GothenburgBitFactory/taskwarrior
1
0
Fork 0
mirror of https://github.com/GothenburgBitFactory/taskwarrior.git synced 2025-08-27 00:57:19 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8766 commits 7 branches 57 tags 42 MiB
Commit graph

71 commits

Author SHA1 Message Date
Paul Beckingham
0de169bb10 Copyright 2018 2017-12-31 19:22:07 -05:00
Paul Beckingham
88ef997d6a Reapplying include removal without libshared update 2017-05-08 17:47:36 -04:00
Paul Beckingham
dbfe220499 Revert "TLSClient: Remove double include" 
This reverts commit 2321c17d8d.
 2017-05-08 17:33:44 -04:00
Tomas Babej
2321c17d8d TLSClient: Remove double include 2017-05-08 21:59:03 +02:00
Tomas Babej
282c59a394 TLSClient: Improve diagnostics 
Task now correctly distinguishes the situation where CA file is present,
but not valid in some sense (empty file, not valid PEM, ..). In this
case the gnutls_certificate_set_x509_trust_file returns 0, as the number
of certificates detected in the file.

The method returns negative numbers for other errors, such as the CA
file itself missing.

Also clarify that when validating client cert/key pair, each of them can
be the source of the problem, not only the cliet certificate file.
 2017-02-18 20:43:21 +01:00
Tomas Babej
66328f97b5 TLSClient: Respect 'allow all' and 'ignore hostname' trust settings 2017-02-18 20:21:42 +01:00
Tomas Babej
a4a704fd37 style: Remove doubled spaces in the error message 2017-02-18 20:20:37 +01:00
Tomas Babej
8c1d625a54 TLSClient: Free error data after extracting error message 2017-02-18 20:19:03 +01:00
Paul Beckingham
39f8e7528e TLS: Now uses SNI 2017-02-11 13:51:02 -05:00
Paul Beckingham
c79ed7cf4c TLSClient: Removed test code 2017-02-09 01:47:54 +01:00
Paul Beckingham
d8227a8439 TLSClient: Typo 2017-02-09 01:45:05 +01:00
Paul Beckingham
0432b9090a TLS: Aligned source with Taskserver 2017-01-10 22:14:51 -05:00
Paul Beckingham
a50e65a134 Copyright update 2017-01-01 12:30:04 -05:00
Paul Beckingham
a7465d58d7 TW-1855: "Well-known" CA certificates not properly auto-loaded 
- Thanks to Flavio Poletti.
 2016-12-19 12:16:22 -05:00
Paul Beckingham
85eb32c87d TLSClient: Added GnuTLS 3.4.6 API support 
- This greatly simplifies cert validation.
 2016-12-19 12:01:01 -05:00
Paul Beckingham
00a7b377cc TLSClient: Corrected version number for API call 2016-12-19 11:59:24 -05:00
Paul Beckingham
efdf0ca4dd TLSClient: Added handshake timeout 2016-12-19 11:58:33 -05:00
Paul Beckingham
6d3af50604 TLSClient: Commented possible need for version protection 2016-12-19 11:57:24 -05:00
Paul Beckingham
e717d13802 TLSClient: Labelled GnuTLS calls with version numbers 2016-12-19 11:56:47 -05:00
Paul Beckingham
355620c640 libhsared: migrating from local to libshared 2016-12-06 07:20:45 -05:00
Paul Beckingham
54c0717cdb TLSClient: Improved C++ core guidelines 2016-11-19 13:12:07 -05:00
Paul Beckingham
08bbf9aa20 TLSClient: Improved C+ Core Guidelines compliance 2016-11-06 01:05:14 -04:00
Paul Beckingham
688d6b658b TLSClient: No longer calls gnutls_global_{de,}init for 3.3.0+ 2016-11-06 01:04:36 -04:00
Paul Beckingham
95f4989f77 Cleanup: Don't use string literals when character literals are needed 2016-10-14 22:27:34 -04:00
Paul Beckingham
641d232dea Copyright: Updated to 2016 2015-12-31 15:06:43 -05:00
Paul Beckingham
1407e0410e TLSClient: Added more diagnostics in debug mode 2015-11-08 17:03:35 -05:00
Paul Beckingham
5c8b7148b4 Task: Moved include to top of list, per flint++ recommendation 2015-11-01 19:59:10 -05:00
Paul Beckingham
5110a83efa Cleanup: Corrected object initialization using {} 2015-10-16 08:22:03 -04:00
Paul Beckingham
5f9a543b1b TLS: Diagnostics 
- When a certificate fails validation, display the full set of reasons, in
  debug mode.
 2015-04-26 20:52:34 -04:00
Paul Beckingham
75775786e6 TLS: Fixed version conditional 
- The call to gnutls_certificate_verification_status_print was protected by an
  #ifdef which had the wrong GnuTLS version number.
 2015-04-26 20:51:46 -04:00
Paul Beckingham
caa8c8e884 TLS: Fixed cert verification bug 
- When a cert was unreadable, instead of exiting verification with a value of
  GNUTLS_E_CERTIFICATE_ERROR, the value was assigned to 'status', which has
  different semantics.
 2015-04-26 20:51:08 -04:00
Paul Beckingham
b7ad091d00 Updated copyright to 2015 2015-01-01 00:00:41 -05:00
Paul Beckingham
2c6b3b3991 TD-79 
- TD-79 Bad error message for wrong hostname configuration (thanks to Jens
        Erat).
 2014-10-23 22:46:50 -04:00
Paul Beckingham
1a1bda18ce TLSClient 
- Rearranged includes, now matches taskd.
 2014-09-18 22:28:47 -04:00
Paul Beckingham
748ca4896f TLS 
- Added many more diagnostics for when GnuTLS calls fail.
- Fixed bug whereby hostname verification failed no matter what.
 2014-09-16 00:02:18 -04:00
Paul Beckingham
01d96c25c4 TLS Errors 
- Added TLS error to output during client init.
 2014-09-15 17:02:52 -04:00
atomicules
7c6618e50a TLSServer/Client need to include <errno.h> on NetBSD 
Same fix applied as per Solaris. See TD-55 and
c60ec0b6ee
 2014-08-23 12:05:00 -04:00
Paul Beckingham
c60ec0b6ee TD-55 
- TD-55 TLSServer/Client need to include <errno.h> on Solaris (thanks to Tatjana
        Heuser).
 2014-05-23 16:23:51 -04:00
Paul Beckingham
7f3e42e4e1 TLS 
- Reworded error messages for bad PEM files (thanks to catern).
 2014-05-12 22:04:01 -04:00
Paul Beckingham
ea6ff48d58 Portability 
- Attempt 4 to eliminate build warning without causing problems.
 2014-05-11 10:44:51 -04:00
Paul Beckingham
325d0d1738 Documentation 
- Mentioned the hostname verification.
 2014-04-05 10:37:53 -04:00
Alexander Sulfrian
7fb1487993 TLSClient: add hostname verifcation 
The CN or subjectAltNames of the TLS certification is now matched with
the hostname connected to.

taskd.trust is now a tristate value (allow all, ignore hostname,
strict) to optionally disable the new hostname verification.
 2014-03-22 13:17:40 -04:00
Alexander Sulfrian
fdcc04d13e TLSClient: add verify_certificate as member function 
Certificate verification is now done in a member function of the
TLSClient, so that the member variables could be accessed.
 2014-03-22 12:55:06 -04:00
Paul Beckingham
40dd95ddfb Code Cleanup 
- Removed debugging and redundant code.
- Removed socket cast.
- Added diagnostic message on handshake fail.
 2014-03-17 18:45:02 -04:00
Alexander Sulfrian
88b94ac2fc TLSClient: do certification verification with old gnutls 
The automatic verification for the server certificate with
gnutls_certificate_set_verify_function does only work with gnutls
>=2.9.10. So with older versions we should call the verify function
manually after the gnutls handshake.

Signed-off-by: Paul Beckingham <paul@beckingham.net>
 2014-03-17 14:38:42 -04:00
Marton Suranyi
c7ebe6b3e2 iBug #1511 
- #1511 sync init crashes if client certification file is empty or invalid
        (thanks to Marton Suranyi).

Signed-off-by: Paul Beckingham <paul@beckingham.net>
 2014-01-31 09:00:28 -05:00
Paul Beckingham
341c2fb474 Bug 
- Removed debugging code.
 2014-01-15 23:19:41 -05:00
Paul Beckingham
8ed92ca498 Copyright 
- Bumped copyright to 2014, ready for release.
 2014-01-01 13:32:22 -05:00
Paul Beckingham
0df30a5be0 Sync 
- Default TLS cipher selection, with override (thanks to Zed Jorarard).
- Updated documentation.
 2013-11-16 15:07:45 -05:00
Paul Beckingham
7fa3f71575 TLS 
- Connected code paths to use CA or trust.
 2013-11-03 12:51:13 -05:00