1. 02 Aug, 2021 1 commit
  2. 31 Jul, 2021 2 commits
  3. 25 Jul, 2021 2 commits
  4. 24 Jul, 2021 1 commit
  5. 15 Jul, 2021 4 commits
  6. 13 Jul, 2021 2 commits
  7. 11 Jul, 2021 1 commit
  8. 10 Jul, 2021 2 commits
  9. 05 Jul, 2021 1 commit
  10. 04 Jul, 2021 1 commit
  11. 02 Jul, 2021 1 commit
  12. 29 Jun, 2021 1 commit
  13. 28 Jun, 2021 1 commit
  14. 25 Jun, 2021 5 commits
    • Michael Catanzaro's avatar
      Require OpenSSL 1.0.2 · 6c706b65
      Michael Catanzaro authored
      This bumps our minimum required OpenSSL from 1.0.1 to 1.0.2. Yippee!
      Unfortunately most of our preprocessor guards are here to protect code
      that requires OpenSSL 1.1.0, so we have to retain most of the guards,
      but at least we can remove a few of them.
      
      There are two places where OpenSSL 1.0.2 guards are used to guard code
      that actually requires OpenSSL 1.1.0. I've updated these to properly
      require 1.1.0.
      
      This might break LibreSSL. I have not investigated to see.
      
      Fixes #166
      6c706b65
    • Hugo Carvalho's avatar
      Update Portuguese translation · fe21d2fa
      Hugo Carvalho authored
      fe21d2fa
    • Yuri Chornoivan's avatar
      Update Ukrainian translation · 8cccc996
      Yuri Chornoivan authored
      8cccc996
    • Michael Catanzaro's avatar
      gnutls: remove manual identity verification code · ffb66818
      Michael Catanzaro authored
      Currently GTlsDatabase and GTlsConnection both rely on GnuTLS to verify
      the peer identity, but GTlsCertificate does it manually. There's no good
      reason for this.
      ffb66818
    • Michael Catanzaro's avatar
      gnutls: fail verification if identity is of unexpected type · 8fe1681b
      Michael Catanzaro authored
      We support GNetworkAddress, GNetworkService, and GInetSocketAddress. If
      we receive some other type of GSocketConnectable, we should fail with an
      error rather than fail to verify the identity.
      
      I doubt this check will be hit in practice, but better safe than sorry.
      8fe1681b
  15. 24 Jun, 2021 6 commits
    • Yuri Chornoivan's avatar
      Update Ukrainian translation · d4d1c262
      Yuri Chornoivan authored
      d4d1c262
    • Michael Catanzaro's avatar
      gnutls: introduce GTLS_GNUTLS_CHECK_VERSION macro · 083346dd
      Michael Catanzaro authored
      This is much less-unwieldy than manually using the version macros. This
      replaces df8146a2.
      083346dd
    • Michael Catanzaro's avatar
      gnutls: perform certificate verification in TLS session context · d94c3313
      Michael Catanzaro authored
      There are several different ways to perform certificate verification
      with GnuTLS, but they all fall into one of two categories:
      
      (a) outside the context of a TLS session
      (b) within the context of a TLS session
      
      (a) is done by g_tls_database_verify_chain() and implemented using one
      of several different functions of gnutls_x509_trust_list_t, e.g.
      gnutls_x509_trust_list_verify_crt2() or one of the related functions.
      This is what we have historically always done.
      
      (b) is what we're now doing here. The recommended way is to use
      gnutls_session_set_verify_cert(), but we can't do that because that
      would leave no way to implement the accept-certificate signal. The other
      way is to use gnutls_certificate_verify_peers3() or one of the related
      functions. This adds additional smarts that are not possible when using
      GTlsDatabase directly. For example, it checks name constraints, key
      usage, and basic constraints. It also checks for stapled OCSP responses.
      Verification will fail if the OCSP response indicates the certificate
      has been revoked. Verification will also fail if the Must-Staple flag is
      set but the OCSP response is missing. Nice!
      
      Incidentally fixes #32
      d94c3313
    • Michael Catanzaro's avatar
      Revert "gnutls: fix the build with GnuTLS 3.7.1" · 550b70ca
      Michael Catanzaro authored
      This reverts commit df8146a2
      550b70ca
    • Carlos Garcia Campos's avatar
      gnutls: fix the build with GnuTLS 3.7.1 · df8146a2
      Carlos Garcia Campos authored
      The new channel binding implementations where added in 3.7.2
      df8146a2
    • Yuri Chornoivan's avatar
      Update Ukrainian translation · 3ac30447
      Yuri Chornoivan authored
      3ac30447
  16. 23 Jun, 2021 9 commits