- 14 Feb, 2019 9 commits
-
-
Tim Rühsen authored
tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom Closes #703 See merge request !926
-
Andy Bailey authored
Signed-off-by:
R. Andrew Bailey <bailey@akamai.com>
-
-
Nikos Mavrogiannopoulos authored
This was not set in all of our CI platforms, and was causing issues in MacOSX. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
x509: corrected issue in the algorithm parameters comparison Closes #698 See merge request !921
-
-
Nikos Mavrogiannopoulos authored
Each certificate has two fields to set the signature algorithm and parameters used for the digital signature. One of the fields is authenticated and the other is not. It is required from RFC5280 to enforce the equality of these fields, but currently due to an issue we wouldn't enforce the equality of the parameters fields. This fix corrects the issue. We also move an RSA-PSS certificate in chainverify that was relying on invalid parameters, to this set of invalid certificates. Resolves: #698Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
Signed-off-by:
Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
Tim Rühsen authored
Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
- 12 Feb, 2019 4 commits
-
-
Tim Rühsen authored
Fix 32bit overflow issue in src/serv-args.def Closes #700 See merge request !922
-
Tim Rühsen authored
Fixing this warning seen on 32bit architectures: serv-args.c: In function 'doOptMaxearlydata': serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow] { 1, 4294967296 } }; ^~~~~~~~~~ Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
-
Tim Rühsen authored
Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
- 10 Feb, 2019 3 commits
-
-
-
Tim Rühsen authored
Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
-
- 09 Feb, 2019 2 commits
-
-
Tim Rühsen authored
bootstrap: refuse to bootstrap if any new dependencies bring gnulib's network stack See merge request !919
-
Nikos Mavrogiannopoulos authored
If gnulib's network stack is brought (due to a dependency) in the library it will make the library unusable to non-gnulib using applications. This prevents windows applications for example to use gnutls, and so on. Even more it is quite hard to catch that issue because our testsuite uses gnulib as well. Instead we try to catch the these modules at import time. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
- 08 Feb, 2019 2 commits
-
-
Nikos Mavrogiannopoulos authored
When negotiating TLS1.3 enforce certificate key usage Closes #690 See merge request !902
-
-
- 07 Feb, 2019 1 commit
-
-
Tim Rühsen authored
Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
- 06 Feb, 2019 4 commits
-
-
Nikos Mavrogiannopoulos authored
The API could return 0 or 1 matching certificates. The case of zero can only happen in client side. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
This only takes into account certificates in the credentials structure. If certificates are provided in a callback, these must be checked by the provider. For that we assume that the credentials structure is filled when associated with a session; if not then the fallback mechanism will not work and the handshake will fail. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Before we would not perform any checks under TLS1.3 or when client certificates are sent, assuming that the certificates used will always be signing ones. However if the user sets up incorrectly a decryption certificate we would use it for signing. This fix makes sure that an error is returned early when these scenarios are detected. Resolves: #690Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
- 04 Feb, 2019 3 commits
-
-
Nikos Mavrogiannopoulos authored
This adds a set of policies regarding issues and merge requests to be enforced by the gitlab-triage bot. That is: - Issues without any label for more than a month are marked with needs attention label - Issues with needinfo label are closed if they are not updated within a month - Merge requests marked as WIP with no update within 5 months are closed. These rules are not enforced automatically; we have to schedule a run of the gitlab-triage bot. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
Nikos Mavrogiannopoulos authored
build: pass NETTLE_LIBS together with HOGWEED_LIBS See merge request !903
-
Nikos Mavrogiannopoulos authored
build: do not generate mech-list.h if p11-kit is not available See merge request !904
-
- 02 Feb, 2019 2 commits
-
-
Dmitry Eremin-Solenikov authored
Compiling GnuTLS with no p11-kit installed will result in a serie of warnings during build time because mech-list.h will be generated even if pkcs11 tool compilation is disabled. Move mech-list.h generation to happen only if pkcs11 is enabled, thus removing these warnings. Signed-off-by:
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-
Dmitry Eremin-Solenikov authored
libhogweed might depend on exact non-system-wide nettle, so let's pass NETTLE_LIBS flags together when using HOGWEED_LIBS. Signed-off-by:
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-
- 31 Jan, 2019 2 commits
-
-
Tim Rühsen authored
Amend error code when SNI name is not accepted Closes #683 See merge request !891
-
Tim Rühsen authored
An illegal/disallowed SNI server name previously generated the misleading message "An illegal parameter has been received.". This commit changes it to "A disallowed SNI server name has been received.". Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
- 30 Jan, 2019 3 commits
-
-
-
-
Dmitry Eremin-Solenikov authored
Nettle library is going to drop nettle-stdint.h. Replace this include with with just <stdint.h>. Signed-off-by:
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-
- 28 Jan, 2019 2 commits
-
-
Tim Rühsen authored
Signed-off-by:
Tim Rühsen <tim.ruehsen@gmx.de>
-
-
- 27 Jan, 2019 3 commits
-
-
-
-
Alon Bar-Lev authored
Signed-off-by:
Alon Bar-Lev <alon.barlev@gmail.com>
-