gnutls:gnutls.git
3 years agoreleased 3.3.11 gnutls_3_3_11
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 08:02:10 +0000 (09:02 +0100)]
released 3.3.11

3 years agobumped version
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 05:09:06 +0000 (06:09 +0100)]
bumped version

3 years agotestcompat: corrected usage of null cipher
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 05:08:33 +0000 (06:08 +0100)]
testcompat: corrected usage of null cipher

3 years agoadded the .check function in FIPS140-2 code
Nikos Mavrogiannopoulos [Wed, 10 Dec 2014 14:40:49 +0000 (15:40 +0100)]
added the .check function in FIPS140-2 code

3 years ago_gnutls_x509_get_dn() always return a null terminated string
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 09:37:25 +0000 (10:37 +0100)]
_gnutls_x509_get_dn() always return a null terminated string

3 years agoif the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed
Nikos Mavrogiannopoulos [Tue, 2 Dec 2014 09:50:45 +0000 (10:50 +0100)]
if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed

3 years agoReorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation()
Nikos Mavrogiannopoulos [Sun, 30 Nov 2014 20:44:10 +0000 (21:44 +0100)]
Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation()

Reported by Tim Rühsen.

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 13:39:58 +0000 (14:39 +0100)]
doc update

3 years agognutls-cli-debug: Added check for whether %NO_EXTENSIONS is required
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 10:47:56 +0000 (11:47 +0100)]
gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required

3 years agognutls_session_get_desc: allow proper printing of the NULL KX
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 09:32:22 +0000 (10:32 +0100)]
gnutls_session_get_desc: allow proper printing of the NULL KX

3 years agognutls_certificate_set_x509_key_*: eliminated memory leak when certificate could...
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 20:52:23 +0000 (21:52 +0100)]
gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed

Reported by Georg Richter.

3 years agognutls-cli-debug: do not print error on unknown protocols
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 21:39:23 +0000 (22:39 +0100)]
gnutls-cli-debug: do not print error on unknown protocols

3 years agodocumented the limitations of the loading functions
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 18:16:42 +0000 (19:16 +0100)]
documented the limitations of the loading functions

3 years agocorrected memleak in read_key_mem()
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 17:54:28 +0000 (18:54 +0100)]
corrected memleak in read_key_mem()

Patch by Georg Richter.

3 years agognutls-cli-debug: Added check for sorted certificate chain
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 12:27:09 +0000 (13:27 +0100)]
gnutls-cli-debug: Added check for sorted certificate chain

3 years agorestore only the documented behavior
Nikos Mavrogiannopoulos [Sat, 22 Nov 2014 09:55:21 +0000 (10:55 +0100)]
restore only the documented behavior

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 20:07:21 +0000 (21:07 +0100)]
doc update

3 years agotests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 19:42:21 +0000 (20:42 +0100)]
tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake

Conflicts:
tests/Makefile.am

3 years agotreat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 19:18:08 +0000 (20:18 +0100)]
treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete

This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2
Reported by Dan Winship. https://savannah.gnu.org/support/?108690

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:41:08 +0000 (15:41 +0100)]
doc update

3 years agoRevert "The priority modifier %LATEST_RECORD_VERSION is now the default"
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:40:57 +0000 (15:40 +0100)]
Revert "The priority modifier %LATEST_RECORD_VERSION is now the default"

This reverts commit 96b408b20fe8707306f38cba6f652556b99a47e4.

3 years ago_rnd_get_event: use memset to avoid valgrind complaints
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 14:38:34 +0000 (15:38 +0100)]
_rnd_get_event: use memset to avoid valgrind complaints

3 years agocompilation fix for FIPS140-2 mode
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:29:08 +0000 (15:29 +0100)]
compilation fix for FIPS140-2 mode

3 years agodeinitialize the OCSP response der data
Nikos Mavrogiannopoulos [Fri, 21 Nov 2014 14:02:40 +0000 (15:02 +0100)]
deinitialize the OCSP response der data

That also makes sure that reinitialization of ASN1 structures
are done when it is required only.

3 years agoNORMAL priority: prioritize the less than 256-bits curves at the lowest level
Nikos Mavrogiannopoulos [Mon, 17 Nov 2014 19:28:17 +0000 (20:28 +0100)]
NORMAL priority: prioritize the less than 256-bits curves at the lowest level

3 years agoproperly reset the zombie mode in FIPS mode
Nikos Mavrogiannopoulos [Sun, 16 Nov 2014 17:27:01 +0000 (18:27 +0100)]
properly reset the zombie mode in FIPS mode

This amends 9158f590f4a18c84fc9eb41877b29d73b30af879

3 years agodoc update
Nikos Mavrogiannopoulos [Sat, 15 Nov 2014 09:34:38 +0000 (10:34 +0100)]
doc update

3 years agoFixed SRTP profile configuration in cli.c and serv.c.
David Weber [Fri, 14 Nov 2014 12:49:24 +0000 (14:49 +0200)]
Fixed SRTP profile configuration in cli.c and serv.c.

I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable
to compile gnutls (./configure complains about gl_INIT and ggl_INIT).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agognutls-cli: print info on the OCSP status request
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 16:30:31 +0000 (17:30 +0100)]
gnutls-cli: print info on the OCSP status request

3 years agouse the original DER/BER data when verifying an OCSP response
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 15:17:58 +0000 (16:17 +0100)]
use the original DER/BER data when verifying an OCSP response

Conflicts:
lib/x509/ocsp.c

3 years agowindows: updated _gnutls_ucs2_to_utf8()
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 07:43:22 +0000 (08:43 +0100)]
windows: updated _gnutls_ucs2_to_utf8()

3 years agognutls-cli-debug: check for OCSP status response
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 06:57:19 +0000 (07:57 +0100)]
gnutls-cli-debug: check for OCSP status response

Conflicts:
src/tests.c

3 years agoadded check for servers that disallow the SSL 3.0 record version
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:16:29 +0000 (09:16 +0100)]
added check for servers that disallow the SSL 3.0 record version

3 years agocorrected crq test case; reported by Andreas Metzler
Nikos Mavrogiannopoulos [Fri, 14 Nov 2014 06:45:49 +0000 (07:45 +0100)]
corrected crq test case; reported by Andreas Metzler

3 years agoset the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 19:56:27 +0000 (20:56 +0100)]
set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback

3 years agornd: removed the packed attribute from event_st
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:27:38 +0000 (09:27 +0100)]
rnd: removed the packed attribute from event_st

That prevents a SIGBUS on solaris sparc systems.
Reported by Thomas Thorberger.

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:22:08 +0000 (09:22 +0100)]
doc update

3 years agoThe priority modifier %LATEST_RECORD_VERSION is now the default
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:18:31 +0000 (09:18 +0100)]
The priority modifier %LATEST_RECORD_VERSION is now the default

This works-around issue with servers that forbit the SSL 3.0
version number from the first packet of the record protocol.

3 years agotestcompat: updated gnutls_3_3_10
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 07:43:28 +0000 (08:43 +0100)]
testcompat: updated

3 years agobumped version
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 07:41:05 +0000 (08:41 +0100)]
bumped version

3 years agodoc update
Nikos Mavrogiannopoulos [Sun, 9 Nov 2014 22:04:52 +0000 (23:04 +0100)]
doc update

3 years agoAdded check with the invalid crq sent by Sean Burford
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:08:00 +0000 (10:08 +0100)]
Added check with the invalid crq sent by Sean Burford

3 years agowhen exporting curve coordinates to X9.63 format, perform additional sanity checks...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)]
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input

Reported by Sean Burford.

3 years agodoc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:38:00 +0000 (08:38 +0100)]
doc update

3 years agodoc: updated text on session tickets
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:35:01 +0000 (08:35 +0100)]
doc: updated text on session tickets

3 years agotools: include arpa/inet.h in socket.c
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 20:46:58 +0000 (21:46 +0100)]
tools: include arpa/inet.h in socket.c

3 years agodoc: use the same port for DTLS client and server
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:18:22 +0000 (19:18 +0100)]
doc: use the same port for DTLS client and server

3 years agopkcs11: pass the correct user type to protected authentication login
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:01:57 +0000 (19:01 +0100)]
pkcs11: pass the correct user type to protected authentication login

3 years agodoc: corrected values for INSECURE level
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 09:22:11 +0000 (10:22 +0100)]
doc: corrected values for INSECURE level

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 08:00:46 +0000 (09:00 +0100)]
doc update

3 years agopkcs11_login: set the correct user type on reauthentication
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:49:54 +0000 (07:49 +0100)]
pkcs11_login: set the correct user type on reauthentication

3 years agopkcs11: force login on tokens that require it
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:30:31 +0000 (21:30 +0100)]
pkcs11: force login on tokens that require it

3 years agoadded support for PKCS #11 keys that require reauthentication and simplified pkcs11_login
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 18:51:04 +0000 (19:51 +0100)]
added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login

3 years agoapplied patch by A. Klitzing to improve compatibile with some apple systems
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:35:21 +0000 (21:35 +0100)]
applied patch by A. Klitzing to improve compatibile with some apple systems

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agognutls-cli-debug: backported changes from 3.4.0 branch
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:32:45 +0000 (19:32 +0100)]
gnutls-cli-debug: backported changes from 3.4.0 branch

3 years agoFix double-free in gnutls_pkcs12_simple_parse()
Chen Hongzhi [Wed, 5 Nov 2014 11:10:43 +0000 (19:10 +0800)]
Fix double-free in gnutls_pkcs12_simple_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
3 years agomytexi2latex: handle na@"ive
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 20:54:49 +0000 (21:54 +0100)]
mytexi2latex: handle na@"ive

3 years agoCleaning up some awkward phrasings.
Chris Barry [Tue, 4 Nov 2014 18:17:20 +0000 (13:17 -0500)]
Cleaning up some awkward phrasings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agoupdated text
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:20:07 +0000 (11:20 +0100)]
updated text

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 20:38:57 +0000 (21:38 +0100)]
doc update

3 years agodoc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport...
Jaak Ristioja [Mon, 3 Nov 2014 19:28:28 +0000 (21:28 +0200)]
doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agodoc: Fixed typo in inline comment of gnutls_transport_set_errno().
Jaak Ristioja [Mon, 3 Nov 2014 19:28:27 +0000 (21:28 +0200)]
doc: Fixed typo in inline comment of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agoupdated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET
Nikos Mavrogiannopoulos [Sun, 2 Nov 2014 14:55:17 +0000 (15:55 +0100)]
updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET

3 years agowhen calling gnutls_x509_crt_get_subject_key_id set the id_size
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 08:59:23 +0000 (09:59 +0100)]
when calling gnutls_x509_crt_get_subject_key_id set the id_size

3 years agodeinitialize the temporary spki data
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 06:44:06 +0000 (07:44 +0100)]
deinitialize the temporary spki data

3 years agotests: added test for gnutls_global_init after all descriptors are closed
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 21:01:43 +0000 (22:01 +0100)]
tests: added test for gnutls_global_init after all descriptors are closed

Conflicts:
tests/Makefile.am

3 years agocorrected check for urandom fd
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:42:21 +0000 (21:42 +0100)]
corrected check for urandom fd

3 years agocorrected exit state from gnutls_global_init
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:46:24 +0000 (09:46 +0100)]
corrected exit state from gnutls_global_init

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:44:17 +0000 (09:44 +0100)]
doc update

3 years agoupdated text for gnutls_fd_in_use() to account the new behavior
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:40:26 +0000 (09:40 +0100)]
updated text for gnutls_fd_in_use() to account the new behavior

3 years agodropped gnutls_fd_in_use, it is no longer necessary
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:34:15 +0000 (09:34 +0100)]
dropped gnutls_fd_in_use, it is no longer necessary

Conflicts:
lib/libgnutls.map

3 years agoWhen gnutls_global_init() is called manually from the application check the urandom...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:32:16 +0000 (09:32 +0100)]
When gnutls_global_init() is called manually from the application check the urandom fd for validity

That addresses the issue where a server closes all open file descriptors
and then calls gnutls_global_init().

Conflicts:
lib/nettle/rnd-common.c

3 years ago_gnutls_dh_generate_key() will account the q_bits
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:18:38 +0000 (16:18 +0100)]
_gnutls_dh_generate_key() will account the q_bits

3 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 10:48:25 +0000 (11:48 +0100)]
doc update

3 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:50:42 +0000 (10:50 +0100)]
doc update

3 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:40:53 +0000 (10:40 +0100)]
doc update

3 years agodo not explicitly refresh rnd state on session deinit
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:43:04 +0000 (10:43 +0100)]
do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

3 years agodisable hardware acceleration by default in solaris
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 22:09:34 +0000 (00:09 +0200)]
disable hardware acceleration by default in solaris

3 years agotests: dtls-stress -r disabled as it causes issues when used with freebsd kernel
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 09:36:17 +0000 (11:36 +0200)]
tests: dtls-stress -r disabled as it causes issues when used with freebsd kernel

3 years agodo not use the ifdef directive in assembly files, as it isn't portable
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:32:44 +0000 (10:32 +0200)]
do not use the ifdef directive in assembly files, as it isn't portable

3 years agocheck and use libnsl (used in solaris)
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:52:36 +0000 (09:52 +0200)]
check and use libnsl (used in solaris)

3 years agouse the .note.GNU-stack in linux systems only
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:44:15 +0000 (09:44 +0200)]
use the .note.GNU-stack in linux systems only

3 years agoupdated gnulib
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:19:21 +0000 (09:19 +0200)]
updated gnulib

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:51:31 +0000 (08:51 +0200)]
doc update

3 years agotests: check the issuer value validity of gnutls_x509_trust_list_get_issuer
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:49:20 +0000 (08:49 +0200)]
tests: check the issuer value validity of gnutls_x509_trust_list_get_issuer

3 years agocorrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_...
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:47:27 +0000 (08:47 +0200)]
corrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_GET_COPY flag

3 years agotests: include minitasn1 when needed
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:15:30 +0000 (22:15 +0200)]
tests: include minitasn1 when needed

3 years agouse HAVE_DANE ifdef for unused functions
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:05:16 +0000 (22:05 +0200)]
use HAVE_DANE ifdef for unused functions

3 years agoexported gnutls_fd_in_use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 19:44:47 +0000 (21:44 +0200)]
exported gnutls_fd_in_use

3 years agodoc update
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 19:17:41 +0000 (21:17 +0200)]
doc update

3 years agodocument gnutls_fd_in_use()
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:35:42 +0000 (16:35 +0200)]
document gnutls_fd_in_use()

3 years agocorrected FIND_OBJECT loop when the token func is used
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:20 +0000 (16:31 +0200)]
corrected FIND_OBJECT loop when the token func is used

3 years agognutls_fd_in_use: mention version
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:49 +0000 (16:31 +0200)]
gnutls_fd_in_use: mention version

3 years agoadded gnutls_fd_in_use() to check whether a file descriptor is in use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 10:19:25 +0000 (12:19 +0200)]
added gnutls_fd_in_use() to check whether a file descriptor is in use

3 years agofips140-2: limit the FIPS code in fips mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 18:00:54 +0000 (20:00 +0200)]
fips140-2: limit the FIPS code in fips mode

3 years agofips140-2: use the FIPS algorithms only when in FIPS140-2 mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 06:50:29 +0000 (08:50 +0200)]
fips140-2: use the FIPS algorithms only when in FIPS140-2 mode

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 20 Oct 2014 18:01:39 +0000 (20:01 +0200)]
doc update

3 years agocerttool: default pkcs-cipher is now 3des as in PKCS #12
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 00:29:51 +0000 (02:29 +0200)]
certtool: default pkcs-cipher is now 3des as in PKCS #12

3 years agognutls-cli: prevent the combination of the -p and --list options
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 11:20:30 +0000 (13:20 +0200)]
gnutls-cli: prevent the combination of the -p and --list options

As -p may be mistaken for --priority that would prevent wrong outputs.

3 years agoavoid d from getting out of scope
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 10:11:02 +0000 (12:11 +0200)]
avoid d from getting out of scope