
have them return GNUTLS_E_UNIMPLEMENTED_FEATURE.
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: tpm support is disabled by default
2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: updated autogen'ed files.
2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am,
doc/latex/gnutls.tex: doc updates
2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff
is LGPL version 2.1 or later
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* THANKS: updated thanks file
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: updated git2cl link
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi: corrected typos
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi: updated in auth chapter
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of
the authentication chapter.
2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods
chapter
2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c: better code in client and server
examples
2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding
stricter. Reported by Kikuchi Masashi.
2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: corrected typo
2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Termination when expecting an alert is
handled gracefully in DTLS.
2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling.
2012-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop
unecessary function in examples
2012-12-20 Martin Storsjo <martin@martin.st>
* lib/ext/srtp.c: Don't match further SRTP profiles after one match
has been found This makes SRTP profile matching more straightforward and intuitive,
when the first matching SRTP profile will be the one selected, not
the last one as before. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-12-20 Martin Storsjo <martin@martin.st>
* lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: updated
2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat: corrected datefudge test
2012-12-18 Martin Storsjo <martin@martin.st>
* lib/system_override.c: Fix docs for
gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: bumped version
2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-eagain2.c: added config.h
2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: corrected wording
2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c,
gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4,
gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4,
gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4,
gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4,
gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h,
gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c,
gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h,
gl/vasnprintf.c, maint.mk: updated gnulib
2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am: corrected test
2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: certtool
--generate-request option conflicts with --infile. Suggested by
Daniel Black.
2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc fix
2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, doc/manpages/Makefile.am,
doc/manpages/tpmtool.1: use ECHO_N
2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am: do not build ecore in macosx
2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README, README-alpha: updated urls
2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex,
lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c,
tests/pkcs12_simple.c: corrected copyright notices
2012-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: updated documentation.
2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL
input.
2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in
gnutls_x509_crq_get_challenge_password
2012-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crq.c: doc update
2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi, src/p11tool-args.c,
src/p11tool-args.def, src/p11tool-args.h: updated documentation
2012-12-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys
2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: document fix
2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: Corrected bugs in record parsing. Corrected bugs in record padding parsing. Reported by Kenny
Patterson and Nadhem Alfardan.
2012-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fixes
2012-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright
2012-12-01 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Fix dependencies to be
parallel-safe.
2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: Revert "do not document low-level
functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363.
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: mention dependencies in readme
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: update @VERSION@ -> actual version on the web manual
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: doc update
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: simplified generation of documentation
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name
2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: corrected socket loop. Based on patch by Mantas
Mikulenas.
2012-11-26 Simon Josefsson <simon@josefsson.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/int.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update
minitasn1 to version 3.1.
2012-11-26 Simon Josefsson <simon@josefsson.org>
* .gitignore, build-aux/snippet/unused-parameter.h,
doc/gendocs_template, maint.mk: Update gnulib tools. Add missing
unused-parameter.h template.
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h:
gnutls-cli will try to cannot to all possible returned addresses.
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated todo list
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a
list of zero policy qualifiers.
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/usage.c: Added hack to print the parameters correctly
in windows.
2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: updated
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: repeat the tests to avoid
accidental failures
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514
conforming)
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types.
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: UniversalString (UTF-32) is handled as
non-printable for now.
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated todo list
2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Allow for bit strings that are not a multiple
of 8.
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, cross.mk: updated
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: require libtasn1 3.1 or later
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c,
lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c,
lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c,
tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems
to use the new libtasn1 APIs.
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.1.5
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: corrected placeOfBirth DN parsing.
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: no need to release struct
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: do not document low-level functions
2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/ecc_mulmod_cached.c: set cache to null after
deinitialization
2012-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: fixed test
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
gl/iconv_open-aix.gperf, gl/iconv_open-aix.h,
gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h,
gl/iconv_open-irix.gperf, gl/iconv_open-irix.h,
gl/iconv_open-osf.gperf, gl/iconv_open-osf.h,
gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h,
gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4,
gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4,
gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c,
gl/tests/localename.h, gl/tests/setlocale.c,
gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the
UCS2->UTF8 convertion in systems that is not provided.
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkix_asn1_tab.c: use the old type for compatibility
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated
libtasn1 version
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: simplified UTF-8 encoding.
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-danetool.texi, src/Makefile.am,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: danetool is being built even without libgnutls-dane. The --check functionality is not operational though. It can only
generate tlsa records.
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
tests/cert-tests/template-utf8.pem,
tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate
generation.
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: removed redundant check
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated
parameters
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: update
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/x509/x509.c: doc update
2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c,
lib/x509/x509.c, lib/x509/x509_write.c: doc update
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: enforce the 200 character limit.
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/system.c: improved iconv support.
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen:
updated for new output
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: news update
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
doc/invoke-certtool.texi, doc/manpages/Makefile.am,
lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/x509/output.c, src/certtool-args.c, src/certtool-args.def,
src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
src/certtool.c, src/tpmtool.c: Several updates in certificate/public
key printing. * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an
easier to parse format. * Added gnutls_pubkey_import_x509_crq() to convert a certificate
request to a public key. * Added gnutls_pubkey_print() to simplify public key printing. * certtool's pubkey-info can be combined with --load-request. * Added --numbers option to certtool which prints big numbers in an
easier to parser format.
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/dup2.c,
gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4,
gl/select.c, gl/stdlib.in.h, gl/strerror-override.c,
gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/dup2.c,
gl/tests/fcntl.in.h, gl/tests/test-fcntl-h.c,
gl/tests/test-iconv.c, gl/tests/test-select.h, lib/system.c,
m4/hooks.m4, maint.mk: use gnulib to detect iconv.
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for
either iconv or libiconv.
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
src/certtool-cfg.c: simplified parsing
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: print header only on the first policy
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c,
src/certtool-cfg.h, src/certtool.c: certtool is able to set
certificate policies via a template
2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy()
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
lib/x509/x509.c: doc update
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c:
another rename
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected win32 UCS2 conversion.
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c,
lib/x509/x509.c: simplified naming
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: mention the extension OID
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki-cert.pem,
tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse
2.5.29.32.
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle
visiblestring.
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem,
tests/cert-tests/pem-decoding: Added simple check for bmpstring
decoding.
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested)
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as
non-printable (fallback to previous behavior).
2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: doc update
2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check for iconv
2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c, lib/x509/common.c: map the whole ascii set
2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Handle BMPString in DNs.
2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c,
lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c,
lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse
the certificate policies extention. Added gnutls_x509_crt_get_policy() etc. In addition several updated
in the handling of strings in X.509 structures.
2012-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi,
doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc
updates
2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: updated doc
2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: Added small text
2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
* doc/examples/Makefile.am: print-ciphersuites was a very useful too
for debugging this. Now it is even built. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/gnutls_priority.c: Don't read past the last list entry in
_add_priority, doing so adds algorithms that shouldn't be added and
can even lead to a segfault. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: tried to beautify output of danetool
2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected description.
2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: corrected typo
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: optimizations in list import
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: When listing all objects of a type, restrict their
class to the specified.
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: Added some help on failure.
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
pkcs11_find_object made static.
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits()
does not always warn.
2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when
generating a PKCS #11 private key print the public key.
2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool.c: The
pubkey-info option can be combined with the load-privkey to extract
the public key of a private key.
2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c,
doc/examples/verify.c: corrected verification examples
2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: removed OCSP extension from TODO
2012-11-09 Diego Elio Pettenò <flameeyes@flameeyes.eu>
* tests/cert-tests/Makefile.am: build: only run the dane cert test
if dane is enabled. This fixes a test failure when disabling dane support. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am,
tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem,
tests/cert-tests/dane: last changes for release.
2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-gnutls-cli.texi,
doc/manpages/Makefile.am, src/common.c: updated
2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: Corrected indication of OCSP check failure.
2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The
status-request option was eliminated. Check OCSP only when the
status response in the handshake was invalid.
2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* AUTHORS, NEWS: Added Martin
2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
src/tpmtool-args.h: updated
2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove
@cindex from the invoke-* files.
2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/latex/gnutls.bib: doc updates
2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: doc update
2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms.h, lib/algorithms/mac.c,
lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c,
lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow
easier marking of insecure algorithms.
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_compress.c: removed debugging
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are
tolerated.
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in: Removed
GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP
parsing errors.
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/cli-debug.c, src/tls_test.c: gnutls-cli-debug
uses server name indication.
2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c, lib/ext/srtp.h: Do not succeed if no MKI was
received. The gnutls_srtp_get_mki() function succeeds only when the MKI was
received by the peer. Also store the received MKI -if any- in the
session resumption data.
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-intro-tls.texi, lib/gnutls_int.h, lib/gnutls_ui.c,
lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_ocsp_status_request_is_checked().
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in, lib/x509/verify.c: When verifying
an OCSP response included in TLS don't fail if the response is old. That is to avoid creating more problems for a server that included
an old response, from a server that included none. Also renamed:
Too old -> Superseded.
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: updated doc
2012-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/ext/srtp.c, lib/ext/srtp.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_srtp_get_mki() and gnutls_srtp_set_mki().
2012-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: set an upper limit to SRTP profiles in hello
message.
2012-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-library.texi, lib/ext/Makefile.am,
lib/gnutls_extensions.c, m4/hooks.m4, src/cli.c, src/common.c,
src/serv.c, tests/mini-dtls-srtp.c: Added conditional to disable
DTLS-SRTP support.
2012-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-danetool.texi: updated
2012-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-srtp.c: corrected SRTP profile names
2012-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: simplified profile selection
2012-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: better printing
2012-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: verify all possible entries
2012-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.c, src/danetool-args.def, src/danetool-args.h:
danetool doc fix
2012-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, lib/ext/srtp.c,
lib/includes/gnutls/gnutls.h.in: Added HMAC prefix to SRTP profiles
and updated documentation.
2012-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: separate entries.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: undefine macro from win32 headers which clashes
autogened macros.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: bumped version and removed unused dependency
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: added new functions
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: disable libdane when cross-building.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: gnutls_srtp_get_keys() returns the size of the key
material
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane-params.c, libdane/errors.c: corrected copyright
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/libgnutls.map: removed
gnutls_certificate_update_verify_flags
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/gnutls_int.h, lib/x509/verify.c,
tests/suite/chain, tests/suite/x509paths/README: check pathlen
constraints.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rsa-md5-collision/rsa-md5-collision: updated test
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: files to ignore
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
lib/x509/verify-high.c, tests/chainverify-unsorted.c: Added
verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN The default is now GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, and removed
gnutls_certificate_update_verify_flags().
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: small optimization in CRL check
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/gnutls.h.in, lib/x509/verify.c,
src/certtool.c, tests/suite/chain, tests/suite/x509paths/README:
Check the key usage bits during certificate verification.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
lib/x509/verify.c, src/certtool.c: CRL verification includes the
time checks.
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-intro-tls.texi: doc update
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2012-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, tests/mini-dtls-srtp.c: Added
gnutls_srtp_get_keys().
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: corrected typos
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-intro-tls.texi, lib/ext/srtp.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
gnutls_srtp_get_profile_by_name -> gnutls_srtp_get_profile_id
2012-11-01 Martin Storsjo <martin@martin.st>
* src/cli.c, src/serv.c: Fix typos in error messages Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: better verification messages.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: optimized printing
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-danetool.texi, lib/libgnutls.map,
libdane/Makefile.am, libdane/dane.c,
libdane/includes/gnutls/dane.h, libdane/libdane.map, src/cli.c,
src/common.c, src/danetool-args.c, src/danetool-args.def,
src/danetool-args.h, src/danetool.c: Added
dane_verification_status_print() and danetool can verify a DANE
entry.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: avoid unnecessary newline
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.h, lib/openpgp/output.c, lib/x509/output.c:
gettext.h was moved to gnutls_str.h
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/Makefile.am, src/danetool-args.c,
src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
--check option to danetool.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, libdane/Makefile.am, libdane/dane-params.c, libdane/dane.c,
libdane/includes/gnutls/dane.h, libdane/libdane.map: Added new
functions to convert types to strings.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-srtp.c: Added test on DTLS SRTP
functions.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
src/cli-args.c, src/cli-args.h, src/serv-args.c, src/serv-args.h:
updated auto-generated files.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/ext/srtp.c, lib/ext/srtp.h: documented update and set
the copyright to Martin until the formal papers are received.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: signed-unsigned comparison fixes and removed
unused parameter.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/serv.c: Check for errors while setting an SRTP
profile.
2012-11-01 Martin Storsjo <martin@martin.st>
* src/cli-args.def, src/cli.c, src/common.c, src/serv-args.def,
src/serv.c: Support SRTP profile negotiation in the client and
server tools The cli/serv-args files haven't been regenerated in the patch, to
avoid the extra stray changes due to differing autogen versions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_session.c, lib/gnutls_ui.c: Added
"Since" field to new functions.
2012-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: Made error code consistent with the other text
parsing functions.
2012-11-01 Martin Storsjo <martin@martin.st>
* NEWS, doc/Makefile.am, doc/protocol/rfc5764.txt,
lib/ext/Makefile.am, lib/ext/srtp.c, lib/ext/srtp.h,
lib/gnutls_extensions.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add support for
DTLS-SRTP profile negotiation (RFC 5764) Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: better doc
2012-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: mention that GNUTLS_CERT_INVALID
flag is deprecated by GNUTLS_CERT_SIGNER_NOT_FOUND and
GNUTLS_CERT_SIGNATURE_FAILURE.
2012-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, src/common.c: updated
gnutls_certificate_verification_status_print() presentation
2012-10-31 Martin Storsjo <martin@martin.st>
* lib/ext/server_name.c: server_name: Store the actual number of
server names Earlier, if the number of set server names exceeded the maximum, the
server_names field wasn't bounded to the maximum, which could lead
to reading out of bounds in _gnutls_server_name_send_params. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-10-31 Martin Storsjo <martin@martin.st>
* lib/ext/server_name.c: server_name: Return the actual required
buffer size if the buffer is too small Since we require space for the null termination, include this in the
info returned if the caller provided a too small buffer. Otherwise,
if the caller allocated a buffer of exactly the suggested size, it
would still be too small. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi: Documented
gnutls_certificate_verification_status_print().
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/examples/ex-client-x509.c,
doc/examples/ex-verify-ssh.c, doc/examples/verify.c,
lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/x509/output.c, src/common.c: Added
gnutls_certificate_verification_status_print(). This function simplifies printing the certificate verification
status.
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/cha-gtls-app.texi, doc/examples/ex-client-x509.c,
doc/examples/ex-verify-ssh.c, doc/examples/verify.c,
lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c, src/common.c:
Simplified certificate verification by adding
gnutls_certificate_verify_peers3(). This function combines the RFC2818 hostname check and chain
verification check.
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: fix compilation when DANE is disabled.
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi: updated
documentation.
2012-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_certificate_update_verify_flags() to allow setting new flags
without overriding any defaults.
2012-10-29 Martin Storsjo <martin@martin.st>
* doc/examples/Makefile.am: examples: Build an executable of
ex-serv-dtls like the other examples Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-10-29 Martin Storsjo <martin@martin.st>
* doc/examples/ex-serv-dtls.c: examples: Make sure the timeout
parameter to select is valid This makes the example work properly on Mac OS X (tested on 10.8). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/cha-cert-auth.texi,
doc/invoke-danetool.texi: Added documentation on detecting
libgnutls-dane.
2012-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, libdane/Makefile.am, libdane/gnutls-dane.pc.in:
Added gnutls-dane.pc.
2012-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/dane,
tests/cert-tests/dane-test.rr: Added a test on danetool.
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: removed unused variables.
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/int.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
lib/minitasn1/structure.h: updated libtasn1
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: better benchmark printing.
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_session.c: doc update
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: corrections in benchmark measured average
time.
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: corrected typo
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: mention new function
2012-10-14 Elias Pipping <pipping@exherbo.org>
* tests/Makefile.am, tests/pkcs12-decode/pkcs12: Fix out-of-source
tests
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_session.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_session_get_id2().
2012-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: updated doc
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
lib/gnutls_x509.c, lib/includes/gnutls/x509.h: Added priority string
%VERIFY_DISABLE_CRL_CHECKS.
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
src/common.c: If OCSP revocation data are invalid or too old set
appropriate verification flags.
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-intro-tls.texi: doc updates
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h:
removed incorrect description
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: correctly set the format of the certificate
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-gnutls-cli.texi, src/cli-args.c,
src/cli-args.def, src/cli-args.h, src/cli.c: Added --local-dns
option to gnutls-cli.
2012-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
src/cli-args.h, src/cli.c: disable default extensions on
--disable-extensions.
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-danetool.texi, src/danetool-args.c,
src/danetool-args.def, src/danetool-args.h: corrected typo
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey.c: call gnutls_x509_privkey_import_openssl() even
with not a password.
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/Makefile.am: updated makefile
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/openpgp/privkey.c: Added debugging.
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/x509/crq.c, lib/x509/privkey.c,
lib/x509/x509.c: doc fixes
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Added debugging
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-danetool.texi, doc/manpages/Makefile.am,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h:
Added danetool manpage
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.1.3
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/x509/privkey_openssl.c: doc updates
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/gnutls-docs.sgml: remove files that are not
generated
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am,
doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: use
common definitions for generating docs.
2012-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
doc/cha-cert-auth2.texi, doc/invoke-certtool.texi,
doc/invoke-danetool.texi, src/Makefile.am, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool.c,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: Separated DANE functionality from certtool and added
danetool.
2012-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/auth/cert.c, lib/gnutls_pcert.c, lib/openpgp/pgp.c,
lib/openpgp/privkey.c: Added (back) RFC5081 support in client mode.
2012-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_pcert.c,
lib/gnutls_pubkey.c, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
lib/libgnutls.map, lib/openpgp/pgp.c, lib/openpgp/privkey.c: Several
OpenPGP updates. Exported gnutls_certificate_get_peers_subkey_id(). Removed
compatibility code with RFC5081. The
gnutls_openpgp_*_get_subkey_*() functions return the master key
parameters if provided with GNUTLS_OPENPGP_MASTER_KEYID_IDX.
2012-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fixes
2012-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12_encr.c: Increased maximum password len in PKCS
#12.
2012-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_openssl.c, tests/Makefile.am,
tests/key-openssl.c: Bug fixes in the openssl encrypted PEM key
parsing.
2012-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/dhe_psk.c,
lib/auth/ecdh_common.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
lib/auth/srp_passwd.c, lib/auth/srp_rsa.c, lib/ext/srp.c,
lib/ext/status_request.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_kx.c, lib/gnutls_state.c, lib/gnutls_ui.c,
lib/gnutls_x509.c: session->key no longer needs to be an allocated
structure.
2012-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h, src/cli.c: The
high level functions accept sflags and vflags as separate options.
2012-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/cha-cert-auth.texi,
doc/invoke-certtool.texi, libdane/dane.c,
libdane/includes/gnutls/dane.h, libdane/libdane.map,
src/Makefile.am, src/cli.c: Updates in DANE support. Allow caching
of queries.
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool-args.c, src/certtool-args.def,
src/certtool-args.h, src/certtool.c: dane-rr -> dane-tlsa-rr
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/cha-library.texi, doc/invoke-certtool.texi,
doc/scripts/mytexi2latex, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: Documentation updates
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped versions
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/Makefile.am: inlude DANE in manual
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: define Loaded_CertEnumCRLsInStore to
CertEnumCRLsInStore when it exists.
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2012-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
src/certtool-common.c, src/certtool-common.h, src/certtool.c:
Certtool updates. By default generate public key TLSA RR entries. Added --verbose
option.
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, doc/cha-functions.texi,
libdane/Makefile.am: libdane -> libgnutls-dane
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/certtool.c: use hex
for single byte entries
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool-args.def: DANE RR -> DANE TLSA RR
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Certtool generates DANE entries with selector 0
(X.509 certificate).
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool.c: Certtool
can generate a DANE RR entry.
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkix_asn1_tab.c: use the old libtasn1 type
2012-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/Makefile.am: removed old file
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/examples/ex-client-resume.c,
doc/examples/ex-client-x509.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.h,
src/tls_test.c, tests/resume-dtls.c, tests/resume.c: The session
ticket and OCSP certificate status extensions are enabled by
default. In client side gnutls_init() enables the session ticket and OCSP
certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkix.asn, lib/pkix_asn1_tab.c: save some memory by removed
unused ASN.1 structures.
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: corrected version number
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h, src/cli.c: Bug
fixes in DANE. Corrected packet length parsing and removed the verify options
DANE_VERIFY_DNSSEC_DATA_INVALID and DANE_VERIFY_NO_DNSSEC_DATA.
There is longer use for them since using the DANE API requires
DNSSEC.
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c: corrected versions
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-tokens.texi, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Added helper functions
gnutls_pubkey_import_openpgp_raw() and
gnutls_pubkey_import_x509_raw().
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth2.texi, doc/cha-tokens.texi,
doc/invoke-gnutls-cli.texi, lib/gnutls_dh_primes.c,
lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
lib/openpgp/privkey.c, lib/pkcs11.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c, libdane/dane.c: Added
functions to export structures in an allocated buffer.
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: Added
command-line option to disable CA verification.
2012-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: removed old flag
2012-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Always require
DNSSEC.
2012-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: some reorganization of the configure script.
2012-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: some more text for TPMs
2012-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/common.c, src/common.h: In gnutls-cli the server
certificate is printed prior to verification
2012-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, Makefile.am, NEWS, configure.ac, doc/Makefile.am,
doc/cha-cert-auth.texi, doc/cha-functions.texi,
doc/invoke-gnutls-cli.texi, doc/manpages/Makefile.am,
doc/scripts/getfuncs.pl, libdane/Makefile.am, libdane/dane.c,
libdane/errors.c, libdane/includes/Makefile.am,
libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
src/Makefile.am, src/cli-args.c, src/cli-args.def, src/cli-args.h,
src/cli.c: Added a DANE library.
2012-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-resume.c, doc/examples/ex-client-x509.c:
enable useful extensions in the examples.
2012-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/wmnaf.c: included config.h to avoid issue with gnulib
2012-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, doc/invoke-gnutls-cli.texi,
lib/gnutls_cert.c, lib/gnutls_x509.c, src/cli-args.c,
src/cli-args.def, src/cli-args.h, src/cli.c:
gnutls_certificate_verify_peers2() checks ocsp status response if
available.
2012-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: do not set verify_flags
2012-10-04 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
* lib/x509/verify-high.c: doc update.
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp.c: If revocation reason cannot be read set it to
GNUTLS_X509_CRLREASON_UNSPECIFIED.
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/manpages/Makefile.am: changed generation of
manpages.
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: upload -> upload-tarballs
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/hash.c, lib/hash.h, lib/minitasn1/hash.c,
lib/minitasn1/int.h, lib/minitasn1/parser_aux.c, lib/verify-tofu.c,
lib/x509/ocsp.c, lib/x509/verify-high.c, lib/x509/verify-high2.c:
Use hash-pjw-bare instead of asn1_bhash().
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, build-aux/gendocs.sh, gl/Makefile.am,
gl/base64.h, gl/getpass.h, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/m4/eealloc.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-ld.m4,
gl/m4/manywarnings.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
gl/m4/xsize.m4, gl/stdbool.in.h, gl/sys_select.in.h,
gl/tests/Makefile.am, gl/tests/binary-io.c, gl/tests/binary-io.h,
gl/tests/ioctl.c, gl/tests/malloca.h, gl/tests/test-select.h,
gl/timespec.c, gl/timespec.h, gl/u64.c, gl/u64.h, gl/verify.h,
gl/xsize.c, gl/xsize.h, maint.mk: Updated gnulib and added
hash-pjw-bare
2012-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-x509-callbacks.c: Added
test to verify that callbacks are being actually called.
2012-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-ocsp-client.c, src/ocsptool-common.c: check the
first response.
2012-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/ocsp.h, lib/x509/ocsp.c:
gnutls_ocsp_resp_check_crt() accepts the response index.
2012-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/ocsp.h: doc update
2012-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added
gnutls_x509_crl_reason_flags_t.
2012-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp.c: read revocation reason
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp.c: simplified doc
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: gnutls_ocsp_resp_check_crt was moved to
3.0 symbols and documented update.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/examples/ex-ocsp-client.c,
doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi: documented
gnutls_ocsp_resp_check_crt().
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/auth/cert.h, lib/ext/status_request.c,
lib/gnutls_cert.c, lib/gnutls_errors.c,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/libgnutls.map, lib/x509/ocsp.c, src/cli-args.c,
src/cli-args.def, src/cli-args.h, src/cli.c, src/ocsptool-common.c,
src/ocsptool-common.h, src/serv-args.c, src/serv-args.def,
src/serv-args.h, src/serv.c: The OCSP response file is now set on
the credentials and other additions. Changed OCSP function prototypes for almost all status_request
functions to move the response file and callback to the certificate
credentials structure. Added gnutls_ocsp_resp_check_crt() to check
whether a response corresponds to a given certificate.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c: Print debugging information even when an
extension is not parsed.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_handshake.c: Fixed the
receipt of session tickets during session resumption. Reported by danblack http://savannah.gnu.org/support/?108146
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume.c: better output in resume
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h:
simplified handshake states.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c, lib/gnutls_handshake.c: Verify callback
is run in either side.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
lib/gnutls_x509.c: removed unused functions.
2012-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c: Pack and unpack the status request
extension data on resumption.
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/ocsptool-common.c: Use the server's OCSP provided
data when verifying a certificate's validity.
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/ext/status_request.c,
lib/gnutls_handshake.c, lib/gnutls_int.h: The certificate
verification callback is being run after the certificate status
response is received.
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/debug.c, lib/ext/status_request.c, lib/ext/status_request.h,
lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
src/cli-args.h, src/serv-args.c, src/serv-args.h: updated OCSP
status request.
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Session ID is correctly read.
2012-09-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/max_record.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
lib/nettle/wmnaf.c: Corrected signed-to-unsigned comparisons
2012-04-17 Simon Josefsson <simon@josefsson.org>
* doc/Makefile.am, doc/manpages/Makefile.am, lib/ext/Makefile.am,
lib/ext/status_request.c, lib/ext/status_request.h,
lib/gnutls_extensions.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
src/cli-args.def, src/cli.c, src/serv-args.def, src/serv.c:
Implement status_request OCSP extension.
2012-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* AUTHORS: Added Olga and Ilya to authors.
2012-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2012-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
updated heartbeat text
2012-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2012-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.1.2
2012-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: Handle heartbeat packets with zero payload,
and account for the payload length when sending a heartbeat of fixed
size.
2012-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark.c: benchmark time was increased.
2012-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
lib/minitasn1/decoding.c, lib/minitasn1/element.c,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/hash.c, lib/minitasn1/int.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
lib/minitasn1/structure.h: Updated to minitasn1 3.0
2012-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2012-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: added missing tpm.h header
2012-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, extra/Makefile.am, lib/Makefile.am,
src/Makefile.am, tests/Makefile.am, tests/suite/Makefile.am: All
external libraries that were in LDFLAGS are moved into LIBADD/LDADD. It also fixes order within LIBADD/LDADD so that libtool objects go
first. Patch by Bartosz Brachaczek.
2012-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/asn1random.pl, tests/suite/x509random.pl: updated
copyright
2012-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/openpgp/pgp.c: openpgp doc update
2012-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/asn1random.pl, tests/suite/x509random.pl: Added
boilerplate.
2012-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/write-packet.c: simplified calculations
2012-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/read-packet.c, lib/opencdk/stream.c,
lib/opencdk/write-packet.c: reduced verbosity and better debugging.
2012-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/new-packet.c: Corrected bug in PGP subpacket encoding
2012-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/asn1random.pl,
tests/suite/testrandom, tests/suite/x509random.pl: Added script to
check against randomly generated certificates.
2012-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-heartbeat.c: removed unused label
2012-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/x509/verify-high.c: doc updates
2012-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-heartbeat.c: Added a test of
heartbeat ping exchange.
2012-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-backend.c,
lib/ext/heartbeat.c, lib/ext/safe_renegotiation.c,
lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_pubkey.c,
lib/gnutls_session_pack.c, lib/gnutls_str.c, lib/gnutls_x509.c,
lib/nettle/pk.c, lib/opencdk/armor.c, lib/opencdk/keydb.c,
lib/opencdk/literal.c, lib/opencdk/stream.c,
lib/opencdk/write-packet.c, lib/pkcs11.c, lib/x509/ocsp_output.c,
lib/x509/pkcs12.c: several cleanups
2012-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey.c: corrected bug in gnutls_x509_privkey_sign_data
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: All openpgp code moved within ENABLE_OPENPGP
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated makefiles
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_dtls.c,
lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_record.c: Correctly
restore gnutls_record_recv() in DTLS mode if interrupted during the
retrasmition of handshake data.
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: Allow for pinging until timeout.
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: corrected time
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: fixed copyright
2012-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Better handling
of timeouts.
2012-09-21 Simon Josefsson <simon@josefsson.org>
* lib/ext/heartbeat.c, lib/gnutls_psk.c, lib/tpm.c: GTK-DOC fixes.
2012-09-21 Simon Josefsson <simon@josefsson.org>
* lib/algorithms/cert_types.c, lib/tpm.c, lib/x509/common.c,
lib/x509/ocsp_output.c: More GTK-DOC warning fixes.
2012-09-21 Simon Josefsson <simon@josefsson.org>
* doc/reference/gnutls-docs.sgml: Also include tpm.h in GTK-DOC
manual.
2012-09-21 Simon Josefsson <simon@josefsson.org>
* doc/reference/Makefile.am, lib/gnutls_ui.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/tpm.h,
lib/pkcs11.c, lib/pkcs11_privkey.c, lib/tpm.c: Fix GTK-DOC warnings.
2012-09-21 Simon Josefsson <simon@josefsson.org>
* configure.ac: Cleanup warning flags.
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped versions
2012-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc update
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/gnutls_record.c, src/common.c,
src/serv.c, src/socket.c, src/udp-serv.c: updates in heartbeat
support
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: updated documentation
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/no-ca-or-pathlen.pem: updated tests for new
security levels
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/gnutls_buffers.c,
lib/gnutls_buffers.h, lib/gnutls_dtls.c, lib/gnutls_errors.c,
lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: several updates
in the heartbeat handling code.
2012-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/dn.c: Corrected issues
2012-09-20 Simon Josefsson <simon@josefsson.org>
* configure.ac: Drop -Winline.
2012-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: corrected usage of defines
2012-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/manpages/Makefile.am: doc/manpages is handled the
same as doc/
2012-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/Makefile.am: compare-makefile is only executed
during make dist.
2012-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_int.h: DEFAULT_* -> DEFAULT_MAX_*
2012-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/x509/verify-high.c: MAX_CERTS_TO_SORT ->
DEFAULT_VERIFY_DEPTH
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: corrected default
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in: Increased security levels by adding
insecure.
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/gdoc: Allow negatives in enumerations.
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: do not complain on overlength strings
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.c,
lib/gnutls_state.h: gnutls_session_enable_compatibility_mode() is
equivalent to %COMPAT priority string.
2012-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c, lib/gnutls_int.h,
lib/gnutls_priority.c, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in: Warn on certificate with weak
security levels. (re)introduces GNUTLS_SEC_PARAM_WEAK.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_ui.c, lib/includes/gnutls/x509.h,
lib/x509/verify-high.c, tests/chainverify-unsorted.c: Added
verification flags GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, which is
enabled by default for verifying TLS sessions.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed a now redundant chain check
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c, tests/Makefile.am,
tests/chainverify-unsorted.c: Added function to sort the provided
certificate chain prior to verification.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c, lib/x509/x509_int.h: avoid duplicate asn1
structure initialization.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/element.c, lib/minitasn1/int.h,
lib/minitasn1/libtasn1.h: updated minitasn1
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, m4/hooks.m4: Use the pkg-config macro to find
libtasn1.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: corrected typo
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: small updates
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/mpi.c, lib/x509/x509_int.h: removed old libtasn1
requirements
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: MAX_NAME_SIZE -> MAX_SERVER_NAME_SIZE
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: corrected sign
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: corrected prototypes
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_priority.c,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: use a
%STATELESS_COMPRESSION priority string instead of gnutls_init()
flag.
2012-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_sig.c: corrected missing parameter
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_sig.c: Key
usage violations are allowed when the COMPAT keyword is specified. I've noticed in the SSL observatory data that most key usage bits in
a certificate are set randomly (e.g., there are DSA certificates
marked for encryption, and most RSA certificates marked for
signature only are used for encryption anyway). There is no point of
being strict in such environment.
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Do not ask unnecessary questions when signing a
certificate (request).
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/system.c, lib/system.h: mingw32 support.
Based on patch by LRN.
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, lib/gnutls_cipher.c,
lib/gnutls_compress.c, lib/gnutls_compress.h, lib/gnutls_int.h,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added
GNUTLS_STATELESS_COMPRESSION flag to gnutls_init().
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/privkey.c, src/certtool.c: Added
gnutls_x509_privkey_get_pk_algorithm2(). Certtool prints the number
of bits in a private key.
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, lib/Makefile.am: Refer to files with explicit
path. Patch by LRN.
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/tests/ioctl.c: win32 fix. Patch by LRN.
2012-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am: libopts depends on libintl. Patch by LRN.
2012-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/pkix.asn,
lib/pkix_asn1_tab.c: small optimizations in ASN.1 to save memory
2012-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: Added a note on compression
2012-09-11 Ilya Tumaykin <itumaykin@gmail.com>
* lib/nettle/wmnaf.c: Fix mpz_unitstbit compilation with GMP
versions < 5. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c, tests/x509cert-tl.c: When requested
gnutls_x509_trust_list_deinit() will deinitialized all certs
(including the named)
2012-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: Use the new asn1_read_node_value()
2012-09-03 Marti Raudsepp <marti@juffo.org>
* lib/x509/verify-high2.c, tests/x509cert-tl.c: Fix
gnutls_x509_trust_list_add_trust_mem with DER-format certificates. The function took a "type" argument and then happily proceeded to
ignore it and try PEM format anyway. Most importantly, this makes gnutls_x509_trust_list_add_system_trust
work on Windows, which loads DER certificates using this function.
I'll be damned if that actually ever worked properly -- certainly
not in any git version. :) Also added test for gnutls_x509_trust_list_add_trust_mem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: added upload directive
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/makeshell.c, src/serv.c: mingw64 compilation fixes
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated libs
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/system.c: The default
system_recv_timeout() doesn't include a call to recv() to avoid
issue in few systems.
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: increased timeouts
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: dump the errno received by select
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: removed unused code
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: use errno_to_gerr() in
_gnutls_io_check_recv().
2012-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c: Do not repeatedly set
timeout
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/ext/signature.c, lib/gnutls_pubkey.c,
lib/gnutls_sig.c: Be tolerant is ECDSA-violating signatures.
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: Added server mode tests for the
various EC curves.
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-intro-tls.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
doc/manpages/Makefile.am: Added heartbeat functions
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/certs/cert-ecc256.pem, tests/certs/cert-ecc384.pem,
tests/certs/cert-ecc521.pem, tests/certs/ecc256.pem,
tests/certs/ecc384.pem, tests/certs/ecc521.pem,
tests/suite/testcompat-main: Added suite for ECDSA under various
curves
2012-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/Makefile.am, lib/nettle/ecc.h,
lib/nettle/ecc_make_key.c, lib/nettle/ecc_mulmod.c,
lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_mulmod_timing.c,
lib/nettle/ecc_mulmod_wmnaf.c,
lib/nettle/ecc_mulmod_wmnaf_cached.c,
lib/nettle/ecc_projective_add_point.c,
lib/nettle/ecc_projective_add_point_ng.c,
lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_verify_hash.c,
lib/nettle/pk.c: Removed unused ECC code. Renamed ecc_mulmod_wmnaf -> ecc_mulmod Renamed
ecc_projective_add_point_ng -> ecc_projective_add_point
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/gnutls_int.h,
lib/gnutls_record.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
src/cli-args.h, src/cli.c, src/serv-args.c, src/serv-args.h,
src/serv.c, src/tests.c: Some small optimizations in heartbeat
handling and regeneration of src/ args files.
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: removed unneeded test
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c, src/tests.h, src/tls_test.c: removed unneeded test.
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/server_name.c, lib/ext/session_ticket.c, lib/ext/srp.c,
lib/gnutls_session_pack.c, lib/gnutls_str.h: BUFFER_APPEND_PFX is no
more. Replaced with BUFFER_APPEND_PFX4
2012-08-28 Olga <olyasib12@gmail.com>
* doc/cha-internals.texi, doc/cha-intro-tls.texi,
doc/manpages/Makefile.am, doc/protocol/rfc6520.txt, lib/debug.c,
lib/ext/Makefile.am, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
lib/gnutls_buffers.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_record.h,
lib/gnutls_state.c, lib/gnutls_str.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
src/cli-args.def, src/cli.c, src/common.c, src/serv-args.def,
src/serv.c, src/socket.c, src/tests.c, src/tests.h, src/tls_test.c:
Added Heartbeat extension support. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/ecc_mulmod_wmnaf_cached.c: corrected deinitialization
of wmnaf cache.
2012-08-30 Ilya Tumaykin <itumaykin@gmail.com>
* lib/gnutls_global.c, lib/gnutls_global.h, lib/nettle/Makefile.am,
lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
lib/nettle/ecc_mulmod_wmnaf.c,
lib/nettle/ecc_mulmod_wmnaf_cached.c,
lib/nettle/ecc_projective_add_point.c,
lib/nettle/ecc_projective_add_point_ng.c,
lib/nettle/ecc_projective_dbl_point_3.c,
lib/nettle/ecc_projective_isneutral.c,
lib/nettle/ecc_projective_negate_point.c,
lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
lib/nettle/ecc_verify_hash.c, lib/nettle/init.c, lib/nettle/pk.c,
lib/nettle/wmnaf.c: wMNAF-based multiplication Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: Added extension in TODO list
2012-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: On Linux with /proc/sys/net/ipv6/bindv6only == 0
(which is now the default), gnutls-serv cannot listen on ipv6. Patch
by Bernhard R. Link.
2012-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pk.c, lib/gnutls_pk.h, lib/pkcs11_privkey.c: simplified
ECDSA/DSA signature generation in tokens.
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: Revert "Use _gnutls_dsa_q_to_hash() only for
warning reasons." This reverts commit 8bb82a3d386abc1c59cb16d3a6d8c68fb66a2170.
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_privkey.c: fix DSA and ECDSA signing in smart cards.
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: null terminate the certificate being print
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: Use _gnutls_dsa_q_to_hash() only for warning
reasons.
2012-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool-common.h, src/certtool.c:
Changes in password handling of certtool. Ask password when required and only if the '--password' option is
not given. If the '--password' option is given during key
generation then assume the PKCS #8 format.
2012-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_pkcs8.c: Prevent the usage of strlen() on null
values.
2012-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2012-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: added new items
2012-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2012-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: heartbeat support is no longer in the todo
2012-08-24 Simon Josefsson <simon@josefsson.org>
* tests/suppressions.valgrind: Fix suppression rules.
2012-08-24 Simon Josefsson <simon@josefsson.org>
* .gitignore: Sort and add doc/tpm-api.texi.
2012-08-24 Simon Josefsson <simon@josefsson.org>
* configure.ac: Silence automake warning.
2012-08-24 Simon Josefsson <simon@josefsson.org>
* doc/manpages/Makefile.am: Generate manpages for tpm.h.
2012-08-19 Simon Josefsson <simon@josefsson.org>
* doc/manpages/Makefile.am: Generated.
2012-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/gnutls_cert.c: doc fix
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: remove debugging
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_sig.c: When signing use the private key's algorithm.
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c,
lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
lib/openpgp/privkey.c: Use the preferred key ID when reading the
pk_algorithm in openpgp keys. gnutls_openpgp_*_get_pk_algorithm() returns the algorithm of the
preferred key ID if set.
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Added missing functions
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
lib/gnutls_sig.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_sign_algorithm_get().
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: removed unused variable
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/sign.c, lib/ext/signature.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/x509/crq.c,
lib/x509/verify.c: gnutls_sign_get_pk_algorithm and
gnutls_sign_get_hash_algorithm were exported.
2012-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c: When selecting a session signature algorithm
consider the enabled.
2012-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool.c: No need to ask for key password on registered keys.
2012-08-16 Mark Brand <mabrand@mabrand.nl>
* lib/system.c: fix case of include file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_priority.c, lib/gnutls_record.c:
fix warnings
2012-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: Avoid stray return when compiling without trousers.
2012-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: avoid memory leak
2012-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, NEWS: updates
2012-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: No need to require the private key to be present
when generating a certificate.
2012-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: Link srptool with libintl. Suggested by B. Scott
Michel.
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated news
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Security levels can
be combined as priority strings.
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: small updates in
mini-handshake-timeout
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: document gnutls_random_art
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-handshake-timeout.c: Added test that
checks the handshake timeout.
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated news
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2012-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, doc/Makefile.am: the new makeinfo sets the FLOAT_NAME by
default.
2012-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: corrected html generation
2012-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: updated html doc
2012-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2012-08-09 Simon Josefsson <simon@josefsson.org>
* guile/src/Makefile.am: Add gnulib -I's to guile-snarf command.
2012-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/gnutls.texi: use FLOAT_NAME_IN_XREF
2012-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c:
gnutls_handshake_timeout() -> gnutls_handshake_set_timeout()
2012-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Added
gnutls_handshake_timeout().
2012-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: document the deprecated functions in 3.1.x
2012-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: document the alloc functions
2012-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, build-aux/config.rpath, configure.ac: released
2012-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/gnutls.texi: distribute all generated files
2012-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented TPM support
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_rsa_export.c: corrected typo
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/pkcs11_privkey.c, lib/tpm.c: documentation
fixes.
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/gnutls.texi: better doc output
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: no need for libgnutlsxx.map
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select.c, doc/invoke-certtool.texi,
tests/pkcs12-decode/Makefile.am: corrected example and added missing
files.
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: confirm password on key generation.
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h, src/certtool-common.h,
src/certtool.c, src/cli.c, tests/pkcs12-decode/pkcs12: Restored
ability to decrypt PKCS #8 and #12 keys with a NULL password.
Certtool now accepts the option --null-password.
2012-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Exit with an error code if a PKCS #12 structure
cannot be decrypted.
2012-07-26 Petr Písař <petr.pisar@atlas.cz>
* src/certtool.c: Respect certtool --hash when signing request and
CRL The certtool hard-codes the digest algorithm despite '--hash' option
exists. This patch allows user to choose the algorithm when signing
certificate request or certificate revocation list. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/pin.c, lib/pin.h, lib/pkcs11.c,
lib/pkcs11_int.h, lib/tpm.c: PIN-related functions common to TPM and
PKCS #11 moved to pin.c.
2012-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1,
lib/includes/gnutls/tpm.h, lib/tpm.c, src/tpmtool.c:
GNUTLS_TPMKEY_FMT_PEM renamed to GNUTLS_TPMKEY_FMT_CTK_PEM
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: tpmtool now accepts the --inder and --outder options.
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/tpm.h,
lib/tpm.c: Separated TPM key encodings from the X.509 certificates. Added two TPM-specific encodings the DER and PEM. Even though they
look to be related the are not. The DER encoding is the one provided
using Tspi_EncodeDER_TssBlob, and the PEM is the compatibility
encoding used by create_tpm_key.
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: doc fixes
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/mytexi2latex: handle noindent
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-tokens.texi: more elaborate PIN
documentation
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/gdoc: handle more complex enums
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi: discussed the generic and openssl privkey
import functions.
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: added tpm flag
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, doc/latex/macros.tex: more doc fixes
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/x509/pkcs12.c: doc fix
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/Makefile.am, doc/latex/gnutls.tex: doc updates
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: more set_pin functions.
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: set PIN function when reading a certificate
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c,
lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c, lib/pkcs11_write.c,
lib/tpm.c, src/common.c, src/pkcs11.c: GNUTLS_PKCS11_PIN ->
GNUTLS_PIN
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c, tests/openpgp-auth2.c: use stack for file
paths
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1:
doc updates
2012-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: Increate the entropy of TPM when generating keys. When generating a key in TPM provide it with some randomness using
Tspi_TPM_StirRandom(). Suggested by Carolin Latze.
2012-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: Force dependency on nettle 2.5.
2012-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am, doc/manpages/tpmtool.1: Added tpmtool
manpage.
2012-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h:
updated TPM doc
2012-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/certtool-common.c, src/certtool-common.h,
src/certtool.c, src/cli.c, src/common.c, src/common.h,
src/p11common.c, src/p11common.h, src/pkcs11.c, src/serv.c:
Eliminated p11common.c.
2012-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/pkcs11.c, lib/x509/x509.c,
lib/x509/x509_int.h: PKCS #11 PIN handling fixes. Added gnutls_x509_crt_set_pin_function() and set the PIN handling
function in gnutls_privkey_import_pkcs11_url().
2012-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Check for /etc/ssl/cert.pem in OpenBSD. Reported by
David Woodhouse and Mike Miller.
2012-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c, tests/openpgp-auth2.c: Avoid the usage of
alloca(). Reported by Rob McMahon.
2012-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c: Avoid returning from void function. Patch by
Rob McMahon.
2012-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: better title
2012-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: mention the context specific PIN functions.
2012-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
doc/cha-functions.texi, doc/cha-gtls-app.texi,
doc/cha-library.texi, doc/cha-tokens.texi, doc/gnutls.texi,
doc/invoke-tpmtool.texi, lib/gnutls_ui.c, lib/gnutls_x509.c: Added
documentation for TPM keys.
2012-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/snippet/_Noreturn.h, gl/Makefile.am, gl/alloca.in.h,
gl/argp-ba.c, gl/argp-help.c, gl/argp-parse.c, gl/argp-pv.c,
gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/gettext.h,
gl/m4/argp.m4, gl/m4/extensions.m4, gl/m4/fdopen.m4,
gl/m4/frexp.m4, gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
gl/m4/gettext.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
gl/m4/intdiv0.m4, gl/m4/intlmacosx.m4, gl/m4/largefile.m4,
gl/m4/ldexpl.m4, gl/m4/lock.m4, gl/m4/mmap-anon.m4,
gl/m4/multiarch.m4, gl/m4/nocrash.m4, gl/m4/printf-frexpl.m4,
gl/m4/printf.m4, gl/m4/signbit.m4, gl/m4/stdio_h.m4,
gl/m4/strerror_r.m4, gl/m4/strndup.m4, gl/m4/sys_time_h.m4,
gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4,
gl/m4/visibility.m4, gl/printf-parse.c, gl/signal.in.h,
gl/stdint.in.h, gl/stdio-impl.h, gl/stdlib.in.h,
gl/sys_select.in.h, gl/tests/init.sh, gl/tests/minus-zero.h,
gl/tests/stat.c, gl/tests/test-alloca-opt.c,
gl/tests/test-malloca.c, gl/tests/test-select.h,
gl/tests/test-time.c, gl/timespec.h, gl/unistd.in.h,
gl/vasnprintf.c, maint.mk: Updated gnulib.
2012-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
src/benchmark.h: print average time per transaction and sample
variance.
2012-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: Client credentials initialization moved
outside benchmark
2012-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/tpm.c: Callbacks are being called even if a
global PIN functions is not set.
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, lib/auth/cert.h, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Allow
association of a PIN function with a credentials structure. This function will be used to override any globally set ones.
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: return value fix
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
Removed newly added functions and added
gnutls_pkcs11_get_pin_function().
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/gnutls_int.h, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c, lib/tpm.c: Added PIN callbacks in structures
that may require PIN access to override the global callbacks.
2012-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
lib/pkcs11_write.c: PIN callback function was made more generic than
PKCS #11.
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: added missing functions
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool.c: signing keys are generated by default
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: random uuids are marked as such
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
src/certtool-common.c, src/cli.c: Added gnutls_url_is_supported()
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: doc fix
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: Allow generation of system and user keys.
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/tpm.h, lib/tpm.c: Allow handling of user and
system keys.
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, lib/tpm.c:
minor fixes in TPM code
2012-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: Enabled the generation of signing keys.
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map, src/cli.c: Added
functions that import any kind of URL into abstract public and
private keys. Added: gnutls_pubkey_import_url() gnutls_privkey_import_url()
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: When verifying a certificate chain make
sure it is chain. If the chain is interrupted (wrong) at some point then truncate,
only try to verify the correct part. Patch by David Woodhouse.
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/cli.c: Allow gnutls-cli to be used with
tpmkey urls
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/tpm.c: Added flag to disable
the use of callbacks in TPM keys.
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_x509.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map, lib/tpm.c,
src/certtool-common.c, src/tpmtool.c: Added ability to request PIN
from a TPM URL. It uses the PKCS11 PIN function.
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool.c: corrected function call
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/cha-cert-auth2.texi,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: Added
gnutls_pkcs11_advset_pin_function and
gnutls_pkcs11_advset_token_function
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/tpm.h, lib/tpm.c: doc fix
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: do not list parent in URL.
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: Allow tpmkey: urls in set_key_file()
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/tpmtool.c: Added support for legacy key
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am: documented updates
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: pubkey option can now accept a url
2012-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/gnutls_str.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/tpm.c: small
fixes in TPM support
2012-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h: internal functions
marked as static
2012-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/tpm.h, lib/libgnutls.map, lib/tpm.c,
src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: Added functions to handle TPM stored keys. Not everything is on working state.
2012-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/tpm.c: Allow importing a
public key from UUID
2012-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/tpm.h, lib/tpm.c: Added the option to register
a key
2012-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/tpm.c: Added option to load a
TPM key from an UUID (untested)
2012-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: Common handling of error codes.
2012-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, lib/tpm.c:
combined TPM initialization.
2012-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c, src/tpmtool-args.c, src/tpmtool-args.def,
src/tpmtool-args.h, src/tpmtool.c: TPM key generation allows for
arbitrary RSA key bits, but quantizes them to the minimum allowed
value that is larger than input.
2012-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, lib/includes/gnutls/abstract.h,
lib/libgnutls.map, lib/tpm.c, src/certtool-common.c,
src/certtool-common.h, src/certtool.c, src/tpmtool-args.c,
src/tpmtool-args.def, src/tpmtool-args.h, src/tpmtool.c: Added
functionality to extract the pubkey key from a TPM key. Added new function gnutls_pubkey_import_tpm_raw(). tpmtool can now
print the pubkey key from a TPM key.
2012-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh_primes.c, lib/gnutls_pubkey.c, lib/tpm.c,
lib/x509/common.c, lib/x509/crl.c, lib/x509/crq.c,
lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509_b64.c,
lib/x509_b64.h: simplified base64 encoding/decoding functions by
using a datum.
2012-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h: no
url in tpmtool
2012-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_errors.c, lib/includes/Makefile.am,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/tpm.h,
lib/libgnutls.map, lib/pkcs11_privkey.c, lib/tpm.c,
lib/x509/common.c, lib/x509/common.h, src/Makefile.am,
src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
src/tpmtool.c: Added tpmtool. It is a tool to generate TPM private keys. In addition
gnutls_tpm_privkey_generate() was added.
2012-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: no tpm test
2012-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/gnutls.h.in, lib/tpm.c, tests/Makefile.am:
distinguish password errors and use the internal octet string
decoding functions.
2012-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/Makefile.am, lib/Makefile.am,
lib/gnutls_errors.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/tpm.c: Added initial
support for TPM keys.
2012-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: A deinit function implies
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by David
Woodhouse.
2012-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Added gnutls_privkey_import_ext2() This function allows to specify a deinitialization function.
2012-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/privkey.c,
lib/x509/privkey_openssl.c: gnutls_x509_privkey_import_openssl()
works only with PEM files.
2012-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_openssl.c: comment put in context
2012-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_openssl.c: Check for PEM headers before DEK-Info.
2012-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey.c: Handle EC DER keys.
2012-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/eagain-common.h,
tests/mini-emsgsize-dtls.c: Added test application that tests
GNUTLS_E_LARGE_PACKET and modifies the MTU size during handshake.
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: added missing function
2012-06-30 David Woodhouse <David.Woodhouse@intel.com>
* lib/gnutls_record.c: Return GNUTLS_E_LARGE_PACKET instead of
truncating when sending DTLS record Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: fix
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: no need to check for DTLS
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: no need for _gnutls prefix.
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: only block ciphers need 1 byte padding.
2012-06-29 David Woodhouse <David.Woodhouse@intel.com>
* lib/gnutls_dtls.c: Fix documentation for gnutls_dtls_set_mtu() It *isn't* the interface MTU, it's the transport MTU. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: sign fixes
2012-06-29 David Woodhouse <David.Woodhouse@intel.com>
* lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map:
Add gnutls_dtls_set_data_mtu() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/gnutls_state.h: gnutls_dtls_get_data_mtu() is more precise.
Based on patch by David Woodhouse.
2012-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: cleaned up errno handling.
2012-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/cryptodev.c, lib/algorithms/ciphers.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
lib/x509/privkey_openssl.c: Added Camellia-192-CBC algorithm
identifier. Based on patch by David Woodhouse.
2012-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_openssl.c: Included more algorithms in openssl
privkey decryption.
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, lib/gnutls_privkey.c,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/Makefile.am, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509_b64.c, lib/x509_b64.h,
src/certtool.c: Added functions gnutls_x509_privkey_import2 and
gnutls_x509_privkey_import_openssl. The former imports keys in arbitrary formats and the latter imports
openssl keys (unfinished).
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc fixes
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: document the gnutls_pcert_st
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select.c: use new functions.
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-cert-auth2.texi,
doc/invoke-certtool.texi: doc fix
2012-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_buffers.c, lib/gnutls_errors.c,
lib/gnutls_record.c, lib/system.c: Return GNUTLS_E_LARGE_PACKET when
errno is EMSGSIZE
2012-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-extras.c: added missing file
2012-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/certtool-common.c, src/certtool-common.h:
Splitted Lucas' contribution to allow incorporation.
2012-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h:
Dot require load-privkey for to-p12
2012-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: document limitations
2012-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, THANKS, src/certtool-common.c: Updated Lucas' patch
2012-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: updated doc
2012-06-23 Lucas Fisher <lucas.fisher@gmail.com>
* src/certtool-common.c, src/certtool-common.h, src/certtool.c:
Certtool exports multiple keys in PKCS12 file Update certtool to export multiple keys in a PKCS12 file so multiple
certificate/key pairs may be included in one file. - Add load_privkey_list() so that --load-privkey loads multiple keys - Change generate_pkcs12() to add multiple keys to the PKCS12 file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_ui.c, lib/pkcs11.c: updated
versions
2012-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth2.texi, lib/gnutls_privkey.c,
lib/gnutls_ui.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map,
src/cli.c: Added functions to directly load a private key. They allow loading a data buffer into a gnutls_privkey_t without
going through cumbersome convertions.
2012-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in: Added
gnutls_load_file().
2012-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_privkey.c: Use the label when looking for
a certificate or private key in PKCS #11. Patch by David Woodhouse.
2012-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: moved symbol
2012-06-15 Diego Elio Pettenò <flameeyes@flameeyes.eu>
* src/Makefile.am: build: make sure to declare the generated source
files as BUILT_SOURCES This allows proper building when using parallel make on a multi-core
system. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: correct comparison of sent data in
dtls-stress.
2012-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: small fix
2012-06-11 Simon Josefsson <simon@josefsson.org>
* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/version.c: Update to libtasn1 2.13.
2012-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: removed old news entry
2012-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated TODO
2012-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs12.h, lib/x509/pkcs12.c: Added flag
GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED for
gnutls_pkcs12_simple_parse().
2012-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: deinitialize extra certs if they are empty.
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c: Revert "documented
pin_callback expectations." This reverts commit 2576a9d933e4f29f69a7182faa9c4210eeec8fee.
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* AUTHORS, NEWS: added author of code.
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
lib/pkcs11_secret.c, lib/pkcs11_write.c: In tokens that allow
multiple sessions make the private key session persistent. This
prevents asking for PIN on every private key operation.
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: When generating a pkcs12 structure with multiple
certificates set a friendly name only on the first one.
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: removed entry which was included in 3.0.20
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_pkcs8.c: Fixed leaks in PKCS #8 decoding
2012-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h,
lib/x509/pkcs12.c, tests/Makefile.am,
tests/pkcs12-decode/Makefile.am, tests/pkcs12_simple.c: Changed
prototype for gnutls_pkcs12_simple_parse() to simplify chain
building.
2012-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c: documented pin_callback
expectations.
2012-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c, src/cli.c, src/psk.c, src/serv.c, src/srptool.c,
src/tls_test.c: removed unused functions.
2012-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/cli.c: simplified check for win32
2012-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: Print the fingerprint only in the first certificate
in the chain.
2012-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: GNUTLS_E_ENCRYPTED_STRUCTURE is no more.
2012-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, lib/algorithms.h,
lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_kx.c, lib/gnutls_session_pack.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
for an old version of the DTLS protocol used by openconnect vpn
client for compatibility with Cisco's AnyConnect SSL VPN. It is
marked as GNUTLS_DTLS0_9. Do not use it for newer protocols as it
has issues.
2012-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: corrected function name
2012-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-gnutls-cli.texi, src/benchmark-tls.c,
src/benchmark.h, src/cli-args.c, src/cli-args.def, src/cli-args.h,
src/cli.c: Options --benchmark-tls was split to --benchmark-tls-kx
2012-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: Added keys of equivalent security levels.
2012-06-06 Mark Brand <mabrand@mabrand.nl>
* lib/gnutls_x509.c: add missing include wincrypt.h Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention retrieve_function2
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: corrected invalid char
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi, doc/latex/Makefile.am: updates in latex
build
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/gnutls.tex: no need for eurosans
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/scripts/mytexi2latex: do not use
@euro{}
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/ar-lib, gl/Makefile.am, gl/errno.in.h, gl/fseeko.c,
gl/fstat.c, gl/ftello.c, gl/lseek.c, gl/m4/dup2.m4,
gl/m4/errno_h.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftello.m4,
gl/m4/ftruncate.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
gl/m4/getline.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/largefile.m4, gl/m4/lseek.m4,
gl/m4/lstat.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
gl/m4/memmem.m4, gl/m4/mmap-anon.m4, gl/m4/off_t.m4,
gl/m4/putenv.m4, gl/m4/realloc.m4, gl/m4/setenv.m4,
gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
gl/m4/symlink.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_types_h.m4,
gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4, gl/select.c,
gl/stdint.in.h, gl/stdio.in.h, gl/strerror-override.c,
gl/strerror-override.h, gl/sys_stat.in.h, gl/sys_types.in.h,
gl/tests/binary-io.h, gl/tests/fcntl.in.h, gl/tests/ftruncate.c,
gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/stat.c,
gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
gl/tests/test-errno.c, gl/u64.h, gl/unistd.in.h, ltmain.sh,
maint.mk: updated gnulib
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/cert-tests/Makefile.am,
tests/cert-tests/ca-certs.pem, tests/certs/ca-certs.pem: moved
ca-certs.
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* : updated
2012-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h: stdarg.h is not needed
2012-06-05 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
* NEWS, lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Re-use
GNUTLS_E_DECRYPTION_FAILED for encrypted structures.
2012-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: small doc fix
2012-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-x509-2.c: Added new test
program.
2012-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: print warning to stderr
2012-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc updates
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, src/certtool.c:
Introduced GNUTLS_E_ENCRYPTED_STRUCTURE error code. This error code
is returned by encrypted key import functions such as
gnutls_x509_privkey_import_pkcs8() and gnutls_pkcs12_simple_parse()
when an encrypted structure is provided but no password is given.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: fixed symbol
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/manpages/Makefile.am: updated news
entries
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/pgpverify.c: Verification in openpgp changed to
ressemble the X.509 behavior.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in, lib/x509/verify-high.c,
lib/x509/verify.c: Differentiate between signature failure and
generic errors, by introducing the verification flag
GNUTLS_CERT_SIGNATURE_FAILURE. Suggested by David Woodhouse.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: Removed duplicate entries and added an explicit
local.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/libgnutlsxx.map: No need for version script
for CPP programs.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: better function naming.
2012-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h, lib/nettle/pk.c,
lib/x509/pkcs12.c: gnutls_certificate_set_x509_simple_pkcs12_file()
now imports certificate chain if it is present.
gnutls_pkcs12_parse() was renamed to gnutls_pkcs12_simple_parse()
2012-06-01 David Woodhouse <David.Woodhouse@intel.com>
* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h,
lib/libgnutls.map: Export parse_pkcs12() as gnutls_pkcs12_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-01 David Woodhouse <David.Woodhouse@intel.com>
* lib/gnutls_x509.c: Make parse_pkcs12() return extra certificates
too Optionally create a separate list, and return them for the caller to
use as appropriate. This also cleans up the error handling a little. There seemed to be
a potential memory leak (of *key, for example) when returning errors
after some information had already been extracted. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.h: minor documentation updates
2012-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: doc updates
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: corrected text.
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: corrected typo
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: typo fix
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: Do not document old functions.
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey.c: documented behavior.
2012-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/privkey_pkcs8.c: Do not crash if password is null and
GNUTLS_PKCS_PLAIN is not specified.
2012-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: improved comments and added unlikely().
2012-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, lib/gnutls_buffers.c, tests/Makefile.am,
tests/certs/ca-certs.pem, tests/mini-x509-cas.c: Corrected handling
of handshake packets that span multiple records.
2012-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: updated Makefile
2012-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: documentation update
2012-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* : updated
2012-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected typo
2012-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session_pack.c: corrected data copy
2012-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: MAX_ENTRIES increased to 128.
2012-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Updated documentation on DTLS.
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-examples.texi: updated documentation
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: updated Makefile.
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk, win32/.gitignore: updated cross compilation makefile.
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls_x509.c, lib/system.c,
lib/x509/verify-high2.c: Added support for windows trusted
certificate store
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross compilation makefile
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: bumped version
2012-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: no need to distribute postscript
2012-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/gnutls_x509.c, lib/x509/verify-high2.c: Added
the notion of a default CRL file.
2012-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
doc/cha-shared-key.texi, doc/examples/ex-client-x509.c: updated doc
2012-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi: updated
2012-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: Added DevPak package.
2012-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: corrected doc.
2012-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: document nettle requirement
2012-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: no need for netinet/ip.h
2012-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: When checking for an issuer check for a match
in the key identifiers.
2012-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: Added
the --dh-bits option to gnutls-cli.
2012-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-dtls.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-x509.c, lib/gnutls_x509.c: Be more conservative
with examples and changed semantics of
gnutls_certificate_set_x509_system_trust().
gnutls_certificate_set_x509_system_trust() returns
GNUTLS_E_UNIMPLEMENTED_FEATURE on systems that do not have a (known)
default trust store.
2012-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: documented function.
2012-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: updated
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/nettle/pk.c: updates
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, lib/x509/x509.c: align with 3.0.x
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth2.texi, lib/abstract_int.h,
lib/algorithms.h, lib/algorithms/sign.c, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/crypto-backend.h, lib/ext/signature.c,
lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/pk.c, lib/opencdk/main.h,
lib/opencdk/pubkey.c, lib/opencdk/seskey.c, lib/openpgp/privkey.c,
lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_int.h, tests/x509sign-verify.c: Use the PKCS #1 1.5
encoding provided by nettle (2.5) for encryption and signatures.
2012-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Added text for gnutls_dh_set_prime_bits and
gnutls_srp_set_prime_bits
2012-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: Document the effect of lowering the DH bits.
2012-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/common.c: Print certificate if --print-cert is
given, even on verification failure.
2012-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Revert "This patch fixes following kind of issue
with automake 1.12" It was suggested that this need not to be solved
by gnutls. This reverts commit 30ad4976249aa9e402eb27081ade06928f3066f0.
2012-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/.gitignore, doc/invoke-certtool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi: Auto-generated texi files were added.
2012-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h:
Added URI to the example.
2012-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
tests/cert-tests/template-test.pem: Added support for the URI type
of subject alternative name in certtool.
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, src/certtool-args.c, src/certtool-args.h,
src/cli-args.c, src/cli-args.h, src/cli-debug-args.c,
src/cli-debug-args.h, src/ocsptool-args.c, src/ocsptool-args.h,
src/p11tool-args.c, src/p11tool-args.h, src/psk-args.c,
src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h: Added the autogen files to
git.
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am: Added new functions
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha, src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/pathfind.c, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/libopts.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
src/libopts/nested.c, src/libopts/parse-duration.c,
src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c,
src/libopts/reset.c, src/libopts/save.c, src/libopts/stack.c,
src/libopts/streqvcmp.c, src/libopts/tokenize.c,
src/libopts/usage.c, src/libopts/value-type.h,
src/libopts/xat-attribute.h: Updated libopts
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: added new functions
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/manpages/Makefile.am, lib/gnutls_x509.c,
lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/pkcs11.c, lib/x509/Makefile.am,
lib/x509/verify-high2.c, lib/x509/x509.c, src/cli.c: Added
convenience functions to load a trust list from a file or a memory
buffer. New functions: gnutls_certificate_set_x509_system_trust,
gnutls_pkcs11_obj_list_import_url2,
gnutls_x509_trust_list_add_system_trust,
gnutls_x509_trust_list_add_trust_file,
gnutls_x509_trust_list_add_trust_mem.
2012-05-08 Ludwig Nussel <ludwig.nussel@suse.de>
* configure.ac, doc/Makefile.am, doc/manpages/Makefile.am,
lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, src/cli.c: introduce
gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust() imports the trusted root
CA's from a compile time defined location. That way applications
don't need to know. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: This patch fixes following kind of issue with
automake 1.12 | automake: warnings are treated as errors |
/.../automake-1.12/am/ltlibrary.am: warning: 'libgnutls.la': linking
libtool libraries using a non-POSIX |
/.../automake-1.12/am/ltlibrary.am: archiver requires 'AM_PROG_AR'
in 'configure.ac' Patch by: Nitin A Kamble <nitin.a.kamble@intel.com>
2012-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/autoopts/options.h: removed redundant declaration.
2012-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/cpuid-x86_64.pl,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s: Corrected win64
cpuid() code. Report and patch by Mann Ern Kang.
2012-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mpi.c: corrected bug in scan_nz()
2012-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: removed old dependency
2012-04-21 Patrick Pelletier <code@funwithsoftware.org>
* NEWS, README-alpha, doc/cha-intro-tls.texi,
lib/accelerated/x86/README, lib/auth/dh_common.c, lib/auth/dhe.c,
lib/auth/srp.c, lib/auth/srp_sb64.c, lib/gnutls_state.c,
lib/nettle/mpi.c: documentation and comment fixes Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh.c, lib/gnutls_dh.h: corrected typo
2012-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c: simplified checks.
2012-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c, lib/gnutls_dh.c, lib/gnutls_dh.h: Return
proper error code if parameter check fails.
2012-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c: Added complete check in SRP parameters.
2012-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updated
2012-04-18 Alexandre Bique <bique.alexandre@gmail.com>
* lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: Add
gnutls::session::set_transport_vec_push(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh.c: Added better sanity checks in Diffie-Hellman key
exchange.
2012-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Added option to unconditionally disable crywrap.
Patch by Daniel Mierswa.
2012-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: Use openpgp if enabled.
2012-04-17 Simon Josefsson <simon@josefsson.org>
* README-alpha: Doc fix.
2012-04-17 Simon Josefsson <simon@josefsson.org>
* configure.ac: Require automake >= 1.11.3 because of dist-lzip.
2012-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: If a callback fails try the other.
2012-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: by default register a file callback in p11-kit
to read a file from the pin-source pkcs11url field.
2012-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/cs.po.in, po/de.po.in, po/fi.po.in, po/it.po.in, po/nl.po.in,
po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in: Sync with TP.
2012-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/cli.c, src/srptool.c: No need to include
gettext.h. Link against libintl when needed.
2012-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: no abi change in 3.0.19
2012-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: text for 3.1.0
2012-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in:
gnutls_record_check_unprocessed is now inline function.
2012-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: optimized usage of gnutls_rnd()
2012-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: Update random state on all cases.
2012-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/tests/ioctl.c: updated gnulib
2012-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: Added TLS 1.2 interop tests.
2012-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_pubkey.c, lib/gnutls_state.c: Relax strict
DSA/ECDSA checks to allow broader interoperability. Stronger hash
algorithms are now allowed even if DSA might only allow SHA1.
2012-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh.c: Add sanity checks in Diffie-Hellman key exchange
values.
2012-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mpi.c: corrected DH generation check.
2012-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: updated
2012-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
lib/includes/gnutls/gnutls.h.in: gnutls_record_check_pending
functionality was divided to gnutls_record_check_pending and
gnutls_record_check_unprocessed.
2012-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: doc updates
2012-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mpi.c: refuse to generate small group sizes.
2012-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: do not check for fchmod
2012-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: updated
documentation for dtls.
2012-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def: updated documentation
2012-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c: Revert "avoid killing child" This reverts commit 4965c2fbfd3405e2dfe7f7d747d03185d155c2a1.
2012-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fixes
2012-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: do not print Key ID in a pkcs12 structure if it is
null.
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: raw_to_string no longer returns NULL.
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/pkcs12: improved test and added debugging
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_sig.c: corrected comparison
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/dirent.in.h, gl/m4/math_h.m4,
gl/m4/stdio_h.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4,
gl/math.in.h, gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h,
gl/tests/strerror_r.c, gl/tests/test-float.c, gl/tests/test-math.c,
gl/wchar.in.h, maint.mk: updated gnulib
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: Added more deprecated functions
2012-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/override/tests/test-float.c.diff: avoid the floating point
test.
2012-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c, tests/mini-loss-time.c,
tests/mini-record.c, tests/mini-termination.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c: use AF_UNIX for
socketpair.
2012-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2012-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: make dist will also make lzip compressed tarball
2012-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-padlock.c, lib/algorithms.h,
lib/algorithms/kx.c, lib/algorithms/mac.c, lib/crypto-api.c,
lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_pk.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/includes/gnutls/crypto.h, lib/opencdk/armor.c,
lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/x509/ocsp.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: several
type changes to please clang
2012-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: set release date
2012-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/minitasn1/decoding.c: updated libtasn1
2012-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: removed old function.
2012-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped versions
2012-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: removed function that didn't
exist
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-termination.c: initialize value
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c: avoid killing child
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c: avoid closing fd[1] on server. For
some reason it makes connection fail.
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Add FUNCS to distribution
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, lib/gnutls_record.c, tests/Makefile.am,
tests/mini-dtls-rehandshake.c, tests/mini-record.c,
tests/mini-termination.c: Make sure that
GNUTLS_E_PREMATURE_TERMINATION is returned if there is premature
termination.
2012-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: do not build test with timers when posix
timers are not present.
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/keydb.c, lib/opencdk/literal.c: corrected types
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp.c: use correct type in snprintf.
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/compat.h: added prototypes for inline
functions (some gcc versions couldn't compile without)
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/gnutls_auth.h, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_ui.c: even more
cleanups
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/auth/srp_rsa.c: more cleanups
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/ocsp.c, tests/openpgp-auth2.c, tests/resume-dtls.c: Fixes
for win32 and time. OCSP test now sets a fixed time to avoid
expiration errors.
2012-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/auth/srp_rsa.c: simplified internal
function names.
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: improvements in long long usage
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: corrected probing of cryptodev
digests.
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/x86/aes-x86.h, m4/hooks.m4: Do not assume
sizeof(unsigned long)==sizeof(void*). Based on patch by B. Scott
Michel.
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/genshell.h: include libintl. Patch by B. Scott Michel
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/genshell.h: Revert "use
header files from gl/ and include gettext.h" This reverts commit 6b3d7b6e31ddab337e185922910262d68f1fc6fa.
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/genshell.h: use header files
from gl/ and include gettext.h
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cxx.cpp: more warnings to silence.
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-anon.c: silence warnings. Patch by B. Scott
Michel.
2012-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs.pl, lib/includes/gnutls/compat.h: Added
doc-skip to skip certain functions from documentation.
2012-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/compat.h: remove brackets.
2012-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/compat.h: Cleaned up deprecated types and
added a deprecation warning on them.
2012-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/compat.h: Provide compatibility inline
functions for gnutls_session_get_server_random() and
gnutls_session_get_client_random().
2012-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/x86/aes-padlock.c: Only call
check_phe_partial() if PHE has been detected.
2012-03-21 Simon Josefsson <simon@josefsson.org>
* README-alpha: Update bootstrapping instructions.
2012-03-21 Simon Josefsson <simon@josefsson.org>
* .gitignore, doc/Makefile.am: Tell automake about all filenames to
fix 'make distcheck'.
2012-03-21 Simon Josefsson <simon@josefsson.org>
* README-alpha: Clarify bootstrapping.
2012-03-21 Simon Josefsson <simon@josefsson.org>
* doc/manpages/Makefile.am: Generated.
2012-03-21 Simon Josefsson <simon@josefsson.org>
* doc/Makefile.am: Build functions/ files (this should be done by
listing all files instead).
2012-03-21 Simon Josefsson <simon@josefsson.org>
* gl/Makefile.am, gl/fpucw.h, gl/glthread/threadlib.c,
gl/isnanf-nolibm.h, gl/m4/frexpl.m4, gl/m4/gnulib-comp.m4,
gl/m4/ldexpl.m4, gl/m4/math_h.m4, gl/m4/timer_time.m4,
gl/math.in.h, gl/tests/Makefile.am, gl/tests/glthread/threadlib.c,
gl/tests/macros.h, gl/tests/randomd.c, gl/tests/randoml.c,
gl/tests/test-frexp.c, gl/tests/test-frexp.h,
gl/tests/test-frexpl.c, gl/tests/test-math.c, maint.mk: Update
gnulib files.
2012-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
lib/accelerated/x86/README,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/license.txt,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated openssl
code
2012-03-19 Simon Josefsson <simon@josefsson.org>
* lib/includes/gnutls/compat.h: Remove TLS_RANDOM_SIZE and
TLS_MASTER_SIZE compat mappings.
2012-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/cha-upgrade.texi, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_session_get_random()
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: added missing function
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: better error message
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/mytexi2latex: updated
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-upgrade.texi, doc/gnutls.texi,
doc/latex/Makefile.am, doc/latex/gnutls.tex: Added chapter to
describe changes needed when upgrading.
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: doc update
2012-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
lib/x509/crq.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_write.c, tests/cert-tests/template-test.pem: Added
gnutls_x509_crt_set_private_key_usage_period() and
gnutls_x509_crt_get_private_key_usage_period(). The time stored in
generated certificates is now GeneralizedTime.
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: changed debugging level for message
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected ciphersuite number
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Added debugging message when encounter an
invalid ciphersuite.
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool.c: Applied patch to cast days to (time_t)
before converting it to seconds to prevent a Y2K38 bug. Patch by
Robert Millan.
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/gnutls.texi, doc/scripts/split-texi.pl:
texinfo documentation is similar to the printed manual.
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, cross.mk, m4/hooks.m4: bumped version
2012-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/x509/crq.c, lib/x509/x509.c: corrected
the documentation of the verification functions.
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.0.16
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: enable_local_libopts is by default no
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped shared lib version
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/x509_write.c, src/certtool-args.def, src/certtool-cfg.c,
src/certtool-cfg.h, src/certtool.c: Added
gnutls_x509_crt_set_authority_info_access.
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/README: updated
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/license-gnutls.txt, devel/perlasm/license.txt,
lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated licenses
2012-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/asm-coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/asm-coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s,
lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
lib/accelerated/x86/asm-coff/padlock-x86-64-coff.s,
lib/accelerated/x86/asm-coff/padlock-x86-coff.s,
lib/accelerated/x86/asm-macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/asm-macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/asm-macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/padlock-x86-macosx.s,
lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/asm/appro-aes-x86-64.s,
lib/accelerated/x86/asm/appro-aes-x86.s,
lib/accelerated/x86/asm/cpuid-x86-64.s,
lib/accelerated/x86/asm/cpuid-x86.s,
lib/accelerated/x86/asm/padlock-x86-64.s,
lib/accelerated/x86/asm/padlock-x86.s,
lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: renamed asm
directories.
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am: corrected makefile
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Added missing elf part.
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, configure.ac, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/asm-macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/asm-macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/asm-macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/asm-macosx/padlock-x86-macosx.s: Added assembly
for macosx
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: corrected typo
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-verify-ssh.c: reduced lines
2012-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def: doc updates
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def: added spacing
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/srp/Makefile.am, tests/srp/mini-srp.c, tests/srp/tpasswd,
tests/srp/tpasswd.conf: generate tpasswd files on the spot.
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/ca.pem, tests/enc3pkcs8.pem, tests/test1.pem,
tests/test10.pem, tests/test13.pem, tests/test2.pem,
tests/test20.pem, tests/test21.pem, tests/test22.pem,
tests/test23.pem, tests/test24.pem, tests/test25.pem,
tests/test26.pem, tests/test3.pem, tests/x509_test.c: removed unused
files.
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: stamp_enums is shipped to avoid regenerating
parts of doc
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: corrected urls
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version.
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: corrected call to gnutls_error_is_fatal().
2012-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated description
2012-03-14 Simon Josefsson <simon@josefsson.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/libtasn1.h: Update minitasn1.
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/invalid-cert: Added test on
an invalid certificate.
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c: updated.
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/libtasn1.h: more recent libtasn1
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated included libtasn1
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: gnutls-cli honours the --x509fmtder.
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: only set the server name if we do not have an IP
address.
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: Do not use fixed versions
2012-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
lib/includes/gnutls/gnutls.h.in: Documentation updates
2012-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: when using cryptodev do not set all
the digest function since they are not always faster.
2012-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86.c: corrected comments.
2012-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: reset the siop structure on every
loop
2012-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c: add more space to dst to allow GCM mode
tests in cryptodev.
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool-args.def, src/certtool-cfg.c,
src/certtool-cfg.h, src/certtool.c: certtool may explicitly set the
domain component (DC) field of a DN.
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, src/certtool-args.def: Added a real
key purpose OID as example
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: updated p11tool documentation.
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/p11tool.c: Only set the private status if it has been
explicitly specified. That is because some tokens don't want it set.
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: The default cipher when encrypting with PKCS12 is
AES.
2012-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def: to-p12 requires the load-certificate and
load-privkey.
2012-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/cover.tex: updated front-page to include all
contributors.
2012-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-internals.texi, doc/latex/gnutls.bib:
Some updates on supplemental data handling.
2012-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/safe-renegotiation/Makefile.am: safe renegotiation tests
only run under valgrind in the devel environment.
2012-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/gnutls.tex: updated
2012-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/scripts/mytexi2latex: changes in
asynchronous documentation
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/makeshell.c: Added ifdef HAVE_FCHMOD
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: More documentation on SRP
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/srp/mini-srp.c: Test SRP-RSA and plain SRP.
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp_rsa.c: Corrected SRP-RSA in TLS 1.2
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: break line on long string.
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, cross.mk: small updates
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-psk.c: Corrected PSK client example.
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/srp/Makefile.am: Added missing files.
2012-03-02 Carolin Latze <latze@angry-red-pla.net>
* doc/cha-internals.texi: supp data doc added Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.0.15
2012-03-02 Simon Josefsson <simon@josefsson.org>
* doc/reference/gnutls-docs.sgml: Fix index with new 3.0.x symbols.
2012-03-02 Simon Josefsson <simon@josefsson.org>
* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/verify-tofu.c: Doc fixes for GTK-DOC.
2012-03-02 Simon Josefsson <simon@josefsson.org>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h: De-inline some dtls
functions. Avoids compiler error on gcc 4.4.5 (Debian Squeeze) that complains
about "call is unlikely and code size would grow".
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, configure.ac, tests/Makefile.am,
tests/srp/Makefile.am, tests/srp/mini-srp.c, tests/srp/tpasswd,
tests/srp/tpasswd.conf: Added SRP test.
2012-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp_passwd.c, lib/ext/srp.c, lib/gnutls_errors.c: Fixes
and memory leak elimination in SRP authentication.
2012-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/auth/srp.c: Eliminate double free during SRP
authentication.
2012-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: corrected version replacement in .texi.
2012-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2012-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: avoid regeneration of header files
2012-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: No longer crash on a pkcs11 object without an
ID.
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record.c: eliminated memory leaks in new test.
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-record.c: Added test for
invalid record packet sizes.
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c, lib/gnutls_record.c:
artistic changes.
2012-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mbuffers.c: corrected copying of buffers.
2012-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: corrected check_command() input
2012-02-29 Simon Josefsson <simon@josefsson.org>
* gl/Makefile.am, gl/m4/fpieee.m4, gl/m4/math_h.m4, gl/math.in.h:
Update gnulib files.
2012-02-29 Simon Josefsson <simon@josefsson.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
src/libopts/proto.h, src/libopts/value-type.h,
src/libopts/xat-attribute.h: Update to autogen 5.15.
2012-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: changes in packet parsing.
2012-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* THANKS, src/common.c: Do not call gnutls_x509_crt_check_hostname()
if hostname eq NULL. Reported by Matthew Hall.
2012-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_state.c: Updated documentation
on gnutls_prf()
2012-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: re-updated
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Revert "always link against the distributed libopts" This reverts commit ae3033fee01f058a028406648ebc32294774e282.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: replace @VERSION@ in the program documentation.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: document autogen minimum version
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/cryptodev.c: Updated cryptodev code. Hash
reset is being performed in a single ioctl() with update and TLS
versions (<1.1) that do not have explicit IV are correctly handled.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c: added all cases.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev-gcm.c: removed debugging
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c:
simplified gcm registration in cryptodev.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: doc updates
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented updates
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: If a client hello is received immediately
after a completed handshake delete the async_timer to rehandshake.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.h, lib/gnutls_handshake.c: When rehandshake is
requested by server force the cleanup of the previous handshake
state.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-dtls-rehandshake.c,
tests/mini-rehandshake.c, tests/mini-x509-rehandshake.c,
tests/resume-dtls.c: Added mini-dtls-rehandshake.c to test
rehandshake in DTLS.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Corrected session resumption for DTLS
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-loss.c: removed redundant test.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_record.c:
fixes in DTLS rehandshake and epoch cleanup.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c, src/common.h, src/serv.c, src/udp-serv.c:
rehandshake command works in udp mode as well.
2012-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, src/ocsptool-args.def,
src/p11tool-args.def: properly break lines.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/cleanup-autogen.pl: updated
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
src/libopts/configfile.c, src/libopts/cook.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/m4/libopts.m4, src/libopts/numeric.c,
src/libopts/proto.h, src/libopts/putshell.c,
src/libopts/value-type.h, src/libopts/xat-attribute.h: Updated
libopts.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: always link against the distributed libopts
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, src/Makefile.am, tests/dtls/Makefile.am: Link to
correct libraries.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: updated headers.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* GNUmakefile, gl/Makefile.am, gl/alloca.in.h, gl/alphasort.c,
gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
gl/base64.h, gl/c-ctype.c, gl/c-ctype.h, gl/errno.in.h,
gl/float+.h, gl/fseeko.c, gl/gai_strerror.c, gl/getaddrinfo.c,
gl/getdelim.c, gl/getline.c, gl/getpass.c, gl/getpass.h,
gl/gettext.h, gl/gettimeofday.c, gl/inet_ntop.c, gl/lseek.c,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/math_h.m4,
gl/m4/timer_time.m4, gl/malloc.c, gl/math.in.h, gl/memmem.c,
gl/mempcpy.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h,
gl/netinet_in.in.h, gl/printf-args.c, gl/printf-args.h,
gl/printf-parse.c, gl/printf-parse.h, gl/read-file.c,
gl/read-file.h, gl/scandir.c, gl/select.c, gl/size_max.h,
gl/snprintf.c, gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h,
gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strdup.c, gl/string.in.h, gl/strings.in.h,
gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strverscmp.c,
gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
gl/tests/glthread/threadlib.c, gl/tests/malloca.c,
gl/tests/malloca.h, gl/tests/pathmax.h, gl/tests/pipe.c,
gl/tests/sys_ioctl.in.h, gl/tests/test-base64.c,
gl/tests/test-fgetc.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fwrite.c,
gl/tests/test-getdelim.c, gl/tests/test-getline.c,
gl/tests/test-perror.c, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-strerror.c,
gl/tests/test-strerror_r.c, gl/tests/test-strverscmp.c,
gl/time.in.h, gl/time_r.c, gl/unistd.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/vsnprintf.c, gl/wchar.in.h,
gl/xsize.h, maint.mk: Added timer_time.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/udp-serv.c: provide accurate value to select
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: make sure that the microseconds field does not
overflow
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: use valgrind only on development environment.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: updated libopts check
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac: Link with local libopts if the installed is an
old one.
2012-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/Makefile.am: Added getfuncs.pl to distribution.
2012-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated NEWS
2012-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
lib/accelerated/cryptodev.h: compilation fixes.
2012-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/Makefile.am,
lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
lib/accelerated/cryptodev.h, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.h, lib/gnutls_record.c,
tests/slow/cipher-test.c: Added GCM mode using cryptodev. This is
mostly a hack due to how GCM mode is exported from kernel.
2012-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: free allocated module name. Reported by Sam
Varshavchik.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: updated documentation
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs7.c: added newline at end of file.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/Makefile.am: account args-std.def in make dist
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: check errno in pull_timeout_func.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: updates for cryptodev. Require the
COP_FLAG_RESET.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/gc.c, tests/pskself.c: added error reporting
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c: properly deinitialize session.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/cipher-test.c: added (dead) code to test the
_hmac_fast.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: Always deinitialize.
2012-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: check _gnutls_auth_cipher_add_auth for error
codes.
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: added reset
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/nettle/mac.c: hash
copy no longer needed.
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: initialize memory for siop
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
lib/openpgp/gnutls_openpgp.c: simplified the _datum functions.
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped versions
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: properly deinitialize cryptodev
resources, and only register ciphers if they are hw accelerated.
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: benchmark-ciphers re-enabled
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: fixes in cryptodev support. Added
support for digest algorithms.
2012-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: fixes in cryptodev support. Added
support for digest algorithms.
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/Makefile.am, src/args-std.def,
src/certtool-args.def, src/cli-args.def, src/cli-debug-args.def,
src/ocsptool-args.def, src/p11tool-args.def, src/psk-args.def,
src/serv-args.def, src/srptool-args.def: Optimizations in command
line argument handling. Patch by Bruce Korb.
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/gnutls_pcert.c: Deinitialize the correct
number of certificates. Reported by Remi Gacogne.
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c: force kill of child process.
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: update in cryptodev
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: register the .fast function for
cryptodev
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls, tests/dtls/dtls-nb: Added more tests.
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: Added new dtls-stress.c by Sean
2012-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: Included libopts is not installed by
default.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c: updated description
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/gdoc: corrected latex output
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: added date
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_state.c,
lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
lib/system_override.c, lib/verify-tofu.c, lib/x509/common.c,
lib/x509/crl.c, lib/x509/privkey.c, lib/x509/verify-high.c,
lib/x509/x509.c: Since: 3.0.0 -> Since 3.0 to reflect that it might
be on a later version than 3.0.0.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: Added new functions
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-tdb.c: verify that the correct error code is returned
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/gdoc: do not stick parameters to the next word.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: return the documented error code
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: copy gnutls.epub to webdir
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: gaa is no longer needed
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Set the handshake type when calling
record_add_to_buffers().
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: do not try to verify certificates when not needed.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in: properly report unexpected EOF.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: increase the total timeout in the tests
since they seem to exceed the default DTLS maximum timeout.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: Do not update twice the DTLS retransmission
timer on finished messages. Report and patch by Sean Buckheister.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: Cleanups in DTLS timers usage.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: corrected memory leak
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, NEWS, doc/cha-cert-auth.texi,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/verify-tofu.c, tests/Makefile.am, tests/mini-deflate.c,
tests/mini-tdb.c: The public key storage backend was made
extendable. Added self test for the pubkey trust default backend.
2012-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dn.c, tests/dn2.c: corrected var names
2012-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/ocsptool-args.def: updated doc
2012-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: Added missing functions.
2012-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: corrected typo
2012-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_dtls.c,
lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
gnutls_dtls_get_timeout()
2012-02-15 Giuseppe Scrivano <giuseppe@southpole.se>
* doc/examples/ex-cert-select.c: Fix file leak in an example
application. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2012-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls, tests/dtls/dtls-nb: Added more tests.
2012-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/includes/gnutls/gnutls.h.in,
lib/verify-tofu.c: Modified the trust_db API to avoid dependendance
on a structure.
2012-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Prevent any handshake packet except client
hello to trigger a rehandshake error. Patch by Sean Buckheister.
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-internals.texi: doc updates
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/verify-tofu.c: make the default storage
backend thread safe.
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls, tests/dtls/dtls-nb: added more test cases
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: Corrected DTLS retransmission in non-blocking
mode. Based on patch by Sean Buckheister.
2012-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/Makefile.am,
lib/includes/gnutls/gnutls.h.in, lib/verify-ssh.c,
lib/verify-tofu.c: The hash in gnutls_store_commitment() is
specified in raw format.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: doc updates
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* ChangeLog.1: removed unneeded file.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/alert-printlist.c, doc/common.c,
doc/common.h, doc/errcodes.c, doc/printlist.c: break long strings.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: documented added function
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/Makefile.am, tests/dtls/dtls, tests/dtls/dtls-nb,
tests/dtls/dtls-stress.c: Added tests for non-blocking DTLS
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib,
lib/includes/gnutls/gnutls.h.in, lib/verify-ssh.c: Added ability to
store commitments (hashes) of public keys.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Avoid generation of invoke-* in platforms other
than the development
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls: more tests
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/Makefile.am, doc/scripts/cleanup-autogen.pl: added
cleanup-autogen.pl
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c: reset sliding window size on new epochs
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls, tests/dtls/dtls-stress.c: added more tests and
updated to compile with gnutls' options
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/Makefile.am, tests/dtls/Makefile.am,
tests/dtls/dtls, tests/dtls/dtls-stress.c: Added DTLS-stress test.
Contributed by Sean Buckheister.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/Makefile.am, doc/epub.texi: Added rules to build
epub version.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c: discard unexpected
buffered changecipherspec
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
lib/gnutls_record.c, lib/gnutls_state.c: simplified sliding window.
Now a different window is kept per epoch.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: documentation update
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/gnutls.texi, doc/scripts/cleanup-autogen.pl:
updated documentation for included programs.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
lib/gnutls_record.c: handle GNUTLS_E_INTERRUPTED when in DTLS mode.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/key-id/key-id: added a valid template
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_buffers.c,
lib/gnutls_buffers.h, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c: Do not
treat any message from the peer as an indication that the last
flight was correctly received. Verify instead that the received
handshake message has an expected sequence number.
2012-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: changecipherspec is correctly added into
buffers.
2012-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/libopts/m4/libopts.m4: use NEED_LIBOPTS_DIR=true
instead of modifying libopts.m4
2012-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h: update and reset timers on
final flight and print timeout value in debugging mode.
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-loss-time.c, tests/mini-loss.c: tests with fork are
disabled in windows
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: updated
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
lib/gnutls_state.c: use subsecond granularity for DTLS packet
retransmissions.
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-loss-time.c: added test to check
whether the DTLS timeout is within a reasonable time.
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c, src/tests.h, src/tls_test.c: Added more tests to
check whether various TLS versions need to be disabled.
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: be more silent
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: do not generate .texi on make dist.
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross building updates
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: updated
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4, src/libopts/makeshell.c: corrections
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/Makefile.am, src/libopts/README,
src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h,
src/libopts/boolean.c, src/libopts/check.c,
src/libopts/compat/compat.h, src/libopts/compat/windows-config.h,
src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/libopts.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
src/libopts/makeshell.c, src/libopts/nested.c,
src/libopts/numeric.c, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c,
src/libopts/value-type.h, src/libopts/version.c,
src/libopts/xat-attribute.h: updated libopts
2012-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: corrected move of files
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: escaped brackets
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: depend on p11-kit 0.11
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: disabled dead code when PKCS11 is not there
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac: depend on p11-kit 0.11
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, lib/includes/gnutls/gnutls.h.in,
lib/verify-ssh.c: updated documentation for back-end.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/gnutls.tex: index after bibliography
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/latex/.gitignore: more files to ignore
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: avoid
headers in tables
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: documentation update
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-ssh.c: documentation update
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/latex/Makefile.am, doc/scripts/gdoc,
doc/scripts/mytexi2latex: updated doc generation
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def, src/srptool-args.def:
doc fixes
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated NEWS
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am: added missing files
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: resolve port only when needed to.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: fix in non-blocking case.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: small correction
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/Makefile.am: corrected subdirs for libopts
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
lib/x509/crq.c, lib/x509/extensions.c, lib/x509/mpi.c,
lib/x509/output.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_write.c, src/cli.c, src/dh.c,
src/serv.c: ENABLE_PKI is no more
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4, src/Makefile.am: fix
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, src/Makefile.am, src/socket.c: fix
compilation
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: fixed leak
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: cleanup enable/disable options stuff.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/libopts/compat/compat.h, src/libopts/cook.c,
src/libopts/makeshell.c, src/libopts/text_mmap.c: fixes to allow
libopts to compile in windows
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected typo
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/examples/ex-verify-ssh.c,
lib/includes/gnutls/gnutls.h.in, lib/verify-ssh.c,
src/cli-args.def, src/cli.c: gnutls_verify_stored_pubkey() and
gnutls_store_pubkey() allow for alternative storage back-end.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/socket.c, src/socket.h: use getservbyport() to
obtain the service name.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/gnulib-cache.m4: added servent
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-verify-ssh.c, src/cli.c: use updated api
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: updated for new eagain-common.h
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-gtls-examples.texi,
doc/examples/ex-verify-ssh.c, lib/includes/gnutls/gnutls.h.in,
lib/verify-ssh.c: Removed the application field and added an
expiration field.
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c: updated example
2012-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_record.c: More robust behavior
against packet loss
2012-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c, lib/system.h: removed unneeded function.
2012-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-srp.c: updated example
2012-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: updated
2012-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: prevent sending EOF to caller.
2012-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c:
print client/server when in debugging
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, THANKS, tests/mini-loss.c: Added Sean.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/eagain-common.h, tests/mini-deflate.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c:
tests print server or client side in debugging output.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c:
gnutls_record_check_pending() accounts data not yet processed. DTLS
layer avoids multiple retransmissions in non-blocking mode.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: avoid many allocations for transmitting DTLS
packets.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/loss-common.h, tests/mini-loss.c,
tests/mini-loss2.c: mini-loss2 is more robust.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
lib/gnutls_record.c: DTLS is more tolerant in packet loss during
last flight.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-loss2.c: Added test
program mini-loss2.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
doc/examples/ex-client-srp.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c: updated examples
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: enable crywrap only if function daemon exists.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Be
conservative when sending GNUTLS_E_AGAIN and check for a DTLS
timeout before.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, gl/Makefile.am, gl/argp-help.c, gl/argp-parse.c,
gl/argp.h, gl/base64.c, gl/fseeko.c, gl/fseterr.c,
gl/gettimeofday.c, gl/m4/exponentd.m4, gl/m4/gettimeofday.m4,
gl/m4/gnulib-cache.m4, gl/m4/po.m4, gl/m4/stdalign.m4,
gl/m4/sys_time_h.m4, gl/m4/vasnprintf.m4, gl/select.c, gl/sleep.c,
gl/stdio-impl.h, gl/stdio.in.h, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/test-base64.c,
gl/tests/test-init.sh, gl/tests/test-strerror.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_time.c,
gl/tests/w32sock.h, gl/vasnprintf.c, gl/version-etc.h,
gl/w32sock.h, maint.mk: added strndup and updated gnulib.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/loss-common.h,
tests/mini-loss.c: Added test to simulate loss of packets in DTLS.
2012-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
lib/gnutls_record.c: DTLS fixes. Corrected bugs in DTLS sliding
window code to account for lost packets arriving after an epoch
change. The last handshake flight is now being kept by both parties
in order to be used as a lost packet indication.
2012-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Discard unexpected handshake or other packets
in DTLS
2012-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: initial_negotiation_completed type changed to
unsigned
2012-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am: Included missing file in windows
builds.
2012-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: Corrected check for the callback for
gnutls_certificate_set_retrieve_function(). Reported by Dan Winship.
2012-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: updated documentation for
gnutls_certificate_set_retrieve_function2.
2012-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h: include
gnutls_certificate_set_retrieve_function2() to documentation.
Reported by Dan Winship.
2012-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
lib/gnutls_int.h, lib/gnutls_state.c: Corrected DTLS retransmission
timeouts. Added the _ms suffix to the time variables in
milliseconds. Report and patch by Sean Buckheister.
2012-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/gdoc: updated information in manpages.
2012-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: updated manpages
2012-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected added function
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: text update
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, lib/gnutls_pubkey.c: Updated
documentation for gnutls_pubkey.
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/Makefile.am, doc/manpages/Makefile.am: replacing
the version is not enough. Regenerate all files depending on .dep on
dist-hook.
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, Makefile.am, configure.ac, src/certtool-args.def,
src/certtool-args.def.in, src/cli-args.def, src/cli-args.def.in,
src/cli-debug-args.def, src/cli-debug-args.def.in,
src/ocsptool-args.def, src/ocsptool-args.def.in,
src/p11tool-args.def, src/p11tool-args.def.in, src/psk-args.def,
src/psk-args.def.in, src/serv-args.def, src/serv-args.def.in,
src/srptool-args.def, src/srptool-args.def.in: No need for .def.in
files. The @VERSION@ is now being replaced on dist-hook. Also
corrected the dist-hook for ChangeLog.
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: updates
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: make configure detect valgrind. This is by creating
the suppressions.valgrind file.
2012-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509_b64.c: use gnulib's base64 code
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/funny-spacing.pem,
tests/cert-tests/pem-decoding: Added test to ensure we can decode
PEM encoded certificates with carriage returns, spaces and tabs.
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: use gnulib's base64 encoding/decoding code
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-certs/testcerts: silence test
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: align crc32 table
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: __MINGW32__ -> _WIN32
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c, lib/opencdk/main.h: removed dummy function
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/write-packet.c: corrected spacing
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/write-packet.c: Correct export of openpgp packets that
have no private keying material in it's primary key. Patch by Sean
Buckheister.
2012-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/common.c, src/common.h: added
print_cert_info_compact().
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/ocsptool-common.c: send_ocsp_request is more tolerant on
errors.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/valgrind-tests.m4: valgrind with suppressions.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: until autogen supports subheading tag
live with a workaround.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def.in, src/psk-args.def.in: updated manpages
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: autogen required for building.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Revert "autogen failure is not fatal." This reverts commit 175e021fd8d0c195690b2d8806bd3a07e84415ce.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: autogen failure is not fatal.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/override/m4/valgrind-tests.m4.diff: Added --leak-check=full to
valgrind options.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/ocsp.c: updated for new gnutls_ocsp_resp_verify_direct
semantics.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/.gitignore: more files to ignore
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/includes/gnutls/ocsp.h,
lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c:
small fixes
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/includes/gnutls/ocsp.h, lib/libgnutls.map,
lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c:
Revert "Added gnutls_ocsp_resp_verify() and some sign fixes." This reverts commit efaa2ee176568fcd009ff2ca9daa1b7fdac4c491. Conflicts: lib/x509/ocsp.c
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff:
Revert "Enable valgrind again." This commit disabled the
suppressions which is required for tests to succeed. This reverts commit 82498bad27645c47222fa932a7caa2e95747980a.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/ocsptool-args.def.in: updated text
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/ocsptool.c: removed debugging code
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp.c: gnutls_ocsp_resp_verify_direct() will use the
intermediate certificates in the response in order to verify the
validity, thus aligning its functionality with
gnutls_ocsp_resp_verify().
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c, src/common.c, src/common.h, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c, src/serv.c, src/tests.c:
cleanup a bit the printing information stuff.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: corrected dependencies
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-programs.texi, doc/cha-shared-key.texi,
src/certtool-args.def.in, src/cli-args.def.in,
src/cli-debug-args.def.in, src/ocsptool-args.def.in,
src/p11tool-args.def.in, src/psk-args.def.in, src/serv-args.def.in,
src/srptool-args.def.in: Manual pages for included programs are
auto-generated using the autoopts definitions.
2012-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: corrected dependencies
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/cli-args.def.in, src/cli.c, src/common.c,
src/common.h, src/ocsptool-common.c, src/ocsptool-common.h,
src/ocsptool.c, src/serv.c: gnutls-cli will try to verify ocsp
responses if --ocsp is given.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/includes/gnutls/ocsp.h, lib/libgnutls.map,
lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c:
Added gnutls_ocsp_resp_verify() and some sign fixes.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated todo
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated text.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-verify-ssh.c, src/cli.c: Do not store a key when
it already exists.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/cli-args.def.in, src/cli.c: ssh flag is has the option
to be disabled/enabled.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/cha-cert-auth.texi,
doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-serv-dtls.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c, doc/examples/ex-verify-ssh.c,
doc/examples/examples.h, lib/Makefile.am,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/openpgp/output.c, lib/system.c, lib/system.h, lib/verify-ssh.c,
lib/x509/output.c, src/cli-args.def.in, src/cli.c, src/common.c,
src/common.h, src/tests.c: Added gnutls_verify_stored_pubkey() and
gnutls_store_pubkey(). This enables using ssh-like authentication
for TLS sessions.
2012-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/ocsptool.c: allow the usage of --load-trust with --ask
2012-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/m4/strtok_r.m4, gl/strtok_r.c: Added strtok_r.
2012-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/base64.c, gl/base64.h, gl/m4/base64.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/stdalign.m4,
gl/tests/Makefile.am, gl/tests/malloca.c, gl/tests/test-base64.c:
added base64 module
2012-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509_b64.c: added fixme
2012-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/ocsptool-args.def.in: updated description
2012-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
doc/examples/ex-ocsp-client.c, doc/examples/ex-ocsp-verify.c:
Combined ocsp apps to 1 using libcurl.
2012-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/ocsp.h, lib/x509/ocsp_output.c,
src/Makefile.am, src/cli.c, src/common.c, src/common.h,
src/ocsptool-args.def.in, src/ocsptool.c, src/serv.c, src/socket.c,
src/socket.h, src/tls_test.c: Added --ask option to ocsptool.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* doc/manpages/Makefile.am, src/Makefile.am: Fix builddir != srcdir
builds.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* lib/extras/randomart.c: Revert template fix.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* tests/infoaccess.c, tests/mpi.c, tests/openpgp-auth.c,
tests/openpgp-auth2.c, tests/openssl.c, tests/pkcs12_encode.c,
tests/rng-fork.c: Fix mem leaks.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff:
Enable valgrind again.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* lib/abstract_int.h, lib/crypto-api.c, lib/crypto-backend.c,
lib/crypto.h, lib/debug.c, lib/ext/max_record.c,
lib/ext/max_record.h, lib/ext/safe_renegotiation.c,
lib/ext/server_name.c, lib/ext/server_name.h,
lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/signature.h,
lib/ext/srp.c, lib/ext/srp.h, lib/gnutls.pc.in, lib/gnutls_alert.c,
lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_ecc.h,
lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
lib/gnutls_hash_int.c, lib/gnutls_helper.c, lib/gnutls_helper.h,
lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
lib/gnutls_num.c, lib/gnutls_priority.c, lib/gnutls_psk.c,
lib/gnutls_rsa_export.c, lib/gnutls_session.c,
lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
lib/gnutls_supplemental.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
lib/gnutlsxx.cpp, lib/hash.h, lib/locks.h, lib/nettle/cipher.c,
lib/nettle/ecc.h, lib/nettle/egd.c, lib/nettle/egd.h,
lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
lib/nettle/pk.c, lib/nettle/rnd.c, lib/opencdk/armor.c,
lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
lib/opencdk/packet.h, lib/opencdk/pubkey.c,
lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c,
lib/opencdk/stream.h, lib/opencdk/types.h,
lib/opencdk/write-packet.c, lib/openpgp/compat.c,
lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.h,
lib/openpgp/openpgp_int.h, lib/openpgp/output.c,
lib/openpgp/pgpverify.c, lib/pkcs11_int.h, lib/random.c,
lib/system.c, lib/system.h, lib/x509/crl.c, lib/x509/crl_write.c,
lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c,
lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
lib/x509/x509_write.c, src/benchmark.h, src/certtool-cfg.h,
src/certtool-common.h, src/common.h, src/p11common.h,
src/p11tool.h, src/pkcs11.c, src/serv.c, src/tests.h,
src/udp-serv.h, tests/anonself.c, tests/certder.c,
tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
tests/chainverify.c, tests/crq_apis.c, tests/cve-2008-4989.c,
tests/cve-2009-1415.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
tests/mini-deflate.c, tests/mini-eagain-dtls.c,
tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
tests/mini-x509.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
tests/openpgpself.c, tests/openssl.c, tests/parse_ca.c,
tests/pgps2kgnu.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
tests/rng-fork.c, tests/set_pkcs12_cred.c, tests/setcredcrash.c,
tests/simple.c, tests/utils.h, tests/x509_altname.c,
tests/x509_test.c, tests/x509dn.c, tests/x509self.c: Cleanup
copyright headers.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* cfg.mk, lib/extras/randomart.c: Silence update-copyright.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* cfg.mk, doc/cha-programs.texi, src/cli-args.def.in: Fix
syntax-check nits.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* .gitignore: Add ChangeLog. Sort.
2012-01-25 Simon Josefsson <simon@josefsson.org>
* build-aux/config.rpath, build-aux/pmccabe.css, gl/Makefile.am,
gl/argp-pin.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/m4/thread.m4, gl/m4/yield.m4, gl/stdint.in.h,
gl/tests/Makefile.am, gl/tests/glthread/thread.c,
gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
gl/tests/test-accept.c, gl/tests/test-bind.c,
gl/tests/test-connect.c, gl/tests/test-getpeername.c,
gl/tests/test-isnand-nolibm.c, gl/tests/test-listen.c,
gl/tests/test-lock.c, gl/tests/test-recv.c,
gl/tests/test-recvfrom.c, gl/tests/test-send.c,
gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
gl/tests/test-shutdown.c, gl/tests/test-thread_create.c,
gl/tests/test-thread_self.c, maint.mk: Update gnu
...