gergely/taskwarrior-2.x
1
0
Fork 0
Code Issues Actions Packages Projects Releases 1 Wiki Activity
8,649 Commits 5 Branches 55 Tags
f24ea5e56cbf4c91532aade479ee8301a8b8be70
Commit Graph

71 Commits

Author SHA1 Message Date
Paul Beckingham
216d4d63bc Copyright 2018 2018-05-13 23:30:21 -04:00
Paul Beckingham
1f8eae0071 Reapplying include removal without libshared update 2018-05-13 23:21:22 -04:00
Paul Beckingham
9c5e3750c4 Revert "TLSClient: Remove double include" 
This reverts commit 2321c17d8d.
 2018-05-13 23:21:13 -04:00
Tomas Babej
3c1157fe5d TLSClient: Remove double include 2018-05-13 23:20:56 -04:00
Tomas Babej
5c243b6c4c TLSClient: Improve diagnostics 
Task now correctly distinguishes the situation where CA file is present,
but not valid in some sense (empty file, not valid PEM, ..). In this
case the gnutls_certificate_set_x509_trust_file returns 0, as the number
of certificates detected in the file.

The method returns negative numbers for other errors, such as the CA
file itself missing.

Also clarify that when validating client cert/key pair, each of them can
be the source of the problem, not only the cliet certificate file.
 2018-05-13 22:35:42 -04:00
Tomas Babej
4f28f26626 TLSClient: Respect 'allow all' and 'ignore hostname' trust settings 2018-05-13 22:35:18 -04:00
Tomas Babej
0907fbf906 style: Remove doubled spaces in the error message 2018-05-13 22:35:04 -04:00
Tomas Babej
4a27ba8bce TLSClient: Free error data after extracting error message 2018-05-13 22:34:53 -04:00
Paul Beckingham
0a2f6caba0 TLS: Now uses SNI 2018-05-13 22:31:27 -04:00
Paul Beckingham
fa654473c9 TLSClient: Removed test code 2018-05-13 22:28:46 -04:00
Paul Beckingham
1f0df70ac3 TLSClient: Typo 2018-05-13 22:28:38 -04:00
Paul Beckingham
61685714c6 TLS: Aligned source with Taskserver 2018-05-13 22:21:16 -04:00
Paul Beckingham
88516acdaa Copyright update 2018-05-13 20:50:26 -04:00
Paul Beckingham
934f6aeada TW-1855: "Well-known" CA certificates not properly auto-loaded 
- Thanks to Flavio Poletti.
 2018-05-13 20:48:09 -04:00
Paul Beckingham
a67ce9db0e TLSClient: Added GnuTLS 3.4.6 API support 
- This greatly simplifies cert validation.
 2018-05-13 20:47:44 -04:00
Paul Beckingham
55854907a2 TLSClient: Corrected version number for API call 2018-05-13 20:47:24 -04:00
Paul Beckingham
304a6f7a33 TLSClient: Added handshake timeout 2018-05-13 20:47:13 -04:00
Paul Beckingham
41234c4f97 TLSClient: Commented possible need for version protection 2018-05-13 20:47:00 -04:00
Paul Beckingham
40b8aab7d4 TLSClient: Labelled GnuTLS calls with version numbers 2018-05-13 20:46:50 -04:00
Paul Beckingham
8a43f4902d libhsared: migrating from local to libshared 2018-05-13 20:26:34 -04:00
Paul Beckingham
992b41b82a TLSClient: Improved C++ core guidelines 2018-05-13 20:22:37 -04:00
Paul Beckingham
cf66c2a191 TLSClient: Improved C+ Core Guidelines compliance 2018-05-13 20:17:27 -04:00
Paul Beckingham
9a85c45bf7 TLSClient: No longer calls gnutls_global_{de,}init for 3.3.0+ 2018-05-13 20:17:12 -04:00
Paul Beckingham
35e518cbc2 Cleanup: Don't use string literals when character literals are needed 2018-05-13 20:11:49 -04:00
Paul Beckingham
641d232dea Copyright: Updated to 2016 2015-12-31 15:06:43 -05:00
Paul Beckingham
1407e0410e TLSClient: Added more diagnostics in debug mode 2015-11-08 17:03:35 -05:00
Paul Beckingham
5c8b7148b4 Task: Moved include to top of list, per flint++ recommendation 2015-11-01 19:59:10 -05:00
Paul Beckingham
5110a83efa Cleanup: Corrected object initialization using {} 2015-10-16 08:22:03 -04:00
Paul Beckingham
5f9a543b1b TLS: Diagnostics 
- When a certificate fails validation, display the full set of reasons, in
  debug mode.
 2015-04-26 20:52:34 -04:00
Paul Beckingham
75775786e6 TLS: Fixed version conditional 
- The call to gnutls_certificate_verification_status_print was protected by an
  #ifdef which had the wrong GnuTLS version number.
 2015-04-26 20:51:46 -04:00
Paul Beckingham
caa8c8e884 TLS: Fixed cert verification bug 
- When a cert was unreadable, instead of exiting verification with a value of
  GNUTLS_E_CERTIFICATE_ERROR, the value was assigned to 'status', which has
  different semantics.
 2015-04-26 20:51:08 -04:00
Paul Beckingham
b7ad091d00 Updated copyright to 2015 2015-01-01 00:00:41 -05:00
Paul Beckingham
2c6b3b3991 TD-79 
- TD-79 Bad error message for wrong hostname configuration (thanks to Jens
        Erat).
 2014-10-23 22:46:50 -04:00
Paul Beckingham
1a1bda18ce TLSClient 
- Rearranged includes, now matches taskd.
 2014-09-18 22:28:47 -04:00
Paul Beckingham
748ca4896f TLS 
- Added many more diagnostics for when GnuTLS calls fail.
- Fixed bug whereby hostname verification failed no matter what.
 2014-09-16 00:02:18 -04:00
Paul Beckingham
01d96c25c4 TLS Errors 
- Added TLS error to output during client init.
 2014-09-15 17:02:52 -04:00
atomicules
7c6618e50a TLSServer/Client need to include <errno.h> on NetBSD 
Same fix applied as per Solaris. See TD-55 and
c60ec0b6ee
 2014-08-23 12:05:00 -04:00
Paul Beckingham
c60ec0b6ee TD-55 
- TD-55 TLSServer/Client need to include <errno.h> on Solaris (thanks to Tatjana
        Heuser).
 2014-05-23 16:23:51 -04:00
Paul Beckingham
7f3e42e4e1 TLS 
- Reworded error messages for bad PEM files (thanks to catern).
 2014-05-12 22:04:01 -04:00
Paul Beckingham
ea6ff48d58 Portability 
- Attempt 4 to eliminate build warning without causing problems.
 2014-05-11 10:44:51 -04:00
Paul Beckingham
325d0d1738 Documentation 
- Mentioned the hostname verification.
 2014-04-05 10:37:53 -04:00
Alexander Sulfrian
7fb1487993 TLSClient: add hostname verifcation 
The CN or subjectAltNames of the TLS certification is now matched with
the hostname connected to.

taskd.trust is now a tristate value (allow all, ignore hostname,
strict) to optionally disable the new hostname verification.
 2014-03-22 13:17:40 -04:00
Alexander Sulfrian
fdcc04d13e TLSClient: add verify_certificate as member function 
Certificate verification is now done in a member function of the
TLSClient, so that the member variables could be accessed.
 2014-03-22 12:55:06 -04:00
Paul Beckingham
40dd95ddfb Code Cleanup 
- Removed debugging and redundant code.
- Removed socket cast.
- Added diagnostic message on handshake fail.
 2014-03-17 18:45:02 -04:00
Alexander Sulfrian
88b94ac2fc TLSClient: do certification verification with old gnutls 
The automatic verification for the server certificate with
gnutls_certificate_set_verify_function does only work with gnutls
>=2.9.10. So with older versions we should call the verify function
manually after the gnutls handshake.

Signed-off-by: Paul Beckingham <paul@beckingham.net>
 2014-03-17 14:38:42 -04:00
Marton Suranyi
c7ebe6b3e2 iBug #1511 
- #1511 sync init crashes if client certification file is empty or invalid
        (thanks to Marton Suranyi).

Signed-off-by: Paul Beckingham <paul@beckingham.net>
 2014-01-31 09:00:28 -05:00
Paul Beckingham
341c2fb474 Bug 
- Removed debugging code.
 2014-01-15 23:19:41 -05:00
Paul Beckingham
8ed92ca498 Copyright 
- Bumped copyright to 2014, ready for release.
 2014-01-01 13:32:22 -05:00
Paul Beckingham
0df30a5be0 Sync 
- Default TLS cipher selection, with override (thanks to Zed Jorarard).
- Updated documentation.
 2013-11-16 15:07:45 -05:00
Paul Beckingham
7fa3f71575 TLS 
- Connected code paths to use CA or trust.
 2013-11-03 12:51:13 -05:00