2015-08-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* Makefile.am: before dist ensure that included libopts matches
autogen
2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-eagain2.c: tests: backported fix in mini-eagain2
2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: pkcs11: increase attributes size in
gnutls_pkcs11_copy_x509_privkey
2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
flag, to simulate the previous behavior.
2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/safe_renegotiation.c: safe renegotiation: simulate
receiving the extension on receival of SCSV
2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/safe_renegotiation.c: safe renegotiation: handle case
where client didn't send any extension That was affected by the "don't try to send extensions we didn't
receive".
2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
As server don't try to send extensions we didn't receive.
2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Reset the output value on error in
_gnutls_x509_dn_to_string() Reported by Kurt Roeckx.
2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: gnutls_prf: document that this is not
identical to RFC5705
2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: fix documentation for
--generate-ecc and generate-dsa
2015-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: corrected function name
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
ciphersuites
2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.
2015-07-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/certtool.c: certtool --outder should not emit signature
verification status When emitting binary-formatted output, send signature verification
status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature
verification to stderr, but that would change the text-formatted
output.
2015-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
public key should depend on P not Y That allows to do the proper evaluation to check certificate
strength. Reported by Hubert Kario.
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: don't reject
certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
constraints, and the end certificate doesn't have an IPaddress name
or a URI set.
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: enhanced header matching code for private keys
to skip unrelated data
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh,
tests/suite/test-ciphersuite-names: tests: backported
test-ciphersuite-names from master
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
trying all encrypted options.
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
release any data on failure Resolves #15
2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main: tests: backported test-compat-main
from master
2015-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c: Corrected camellia256 set key in nettle3
compat mode
2015-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c: drbg-aes: include gnutls_errors.h
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
reseed detection
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: tests: check random generator for long outputs
as well
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
on reseed
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
the reseed and generate function
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
enforce the max_number_of_bits_per_request
2015-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp_output.c: Check the OID size for match when
comparing for the OCSP nonce extension Reported by Hanno Böck.
2015-05-23 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
used Before, the number of bits of a zero-length number was attempted to
be extracted, resulting in an error. The changed behaviour is
consistent with the documentation which explicitly states that 0
should be returned if no DH key exchange was performed.
2015-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
include a leading zero
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
the DH max prime size with 1007 bits or less
2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
lib/nettle/cipher.c, lib/nettle/int/dsa-fips.h,
lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
lib/nettle/pk.c, m4/hooks.m4, tests/dsa/testdsa: Allow using nettle3
with gnutls3.3
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
failures
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: eliminate mem leaks in
mini-loss-time
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: backported mini-loss-time from
master
2015-04-28 Jan Vcelak <jan.vcelak@nic.cz>
* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated NEWS
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: released 3.3.15
2015-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
work with DTLS
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
timeouts
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
minitasn1
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.
http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.htmlConflicts: tests/Makefile.am
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c: before falling back to SHA1 as signature
algorithm in TLS 1.2 check if it is enabled
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
consider any values from the extension data to decide acceptable
algorithms
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: set the value used by
gnutls_certificate_client_get_request_status prior to selecting
certificate That allows gnutls_certificate_client_get_request_status() to be
properly operating from the callback. Reported by Anton Lavrentiev.
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
certificate even if a callback was used This corrects a bug where this function would not work, when
gnutls_certificate_set_retrieve_function2() was used.
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: ensure that the X.509 version number is one byte
only
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: Check for invalid length in the X.509 version
field If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: mini-loss-time: ignore sigpipe
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.14
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: tests: change the default port in
testcompat to avoid clash with testsrn
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/texinfo.css: doc: increase border spacing in HTML tables
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
send data size That reduced the maximum send size for CBC ciphers from 16384 to
16384-(block size), which was unnecessary and was causing issues:
https://bugs.winehq.org/show_bug.cgi?id=37500
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c,
tests/suite/ciphersuite/scan-gnutls.sh: made ciphersuites.c more
self-contained to be handled by test-ciphersuites.sh
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: Better fix for the double free in dist point
parsing
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
libtasn1
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
gnutls_x509_aki_set_cert_issuer will set null-terminated strings
2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
points Reported by Robert Święcki.
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
the size of ck_attributes
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
condition
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
CKA_ID on key generation
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
when writing a private key
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/server_name.c: When an application calls
gnutls_server_name_set() with a name of zero size disable the
extension Resolves #2
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: when no name of the
type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_supplemental.c: Fixed handling of supplemental data
with types > 255. Patch by Thierry Quemerais.
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: doc update
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: gnutls_priority_init: document that
priorities can be NULL
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: corrected self test for 3DES
2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: only set ID and label when both size and
data are set
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: configure: check for /usr/share/dns/root.key as well
for dns root key
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: corrected macro which checks libtasn1 for
asn1_decode_simple_ber
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: rearranged internal documentation
2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
src/socket.c: tools: added ftp as a starttls protocol
2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
mix
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
SECURE192
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: corrected check of certificate
chain order
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509cert.c: tests: added small test to verify that
GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
unsupported TLS protocols as soon
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/socket.c: cli sockets: check for a digit prior using atoi
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
sorted
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/socket.c: gnutls-cli-debug: do not warn multiple times about
unknown protocols
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-support.texi: updated documentation on FIPS140-2
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-basic.pem,
tests/cert-tests/template-basic.tmpl,
tests/cert-tests/template-test: Revert "tests: template-test: added
a baseline check to detect slow systems" This reverts commit 2ee2a78178a842c9b0ef2ca3e12909ca3bb9fe79.
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: tests: don't perform the overflow
check in 32-bit systems
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-date.pem,
tests/cert-tests/template-date.tmpl: tests: date parsing test was
modified to work in 32-bit systems
2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-basic.pem,
tests/cert-tests/template-basic.tmpl,
tests/cert-tests/template-test: tests: template-test: added a
baseline check to detect slow systems
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
write a trusted CA
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: detect softhsm2
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
m4/hooks.m4: use asn1_decode_simple_ber if available
2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/abstract.h: list
gnutls_pubkey_get_verify_algorithm as deprected
2015-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
spotted by Andris Mednis
2015-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: released 3.3.13
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
tests/cert-tests/invalid-sig2.pem,
tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
X.509 certificate signatures
2015-02-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_session.c: doc update: document that session_get_data()
must be used in non-resumed sessions
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: tests: testcompat: disable tests with
NULL ciphersuites; debian doesn't support them
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c, tests/mini-record.c: tests: require DTLS
1.2 when using GCM
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected check which prevented
client to sent an unacceptable for the version ciphersuite
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: fixed sequence number copy
2015-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: when importing a certificate ensure that the
signature parameters match
2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
x86
2015-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: handle differently OCSP responses that are revoked and
of unknown status
2015-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: compilation fix with return on void function;
reported by David Marx
2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: doc update
2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: set the appropriate direction when
_gnutls_io_write_flush() is called
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: documented using a session with fork or
multiple threads
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: print errno in a more uniform way
2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: on certificate import check whether the two
signature algorithms match
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
total length
2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
so verbose about the OCSP nonce; it is universally unsupported
2015-01-17 Tim Ruehsen <tim.ruehsen@gmx.de>
* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.12
2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped versions
2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/errors.c: corrected typos Reported by Guido Kroon.
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
obsolete versions That prevents using these versions as record version numbers, unless
they are the only protocol supported. This avoids the issues with
servers that have banned SSL 3.0 record versions.
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: follow the documented process for
gnutls_x509_crt_get_authority_info_access
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
update
2015-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
items prior to decidig the OCSP server
2015-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: simplified text for inline-commands-prefix
2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update: added urls of savannah reports
2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
--starttls-proto option
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: cleanup the name of types Conflicts: lib/pkcs11.c
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: when importing a public key, import it's
data as well (version 2 fix)
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: doc update
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: when importing a public key, import it's
data as well
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: doc update
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
from a client, the server verifies if it supports the extension’s
contents in _gnutls_session_cert_type_supported(). This function
checks for cred->get_cert_callback but not cred->get_cert_callback2.
As a result, servers setup for OpenPGP certificate credential
callback with gnutls_certificate_set_retrieve_function2() are unable
to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside
cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein.
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
release the cached value
2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712
2015-01-08 Ludovic Courtès <ludo@gnu.org>
* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
during expansion and at run time. Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'. * NEWS: Update.
2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
exceed MTU Resolves: https://savannah.gnu.org/support/?108715
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: Added more precise check of push functions
availability
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: danetool: only compile when dane is enabled
2014-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c: Allow a random generator with the same
priority to re-register That corrects an issue where the library is deinitialized, and
reinitialization wouldn't register the same rnd module. Reported by
Stanislav Zidek.
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
number
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: check for overflows when reading
serial numbers
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
type for integers read
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
protocol Patch by Andreas Metzler.
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
gl/tests/signature.h, gl/tests/test-alloca-opt.c,
gl/tests/test-base64.c, gl/tests/test-binary-io.c,
gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
gl/tests/test-float.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-func.c,
gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
gl/tests/test-iconv.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-memchr.c, gl/tests/test-netdb.c,
gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-string.c,
gl/tests/test-strings.c, gl/tests/test-strnlen.c,
gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
gl/tests/test-sys_wait.h, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
src/gl/parse-datetime.y, src/gl/printf-args.c,
src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
src/gl/xsize.h: updated gnulib
2015-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
checks
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: --pubkey-info will load a public key
from stdin
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: include netinet/in.h if present to access ipv6
related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713
2014-12-30 Matthias-Christian Ott <ott@mirix.org>
* lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
this case and thus does not need to be called.
2014-12-30 Matthias-Christian Ott <ott@mirix.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
the plaintext length (last parameter) is greater than zero and
segfault otherwise. The assembler code for both functions is
automatically generated and imported from OpenSSL, so to ease
maintenance the length should be validated in the functions that
call padlock_ecb_encrypt or padlock_cbc_encrypt.
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: openpgp: properly print names in oneline
output as well
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: updates in openpgp DSA key printing
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: properly print openpgp names
2014-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
functions only when OCSP is enabled
2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
gnutls_pubkey_import_ecc_x962().
2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def: tools: document the
available curves
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: Use
hints to support incomplete PKCS#11 URIs
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
separated the two gnulibs to avoid conflicts
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
src/gl/Makefile.am, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: when importing object CAs from PKCS#11
URL, import the marked as trusted only
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: when matching objects, also match the label
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c: added missing variable
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/Makefile.am: Added p11-kit cflags in x509/
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm: Added
softhsm.h to share code in softhsm detection Conflicts: tests/suite/pkcs11-chainverify.c tests/suite/pkcs11-privkey.c
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
#11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
token URL, but rather a direct reference to specific objects.
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
for the cork/uncork functions Reported by Jaak Ristioja.
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: doc update
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/protocols.c: Added more precise version check in
_gnutls_version_lowest
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/protocols.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
record version in the client Hello will be set to the lowest
supported protocol There should have been no harm in keeping it SSL 3.0 but
unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
as MUST NOT do that. That will be fixed in a later revision but
since then there are servers not accepting SSL 3.0 as a valid record
version (note that this is about the record version, which describes
the format of the packet, nothing to do with the negotiated
version).
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: corrected documentation of gnutls_cork()
2014-12-12 Ludovic Courtès <ludo@gnu.org>
* NEWS, doc/gnutls-guile.texi, guile/modules/gnutls.in,
guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: Revert
"guile: Remove RSA parameters and related procedures." This reverts commit 9f5788469f6f3f3fdd4cf064621a903607f10f2f; this
will be done in the 3.4 branch, as for the C library. Update NEWS
accordingly.
2014-12-12 Ludovic Courtès <ludo@gnu.org>
* NEWS: Update 'NEWS'.
2014-12-11 Ludovic Courtès <ludo@gnu.org>
* guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
mode, for the sake of MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
of 'open-input-file'.
2014-12-11 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined.
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter.
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* guile/modules/Makefile.am, guile/modules/gnutls.in,
guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
guile/src/core.c, guile/src/make-session-priorities.scm,
guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use
'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise.
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi, guile/modules/gnutls.in,
guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x):
Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise.
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/random.c: gnutls_rnd: doc update
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: improved documentation on dane
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: p11tool: use Sleep() in windows
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: ensure that default_serial_int is
64-bits or more
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.11
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: testcompat: corrected usage of null
cipher
2014-12-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/dn.c: _gnutls_x509_get_dn() always return a null
terminated string
2014-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/random.h: if the rnd structure doesn't provide check,
_gnutls_rnd_check() will succeed
2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: Reorganized, and eliminated memory leak in
_gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
update
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
check for whether %NO_EXTENSIONS is required
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
the NULL KX
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
memory leak when certificate could not be parsed Reported by Georg Richter.
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: gnutls-cli-debug: do not print error on unknown
protocols
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: documented the limitations of the loading
functions
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.
2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
check for sorted certificate chain
2014-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c,
tests/mini-rehandshake-2.c: restore only the documented behavior
2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake Conflicts: tests/Makefile.am
2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c: treat
GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
complete This corrects a regression introduced in
b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
https://savannah.gnu.org/support/?108690
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Revert "The priority modifier
%LATEST_RECORD_VERSION is now the default" This reverts commit 96b408b20fe8707306f38cba6f652556b99a47e4.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
valgrind complaints
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: compilation fix for FIPS140-2 mode
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
done when it is required only.
2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: NORMAL priority: prioritize the less than
256-bits curves at the lowest level
2014-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
2014-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-14 David Weber <dave@veryflatcat.com>
* src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am
unable to compile gnutls (./configure complains about gl_INIT and
ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: gnutls-cli: print info on the OCSP status request
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: use the original DER/BER data when verifying an
OCSP response Conflicts: lib/x509/ocsp.c
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: windows: updated _gnutls_ucs2_to_utf8()
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
for OCSP status response Conflicts: src/tests.c
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
that disallow the SSL 3.0 record version
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/crq: corrected crq test case; reported by Andreas
Metzler
2014-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
callback
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.h: rnd: removed the packed attribute from
event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas
Thorberger.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: The priority modifier
%LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
number from the first packet of the record protocol.
2014-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-common, tests/suite/testcompat-main:
testcompat: updated
2014-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq:
Added check with the invalid crq sent by Sean Burford
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input Reported by Sean Burford.
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: doc update
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
on session tickets
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: tools: include arpa/inet.h in socket.c
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
client and server
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: pass the correct user type to protected
authentication login
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc: corrected values for INSECURE level
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
type on reauthentication
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
force login on tokens that require it
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
support for PKCS #11 keys that require reauthentication and
simplified pkcs11_login
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/common.c, src/common.h, src/tests.c:
gnutls-cli-debug: backported changes from 3.4.0 branch
2014-11-05 Chen Hongzhi <hongzhi.chen@me.com>
* lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive
2014-11-04 Chris Barry <chris@barry.im>
* doc/cha-auth.texi, doc/cha-cert-auth.texi,
doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi:
Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/alpn.c: updated text
2014-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/system_override.c: doc: Added missing reference for EMSGSIZE
to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/system_override.c: doc: Fixed typo in inline comment of
gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: updated the text for
GNUTLS_E_UNSUPPORTED_VERSION_PACKET
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
set the id_size
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: deinitialize the temporary spki data
2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/init_fds.c: tests: added test for
gnutls_global_init after all descriptors are closed Conflicts: tests/Makefile.am
2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h:
corrected check for urandom fd
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: corrected exit state from gnutls_global_init
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
account the new behavior
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
gnutls_fd_in_use, it is no longer necessary Conflicts: lib/libgnutls.map
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_global.c,
lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
lib/random.h: When gnutls_global_init() is called manually from the
application check the urandom fd for validity That addresses the issue where a server closes all open file
descriptors and then calls gnutls_global_init(). Conflicts: lib/nettle/rnd-common.c
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: doc update
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: do not explicitly refresh rnd state on session
deinit It is already being refreshed during the session lifetime.
2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: disable hardware acceleration by default in solaris
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls: tests: dtls-stress -r disabled as it causes
issues when used with freebsd kernel
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-avx-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
directive in assembly files, as it isn't portable
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am: check and use libnsl (used in
solaris)
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-avx-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: use the
.note.GNU-stack in linux systems only
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c:
updated gnulib
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
validity of gnutls_x509_trust_list_get_issuer
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: corrected bug in
gnutls_x509_trust_list_get_issuer() when used without the
GNUTLS_TL_GET_COPY flag
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/Makefile.am: tests: include minitasn1 when needed
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: use HAVE_DANE ifdef for unused functions
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported gnutls_fd_in_use
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: document gnutls_fd_in_use()
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
func is used
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: gnutls_fd_in_use: mention version
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
check whether a file descriptor is in use
2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode
2014-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
FIPS140-2 mode
2014-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: default pkcs-cipher is now 3des as in
PKCS #12
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: prevent the combination of the -p
and --list options As -p may be mistaken for --priority that would prevent wrong
outputs.
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: avoid d from getting out of scope
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/udp-serv.c: gnutls-serv: avoid possible buffer overrun
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: avoid memory leak on
gnutls_x509_privkey_generate() failure
2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
1024-bit DSA parameters when generating
2014-10-14 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Remove trailing zero in
'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
'set-session-server-name!' would pass a trailing nul character on
the wire after the server name, which would thus be rejected by
servers.
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
changes to account for seed starting with null byte
2014-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
phi(n) for RSA key generation in FIPS-140-2 mode
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
SHA224
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: simplified getrusage code; the failure
check code wasn't needed
2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: tests: added check for import failure of
v1 certificate with extensions
2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: do not allow importing X.509 certificates with
version < 3 and extensions present
2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: update the guile manual along the C one
2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/intprops.h, src/libopts/m4/libopts.m4,
src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
src/libopts/version.c: updated to libopts 5.18.4
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: place all rusage variables into
HAVE_GETRUSAGE block
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
RUSAGE_SELF
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
file
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/session_ticket.c: use wait and retransmit when receiving
session tickets
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
to dtls-stress That allows it to replay messages in a kind of arbitrary way.
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: forbid heartbeat messages during a handshake
2014-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
added internal variable to track handshake status Conflicts: lib/gnutls_handshake.c
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-is-known.c: tests: updated time in
pkcs11-is-known
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
fatal
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
tests/test-chains.h: tests: allow running specific chainverify tests
on fixed dates Conflicts: tests/chainverify.c tests/suite/pkcs11-chainverify.c tests/test-chains.h
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: _gnutls_check_valid_key_id: corrected
activation/expiration check
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
simplified and optimized loop
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-crypto.texi: mention nettle as the recommended crypto
backend
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
check to ensure that trust list combination with extra certificates
works
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: when both a trust module and additional
CAs are present account the latter as well That solves an issue in openconnect which used the system trust
module, plus additional certificates. Conflicts: lib/x509/verify-high.c
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
given
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected assignment
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: corrected the name of exported function
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: corrected test for v1 cert signing
(removed bogus authorityIdentifier)
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: only set the authority key identifier,
if there is a corresponding subject key identifier
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: do not shortcut checks when
GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.
2014-10-06 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
theold URL would be leaked. It is documented that only one URL can
be used, so it should be safe to reject any attempt to add another
one. Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
no CKA_ID can be relied on fallback on checking the
SubjectKeyIdentifier Patch by David Woodhouse.
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: report the FIPS140-2 mode
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
verification functions
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
verification functions
2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-is-known.c: tests: corrected check with
gnutls_x509_trust_list_get_issuer
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: corrected remove_pkcs11_url()
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
check gnutls_pkcs11_crt_is_known() when multiple same DNs are
present
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: when checking for presence do not give up on
the first mismatch
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()
2014-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: doc update: clarifications in
gnutls_x509_trust_list_add_trust_file
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: corrected compilation for non-pkcs11;
reported by David Woodhouse.
2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: corrected typo
2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
check for GNUTLS_TL_GET_COPY
2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
flag and documented the limitations of
gnutls_x509_trust_list_get_issuer()
2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
actual function prototypes
2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
allow duplicate entries
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
d->d_type
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected type
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
infinite loop on handshake
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: removed unused error values
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h:
restrict the number of non-fatal errors gnutls_handshake() can
return
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
splitting the errors to two tables
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Restore cross-reference in
'set-session-priorities!' docstring. This had been destroyed in 32d90395.
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the
'server-name-type' enum type.
2014-09-18 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify-high.c: Memory leak fix on certificate copy
failure Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: do not require the CA to be a direct CA
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
test suite to pass more of the PKCS #11 API under valgrind
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
option
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: tools: corrected pin entry
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: cleaned up memory deallocation in
read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported
by Joseph Peruski.
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/certtool.cfg: updated certtool.cfg
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
auto-generated files
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
cancelled out while we parse it, would result to a good signature.
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: depend on p11-kit 0.20.7
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: require libtasn1 3.9 or later That is because of the ocsp fix.
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c: removed unused variable
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: added sanity check on cleanup
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: corrected typo in printing error
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
module verification
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
unified the key purpose checks functions
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/x509/common.h,
lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
will overwrite any previous one with the same name and key.
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: hostname and key purpose checks were moved
above CRL checks
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c, lib/x509/x509_ext.c: doc update
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: bumped library version
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: only deallocate data when allocation succeeds
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated libtasn1
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: documented the environment variables
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h:
Backported x509_raw_crt_to_raw_pubkey and x509_crt_to_raw_pubkey
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: print Attached Extensions, instead of
extensions
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: when adding a duplicate certificate, keep
the last entry
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
hardcode the chain number, use its name
2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
src/pkcs11.c: fixes in the extension handling
2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: will print trust module extensions if
present
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
check the key purpose of the CA certificate when in pkcs11 cert
validation
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
in a trust module using
GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT Conflicts: lib/pkcs11.c
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
and prefixed s/get_extension with _gnutls
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: doc update
2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
flexibility. Conflicts: lib/libgnutls.map
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509_ext.c: doc update
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
gnutls_x509_crq_get_extension_by_oid2()
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.c: Added
gnutls_x509_trust_list_verify_purpose_crt() Conflicts: lib/libgnutls.map
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
pkcs11x.h when it doesn't exist
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/pkcs11.c, lib/pkcs11x.h: added pkcs11x.h
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls Conflicts: tests/Makefile.am
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: doc update
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11x.c: added missing file
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
set the invalid status" This reverts commit 950b62da58542938adec366620948c85b78607dd.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tpmtool.c: tpmtool: corrected key password read
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool.c: set umask prior to calling mkstemp
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: initialize verification output to zero
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: dtls: when discarding packet, discard the
correct number of bytes
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: check_ip: initialize ret
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
null to prevent any issue
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
callback
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: corrected issue in fips RNG
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: added comment to clarify check
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/literal.c: opencdk: corrected unsigned comparison
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/tpm.c: fixes in loop for SRK password input
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: apps: corrected GNUTLS_PIN reading
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
corrected CRL loading error
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: corrected copy+paste error
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: corrected usage of readdir_r()
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: better error message
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: reentrant fixes for
gnutls_x509_trust_list_add_trust_dir() handle unknown file types
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: doc update
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4, tests/ocsp.c: Revert "require libtasn0 3.9 or later" This reverts commit 07a906b4e5c9d1446aee1bf4e091fefa1f1eb1da.
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: optimized escaped comma handling
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/crq_apis.c: tests: extended crq API checks
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
escaped commas
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/x509.c: The get_raw_dn() functions were modified to work
even if the certificate is generated (not imported)
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
which have data. Reported by Manuel Pégourié-Gonnard.
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
implementation
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
Lee
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, m4/hooks.m4: bumped version
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
included libtasn1
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: tests: Added tests on the invalid OCSP response
2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify.c: when comparing an
end-certificate with the trusted list compare the entire certificate
2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/test-chains.h: tests: Added test for amazon.com chain with
new verisign CA.
2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
different one with the same name and the same key. That can happen
when an intermediate CA certificate is replaced by a self-signed
one.
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
allocations and keep a pointer to the DER data for DN
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
importing a CRL keep the DER data
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
importing a certificate, keep the DER data
2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140: check the integrity of GMP
2014-09-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h, lib/gnutls_global.c,
lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
rounds One round is before the AES acceleration is registered, and the
second is after. That is to allow testing of the AES implementation
used in the DRBG. That is a hack until nettle handles all cipher
acceleration. Conflicts: lib/gnutls_global.c
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: do not check CN
when a DNSname is available
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h:
drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: fips140: fail on encryption test failure
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
put the library into error state
2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex:
small doc updates
2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
fixes in sectioning for p11tool and tpmtool invocation
2014-08-29 Tristan Matthews <le.businessman@gmail.com>
* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: p11tool: allow printing multiple types of tokens
2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: refer to rfc6125
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: additional sanity check in RSA key generation
testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
prevent any issues with an accidental null encryption.
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
error state if key generation fails
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk, configure.ac, devel/openssl,
lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c:
added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
for padlock.
2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: when listing tokens, list their type as
well
2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s
2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
data in a single pass
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
objects at a time That improves the performance significantly when reading from tokens
with a significant number of objects. Reported by David Woodhouse.
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
object cannot be imported
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: allow objects without label or without ID
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: updated name constraints checks to not
include a CN
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, lib/x509/x509.c: doc update
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: only check name constraints in non-CA
certificates
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: ignore constraints for different type
than the checked
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: when verifying name constrains
enforce the single CN rule
2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/autoopts.h: check for stdnoreturn.h presence
2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
* lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2014-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.7
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: tolerate a finished packet with
errors in DTLS
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: in DTLS discard only messages that
cause unexpected packet errors
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: tools: use the AI_IDN flag in getaddrinfo if it
exists
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool-extras.c, src/common.c,
src/danetool.c, src/socket.c: danetool: added openssl-linking
exception That allows linking against unbound.
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: danetool: ensure the temporary file is always
removed
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c: doc update
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
parameter generation only when FIPS-mode is enabled.
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.
2014-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: use the windows API in windows even if iconv is
available
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated libtasn1
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated minitasn1
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: configure: print error message when nettle is 3.0 or
later
2014-08-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed
to re-import.
2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h:
Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
previous import failed.
2014-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* symbols.last: symbols.last: added private entry
2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
command line option That option will report the status of the FIPS140-2 mode in the
library.
2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
used to force the FIPS-140-2 mode
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c:
gnutls-cli/danetool: added a common check for hostname being an IP
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more
than a single hostname.
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
rfc6125 requirement that a single CN must be present for hostname
verification.
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/hostname-check.c: tests: check that
gnutls_x509_crt_check_hostname() will correctly use the last CN when
multiple
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: when checking the hostname of a
certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-cipher.c: gnutls-cli: more organized printing of
cipher benchmark output
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
benchmarked ciphers
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map:
mac_to_entry -> _gnutls_mac_to_entry
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
keys tests for new internal API
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
tests: test the decoding of a PKCS #12 structure with SHA256 MAC
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
verification with structures that support other than HMAC-SHA1 MACs.
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: danetool: obtain certificate only once
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped version
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
functions
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
modified prototype and doc to be recognized by doc parser
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug-args.def, src/danetool-args.def, src/socket.c:
danetool/gnutls-cli-debug: added support for imap starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/tpmtool.1: auto-generated files update
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
supports SMTP starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h:
danetool: supports SMTP starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
improvements in information presentation
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: libdane: disable debugging mode
2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/cli.c, src/danetool.c,
src/ocsptool-common.c, src/socket.c, src/socket.h,
tests/suite/testdane: danetool: if the certificate to verify against
is not provide it try to obtain it
2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: updated documentation for
gnutls_handshake()
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: corrected typo
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: added --info parameter That allows obtaining information on a specific object.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That
is, this performs an object URL comparison, rather than a token URL
usage.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c: p11tool: only print the debugging message in
debuglevel > 4
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: removed reference to UMAC
2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: removed references to SALSA20
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: doc update
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
gnutls_pkcs11_obj_flags_get_str
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c:
tests: ensure that no environment variables confuse softhsm
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: exit if
export_pubkey_of_privkey fails
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c:
pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
and gnutls_pkcs11_flags_get_str() allows printing them.
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
gnutls_pkcs11_obj_flags
2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: simplify the passing of flags and pass the key wrapping
flag
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
updated
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
gnutls_pkcs11_privkey_get_pubkey; named
gnutls_pkcs11_privkey_export_pubkey Conflicts: lib/libgnutls.map
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
GNUTLS_E_INVALID_REQUEST on invalid params
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c: p11tool: activate the --batch option
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: Test the export of public key
2014-08-06 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
subsystem There are cases where we need to export the public key of private
key at a later time. Previously, the public key was only available
immediately after creation of a key pair. This patch allows to
retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: documented flags format
2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
CAMELLIA to the list of default ciphers
2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
non-zero
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: pkcs8: initialize parameters on
decryption
2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/system.h, lib/x509/verify-high2.c:
several windows compilation fixes Conflicts: lib/atfork.h
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/windows-config.h, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
src/libopts/load.c, src/libopts/m4/libopts.m4,
src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
src/libopts/nested.c, src/libopts/numeric.c,
src/libopts/option-value-type.c, src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
updated to libopts 5.18.3
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, build-aux/gendocs.sh,
doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
src/gl/select.c, src/gl/xalloc.h: updated gnulib
2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs12.c: updated documentation for
gnutls_pkcs12_simple_parse
2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, m4/hooks.m4: bumped versions
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
the library.
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: Added text on PKCS #11 verification
2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
applications that use a header of gnutls. Report and patch Ryan
Schmidt.
2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac, doc/Makefile.am: check for sed in
configure.ac and use the output variable in Makefiles
2014-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2014-07-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
functionality is present.
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: doc update
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: tests: added libdane/includes to includes dir
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.6
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
missing functions
2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped library version
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: simplified initialization of variables.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: bogus and secure values are always
initialized in dane_query_to_raw_tlsa
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dane.c: tests: eliminated leak from dane check
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: use gnutls_malloc() and doc update
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/dane.c: Added self test for DANE raw
functions
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool-args.def, src/danetool.c: danetool: added option to
print the raw entries.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: doc update
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
IV set.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
_gnutls_prf_raw() which can calculate the TLS PRF without depending
on a session structure.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140-2: do not check the libtasn1's integrity
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding
according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
and there can be ambiguities when using that over SSL 3.0. See:
http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
any action That allows a valid err_pos, even on a memory allocation error.
Reported by Dan Fandrich.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: updated TODO
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
returned on reinitialization
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c:
tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
lib/x509/verify-high2.c: Added
gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
with trusted certificates.
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/system.c: Allow specifying a directory as trust
store
2014-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-07-10 Simon Arlott <sa.me.uk>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
dane_raw_tlsa() to make it easy to copy the results of the
(synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for
dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
is 0 (it is possible for malloc/calloc to return NULL when requested
to allocate 0 bytes). Signed-off-by: Simon Arlott
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: FIPS140-2 tests: no need for MD5 check
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
(and time-consuming) tests.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Allow specifying
GNUTLS_CPUID_OVERRIDE in either hex or decimal.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Added option to disable any cpu
optimizations
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c,
lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
registers
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Allow overriding the detected
CPUID using the GNUTLS_CPUID_OVERRIDE environment variable
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
check for RSA encryption
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
and DSA-3072 bit keys, as well as SHA256.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
and RSA-3072 bit keys
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: tests: check RSA with SHA256
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
encrypted data differ from plaintext
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
size required by SP800-38D (section 8.2)
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use
when generating a key.
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
CKA_EC_PARAMS when generating an ECDSA key
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: only print warning about key sizes in RSA
keys
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: make brief output more brief
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
of memset()
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Skip DANE entries that may contain unknown
info That would allow skipping any future entries without failing.
Reported by Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by
Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c: examples: mention that
gnutls_global_init() is optional
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc: mention and link to trust storage module
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-tokens.texi: doc update
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero
length.
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Increased number of attributes
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: try to restart on session errors, to avoid
having a failed call.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: corrected pkcs11 reinitialization
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
invalidate the cached session.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: set the maximum value when printing
library_description
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
#11 privkey cached session
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
and private objects, and there is no one-size fits all policy. Thus
allow a proper failure and warn the user that so-login may be
required.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: Try to write the trusted
object both by so-pin and normal pin
2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
deleted after generation
2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
GNUTLS_SO_PIN when setting the PINs of an initialized token.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/gendh.c: tests: gendh: increased the DH prime size to
allow usage under FIPS140-2 mode
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: tools: when in batch mode and no PIN, print a note
about using the environment variables
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: tests: improved error reporting in crq_key_id
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: doc: properly terminate table
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
from the acceptable bit sizes in FIPS140-2 DSA parameter generation.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c, src/common.c, src/common.h, src/danetool.c,
src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
mode and will not ask for PIN.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
specified. Added --batch parameter to disable interaction.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
only a single token available, don't bother complaining about
specifying the correct URL
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.h: updated comment
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: certtool: document that URLs are supported
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/testpkcs11,
tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
gnutls_pkcs11_privkey_generate2(): corrected public key extraction
(for ECDSA keys)
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
security officer's PIN
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
and IPv6 address matching.
2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE
2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
3.2.x
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
doesn't fit into our buffer.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
as a hostname There are several misconfigured servers that placed their IP as a
DNS name. Pointed out by David Woodhouse.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: supress warnings
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
instead for AF_INET6
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
addresses. The old dumb code is used in systems that don't have that function.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/hostname-check.c: tests: Added test cases for IPv4/6
matching.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
checks text ip addresses as well. That aligns the documentation with the implementation. Reported by
David Woodhouse.
2014-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: initialize str to NULL
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c: fixed documentation
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki, tests/cert-tests/pathlen,
tests/cert-tests/pem-decoding, tests/suite/crl-test,
tests/suite/invalid-cert, tests/suite/testcompat-main,
tests/suite/testrandom: tests: better replacement of LIBTOOL
variable in scripts
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: tests: ship certs/
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
symbols
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: gnutls-serv: removed the
--print-cert option; the cert was anyway being printed.
2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: corrected typo
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c: minitasn1: updated to version 4.0
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: updated documentation
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: Warn when no --outfile has been specified
on key generation
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
structure generation and decoding.
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: certtool: allow specifying
the friendly name on the command line and use the
load-ca-certificate
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: warn in more operations if --login is not
specified
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: No longer assume a default URL for
operations.
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool: Do not allow a newline as PIN.
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
is zero.
2014-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* THANKS: updated thanks file
2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: clarified license text
2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: Do not try to load the system CA trust if
--insecure is specified.
2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_srp.c: doc: more consistent use of pointer star.
2014-06-16 Attila Molnar <attilamolnar@hush.com>
* lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-06-16 Attila Molnar <attilamolnar@hush.com>
* doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet
in the future.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
the same on resumed sessions.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-chainverify.c: Test the return code of
gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
token. Check whether the return code of
gnutls_x509_trust_list_add_trust_file() is non-zero when
certificates are present.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
returns the number of certificates present when loading a PKCS #11
URL.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: Allow marking a certificate as a CA.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA
(category==CA)
2014-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/README.CODING_STYLE: coding style: update the DCO text
2014-06-15 Attila Molnar <attilamolnar@hush.com>
* lib/gnutls_state.c: doc: Corrections for
gnutls_handshake_set_hook_function()
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-intro-tls.texi: doc: updated text for the ALPN
experimental protocols
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
are duplicated in the section index.
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/eagain-common.h,
tests/mini-x509-callbacks-intr.c: tests: Added check for the
interrupted post client hello.
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/gnutls_v2_compat.c: handshake: Allow the post client hello
callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
and can be resumed when needed.
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: use the new API for receiving data
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/anonself.c: Adapted test to check
gnutls_record_recv_packet().
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
i.e., a variant that eliminates the data memcpy().
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: Use proper HTTP request
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: When decoding of a DN string fails, treat it as
unknown string and print its hex value.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: Print errors but avoid being verbose on
stderr
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: certtool: avoid sizeof() on lbuffer
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: certtool: ensure that allocated buffer has
a minimum size of 64kb.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c: certtool: Added option
--stdout-info
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: initialize iterator.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c: corrected the allocation size for CRL iterator.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/crl-test,
tests/suite/crl/long.pem: Added test for CRL decoding.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
thread-safe by making the iterator explicit.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/suite/Makefile.am, tests/suite/invalid-cert,
tests/suite/testcompat-main, tests/suite/testrandom: Pass the
LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an
issue on OS X systems that ship a different libtool. Reported by
Daniel E. Macks.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
gnutls_x509_crl_get_crt_serial2(), a faster variant of
gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL
structures with lots of entries (e.g., 50000+ entries).
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
src/danetool.c: certtool: When an external file is used increase out
maximum buffer accordingly.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Abort printing on error.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: tie the weak DH warning to the very weak security
parameter.
2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
http://savannah.gnu.org/support/?108592
2014-06-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
SSLv2 hello length.
2014-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
sources
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated windows makefile
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
files for gnutls_credentials_get()
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/long-session-id.c: Added test for memory
corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/gstr.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h: updated libtasn1
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: avoid cleanup when there are no allocations in
_gnutls_x509_der_encode().
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ecc.c: cleanup resources on
_gnutls_ecc_ansi_x963_export() failure.
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: Added the --print-cert option to
gnutls-serv.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-extras.c: certtool: correct size calculation when
loading privkey
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: re-indented messy table.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: Removed unused function.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: document the symbol version bump needed in a .so
version bump.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Prevent memory corruption due to server
hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: only try to copy session ID if there is a
session ID.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-29 Kurt Roeckx <kurt@roeckx.be>
* lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: increased the maximum certificate size buffer in the
PKCS #11 subsystem.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: re-enabled config path discovery code, and check the
return code of getpwuid_r(). Reported by Viktor Dukhovni.
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library.
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/accelerated.c: removed old check for nettle
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/safe-memset.c: safe_memset: allow memset of zero bytes.
2014-05-27 Hani Benhabiles <kroosec@gmail.com>
* lib/x509/verify-high.c: Fix unused variable warning without
PKCS#11 support. Signed-off-by: Hani Benhabiles <hani@linux.com>
2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
reported by Matt McCutchen.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/protocols.c, lib/gnutls_handshake.c:
_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
instead of negative.
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: Allow wildcard comparison of options.
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: Warn when invalid configuration
options are set into a template.
2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Do not allow null strings to be read from ASN.1
structures. This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.
2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: removed redundant null termination
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
prefix from static functions.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: Do not call the user_hello_func multiple
times when performing ticket resumption.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
zero if data is NULL and memory buffer size is not sufficient.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
When assigning the TLS version, double check that it is valid.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: Added aliases for unit and organization.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: use a signed value for bits.
2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: allow multiple organizations and
organizational unit names to be specified in a template.
2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: increased the number of allowed elements in
a priority string.
2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: simplify break_comma_list().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509.c: more sanity checks on
signature size
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def:
tools: Replace normal sec-param with medium in documentation.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
print the bug reports line from autogen.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
lib/safe-memset.c: do not yet export gnutls_memset().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/slow/Makefile.am: tests/slow: add -I flags necessary for
out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
subdirectory of the current working directory. When an out-of-source
build is performed, the files reside in a subdirectory of source
directory instead. Set PKCS12PATH to that directory in order to fix
the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dsa/testdsa: changed port of DSA test
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
correct signature size rather than the max.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: Print the openpgp DN only when
gnutls_openpgp_crt_get_name() failed appropriately.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: initialize string in
gnutls_x509_ext_import_basic_constraints().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected error checking in
gnutls_x509_crt_get_extension_data()
2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: Allow null list_size argument in
gnutls_certificate_get_peers()
2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: certificate verification is performed asynchronously.
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool-args.def: enhanced the danetool usage instructions.
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Do not use autogen's file option for input
parameters. Instead use a string. We check the file for validity and autogen's
check was imposing rules such as normal file (as opposed to a
device), that were not needed.
2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c: certtool: check for null prior to checking
for empty passwd
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/ecdhe.c: cleanup in the initialization of ECDH
parameters.
2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: Eliminated memory leak on failed curve
assignment. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: if dane verification is used but not PKIX
only check the end certificate.
2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: doc update
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
gnutls_set_default_priority() in examples.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
prototypes for dane_verify_crt_raw2().
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
lib/safe-memset.c: export gnutls_memset().
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: Added dane_verify_crt_raw2() which allows
verifying against the certificate name.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Improved dane_verify_session_crt(), which now
attempts to create a full chain. This addresses points from
https://savannah.gnu.org/support/index.php?108552
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
lib/gnutls_x509.c: removed legacy code.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_credentials_get().
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: Added gnutls-serv option
--verify-client-cert. That option allows forcing verification of the provided certificate
even if it is not required to present one. In that case the
connection will be closed with a fatal alert.
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c: Addressed memory leak in status request
extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross compilation Makefile.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/safe_renegotiation.c: Avoid memory leak in safe
renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: updated documentation on library
initialization to reflex the changes in 3.3.0.
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/locks.c: re-enabled gnutls_global_set_mutex().
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: Do not run autogen twice to generate the header
files.
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am: Ship suppressions.valgrind
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default.
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: fixed typo
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
lib/includes/gnutls/x509.h, lib/priority_options.gperf,
lib/x509/verify.c: Added the 'very weak' certificate verification
profile. This profile corresponds to a 64-bit security level (e.g., RSA
parameters of 768 bits).
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/credentials/x509/cert-ecc.pem,
doc/credentials/x509/clicert-ecdsa.pem,
doc/credentials/x509/clikey-ecdsa.pem,
doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
secp256r1
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
not widely supported.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/credentials/x509/clicert-ecdsa.pem,
doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srp.c: initialize to null the SRP extension data on
allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testrng: Modified the testrng for Debian's dieharder.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Added a timeout to close inactive sessions.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Send the appropriate alert when a certificate is
required but not present.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: use __sun definition to detect solaris.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client
disconnections.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: Added support for constructors and
destructors in solaris CC.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrng: Updated dieharder tests.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-alpha: doc update
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/cipher-test.c: include header for self-test functions
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrng: Allow testrng test to run with older versions
of dieharder.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct.
2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated included libtasn1.
2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: Do not return from void functions. Reported by
dev [at] cor0.com.
2014-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: removed return from void function.
2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/rng.c, tests/suite/testrng: updated prng test
2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
tests/suite/testrng: Test the random generators in gnutls using the
dieharder tool.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: use different db file for
pkcs11-get-issuer.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
test to verify whether gnutls_x509_trust_list_get_issuer() operates
correctly under PKCS #11 trust list.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/x509/verify-high.c:
gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
#11 trust list.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_write.c: initialize the size value
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c:
Include the correct header for the self tests functions
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/safe_renegotiation.c: removed redundant code. Reported by
David Binderman.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: rearranged code
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: only fail DANE verification if status is non-zero
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
certificate using DANE if there is at least one entry that matches
the certificate. This corrects the previous behavior that was rejecting the
certificate if there were multiple entries and one couldn't be
validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
if the call to gnutls_global_init() failed.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
initialization of random generator. Reported by Martin Kletzander.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd.c: Revert "Avoid dual initialization of random
generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-x86-ssse3.c,
lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
avoid clashes with system headers.
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: Avoid dual initialization of random generator.
Reported by Martin Kletzander.
2014-04-19 Kurt Roeckx <kurt@roeckx.be>
* lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-19 Kurt Roeckx <kurt@roeckx.be>
* lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-19 Andreas Metzler <ametzler@bebt.de>
* lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
suggestion by Shawn (sth0r2046 [at] gmail.com).
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
(sth0r2046 [at] gmail.com).
2014-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Allow exporting a CRL in DER format.
2014-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* AUTHORS, THANKS: cleaned up authors and thanks file.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/invalid-cert,
tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
tests/suite/testrandom: More script tests run under valgrind
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: Treat othername as printable (i.e., null
terminate it), as the XMPP printing code assumes that.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: cleanups in output
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
longer possible in 3.3.x.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: relased 3.3.1
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: changed port to allow parallelization
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
longer part of the API (though it remains in the ABI).
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any
public header.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: removed file from Makefile that doesn't exist
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: gnutls-cli will no longer allow the session to proceed
if DANE verification fails.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
tests/cert-tests/xmpp-othername.pem: Added test certificate with
multiple XMPP othername SAN fields.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid()
functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: always initialize size values
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: copy_string() and copy_data() are more
resilient on null input
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a
sign/verify request that may take longer in some systems. Based on
patch by Andreas Metzler.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a
certificate that contained an OtherName. Reported and investigated
by Kirill A. Shutemov.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
the already unused secure alloc functions.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
lib/safe-memset.c: Use a harder to optimize out memset().
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: fix typo
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pskself.c: include hint into psk test.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_psk.c: eliminated the leak of hint when deallocating
the credentials.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c: Both DANE and PKI verification are
advisory when --tofu is being used.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: When checking for data to be received use
the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
Reported and investigated by JMRecio.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: doc update
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: documentation update.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
verification methods.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: Updated TOFU documentation. Suggested by Jens
Lechtenboerger.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool.c: added newlines to p11tool error messages
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: corrected uninitialized value
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am: removed conditionally exported functions.
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/self-test.h: Added self check functions to
self-test.h.
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, m4/hooks.m4: bumped versions
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
issues in the future
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: increased the space available for
certificates. That avoids a crash in sparc64; reported by Andreas Metzler.
2014-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: doc update
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: use the same cflags for included programs as with
library.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
any input state.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
lib/verify-tofu.c: several bug fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
reported from coverity in opencdk.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: correctly check for message upper limit.
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
only CRLs in gnutls_x509_trust_list_add_trust_file().
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: Added the PFS priority string.
2014-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected Peter's name!
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
#8 files with ECC parameters from openssl. These files do not contain the curve information with the private
key (ECPrivateKey), but they rather contain it in the
privateKeyAlgorithm.
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c: More strict checking of heartbeat padding
size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest
by Peter Williams; initially investigated by Frank Li.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.h: unconditionally zeroize temporal keys.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
dependency
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
the FIPS140-specific functions into the main documentation.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/key-tests/Makefile.am: Added missing file
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated documentation
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, symbols.last: updated exported symbols table.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
lib/libgnutls.map: mark functions that are only available under
FIPS140 mode
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
auto-generated files.
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: doc update
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
public and private keys match.
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: doc update
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cross.mk: update gmplib location
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am: removed double entry
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
updates
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
include this gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am: do not build ecore when cross-compiling
for windows.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4: Added bind gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4: Added connect gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/tests/Makefile.am, gl/tests/test-getdelim.c,
gl/tests/test-getline.c: Added getline() in gnulib.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: corrected configure test for pthread_mutex_lock
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/certs/create-chain.sh: updated test cert generator.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
doc/examples/verify.c, lib/gnutls_cert.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the
need to add new functions.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/examples/ex-client-x509.c, doc/examples/verify.c,
lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
verify in addition to hostname, the purpose of the end-certificate.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped version
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
using gnutls_certificate_verify_peers3().
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: doc update
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c: doc update
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: modify to conform to the documentated
level.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am: avoid checking or linking with
libpthread in windows
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: Corrected check for softhsm shared object.
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Allow multiple spaces into priorities file.
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
The "SYSTEM" initial keyword was replaced with the more generic
"@KEYWORD" The @KEYWORD string will open the pre-configured system priority
file and will expand the KEYWORD, to the priority string set in the
file. The file should have the following format:
KEYWORD=PRIORITY_STRING
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Use the IANA assigned padding extension number.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: skip the test if softhsm doesn't exist
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
and config in tests to allow parallel runs.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: added softhsm dependency for testsuite
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
softhsm That allows us running it in the normal test suite.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c, src/cli-args.def,
src/cli.c, src/p11tool.c: Allow using the --provider parameter in
gnutls-cli and certtool to specify a PKCS #11 module.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c: updated test to run in more
systems.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: set the same flags in the second search
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore the softhsm test suite files.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: fixed bashisms
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/certs/create-chain.sh: depend on bash for the
create-chain script
2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509.c: Enhanced test to check that the correct number
of certificates is received
2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected check for sorted server certificate
chain.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
is specific to p11-kit trust modules.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
the certificate verification tests in PKCS #11-based verification
using softhsm.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Perform time check when removing a certificate
in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our pkcs11 trusted list,
make sure that we search for the non-self-signed as well. This
affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
#11 trust module.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Allow manually loading a 'trusted' module.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may
crash. If the deinitialization of the PKCS #11 subsystem is
required then, gnutls_pkcs11_deinit() must be explicitly called.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
test chains from chainverify program.
2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/Makefile.am, tests/key-id/Makefile.am,
tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
tests/key-id/key-ca.pem, tests/key-id/key-id,
tests/key-id/key-user.pem, tests/key-tests/Makefile.am,
tests/key-tests/README, tests/key-tests/ca-gnutls-keyid.pem,
tests/key-tests/ca-no-keyid.pem,
tests/key-tests/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
tests/key-tests/key-ca.pem, tests/key-tests/key-id,
tests/key-tests/key-user.pem, tests/key-tests/pkcs8: Added self-test
for PKCS #8 key conversion and reading
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: the chainverify test ensures that there is no
diverge between different verification functions.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: When verifying check for the same
certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our trusted list, make
sure that we search for the non-self-signed in our list as well.
This affects, gnutls_x509_trust_list_verify_crt() and makes its
results identical to gnutls_x509_crt_list_verify().
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-alpha: mention test on smart card support
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README: Added make check to the make process in README
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: changed the behavior in
certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
output. The previous behavior of encrypting using an empty password
can be replicated using --empty-password.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Updated documentation on null-password and
password options of certtool.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrandom: Added test to check verification with
randomly generated certificates.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: Combined the code to set CRL next update with
certificate expiration date.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: corrected typo
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: improved error message
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: When a CRL serial number is not specified, generate
a time-based one.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-shared-key.texi: doc update
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
lib/priority_options.gperf: Added priority string
%DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in
certificates.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Added verification flag to disable wildcard
checking This adds the verification flag
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
gnutls_x509_crt_check_hostname2(),
gnutls_openpgp_crt_check_hostname2().��
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/complex-cert.pem,
tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
SHA256 fingerprint output in certtool
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: doc update
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Print the SHA256 fingerprint of the certificate
in addition to SHA1.
2014-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: simplified
gnutls_certificate_client_get_request_status() - no error is
possible.
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: cleaned up documentation of
gnutls_record_send()
2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: Added test for CVE-2014-0092
2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: removed reference to mini_xssl
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added self checks for various verification
profiles
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
uncork usage under DTLS.
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
friendly.
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: using the SYSTEM priority string will fail
if there is no system file
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: reformatted NEWS entries
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
security. Introduced the LEGACY keyword which will enable the settings used in
GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
compatibility with weak or misconfigured servers is required.
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/manpages/Makefile.am: replaced wrong manpage generation
parameter
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation
2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
GnuTLS can be redistributed. Update the README to reflect this change.
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Fix patch version calculation when it contains
non-numeric chars
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: print RSA-EXPORT status
2014-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: use isascii instead of isprint for
internationalized name detection
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: bump so version
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
level
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c: add a check for invalid DH parameters.
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
DHE prime and exponent size.
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509-extensions.c: fixed test to use the correct function
names.
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are
allowed (followed by at least two components), and are only taken
into account into ascii strings. Non-ascii strings are compared
byte-by-byte. That means that wildcards in the form
bar*foo.example.com are no longer accepted, as well as wildcards of
the form *.*.*.example.com.
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
use commit suffix for functions that return a status code.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
RNG code.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: the longer e-mail caused crash in autogen's
manpage generation
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
some of the newly introduced functions
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: set the invalid flag when the owner is
unexpected.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Changed the behaviour in wildcard acceptance
in certificates. Wildcards are only accepted when there are more than two domain
components after the wildcard. This will prevent accepting
certificates from CAs that issued '*.com', or 'www.*'.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: Added more key usage flags in the test
for x509-extensions.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: x509-extensions test will fail if an
unhandled extension is found.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am: ship the gperf file and the generated one.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: documented the new X.509 extension API
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
can now write more than a single crl_dist_point.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/cert-tests/template-test.pem,
tests/cert-tests/template-test.tmpl,
tests/cert-tests/template-utf8.pem,
tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
tests/x509-extensions.c: Added unit tests for new API
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse
similarly formatted extensions stored in other structures. In
addition functions that simplify the extraction of extensions from
known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.
2014-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Corrected error checking in
_gnutls_x509_ext_gen_proxyCertInfo
2014-03-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: initialize pointer
2014-03-12 Luis G.F <luisgf@gmail.com>
* src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
reference is lost if an allocation error occured. Signed-off-by: Luis G.F <luisgf@luisgf.es>
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: use the number of seconds as serial in 32-bit
systems
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: Only check PK compatibility in client side but
also when using openpgp certs.
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c: corrected initializer
2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c: shortend static function names.
2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
that the algorithm of the received certificate matches the expected.
2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am, doc/cha-functions.texi,
doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
doc/manpages/Makefile.am, lib/Makefile.am,
lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no
resources to maintain an additional library.
2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
enable linking with nettle-mini
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: re-enabled certificate verification
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
under SSL 3.0, it will during MAC initialization.
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
lib/x509/x509.c: stricter type usage
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
when needed
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
clang
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: silence some warnings
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
lib/verify-tofu.c: clang warning fixes
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: removed unused variables.
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
will not be able to find the input file if GnuTLS is built out of
tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by
`all'. Stop. make[2]: Leaving directory
`/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
instead of using a GNU '%' pattern rule:
https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* .gitignore, doc/Makefile.am: Fix build failures involving
doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
with no input file and it will hang forever waiting for content from
stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl
<../src/invoke-gnutls-cli.texi
>../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
rm -f ../src/invoke-gnutls-cli.texi <HANG> Since these documents are @include'd by other documents, it is
probably a good idea to make sure the targets are buildable in case
they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place
build, but incorrect for an out-of-tree build. They should use
something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname,
breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* README-alpha: README-alpha: Add gperf dependency for building from
git Without gperf, priority-options.h does not get built and this
results in a compile error. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: more type separation
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: use psktool-args
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: more type separation
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: separated types for easier verification
2014-03-06 Kevin Cernekee <cernekee@gmail.com>
* .gitignore, doc/manpages/Makefile.am, src/Makefile.am,
src/psk-args.def, src/psk.c, src/psktool-args.def: Rename
psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
currently invoke-psktool.texi is generated from psk-args.def. If we
make psktool conform to the same convention as the other utilities,
we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Kevin Cernekee <cernekee@gmail.com>
* doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
$(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/extras.c: Ensure failure when no base64 data have been
read. Suggested by Ramkumar Chinchani.
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
* lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, symbols.last: Added symbol check prior to release
(after discussion with Andreas Metzler)
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated doc
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/test-driver, build-aux/ylwrap: updated build-aux files
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: removed no-split as it causes issues in pdf
building
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
gl/tests/test-bind.c, gl/tests/test-connect.c,
gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
libgl
2014-03-05 Nick Alcock <nick.alcock@oracle.com>
* configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts
unconditionally replaces the autogen-erated files with their
distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not
specified, autogen cannot be installed, and that the distributed
copies necessarily exist. Neither assumption is always correct.
e.g. someone building a 32-bit copy of GnuTLS from git with a copy
of autogen on their system will have a 64-bit copy of libopts, and a
working /usr/bin/autogen, but not a 32-bit libopts. Since building
autogen depends on Guile, this is a rather heavyweight pile of gear
to require. (You can force a successful build in this case, but it
requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
we do not substitute AUTOGEN, so as to let any copy of autogen that
configure found on the system do its job if necessary, while not
forcing the user to link against the copy of libopts which came with
that autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c:
session tickets can be disabled
2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/Makefile.am, lib/ext/cert_type.c,
lib/ext/status_request.c, lib/gnutls_extensions.c,
lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c:
increased code disabled from disable-ocsp and disable-openpgp
options
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, lib/ext/Makefile.am,
lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
lib/priority_options.gperf, src/cli-args.def,
tests/mini-record-2.c, tests/mini-record-range.c,
tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being
removed. The gnutls_range API is kept in case length hiding is
implemented in a different way at some point.
2014-03-05 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
manual.
2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/Makefile.am: examples include both gnulibs
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
gl/tests/test-getline.c: removed getpass from gl/
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: changes for new gnulib in src/
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: corrent error print in win32
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/system.c: Changes to account for the reduced
included gnulib
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: added missing declaration
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: removed any dependencies to gnulib network
stuff
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
insistence to replace strerror
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
src/gl
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
gl/tests/test-accept.c, gl/tests/test-close.c,
gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
gl/tests/test-listen.c, gl/tests/test-lstat.c,
gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
gl/tests/test-pathmax.c, gl/tests/test-perror.c,
gl/tests/test-perror.sh, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-recv.c,
gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
gl/tests/test-select-stdin.c, gl/tests/test-select.c,
gl/tests/test-select.h, gl/tests/test-send.c,
gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
gl/tests/test-stat.c, gl/tests/test-stat.h,
gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
gl/tests/test-symlink.c, gl/tests/test-symlink.h,
gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
unused gnulib crap
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: fixed more memory leaks in crywrap
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: addressed memory leak in crywrap.c
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: check the blacklist for certificates
provided in gnutls_x509_trust_list_verify_named_crt().
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
configure option.
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: rsa-export is no more
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: updated option for TPM
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: replace select() on windows
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: print message before failing when the pull
timeout function isn't replaced.
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
SHA1; suggested by Manuel Pégourié-Gonnard.
2014-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
build-aux/useless-if-before-free, build-aux/vc-list-files,
doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
gl/tests/test-base64.c, gl/tests/test-binary-io.c,
gl/tests/test-bind.c, gl/tests/test-byteswap.c,
gl/tests/test-c-ctype.c, gl/tests/test-close.c,
gl/tests/test-connect.c, gl/tests/test-dup2.c,
gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
gl/tests/test-float.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fseek.c,
gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
gl/tests/test-func.c, gl/tests/test-fwrite.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
gl/tests/test-getline.c, gl/tests/test-getpeername.c,
gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-ioctl.c, gl/tests/test-listen.c,
gl/tests/test-lstat.c, gl/tests/test-lstat.h,
gl/tests/test-memchr.c, gl/tests/test-netdb.c,
gl/tests/test-netinet_in.c, gl/tests/test-open.c,
gl/tests/test-open.h, gl/tests/test-pathmax.c,
gl/tests/test-perror.c, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-read-file.c,
gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
gl/tests/test-select.c, gl/tests/test-select.h,
gl/tests/test-send.c, gl/tests/test-sendto.c,
gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
gl/tests/test-sockets.c, gl/tests/test-stat.c,
gl/tests/test-stat.h, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
gl/tests/test-strerror_r.c, gl/tests/test-string.c,
gl/tests/test-strings.c, gl/tests/test-strnlen.c,
gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
gl/tests/test-sys_wait.h, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
src/gl/intprops.h, src/gl/m4/00gnulib.m4,
src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
src/gl/parse-datetime.h, src/gl/parse-datetime.y,
src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
updated gnulib
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
when they are available in TLS1.0
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: The default priority is reset to NORMAL
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: Revert "the default priorities are reset to
be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention SHA384 as MAC option
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/serv-args.def: documented the defaults
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: the default priorities are reset to be
NORMAL. Reported by Manuel Pégourié-Gonnard.
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def: Add required priorities
2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Preinitialize values; suggested by Sebastian
Krahmer and Tomas Hoger.
2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: added doc on is_issuer() checks
2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: removed not trusted message; reported by Michel
Briand.
2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: updated for verification updates
2014-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Updated verification function
2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
* src/cli-args.def, src/cli.c: New option --stricttofu for
gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
certificate changes. I added the option --stricttofu that omits the
question and fails instead. The contribution is in accordance to the "Developer's Certificate of
Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: moved priorities check to the first call
only.
2014-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: removed duplicate definition; reported by
Dennis Philipps.
2014-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/README.CODING_STYLE: updated coding style
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-nc.pem: added cert
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: corrected check
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
values
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: updated
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: When appending a name, ensure that we
append to the end of the list.
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: use gnutls_free()
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: corrected email in texi
2014-02-20 Attila Molnar <attilamolnar@hush.com>
* lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
resistance against guessing usernames When a client tries to authenticate using an unknown username,
instead of generating a random salt every time, generate the salt
based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use
the same seed after a restart. A random seed is generated for each newly allocated SRP server
credentials structure, meaning that applications not using the new
API to set the seed continue to work and gain limited advantage
(because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: small artistic changes
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: check against the success value
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
bool types when needed.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: ensure failure when parsing fails.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: allow ip address as constraint
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Added check for IPaddress
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added tests for name constraints addition.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: better error printing
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: corrected empty name check
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/template-nc.pem,
tests/cert-tests/template-nc.tmpl: Updated test for name constraints
to include empty constraints names.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: pretty print empty DNSnames
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/name_constraints.c:
_gnutls_x509_read_value() can now read empty values.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Allow empty names.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: removed debugging
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Added check for null
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: If alternative names are found, don't
bother checking the DN.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/certs/create-chain.sh: Added tool to create a
certificate chain
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: properly indent name constraints
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: _gnutls_parse_general_name2() will return the
expected data
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c, tests/cert-tests/Makefile.am,
tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test:
certtool allows setting name constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
false warnings
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: simplify names
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/name_constraints.c: Added
gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
certificate.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, tests/name-constraints.c,
tests/suppressions.valgrind: Added support for e-mail constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/name-constraints.c: Added more constraints tests for
unsupported structures.
2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: Corrected check for present
constraints in unsupported types.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: fix small leak
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool.c: When verifying a response and a signer isn't
provided assume that the signer is the issuer.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
check if it is available on the reply.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: properly deinitialize name
constraints structure.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: Verify in example that the sent
nonce matches the received nonce. Reported by Benny Baumann.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/name-constraints.c: Added missing file
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/priority_options.gperf: priority string flag
VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
handshake timers when gnutls_handshake() is called.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
catch a timeout issue in handshake().
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
multiple flags in gnutls_x509_crt_get_name_constraints()
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: Do not deinitialize the constraints
structure when reading the constraints fails.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
lib/x509/output.c: Allow appending name constraints.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
setting a non-critical name-constraints extension.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: better checking of unsupported
constraints.
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_int.h, tests/Makefile.am: Added support for name
constraints X.509 extension. This allows to generate and read the name constraints extension, as
well as check against the DNSNAME value.
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: depend on p11-kit 0.20.0 or later
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: changed names for clarity
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c: Corrected bug in
gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
gnutls_x509_crt_list_import() would fail with the provided data.
Reported by Dmitriy Anisimkov.
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: corrected suppressions file
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: do not mention
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
tests/chainverify.c: removed deprecated flag
2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/cover.tex: added Ted
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: set value to null after releasing
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/keygen.c: generate keys in the acceptable sizes in
FIPS140 mode
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: generate 2048 bit keys in RSA mode
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c, lib/x509/x509_int.h: Added
_gnutls_parse_general_name2()
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: ensure that _gnutls_x509_read_value works as
documented.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: ensure that the issuer in present in a trusted
module.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Use the
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
trusted modules are used.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
marked as trusted PKCS #11 module. The marking is done on p11-kit
configuration.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: mark trusted p11-kit modules as trusted.
2014-02-12 Marcus Meissner <meissner@suse.de>
* src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
for the ipv6 address fails, this loop would fail and abort the
socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added test for pathlen constraints.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added check for v1 intermediate CA
certificate
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Fix bug that prevented the rejection of v1
intermediate CA certificates. Reported by Suman Jana.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function
2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
timestamps for serial numbers.
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* maint.mk: updated indent cmd
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk: corrected indent parameters
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
do not redefine the _gnutls_x86_cpuid_s symbol
2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
security levels of PFS, SECURE128 and SECURE192 keywords.
2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: reduced security levels of SECURE128 and
SECURE192 strings.
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: only test libz if it is available
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: check errors from
gnutls_priority_set_direct().
2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: increased the interval between reading
/dev/urandom
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
certtool option to allow asking for passwords even when in batch
mode.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: use newlines in error printing
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: when using a PKCS #11 module for verification
ensure that it has been marked a trusted module in p11-kit.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
p11-kit's P11_KIT_MODULE_TRUSTED flag.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: use macros to set the level.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
reference manual to remove individual indexes that were not working.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphersuites.sh: corrected
test-ciphersuites.sh test
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: consider the initial keyword set even when
it's set to NONE.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: When two initial keywords are specified
then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
SECURE256:+SECURE128.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
multiple initial keywords in a priority string, the security level
set is the one of the lowest security.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: better wording
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected bug in DH exponent size calculation.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
extension. This is an extension that is defined to be sent by the client but
there are servers that include it as well. Most other
implementations tolerate this behavior so we do.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected typo
2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
requirements for all ciphersuites that are not GCM.
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: return proper error on RSA key generation failure
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c:
allow a missing u
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_hash_int.c: Added sanity check in hash_init() and
mac_init().
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd.c: use some kind of key continuity in the nonce
RNG.
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: when importing public keys set the correct
algorithm.
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
by one byte
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: corrected calculation
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: corrected prototype
2014-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/Makefile.am,
lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
lib/nettle/pk.c: Added FIPS184-4 RSA key generation.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c, lib/libgnutls.map: rename function
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_db_get_cache_expiration()
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: removed unused variables
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
lib/x509/privkey.c: Allow verification of public and private
parameters.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
keys.
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume.c: Added check for gnutls_db_check_entry_time().
2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c: correctly read the magic number and timestamp;
report and patch by Jonathan Roudiere
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/scripts/getfuncs-map.pl: updated for new functions
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: exported function needed for fips test
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
lib/gnutls_privkey_raw.c: compile missing file
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: indented
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: eliminated memory leak when generating a
privvate key using gnutls_privkey_generate().
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
gnutls_privkey_import_rsa_raw
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected usage of privkey
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
number
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: optimized string search in _oid2str table.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: copyright update
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: fixed null pointer derefence when printing a
name and an LDAP description isn't present for the OID
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
to release verify that the exported functions in the .map file match
the headers.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported missing functions
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported function
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
FIPS140 mode.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-global-load.c: removed non-working test for static
linking.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rng-fork.c: increased the number of bytes requested by the
RNG
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
The AES-CTR-based nonce random number generator was replaced with
salsa20.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
function prototypes.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
the prototype of _gnutls_mpi_div
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
_gnutls_mpi_mul_ui
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
prototype of _gnutls_mpi_powm
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
mpi_scan macros
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: reduced warnings
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
_gnutls_mpi_set_ui,, _gnutls_mpi_copy
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
_gnutls_mpi_modm
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
added _gnutls_mpi_init_multi
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: reduced the number of system calls made during
the random generator lock.
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
string by default in examples (not yet).
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
to avoid becoming a bottleneck on processes with many threads.
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: corrected push/pull function setting
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: do not impose limits to index
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c:
Fixes in the Shawe-Taylor prime generation routine.
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: cleanups
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: increased seed length
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: cleanups
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: indented code
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
_gnutls_pk_params_copy makes a full duplicate.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
lib/x509/privkey.c: Added macros to allow specifying a subgroup for
DSA.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
Added gnutls_privkey_get_pk_rsa_raw: Added
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: exported more internal functions
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
keys.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: Split the generation of keypair from
the generation of parameters.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
_dsa_validate_dss_g, and other fixes in validation.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: indented files
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
_dsa_generate_dss_pq
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: fixed copyright
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
vectors for the fixed implementation.
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/random.c: register FIPS140 random generator prior to
initialization
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
generator.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: no point to fail on 3DES weak keys.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: use a single context for all stream ciphers.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: Added ARCFOUR-128 self test.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: always set subkey status
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-record.c: small updates in mini-dtls-record
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: simplified client hello generation
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: %COMPAT implies %DUMBFW
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: use a single buffer to generate the client
hello.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
lib/random.c: The FIPS140 random number generator is enabled
conditionally when required.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: removed duplicate function
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: use newline
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: when freeing priority_cache make sure it is
set to NULL
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: Clarified version
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h:
gnutls_global_set_mem_functions was deprecated
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
warning; all systems we support set this function.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am: generate info documentation in a single file
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
certificates is now replaced by the verification profiles.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: no need to set profile to LOW as it is already
the default
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
macro
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: decreased certificate verification level to
allow SHA1 as hash.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/x509/verify.c: When verifying a
certificate's security level ensure that the hash is within the
level
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/complex-cert.pem: updated test for level rename
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suppressions.valgrind: updated memxor3 suppression to cope
with any usage of memxor3
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: The correct priority will be used if SYSTEM
is not specified.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: do not immediately fail on verification failure
due to insecure algorithm.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
gnutls_priority_set_direct() to set a fixed priority string
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: avoid allocation.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
priorities based on version number in examples, and add dependency
on 3.1.0
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/gnutls_priority.c: changes in SYSTEM semantics to allow
appending rules to the default policy.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used
to read the priorities. That can be used to impose system specific
policies.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Weak sec-param was replaced with Low.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/sec-params.c: updated sec-params check
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, src/certtool-common.c, src/serv.c: more updates for the
security param rename
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
test to check the expected values of security parameters.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: security levels aligned to ENISA and
other common practice recommendations.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
lib/priority_options.gperf, lib/x509/verify.c:
GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
Also when setting a PROFILE explicitly as priority string the
session security level is adjusted accordingly.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_priority.c,
lib/priority_options.gperf: Use gperf to find priority string
options.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: verification profiles can be set
individually as well.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
update
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: increased the overall security level unless
%COMPAT is specified.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
verification profiles when setting priority strings
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c:
Added certificate verification profiles.
2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: simplified _gnutls_verify_certificate2().
2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: consistency changes.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
description.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust
list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
RDN sequence. This flag is for now only useful internally in gnutls.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509dn.c: simplified x509dn
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
set_pkcs12_cred test.
2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: doc update
2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
servers Without this patch, a TLS 1.2-only server will not be properly
investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
--x509certfile=server/x509.pem --priority
'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
localhost Resolving 'localhost'... Connecting to '::1:5556'...
Checking for SSL 3.0 support... no Checking whether %COMPAT is
required... yes Checking for TLS 1.0 support... no Checking for TLS
1.1 support... no Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... yes Checking whether we need to
disable TLS 1.2... N/A Checking whether we need to disable TLS
1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-01-06 Nils Maier <maierman@web.de>
* lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
full packet before setting priv->expect_cstatus = 0, or else
CERTIFCATE STATUS packets won't be processed in subsequent calls at
all, leaving them in the buffer and therefore causing later
connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
looking for a trusted certificate.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
gnutls_certificate_set_x509_crl_file/mem.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
gnutls_certificate_set_x509_trust_file/mem.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: use gnutls_strdup
2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: mini-record-2 movedto front.
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: removed debugging
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
and distrust (blacklists).
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: more sensible names in find data private structures.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
GNUTLS_PKCS11_ISSUER_ANY is not specified.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c: unified PKCS#11 debug messages
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
Updated PKCS #11 support for
gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
importing all CAs. That way it allows verification on the spot
without requiring the gnutls to restart in case of a blacklisted CA.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added documentation for force autogen to
generate correct texinfo code.
2013-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume-dtls.c, tests/resume.c: resume tests will not block
if they fail
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: moved constructor definitions to macros to
allow easier extensions to other systems.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rng-fork.c: perform the iteration check on both rngs.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: Add suppression for nettle's memxor3
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: updated
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
the current size of the client hello.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: doc update
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: do not pad when the client hello size is
sufficiently small.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
padding if the hello data are already too long.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: export only xssl symbols; small patch by Andreas
Metzler.
2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
* src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: limit the size of the DH exponent
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: unified constants
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/fips-test.c: Do not run the fips-test when not in fips mode
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/ext/status_request.c,
lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h:
simplified gnutls_handshake_alloc
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: do not specify a default class when searching
for objects to delete This fixed issue when trying to delete all the keys in a token by
using the token URL.
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
flag to force security office login to the card
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: updated txt
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: print warning when no token name is provided
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: Added userPrincipalName
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
parameter is ignored.
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: corrected key ID size check
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: Ported Alon's patch to correctly check for librt (et
al.) This also makes clock_gettime() check independent of the FIPS140
option.
2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added aliases list-privkeys and list-keys
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: undefine select as well in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c, tests/mini-dtls-record.c,
tests/mini-handshake-timeout.c: corrected some tests to operate
silently under valgrind
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mpi.c, tests/x509cert-tl.c: corrected leaks
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: do not use the gnulib wrappers in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
set the gnulib functions for recv and send.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/elf/cpuid-x86_64.s: updated
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
time.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: corrected check
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed debugging
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12_s2k.c: corrected paths
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
pkcs11_get_random was renamed
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
generated files
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: correctly generate asm sources
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: gnu note for stack only used in ELF
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
files
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/accelerated/Makefile.am,
lib/accelerated/accelerated.c: Improved nettle check for
registration of accelerated ciphers.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am: use the correct sources in win32
systems
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: simplified deps
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: updated danetool
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ecc.c: changed default to 256R1
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: the accelerated library is depending on nettle
being present
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi: updated to account the file format p11-kit
expects
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/openssl: restricted submodule to a specific version
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, cfg.mk: bootstrap will initialize the submodules
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
devel/perlasm/openssl-cpuid-x86.pl.license,
devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
devel/perlasm/sha1-ssse3-x86_64.pl,
devel/perlasm/sha256-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86_64.pl,
devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
using git submodule
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/system.c: Added configure option
--with-default-blacklist-file This option allows to specify a file containing blacklisted
certificates.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify-high2.c:
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
black list. When a CA or certificate is removed from the trusted list, it is
also added in a blacklist to ensure that it will not be accepted due
to interdependency (e.g., it is a subordinate CA), or because it is
not a CA.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Corrected documentation for
gnutls_x509_trust_list_add_trust_*
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
in gnutls_pkcs11_reinit.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/mac.c: Avoid verbose logging
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h:
use better definitions
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-cert-status.c: doc update
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers
provided to crypto backend are ensured to be 16-byte aligned (except
the ones provided by the user). That increases performance in
several crypto accelerators.
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c: updated to correspond to new fail()
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
_mbuffer_alloc
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-padlock.h,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
lib/accelerated/x86/x86-common.c: reorganized source files.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
AESNI is available without PCLMUL, then use AES-NI in GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-x86.c: addressed warning
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
AESNI
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c:
use better names for files
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/hmac-padlock.c: zeroize keys
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
PCLMUL isn't available use the SSSE3 implementation of AES to
optimize GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: removed UMAC ciphersuites from benchmark
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: removed the estream ciphersuites from
benchmarks
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
devel/perlasm/aes-ssse3-x86.pl.license,
devel/perlasm/aes-ssse3-x86_64.pl,
devel/perlasm/aes-ssse3-x86_64.pl.license,
devel/perlasm/aesni-x86.pl.license,
devel/perlasm/aesni-x86_64.pl.license,
devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
devel/perlasm/cpuid-x86_64.pl.license,
devel/perlasm/e_padlock-x86.pl.license,
devel/perlasm/e_padlock-x86_64.pl.license,
devel/perlasm/ghash-x86.pl.license,
devel/perlasm/ghash-x86_64.pl.license,
devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
devel/perlasm/openssl-cpuid-x86.pl.license,
devel/perlasm/ppc-xlate.pl.license,
devel/perlasm/sha1-ssse3-x86.pl.license,
devel/perlasm/sha1-ssse3-x86_64.pl.license,
devel/perlasm/sha256-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86_64.pl.license,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
Hamburg's SSSE3 AES implementation.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: doc update
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
devel/perlasm/sha1-ssse3-x86.pl,
devel/perlasm/sha1-ssse3-x86_64.pl,
devel/perlasm/sha256-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86_64.pl,
lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-avx-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-avx-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
implementations
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
Utilize the optimized SHA functions in Padlock HMAC.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: use a single BUILT_SOURCES
2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
minor phrasing improvements in docs
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: Added auto-generated files in BUILT_SOURCES
2013-12-13 Jared Wong <jaredlwong@gmail.com>
* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
line_size. All checks were being done where the line_size check was done last.
This allows data to be read from one past teh end of the line
buffer. In C, accessing data outside of an array is undefined
behavior and may cause yet known problems. Additionally, the
compiler may end up making some unreasonable assumptions under the
pretense that the programmer is never wrong and would not access
data outside of the array.
2013-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/libopts/m4/libopts.m4: Avoid conditional generation of
Makefile
2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
prime size as well.
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported function
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
gnu-ism in Makefiles
2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: simplified logic
2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Correctly detect the FIPS140-2 HMAC file.
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
exported pkcs11 functions initialize PKCS #11.
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: fixes in PKCS #11 initialization
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: provide imprecise time as gmt time.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
auto-reinitialization.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
fully initialize the PKCS #11 subsystem only when it is needed to.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
check to verify that gnutls_global_init() is run on the library
constructor.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/global-init.c: converted to a simple check for
gnutls_global_init() as gnutls_global_init2() will not be added.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: call p11_kit_modules_load() with null argument.
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: only use LT_INIT
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: disable static library build by default
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
gnutls_global_init2() is no longer exported.
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Added automatic reinitialization on fork() on the
PKCS #11 subsystem.
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
use.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
Use a DRBG-AES to generate nonces rather than the yarrow RNG.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: getpid() is conditionally used.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
auto-generated files
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
tests/fips-test.c: removed zombie mode, and no longer use fips140.h
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
to gnutls.h
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: simplified func
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/nettle/pk.c: corrected macros
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: Check whether the RNG can perform many
iterations without error.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
exceed a number of iterations.
2013-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
mutex to avoid any side-effects.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/locks.h: re-initialize a deleted staticly initialized mutex
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: Added hack for nettle's checks.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: adjusted parameters in normal level
for DSA to match nettle's abilities.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: added newlines in error reporting
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
tests when used from slow/cipher-test
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/global-init.c: updated test for the universal lib
constructor
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: removed deadlock from gnutls_global.c
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/gnutls_global.c: constructor and destructors were
moved outside the FIPS140 mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
when not in FIPS140 mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c:
fips140_simulate_error -> lib_simulate_error
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: adjusted subgroup bits to be
compatible with DSA requirements.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even
when not in FIPS mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: removed usage of %zu.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: updated mini-overhead to account for the
removal of salsa20+umac
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: Detect the presence of posix locks even without
linked to libpthread.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
for camellia-gcm.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: remove bashism.
2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: updated links in reference.
Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: updated links in reference.
Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
updated addresses and URLs. Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
updated addresses and URLs. Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
*structors to fips.c
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
by Ben de Graaff.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
by Ben de Graaff.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Added ECDH known answer test.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
Diffie-Hellman key exchange.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
1.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c:
compacted DH support files.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
they are not needed.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: When checking the generated DSA params make
sure that the data to be signed have the proper size.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
functions. This allows handling DH key generation in the crypto backend files.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
DRBG-AES generator by using a counter (with an arbitrary initial
value) as DT.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: Added pairwise constistency test on key
generation.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero
2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/certtool.cfg: updated example certtool.cfg
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
a compiler optimizing out out calls.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
DH and DSA key q size.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: corrected params for ULTRA level
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: Re-run receiving tests on server side, to
allow any valgrind errors to propagate to exit code.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Perform an integrity check on all supporting libraries
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: In FIPS mode the default cipher is AES.
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: Do not link gnutls against librt unlress it is
really necessary.
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: checks FIPS-140 lib requirements, moved after
clock_gettime() is checked for.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/armor.c: removed unused function
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/pubkey.c: removed unused variable
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, tests/mini-xssl.c,
tests/pkcs12_simple.c: Skip tests that require the non-suiteb
curves.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h:
_gnutls_privkey_decode_ecc_key() returns integers as error code to
distinguish error conditions.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
curves).
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: updated
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
parameter generator.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed unneeded newlines
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files ignored
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/nettle/Makefile.am, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h, lib/nettle/int/drbg-aes-self-test.c,
lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
lib/nettle/int/gcm-camellia.c, lib/nettle/int/gcm-camellia.h,
lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: Added deflate compression tests with
AES-GCM in order to be tested in FIPS mode.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: corrected comparison
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: Allow MD5 hash in zombie mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.h: fixed bug
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am: don't run openssl (md5) when in fips mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, tests/fips-test.c: separate zombie mode from
operational fips mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/fips-test.c: modified to account for zombie mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
in openssl keys.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: beautified table
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: added new functions
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: eliminated memory leak on PK self
check.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c, lib/gnutls_global.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c:
Added gnutls_global_init2(). This allows initializing gnutls in a
constructor in FIPS140 mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Added an audit message in self test failure
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
messages.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: binary integrity self test moved to end
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.h: simplified debugging levels.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509_b64.c: silence some errors
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: updated
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c:
Better handling of FIPS140-2 initialization
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
determine which curves are available.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c:
gnutls_key_generate() is restricted by the size of the initial RNG
seed in FIPS140-2 mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
FIPS mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: when using the rng() with a void option use the
FIPS state to indicate errors.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c:
Restrict the number of tests run on FIPS140-2 mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
FIPS140-2 mode disable non-conformant ciphers, MAC and hash
algorithms.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c:
Use nettle for the generation of DH group parameters.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: no need to memset. It should have been
initialized.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
not involve the security level into the certificate comparisons.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and
DH keys.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: restricted combinations of security
parameters in FIPS mode.
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed the initialized static variable.
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
lib/nettle/rnd-fips.c: Corrected _rnd_get_event().
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c:
Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
_gnutls_mpi_mod().
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: In rng_fork test all random generators.
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: comments updated to conform to the modified
version.
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed external test functions
2013-11-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
libgcrypt's AES-based DRBG.
2013-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
of nettle's RNG.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
overwritten
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: corrected typo
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
keys.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: more keys are zeroized
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: require libtasn1 3.4
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated libtasn1 version
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use the most appropriate nettle function
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
lib/x509/privkey_pkcs8.c: better naming for free_datum functions.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
buffers of private keys.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
ECC secret scalars and points.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
lib/nettle/mac.c: Added zeroization of keys in several parts within
gnutls.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dh.c: doc update
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
primitives.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
_gnutls_mpi_release()
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
and added a self test for it.
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h: Added binary integrity test
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
for fips states. This implies that when in FIPS mode and the library is not in
operational state (i.e., all self checks succeeded), crypto
functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
tests/slow/cipher-test.c: indented code
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
tests/slow/cipher-test.c: Self checks are conditionally included in
the library.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
RSA, DSA and ECDSA.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
specifying an explicit curve.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Added gnutls_privkey_generate().
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/crypto-selftests-pk.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
key usage.
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
tests/slow/cipher-test.c: Added option to run all available self
tests per category in a single run.
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
self-tests by adding digest and MAC tests.
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/crypto-selftests.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/slow/cipher-test.c: Added self tests
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: check for alternative unbound root key files.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/debug.c: increased buffers
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
auto-generated asm files. This fixes a valgrind complaint when
AES-NI is in use.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
devel/perlasm/x86nasm.pl: updated perlasm files
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am: Do not link gnutls against librt
unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: updated e-mail address
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: use $shell()
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/args-std.def: handle centrally more variables
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
manpage generation (and information stored to it).
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
auto-generated doc files.
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c:
certtool's --verify option if not supplied with a CA list, will use
the system's CA list.
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: cast the expiration time to time_t
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
for the 'no well defined' expiration time.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/tests/Makefile.am, gl/tests/strerror-override.c,
gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
module.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/egd.c: better use of errno
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/epub.tex, doc/latex/gnutls.tex,
doc/scripts/mytexi2latex: use eurosym package for euro symbol
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Corrected check of usage of local libopts when
autogen isn't present
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-dn-err.tmpl,
tests/cert-tests/template-test: Verify failure of DN parsing in a
wrong DN.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_compress.c: disallow any compression in DTLS
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
mini-deflate was combined with mini-record-2
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
lib/gnutls_record.h: Corrected bug which affected compressed
records. Less space was provided for decryption than the required causing
disconnection issues when compression was used. The issue was
pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
max_decrypted_size() and max_record_recv_size().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c: check return code of gnutls_rnd().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
session tickets.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: fixed for win32
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: added assert to trace errors.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: link all programs with libgnu_gpl to avoid
conflicts from header files.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
Added progname module which is used by error().
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: safer usage of strerror
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
libopts
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: corrected libopts patch
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/error.c: removed unneed line
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore xssl manpages
2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
secure128 level.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: generate ChangeLog after doc/ is checked.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs.pl: made more clever to ignore inline
function body.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
auto-generated files
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported gnutls_est_record_overhead_size
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: do not add newline (it's already in the
printed string)
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
function is not updated if it is already set.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: bumped version
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: updated glimport
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
Added self checks for new date reading functionality
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, src/Makefile.am, src/certtool-args.def,
src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
activation_date and expiration_date options to certtool template
file.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
src/gl/strerror-override.c, src/gl/strerror-override.h,
src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
src/gl/xmalloc.c: Added a gnulib with GPL components for use by
applications.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
corrected bug reporting address.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
for overflows when setting time and allow a time of -1.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, tests/cert-tests/Makefile.am,
tests/cert-tests/template-overflow.pem,
tests/cert-tests/template-overflow.tmpl,
tests/cert-tests/template-overflow2.pem,
tests/cert-tests/template-overflow2.tmpl,
tests/cert-tests/template-test: Dates and time that would overflow
the GeneralTime are also truncated. We may need to revise that
around 9999 CE.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-certtool.texi,
doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi: force serialized generation of
invoke-*texi, to avoid autogen issue.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
(time_t)-1 will set to the no well-defined expiration date value.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: correctly set the ciphersuite when the
set_premaster interface is used.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: check for a valid blocksize prior to entering
loop
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
if set to a number will enable logging to stderr.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: corrected
issue with a not-yet-valid certificate
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
addresses.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv.c: simplified function
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
with fedora's openssl
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: print whether the local libopts or libtasn1 are
being used.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/base64.c, gl/intprops.h,
gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
maint.mk: Added intprops module (which is needed by newer libtasn1
versions)
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: use the bool expression instead of unsigned
int:1.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: doc update
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.h: define GNUTLS_PATH_MAX globally.
2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat: do not run on clippled versions of openssl
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/extensions.c: simplified functions.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
test
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
several functions.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.c: always exit when fail is called.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: reduced the stack size warning size.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
string option. This works around issues when connecting behind some firewalls.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
Andreas Metzler.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
of GNUTLS_PKCS11_PIN.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-certs/ca-tmpl,
tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
tests/suite/pkcs11-certs/client-tmpl,
tests/suite/pkcs11-certs/client.crt,
tests/suite/pkcs11-certs/client.key,
tests/suite/pkcs11-certs/server-tmpl,
tests/suite/pkcs11-certs/server.crt,
tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
test suite for PKCS #11 cards (not executed automatically).
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
self-signed certificates present in the chain
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: simplified checks
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c, src/p11tool-args.def: Allow getting the PIN from the
GNUTLS_PKCS11_PIN environment variable.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
Added export-chain option to p11tool
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls_pubkey.c,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
The latter function allows to obtain the issuer of a certificate
stored in a token. While traversing tokens, use the URL provided by the user, to avoid
looking for objects in unrelated tokens.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: test before copy
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
function prototypes to account for the new indentation.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
indentation in headers.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac: stribute the autogen'erated files as
.bak and enable them only if local libopts is being used.
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/alert-printlist.c, doc/common.c, doc/common.h,
doc/errcodes.c, doc/examples/ex-alert.c,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
doc/examples/ex-x509-info.c, doc/examples/examples.h,
doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
lib/algorithms.h, lib/algorithms/cert_types.c,
lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
lib/algorithms/protocols.c, lib/algorithms/publickey.c,
lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
lib/ext/server_name.h, lib/ext/session_ticket.c,
lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
lib/ext/status_request.c, lib/ext/status_request.h,
lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/gnutls_compress.c, lib/gnutls_compress.h,
lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/gnutls_rsa_export.c, lib/gnutls_session.c,
lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
lib/opencdk/packet.h, lib/opencdk/pubkey.c,
lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c,
lib/opencdk/stream.h, lib/opencdk/types.h,
lib/opencdk/write-packet.c, lib/openpgp/compat.c,
lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
lib/x509/extensions.c, lib/x509/key_decode.c,
lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
lib/x509/verify-high.c, lib/x509/verify-high.h,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
libdane/errors.c, libdane/includes/gnutls/dane.h,
src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool-common.c, src/certtool-common.h,
src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
src/common.c, src/common.h, src/crywrap/crywrap.c,
src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
tests/certder.c, tests/certificate_set_x509_crl.c,
tests/certuniqueid.c, tests/chainverify-unsorted.c,
tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
tests/cve-2008-4989.c, tests/cve-2009-1415.c,
tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
tests/mini-overhead.c, tests/mini-record-2.c,
tests/mini-record-range.c, tests/mini-record.c,
tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
tests/mini-termination.c, tests/mini-x509-2.c,
tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
tests/openpgp-auth2.c, tests/openpgp-keyring.c,
tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
tests/suite/ecore/src/include/Eina.h,
tests/suite/ecore/src/include/eina_accessor.h,
tests/suite/ecore/src/include/eina_array.h,
tests/suite/ecore/src/include/eina_benchmark.h,
tests/suite/ecore/src/include/eina_binshare.h,
tests/suite/ecore/src/include/eina_config.h,
tests/suite/ecore/src/include/eina_convert.h,
tests/suite/ecore/src/include/eina_counter.h,
tests/suite/ecore/src/include/eina_cpu.h,
tests/suite/ecore/src/include/eina_error.h,
tests/suite/ecore/src/include/eina_file.h,
tests/suite/ecore/src/include/eina_fp.h,
tests/suite/ecore/src/include/eina_hamster.h,
tests/suite/ecore/src/include/eina_hash.h,
tests/suite/ecore/src/include/eina_inlist.h,
tests/suite/ecore/src/include/eina_iterator.h,
tests/suite/ecore/src/include/eina_lalloc.h,
tests/suite/ecore/src/include/eina_list.h,
tests/suite/ecore/src/include/eina_log.h,
tests/suite/ecore/src/include/eina_magic.h,
tests/suite/ecore/src/include/eina_main.h,
tests/suite/ecore/src/include/eina_matrixsparse.h,
tests/suite/ecore/src/include/eina_mempool.h,
tests/suite/ecore/src/include/eina_module.h,
tests/suite/ecore/src/include/eina_quadtree.h,
tests/suite/ecore/src/include/eina_rbtree.h,
tests/suite/ecore/src/include/eina_rectangle.h,
tests/suite/ecore/src/include/eina_safety_checks.h,
tests/suite/ecore/src/include/eina_sched.h,
tests/suite/ecore/src/include/eina_str.h,
tests/suite/ecore/src/include/eina_strbuf.h,
tests/suite/ecore/src/include/eina_stringshare.h,
tests/suite/ecore/src/include/eina_tiler.h,
tests/suite/ecore/src/include/eina_trash.h,
tests/suite/ecore/src/include/eina_types.h,
tests/suite/ecore/src/include/eina_unicode.h,
tests/suite/ecore/src/include/eina_ustrbuf.h,
tests/suite/ecore/src/include/eina_ustringshare.h,
tests/suite/ecore/src/lib/Ecore.h,
tests/suite/ecore/src/lib/Ecore_Getopt.h,
tests/suite/ecore/src/lib/ecore.c,
tests/suite/ecore/src/lib/ecore_anim.c,
tests/suite/ecore/src/lib/ecore_app.c,
tests/suite/ecore/src/lib/ecore_events.c,
tests/suite/ecore/src/lib/ecore_exe.c,
tests/suite/ecore/src/lib/ecore_getopt.c,
tests/suite/ecore/src/lib/ecore_glib.c,
tests/suite/ecore/src/lib/ecore_idle_enterer.c,
tests/suite/ecore/src/lib/ecore_idle_exiter.c,
tests/suite/ecore/src/lib/ecore_idler.c,
tests/suite/ecore/src/lib/ecore_job.c,
tests/suite/ecore/src/lib/ecore_main.c,
tests/suite/ecore/src/lib/ecore_pipe.c,
tests/suite/ecore/src/lib/ecore_poll.c,
tests/suite/ecore/src/lib/ecore_private.h,
tests/suite/ecore/src/lib/ecore_signal.c,
tests/suite/ecore/src/lib/ecore_thread.c,
tests/suite/ecore/src/lib/ecore_time.c,
tests/suite/ecore/src/lib/ecore_timer.c,
tests/suite/ecore/src/lib/eina_accessor.c,
tests/suite/ecore/src/lib/eina_array.c,
tests/suite/ecore/src/lib/eina_benchmark.c,
tests/suite/ecore/src/lib/eina_binshare.c,
tests/suite/ecore/src/lib/eina_chained_mempool.c,
tests/suite/ecore/src/lib/eina_convert.c,
tests/suite/ecore/src/lib/eina_counter.c,
tests/suite/ecore/src/lib/eina_cpu.c,
tests/suite/ecore/src/lib/eina_error.c,
tests/suite/ecore/src/lib/eina_file.c,
tests/suite/ecore/src/lib/eina_fp.c,
tests/suite/ecore/src/lib/eina_hamster.c,
tests/suite/ecore/src/lib/eina_hash.c,
tests/suite/ecore/src/lib/eina_inlist.c,
tests/suite/ecore/src/lib/eina_iterator.c,
tests/suite/ecore/src/lib/eina_lalloc.c,
tests/suite/ecore/src/lib/eina_list.c,
tests/suite/ecore/src/lib/eina_log.c,
tests/suite/ecore/src/lib/eina_magic.c,
tests/suite/ecore/src/lib/eina_main.c,
tests/suite/ecore/src/lib/eina_matrixsparse.c,
tests/suite/ecore/src/lib/eina_mempool.c,
tests/suite/ecore/src/lib/eina_module.c,
tests/suite/ecore/src/lib/eina_private.h,
tests/suite/ecore/src/lib/eina_quadtree.c,
tests/suite/ecore/src/lib/eina_rbtree.c,
tests/suite/ecore/src/lib/eina_rectangle.c,
tests/suite/ecore/src/lib/eina_safety_checks.c,
tests/suite/ecore/src/lib/eina_sched.c,
tests/suite/ecore/src/lib/eina_share_common.c,
tests/suite/ecore/src/lib/eina_share_common.h,
tests/suite/ecore/src/lib/eina_str.c,
tests/suite/ecore/src/lib/eina_strbuf.c,
tests/suite/ecore/src/lib/eina_strbuf_common.c,
tests/suite/ecore/src/lib/eina_strbuf_common.h,
tests/suite/ecore/src/lib/eina_stringshare.c,
tests/suite/ecore/src/lib/eina_tiler.c,
tests/suite/ecore/src/lib/eina_unicode.c,
tests/suite/ecore/src/lib/eina_ustrbuf.c,
tests/suite/ecore/src/lib/eina_ustringshare.c,
tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c:
reindented code
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: doc update
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
gnutls_x509_privkey_generate() allow specifying an explicit curve.
2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: enable --outder for certtool
--dh-info "certool --dh-info --outder" produces PEM-encoded output without
this patch.
2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/certtool-args.def, src/certtool-common.c: enable --inder for
certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
without this patch.
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/tpmtool.1: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: doc update
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: use srcdir as prefix
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: removed unneeded command
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: print the flags used for libopts
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: delete libopts generated files if system libopts is
being used
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h:
separated the TLS IV size and the cipher IV size.
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, src/libopts/Makefile.am: fixes in libopts
compilation
2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: make sure that .def files will be re-read on the
compiling system.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
src/libopts/compat/strchr.c, src/libopts/configfile.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
5.18.2
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: better logging
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
parsing.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: removed debugging info
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: do not set any default level
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: Assign very weak level to priority string
NONE only.
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi: doc update
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore auto-generated files
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
src/libopts/option-value-type.c, src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
src/tpmtool-args.h: removed autogenerated files
2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/Makefile.am: If autogen and libopts are present
then use the system's libopts.
2013-11-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/args-std.def, src/certtool-args.def, src/cli-args.def,
src/danetool-args.def, src/psk-args.def, src/srptool-args.def:
argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
documentation places two dots (for example "specify a password
file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing
dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is
committed to git will probably will also need to be refreshed (or
removed from git entirely and generated from the definitions during
build, which might be cleaner).
2013-11-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/tests.c: fix DHE parameter output for gnutls-cli-debug
--verbose gnutls_handshake() was failing during test_dhe_group, with an error
of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the
handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c, tests/mini-deflate.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
server side.
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
a warning as it is the same as not setting it. Reported by Daniel
Kahn Gillmor.
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Do not print private key parameters when exporting
an encrypted private key.
2013-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.
2013-05-21 Stef Walter <stefw@redhat.com>
* configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later.
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated win32 makefile
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: win32 fix
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: include proper header file for uint8_t
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.6
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: corrected example
2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: debug_log -> record_log
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Duplicate messages moved from audit log to
debug log. There are networks where this is extremely common.
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi:
replaced ':' in anchor names (texinfo doesn't like it).
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc update
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: simplified code
2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
gl/tests/macros.h, gl/tests/strerror-override.h,
gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Removed unused parameter.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: Better DANE test output.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: reindented code
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Reorganized main loop in dane_raw_tlsa
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: Added proper newlines to errors.
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update
2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/cryptodev.c: corrected typo
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/Makefile.am,
tests/suite/ciphersuite/README,
tests/suite/ciphersuite/registry-ciphers.js,
tests/suite/ciphersuite/registry-ciphers.xslt,
tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh,
tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: Added a proper termination of
session to avoid issues with premature termination.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/dtls/Makefile.am: we now explicitly check for
librt.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
tests/pkcs8-decode/Makefile.am,
tests/rsa-md5-collision/Makefile.am,
tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
tests/slow/Makefile.am, tests/srp/Makefile.am,
tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
environment in all tests
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: removed unneeded diff option
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki, tests/cert-tests/dane,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
a parameter allowing to override it.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: LC_ALL is set to C to have predictable outputs
in tests.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: simplified test
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
DSA-SHA1.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi: p11tool text updated.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
doc/examples/print-ciphersuites.c: removed warnings
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: removed warnings
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
via trousers is now enabled by default.
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
--generate-random to p11tool.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/publickey.c, lib/algorithms/sign.c,
lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.
2013-10-24 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/publickey.c: Added new fallback OID for RSA
certificates.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Corrected number in
GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
by another ciphersuite in the same document.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
ciphersuites
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
were renamed to ARCFOUR_128
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: Increased minimum acceptable DH key to
767 bits.
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: updated priorities for new ciphersuites
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added ciphersuite
GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384
2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: Applied small patch by Jeremie
Courreges-Anglas to avoid usage of error().
2013-10-24 Alon Bar-Lev <alon.barlev@gmail.com>
* src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
or better to TLS1.0 or later.
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
the default priority levels, and prioritized GCM over CBC
everywhere.
2013-10-23 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized
from a source other than libunbound/DNS, as then the DNSSEC root key
would not be used anyway. Worse, if we failed to read the DNSSEC
root key, this would create a failure even though for applications
that do not use DNSSEC (but do use DANE/TLSA) such a failure would
be totally harmless.
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
changes prior to release
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: corrected ciphersuite numbers in priorities
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: corrected libdane doc
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: Added description for umac
2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped version
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: rearrangement
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Removed the _WITH_ from
ciphersuites names.
2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h: Added Camellia with GCM
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
ciphersuites from RFC6367.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
ciphersuites from RFC6367.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added more ciphersuites from
RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
GNUTLS_RSA_PSK_NULL_SHA384.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added new ciphersuites from
RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384,
GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
and GNUTLS_DH_ANON_AES_256_GCM_SHA384.
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: corrected type of path_len
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/libdane.map: exported symbols
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, libdane/dane.c: small fixes
2013-10-21 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
dane_verify_crt_raw to allow direct verification of a certificate
chain against a dane_query_t (for example, as provided by the new
dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped dane library version
2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-21 Christian Grothoff <christian@grothoff.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
dane_raw_tlsa to allow initialization of dane_query_t from DANE
records based on external DNS resolutions. Also fixing a buffer
overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/complex-cert.pem,
tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c:
Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
places (e.g. in the output of "certtool -i"), and "Public Key ID" in
other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output
consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
gnutls_certificate_get_crt_raw() to return the raw certificate as
present in the credentials structure.
2013-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
length calculation
2013-10-09 Ludovic Courtès <ludo@gnu.org>
* guile/modules/gnutls/build/priorities.scm, guile/src/core.c:
guile: Fix possible stack overflows.
2013-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
src/srptool.c: Corrected possible buffer overruns in included
programs and examples. Corrected possible buffer overruns in included programs and
examples. Reported by Pedro Ribeiro <pedrib@gmail.com>.
2013-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected typo
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h:
autogen'ed files update
2013-10-04 Attila Molnar <attilamolnar@hush.com>
* src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
an invalid group parameter index is given If no group with the given index was found in the password conf file
srptool crashed instead of reporting the error because the return
value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2013-10-04 Attila Molnar <attilamolnar@hush.com>
* src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
src/cli-args.h: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h:
autogen'ed files update
2013-10-03 Raj Raman <rajramanca@gmail.com>
* src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>
2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
error()
2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/tpm.c: include config.h in tpm.c
2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/it.po.in: Sync with TP.
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: define subgroup bits for the weak and
export parameters, to allow DH group generation.
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: document the version macros
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: verbose is everywhere unsigned
2013-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed limitation as this has been
resolved
2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update
2013-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2013-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: doc update
2013-09-15 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Use intermediary files when
generating code.
2013-09-15 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler <ametzler@bebt.de>.
2013-09-10 Tobias Polzer <tobias.polzer@fau.de>
* lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: libopts is linked prior to libgnu to solve issue
in win32. Initial patch by Tomasz Gajewski.
2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
and gnutls_handshake_get_last_out() for correctness.
2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: Ignore non-fatal handshake alerts.
2013-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-record-timing.c: silence warning about return
code
2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher_int.c: updates in record packet encoding.
2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-2.c: Test the null cipher as well.
2013-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: added comments
2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.
2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
gnulib's error()
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes.c: record-sizes can only work properly with a
stream cipher.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: corrected max_user_send_size() for DTLS.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-2.c: test for excessive records being correctly
send
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h,
lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
accepts the actual pad rather than the intended data. Corrections in
sending records with %NEW_PADDING.
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
updated gnulib
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: removed dane.nox.su from the good list
2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: explicitly initialize the log functions
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-record-2.c: Added test to send
variable packet sizes.
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: doc update
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: simplified pad calculation
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: mention RSA-PSK
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c: author update
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c:
Improvements in RSA-PSK.
2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, m4/hooks.m4: released 3.2.4
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/Makefile.am: added missing file
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa_psk.c: indented code
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
RSA-PSK key exchange.
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c:
Optimizations in RSA-PSK by removing unneeded code.
2013-06-29 Frank Morgner <morgner@informatik.hu-berlin.de>
* lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/algorithms/kx.c, lib/algorithms/publickey.c,
lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
e3c245b951530a92fc610a130faf167a37461073
f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20
2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: arcfour is restored in the top of the
performance priority.
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-cert-status.c: removed unused function
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
the correct operation of gnutls_certificate_server_set_request().
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: Corrected
gnutls_certificate_server_set_request().
2013-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/vi.po.in: Sync with TP.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume.c: Try 3 resumption attempts and try also session db
and ticket.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: only register current session when not
resuming
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: do not duplicate tests for null.
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: remove ifdefs for session tickets
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
Nicolai Stange.
2013-08-18 Stefan Bühler <stbuehler@web.de>
* lib/algorithms/ciphersuites.c, tests/priorities.c: add some
RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges
2013-08-18 Stefan Bühler <stbuehler@web.de>
* tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
tests/mini-alpn.c, tests/mini-deflate.c,
tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
tests/mini-dtls-large.c, tests/mini-dtls-record.c,
tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
tests/mini-loss-time.c, tests/mini-overhead.c,
tests/mini-record-range.c, tests/mini-record.c,
tests/mini-rehandshake.c, tests/mini-termination.c,
tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
tests/resume-dtls.c, tests/resume.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c:
fix transport parameter casts in tests
2013-08-24 Andreas Metzler <ametzler@downhill.at.eu.org>
* tests/sha2/sha2: Clean up after test.
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: Corrected access of temp file.
Reported by Thomas Witt.
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: No longer recommend the use of RC4
2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
lib/gnutls_priority.c: AES-GCM is preferred always
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
src/certtool.c, src/cli-debug.c, src/cli.c,
src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
src/srptool.c, src/tpmtool.c: included programs no longer depend on
GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
in the library.
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
gl/dirname.h, gl/dosname.h, gl/dup2.c, gl/errno.in.h, gl/error.c,
gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h,
gl/float.c, gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c,
gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c,
gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c,
gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h,
gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h,
gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettimeofday.c,
gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c,
gl/inet_pton.c, gl/intprops.h, gl/isnan.c, gl/isnand-nolibm.h,
gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c,
gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
gl/strchrnul.valgrind, gl/strdup.c, gl/strerror-override.c,
gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
gl/tests/Makefile.am, gl/tests/dosname.h, gl/tests/fpucw.h,
gl/tests/infinity.h, gl/tests/intprops.h, gl/tests/malloca.c,
gl/tests/malloca.h, gl/tests/malloca.valgrind,
gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c,
gl/tests/strerror-override.c, gl/tests/strerror-override.h,
gl/tests/strerror.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
gl/tests/test-dirent.c, gl/tests/test-environ.c,
gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
gl/tests/test-fseterr.c, gl/tests/test-getopt.c,
gl/tests/test-getopt.h, gl/tests/test-getopt_long.h,
gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
gl/tests/test-math.c, gl/tests/test-printf-frexp.c,
gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h,
gl/tests/test-printf-posix.output, gl/tests/test-rawmemchr.c,
gl/tests/test-setenv.c, gl/tests/test-signbit.c,
gl/tests/test-sleep.c, gl/tests/test-strchrnul.c,
gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
gl/tests/unsetenv.c, gl/time.in.h, gl/time_r.c, gl/u64.h,
gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c,
gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c,
gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, src/certtool.c,
src/cli-debug.c, src/cli.c, src/danetool.c, src/ocsptool-common.c,
src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
src/srptool.c, src/tpmtool.c: gnulib only contains lgplv2 modules
2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/de.po.in, po/vi.po.in: Sync with TP.
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: removed unused code
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: Do not try to parse arbitrary objects as
certificates.
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: don't ignore errors when copying
resumption values
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention that new padding is currently a
gnutls extension
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/libopts/makeshell.c: do not require localtime
2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: added mkdir
2013-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c: inverse check for cipher ok and priority.
2013-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: documented parameters
2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: no need to keep separate priority lists for
export ciphersuites (they are no longer available).
2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
priority string option.
2013-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.3
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: allow empty fragments with padding.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes-range.c: corrected test
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/record-sizes-range.c: Added test for the
range functionality.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
calculation in AEAD ciphers.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Correctly report unicode status in win32 API
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: correctly link with librt when needed.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
when needed.
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/snippet/unused-parameter.h, configure.ac,
gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
gl/iconv_open-solaris.gperf, gl/iconv_open.c,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
components. This removes the gnulib iconv, and uses libc or libiconv if needed.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.3pre0
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
calculate the overhead.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_constate.h,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
function is now called before epoch change. This allows enabling certain features, such as the new record
padding, prior to exchanging finished messages.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/record-sizes.c: test sending and receiving the maximum
allowed TLS buffer size.
2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: corrected guile-site-dir option. Patch by Steve
Erhart.
2013-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.h: Do not count pad and MAC as received data.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: simplified decrypted data allocation.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h:
small optimizations.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
mode allow for larger record sizes than the maximum.
2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini.c, tests/record-sizes.c: Updated
mini test.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
unacceptable chars.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/priorities.c: test also the number of ciphers.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added helper functions to export the available
ciphers in a priority structure
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/priorities.c: Added a test that checks
whether the priorities behave as expected (depends on the supported
ciphersuite numbers)
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: When adding a bulk of priorities make sure
they don't replace the whole list. Reported by Stefan Buehler.
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: updated doc
2013-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/ag-char-map.h: Ignore non-ascii characters in
configuration file. This is a quick fix for
http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html
2013-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: make sure that the .info files are as new as the pdfs
and html.
2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
server example updated to include OCSP stapling
2013-07-16 Matt Whitlock <matt@whitlock.name>
* lib/gnutls_buffers.c: avoid leaking a buffer element when
_gnutls_stream_read returns 0
2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2013-07-17 Stefan Bühler <stbuehler@web.de>
* lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual
length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and
might lead to invalid memory accesses as the loop won't stop until
it finds either the algorithm identifier or 0.
2013-07-17 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
on _WIN32. socketpair isn't provided on Windows, so these tests should just
exit 77. Note that resume-dtls.c already had a guard like this -- I've
rewritten it to match the others, but socketpair (presumably!) isn't
the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
connections. Besides simplifying the code, this also makes it possible to run
"make check" in parallel -- previously this didn't work because
several tests were trying to bind the same port. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/x509dn.c, tests/x509self.c: Detect socket() error responses
correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-16 Adam Sampson <ats@offog.org>
* doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output
format, and applied the replacements in the order that "keys"
returned for the hash. However, not all orders are safe -- and now
that Perl 5.18 randomises hash order per-process, it only worked
sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
#gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
@code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
@code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
#gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
@code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
@code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will
always be done in the intended order. Signed-off-by: Adam Sampson <ats@offog.org>
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
reliable transports to avoid unexpected packet loss.
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: Link with librt when needed. Reported by Joern
Clausen.
2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
for the additional version variable.
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated w32 makefile
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
gl/tests/ignore-value.h, gl/tests/malloca.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk:
updated gnulib
2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.2
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: doc update
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: typo fix
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: gnutls-cli -l prints the supported digest algorithms
as well.
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected return value.
2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Check for nanosleep in librt, when not in libc.
Reported by Joern Clausen.
2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: corrected typo
2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: updated
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: try to reduce memory in internal structure
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
tests/mini-x509-callbacks.c: Allow hooks to be called before or
after generation/receiving.
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.
2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Gustavo Zacarias <gustavo@zacarias.com.ar>
* lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: make sure that the hook function is always
called.
2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: New functions added
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: When resuming a session send only the
mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by
Peter Dettman.
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: corrected typo
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srtp.c: Include MKI size in size calculations for the
extension. This prevents a parsing error when MKI is being used. Reported by
Gábor Tatárka.
2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark.h: Fix for NetBSD systems that do not have
CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.
2013-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: make sure that a valid number of days is entered
2013-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/DCO.txt: Added DCO
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: added new functions
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-hello-verify.c: simplified structure
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected issue in client hello verify.
2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.
2013-07-04 Stef Walter <stefw@redhat.com>
* lib/pkcs11.c: pkcs11: Use the correct attribute length for
CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
are done with the attribute byte values, we need to get the length
exactly right. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509-callbacks.c: updated for new callback format
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: corrected typo
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: when removing a cipher priority, make sure
the order is kept
2013-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in:
gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size
2013-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: doc update
2013-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/eo.po.in, po/fi.po.in: Sync with TP.
2013-06-28 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Keep a weak reference on objects
aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where
the C object beneath CRED keeps a pointer to the C object beneath
DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
2013-06-28 Ludovic Courtès <ludo@gnu.org>
* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
than `fileno'. This has no practical impact, but it's a better way to express that
we don't want the file descriptors closed behind our back.
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
documented private extensions
2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
only to post-processing or generation of messages.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: documented dtls behavior.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c: make sure that no DTLS MTU size can
exceed 2^14.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.
2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets
2013-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/cs.po.in: Sync with TP.
2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dh_primes.c: check for zero values when import DH
parameters.
2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in:
Sync with TP.
2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/mini-x509-callbacks.c: Added
gnutls_handshake_set_hook_function() to allow hooks on arbitrary
handshake messages.
2013-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/announce.txt: added BCC to avoid forgetting it in the future
2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update
2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: avoid the introduction of a new function to
disable replay protection.
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main: changed port to avoid conflicts
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: small update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: removed unused var
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
auto-gen'ed files
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
gnutls_record_overhead_size2().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: doc update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
protection can now be disabled.
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: doc update
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
lib/libgnutls.map: Added gnutls_cipher_get_tag_size().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/libgnutls.map: Added gnutls_certificate_set_trust_list().
2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
lib/gnutls_sig.c: explicit tests for non-null version
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
timeout documentation; reported by Sebastien Decugis.
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/ar-lib: updated file
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/test-driver, configure.ac: require automake 1.12.2 for
guile.
2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: SECURE -> SECURE128
2013-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* guile/tests/priorities.scm: corrected priority strings
2013-06-06 Martin Storsjo <martin@martin.st>
* extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
implicitly via gnutls_int.h, if the nettle include directories
aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-06-06 Martin Storsjo <martin@martin.st>
* src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-06-06 Ludovic Courtès <ludo@gnu.org>
* guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
Automake 1.12+.
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
to libcrypto.la
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/Makefile.am: correctly place cflags
2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi: discourage usage of anonymous
authentication
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
m4/hooks.m4: Directly link to gmp library. Based on original patch
by Alon Bar-Lev <alon.barlev@gmail.com>.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
updates for tests to run under win32
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: null terminate strings in windows
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/pkcs12: fix windows extension
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs1-padding/Makefile.am: avoid running tests which require
datefudge in windows
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: avoid struct sigaction in win32
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: Avoid comparing the expiration date
to prevent false positive error in 32-bit systems.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.
2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pathlen: Avoid comparing the expiration date to
prevent false positive error in 32-bit systems.
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated from 3.2.1
2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check for suse's CA bundle file
2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/privkey.c: call cleanup and deinit on the correct
number of parameters
2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pk.c: avoid calling clear on null values
2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
pkg-config to detect nettle
2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-xssl.c: ignore sigpipe
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
curves even when using SSL 3.0. This works around a bug on openssl
in certain Debian systems.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/LINGUAS, po/eo.po.in: Sync with TP.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-xssl.c: updated xssl.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: document sizes
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: more precise calculation of overhead
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in:
revert prototype move
2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am:
doc update
2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
copy on decryption.
2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher_int.h: corrected likely()
2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
various ciphers in tests.
2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: avoid delays by using a reliable
transport layer.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: removed test file from repository
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record.c: avoid delays by using a reliable transport
layer.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
copy at encryption.
2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: eliminated unused variable
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
Report by Mann Ern Kang.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
simplified code by passing an mbuffer.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: always set hash length
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c:
corrected bug with _gnutls_dsa_q_to_hash() usage introduced
previously
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/algorithms.h,
lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
protocol version properties.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
lib/algorithms.h, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
lib/algorithms/protocols.c, lib/algorithms/sign.c,
lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_int.h: simplified access to cipher and mac properties
to reduce wasted cycles.
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* extra/gnutls_openssl.c: modified openssl compat API to use the
exported API
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: no longer export internal hash functions
2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-hello-verify.c: removed memory leak
2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions
2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mbuffers.c: avoid calloc
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: fixes in record version checking
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: use sigaction instead of signal in gnutls-cli
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Revert "break the loop when a SIGALRM has been
received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.
2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: relax check on requirement on headers
for libopts. Reported by Mark Brand.
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Improved record version checks
2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
hello verify message
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mac.c: fail on wrong key sizes
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_dtls.c: corrected record overhead calculations
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: more detailed error
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: corrected resumption check
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated doc
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: Allow record layer packets with version less
than the negotiated. Allowing such records avoids issue in DTLS client hello request
verification.
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls.pc.in: removed undefined variable
2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
gnutls_session_set_id() was added
2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: break the loop when a SIGALRM has been received
2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: configure proceeds if regex library
isn't found
2013-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: documented function behavior
2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: corrected typo
2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
lib/opencdk/sig-check.c, lib/x509/common.c,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
lib/xssl.c, libdane/dane.c: several updates
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: print message on certificate verification
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pem-decoding: more verbose messages
2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
* tests/eagain-common.h: When retrying gnutls_record_send due to
GNUTLS_E_AGAIN, also try passing null data and length. Tests will
fail after this patch until next patch is applied that fixes a bug
in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/gnutls_record.c: If gnutls_record_send fails with
GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
Metzler
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.2.0
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-gtls-examples.texi: simplified node referencing and add
NEW_PADDING in doc
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: increased revision
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: doc update
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphersuites.c: Added more options for
salsa20 ciphers
2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/m4/libopts.m4: applied libregex patch
2013-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
comments to compile in old MacOSX systems. Reported by Ryan Schmidt.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-auth.texi: doc update
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/alpn.c: clarified doc
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: updated for new autogen
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-alpn.c: updated for new api
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: updated path
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: corrected API usage.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
for the NO_APPLICATION_PROTOCOL alert for ALPN.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
src/common.c: Improved ALPN support in gnutls-cli
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
src/srptool-args.c, src/srptool-args.h: updated libopts generated
files.
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/Makefile.am, src/libopts/README,
src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
src/libopts/compat/windows-config.h, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
src/libopts/libopts.c, src/libopts/load.c,
src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
src/libopts/makeshell.c, src/libopts/nested.c,
src/libopts/numeric.c, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
updated libopts to autogen 5.17.3
2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/cli.c: Added --alpn option to cli
2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/mac.c: Added umac-128
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
key purpose in certificate requests
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
disabled. Reported by Linus Nordberg.
2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
reported by Etan Reisner.
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c:
updated include files
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: simplified code
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/anonself.c, tests/certder.c,
tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
tests/chainverify-unsorted.c, tests/chainverify.c,
tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
tests/mini-eagain-dtls.c, tests/mini-eagain.c,
tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
tests/mini-loss-time.c, tests/mini-record-range.c,
tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
tests/mini-termination.c, tests/mini-x509-2.c,
tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c,
tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
tests/set_pkcs12_cred.c, tests/setcredcrash.c,
tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
tests/suite/mini-record-timing.c, tests/utils.h,
tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
running tests disable PKCS #11 support to avoid detecting memory
leaks from PKCS #11 libraries.
2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc update
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/Makefile.am: link explicitly to librt
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
configure.ac, gl/Makefile.am, gl/gettime.c,
gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
src/benchmark.h, tests/suite/Makefile.am,
tests/suite/mini-record-timing.c: Avoid linking the library on
librt.
2013-04-27 Stef Walter <stefw@redhat.com>
* tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
tests/cert-tests/pem-decoding: Added test for escaping rules.
2013-04-27 Stef Walter <stefw@redhat.com>
* lib/x509/common.c: Add the standard description OID to those
recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
the LDAP way, and avoid escaping hex encoded values. Report and
initial patch from Stef Walter.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h: Do not include null
terminator in DN string. When printing an unknown DN string as hex do not include the null
terminator. Reported by Stef Walter.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Link against pthread only when pthread_mutex_lock
isn't in libc
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c: initialize the digest after
output on padlock.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
src/pkcs11.c: read_yesno() accepts a default value. By default
certificates are marked as ok for signing and encryption.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
from hashes
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
separately. It is implied by nettle's output function.
2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: updated documentation
2013-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
src/benchmark.h: updated benchmark output
2013-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated TODO list
2013-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
pass argument on PKCS #11 keys.
2013-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/sha-padlock.c: corrected memory leak in
padlock_hash_fast()
2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: mention about experimental protocols
2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: nettle 2.7 is required
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi: doc update
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi: Added documentation on public key API.
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
string VERS-DTLS-ALL
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
m4/hooks.m4: nettle 2.7 is required
2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected doc
2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27
2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
src/benchmark-tls.c: Added ESTREAM salsa20 cipher.
2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/mac.c: better naming of functions
2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
implementation
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: added note about LGPLv3
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system_override.c: doc update
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: use unlikely
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented update
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
tests/mini-alpn.c: Added support for the ALPN extension.
2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_constate.c: removed unused variables
2013-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
checks
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: updated
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
doc/cha-tokens.texi, lib/gnutls_x509.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_certificate_set_x509_key_mem2() and
gnutls_certificate_set_x509_key_file2()
2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
updates
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphers.c,
lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h:
removed TLS export key generation
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/algorithms/kx.c, lib/algorithms/publickey.c,
lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
RSA-EXPORT ciphersuites.
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
lib/algorithms/protocols.c, lib/gnutls_priority.c,
lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
support for DTLS 1.2
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/gnutls.h.in: deprecated
gnutls_privkey_sign_raw_data()
2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c: updates in range handling code.
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-record-range.c: Added test for
record ranges.
2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/ecdhe.c: Set the curve priority to calling derive.
2013-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: reduce the number of temp variables in ECDH
2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: print the signatures used.
2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
lib/gnutls_session_pack.c, lib/gnutls_sig.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_sign_algorithm_get_client()
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
implementation to match the rest of the library
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: updated text
2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: gnutls_pong() returns zero on success.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.h: removed function that didn't exist
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-heartbeat.c: Check all error conditions.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
Joke de Buhr).
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
lib/nettle/ecc_projective_add_point_ng.c,
lib/nettle/ecc_projective_check_point.c,
lib/nettle/ecc_projective_dbl_point_3.c,
lib/nettle/ecc_projective_isneutral.c,
lib/nettle/ecc_projective_negate_point.c,
lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
code from gnutls. Use nettle's implementation.
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: corrected issue in ecccertfile option
2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: make a short list of the available PK
algorithms
2013-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
and verification flags to operate in RSA raw mode (as used in TLS).
2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
for a wrong version in the RSA PMS.
2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c:
convert gnutls versions to TLS major-minor in a single function.
2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/license-gnutls.txt,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/ext/status_request.h, lib/gnutlsxx.cpp,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.h: changed license headers to 2.1. Reported by
Andreas Metzler.
2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: updated copyright
2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
lib/crypto-api.c, lib/includes/gnutls/crypto.h,
lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: corrected file location
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c: use return instead of exit
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: use the proper defines
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
fingerprints. Reported by Joke de Buhr.
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-auth.c: openpgp-auth tests
gnutls_openpgp_set_recv_key_function() as well.
2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
external key signing and TLS 1.2
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark.c: use clock_gettime when we can
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c: removed R20
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
src/benchmark-tls.c: Salsa20R20 -> Salsa20
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, tests/gc.c: use the exported variant of
_gnutls_hmac_fast().
2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/accelerated/cryptodev.c,
lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
now be used for other MAC algorithms, like UMAC. UMAC-96 and
UMAC-128 were conditionally added.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
cipher to the new padding format.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.
2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: search only for slots with tokens and avoid caching
to prevent issues with multiple threads.
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/gnutls_privkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_privkey_status()
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: avoid internal error
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: use correct type for rv
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
not on initialization.
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: documented the new configure options
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
key parameters are overwritten with zeros on deinitialization.
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib:
doc updates
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: simplified text
2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_privkey_sign_raw_data()
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c: simplified code
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: gnutls-serv may run without certificate, but will
issue a warning
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: gnutls-serv issues an error if no certificate and key
pair was set.
2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
2013-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
several ifdefs to avoid using disabled code.
2013-03-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
*_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509
"Key Identifiers" in GnuTLS' found either at
http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
2013-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()
2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/rsa_export.c,
lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE.
2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: removed unneeded code
2013-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: When requesting DANE data resolve a service name into a
port number. Reported by James Cloos.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: removed
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: avoid duplicate memory allocation in
_gnutls_x509_get_dn()
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/dane-test.rr: The default dane output is type 03
now.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
proper also when loading a private key.
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
GNUTLS_TPMKEY_FMT_RAW
2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c:
return unimplemented feature on encounter of a known but unsupported
url
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
src/danetool.c: updates in danetool
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac: Added configure option to disable the
build of tests.
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, src/certtool-args.c,
src/certtool-args.def, src/certtool-args.h: updated example
template.
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ecore/src/lib/Ecore.h: updated
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509_b64.c: corrected allocation size
2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: simplified text
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Fixes in cpu and cross-compilation detection
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: check revocation prior to reading local certs.
2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: deinitialize the certificate
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: When cross compiling do not check for ca
certificates.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: auto-detect CA certificates only if
with-default-trust-store-file is not provided.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected parameters.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
tests/x509cert-tl.c: Added functions that remove certificates from a
trust list.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/includes/gnutls/dane.h: updated doc
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: Check for revoked certs in android and do not add.
Suggested by David Woodhouse.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected add_system_trust() in the unsupported
system case.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
optimizations on certificate comparisons including DN. This speeds
up CA certificate loading, and certificate verification.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: Revert "When making the hash list of the
CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: When making the hash list of the CAs avoid
calling get_raw_*_dn() which is very costly.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
allocated buffer.
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Removed unused code.
2013-03-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/x509/x509_write.c: fix description of id_size parameter
2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: handle the interesting variance between directories
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: test for ANDROID or __ANDROID__
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/ar-lib: updated
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.
2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls.pc.in: corrected link
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: removed Werror from automake rules
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: Added flag
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, ChangeLog: removed
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
of programs that cannot be.
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: more simplifications to
gnutls_x509_trust_list_add_system_trust()
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: corrected reading from directory.
2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
to work in android 4.x.
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: More cleanups in
gnutls_x509_trust_list_add_system_trust()
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Select CPU optimizations based on target cpu rather
than the host.
2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/system.c: some simplifications in
gnutls_x509_trust_list_add_system_trust()
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
compatible with devices like android that don't support AES
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/invoke-danetool.texi, libdane/dane.c,
libdane/includes/gnutls/dane.h, src/danetool-args.c,
src/danetool-args.def, src/danetool-args.h, src/danetool.c,
tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
for DANE to enforce verification and restrict it to a field.
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, ChangeLog: added empty ChangeLog
2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
gl/tests/test-binary-io.c, gl/tests/test-bind.c,
gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
gl/tests/test-close.c, gl/tests/test-connect.c,
gl/tests/test-dirent.c, gl/tests/test-dup2.c,
gl/tests/test-environ.c, gl/tests/test-errno.c,
gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
gl/tests/test-fgetc.c, gl/tests/test-float.c,
gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-frexp.c,
gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
gl/tests/test-func.c, gl/tests/test-fwrite.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
gl/tests/test-getdelim.c, gl/tests/test-getline.c,
gl/tests/test-getopt.c, gl/tests/test-getopt.h,
gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
gl/tests/test-isnanl.h, gl/tests/test-listen.c,
gl/tests/test-locale.c, gl/tests/test-localename.c,
gl/tests/test-lstat.c, gl/tests/test-lstat.h,
gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
gl/tests/test-math.c, gl/tests/test-memchr.c,
gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
gl/tests/test-open.c, gl/tests/test-open.h,
gl/tests/test-pathmax.c, gl/tests/test-perror.c,
gl/tests/test-perror2.c, gl/tests/test-pipe.c,
gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
gl/tests/test-read-file.c, gl/tests/test-recv.c,
gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
gl/tests/test-select-stdin.c, gl/tests/test-select.c,
gl/tests/test-select.h, gl/tests/test-send.c,
gl/tests/test-sendto.c, gl/tests/test-setenv.c,
gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
gl/tests/test-sockets.c, gl/tests/test-stat.c,
gl/tests/test-stat.h, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
gl/tests/test-string.c, gl/tests/test-strings.c,
gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
gl/tests/test-symlink.c, gl/tests/test-symlink.h,
gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
gl/tests/test-sysexits.c, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/unistr/test-u8-mbtoucr.c,
gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk:
updated gnulib
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: Added gnutls_pkcs11_privkey_status
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-certtool.texi,
doc/manpages/Makefile.am: updated
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
lib/gnutls_session_pack.c: small optimizations in session storage
2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: no need to memset during session deinit.
2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
after fork().
2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c, lib/gnutls_handshake.c,
lib/gnutls_session_pack.c: Small fixes.
2013-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
gnutls_pkcs11_privkey_status().
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: doc update
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h:
when verifying a DANE CA constraint make sure that the provided
chain is actually a chain.
2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: doc update
2013-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: mention enable-in in p11-kit config.
2013-02-20 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be
reasonable to include them in GnuTLS even if PSK support is
disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: print info on reinitializor error.
2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
Suggested by Gabor Toth.
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
all modules.
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: return proper error
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: use set_int when needed
2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_datum.c,
lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa.c: better cleanup on error on export case
2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected parsing issue in XMPP data when in a
subject alternative name
2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
the PIN calling in TPM
2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
functions to avoid ugly casting in simple programs.
2013-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
more explicit in DTLS examples to account for LARGE_PACKET error
2013-02-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: corrected export of functions
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()
2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: reduced hash table size
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: doc update
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
-> gnutls_handshake_set_random
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_handshake_set_server_random
2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: properly set close-on-exec.
2013-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-anon.c: avoid ptrdiff_t
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: removed duplicate
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: slow tests moved at the end of the suite
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: simplified cleaning-up in
_gnutls_stream_read and _gnutls_dgram_read
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected extract_digest_info
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
side the verify callback is always being called.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: further relaxed security levels
2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
* Makefile.am, configure.ac: Add option to disable generation of any
documentation for GnuTLS.
2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
* Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am:
Prevent libdane pkgconfig stuff from being installed if libdane
support is disabled.
2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
documented fix.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: reduced the very weak DH level to 768
bits to not reject popular sites that operate on that level.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c: added debugging message to indicate the
number of bits.
2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Do not call the certificate verification
callback if certificates are ignored.
2013-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: avoid memset on the whole record header
length
2013-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/x509/privkey.c: fixed issue in
gnutls_x509_privkey_import2()
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
lib/tpm.c: reference TPMURI
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected typo
2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
with arbitrary key sizes.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
a magic number in front session DB data.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_cipher.c: update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/ca-no-pathlen.pem: test update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-functions.texi, doc/manpages/Makefile.am: update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c:
updated doc
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi: doc update
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_range.c: document limitation
2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
* lib/gnutls_range.c: Make sure we don't fail if writing gets
interrupted
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
included.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented fix
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: postpone the change
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/mini-record-timing.c: updated test
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
timing attack in TLS CBC record parsing.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_record.c: only register
heartbeat if it is enabled.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* COPYING.LESSER: license is again LGPLv2.1
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
m4/hooks.m4: updated heartbeat code, and made it optional.
2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo
2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
LGPLv2.1 in the files their author's agreed to.
2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
to specify trusted CA certificates.
2013-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: added new func
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session_pack.c: corrected session resumption
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_db.c: simplified DB storing
2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* sr
...