aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tweakDavid Carlier2019-05-221-2/+5
|
* Providing little getauxval implementation for Android<18David Carlier2019-05-211-3/+23
| | | | tested with armv7 and ndk 16.
* Merge GH #1957 Accept comments after #endif in amalgamationJack Lloyd2019-05-211-1/+1
|\
| * Fix: allow comments after #endif in amalgamationHannes Rantzsch2019-05-211-1/+1
| |
* | Merge GH #1958 Allow multiple external include/lib dirs in buildJack Lloyd2019-05-212-11/+13
|\ \ | |/ |/|
| * amend documentationRené Meusel2019-05-211-2/+4
| |
| * allow for multiple --with-external-libdirRené Meusel2019-05-211-5/+5
| |
| * allow for multiple --with-external-includedirRené Meusel2019-05-211-4/+4
|/
* Update newsJack Lloyd2019-05-211-1/+1
|
* Merge GH #1956 Further BoGo workJack Lloyd2019-05-213-28/+40
|\
| * Fix runnerJack Lloyd2019-05-211-1/+1
| |
| * More BoGo workJack Lloyd2019-05-213-28/+40
|/
* Update newsJack Lloyd2019-05-211-1/+1
|
* Merge GH #1955 Add BoGo to CIJack Lloyd2019-05-213-4/+31
|\
| * Add BoGo tests to CI buildJack Lloyd2019-05-213-4/+31
| |
* | Fix some Clang warnings in the BoGo shimJack Lloyd2019-05-201-15/+16
|/
* Update newsJack Lloyd2019-05-201-0/+3
|
* Merge GH #1954 Add BoGo test shimJack Lloyd2019-05-2033-201/+2100
|\
| * Fix various issues in TLS found using BoGoJack Lloyd2019-05-2029-199/+479
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
| * Add a shim for testing Botan using BoGoJack Lloyd2019-05-204-2/+1621
| |
* | Don't artificially limit very small RSA keys.Jack Lloyd2019-05-201-1/+6
|/ | | | | | | | | Keys smaller than 384 bits are trivially breakable, but that's true for 512 as well so no reason to draw the line there. Just do 5 bits since the smallest legal RSA key is 3*5 and that handles the integer overflow warning from Coverity which was the original reason for it. GH #1953
* Merge GH #1949 Use OpenBSD's MAP_CONCEALJack Lloyd2019-05-151-0/+4
|\
| * OpenBSD MAP_CONCEAL new flag supportDavid Carlier2019-05-151-0/+4
| |
* | Merge GH #1948 Use getentropy on FreeBSDJack Lloyd2019-05-152-1/+2
|\ \
| * | FreeBSD supports getentropy call since 12.x branchDavid Carlier2019-05-152-1/+2
| |/
* / Deprecate SHA-1 in TLS v1.2Jack Lloyd2019-05-141-0/+2
|/
* Fix warning and bogus assignmentJack Lloyd2019-05-141-2/+2
|
* Update newsJack Lloyd2019-05-141-2/+15
|
* Merge GH #1931 Add Windows certificate storeJack Lloyd2019-05-149-2/+417
|\
| * add some commentsTim Oesterreich2019-05-141-0/+4
| |
| * Apply suggestions from code reviewTim Oesterreich2019-05-141-3/+3
| | | | | | Co-Authored-By: René Meusel <[email protected]>
| * restructure a bit to avoid code duplications and make find_cert more ↵Tim Oesterreich2019-05-144-93/+111
| | | | | | | | efficient, fix CI
| * search certificates by key_id first, if possibleTim Oesterreich2019-05-142-9/+21
| |
| * address some review commentsTim Oesterreich2019-05-142-11/+10
| |
| * fix docu, dont throw in find_crl_forTim Oesterreich2019-05-142-3/+4
| |
| * deduplicate certificates in find_all_certsTim Oesterreich2019-05-145-214/+251
| |
| * add test for subject dns containing UTF8 stringsTim Oesterreich2019-05-142-1/+29
| |
| * search certificates by full subject_dn instead of common name onlyTim Oesterreich2019-05-141-46/+51
| |
| * wrap windows handles into RAIITim Oesterreich2019-05-141-84/+121
| |
| * fix find_cert_by_pubkey_sha1Tim Oesterreich2019-05-142-87/+67
| |
| * add find_cert by key_id functionalityTim Oesterreich2019-05-141-27/+84
| |
| * add all_subjects() functionalityTim Oesterreich2019-05-141-16/+20
| |
| * add windows certstore find_cert and find_cert_by_pubkey_sha1 functionalityPatrik Fiedler2019-05-144-0/+233
|/ | | | Signed-off-by: Patrik Fiedler <[email protected]>
* Increase ASN1_Time maximum allowed year to 3100Jack Lloyd2019-05-132-2/+6
| | | | See #1931
* Merge GH #1945 Add --format option to rng cliJack Lloyd2019-05-105-43/+73
|\
| * Add --format option for RNG cmdletJack Lloyd2019-05-095-43/+73
| |
* | Merge GH #1944 Fix decoding of RSA-OAEP certsJack Lloyd2019-05-103-5/+48
|\ \
| * | Fix decoding of RSA-OAEP certsJack Lloyd2019-05-093-5/+48
| |/ | | | | | | GH #1943
* / Mark some classes as finalJack Lloyd2019-05-094-8/+8
|/
* Update newsJack Lloyd2019-05-091-0/+6
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 13:30:35 +0000