tlspool
3 weeks agouse getaddrinfo in testsrv.c master
Henri Manson [Fri, 26 Oct 2018 13:49:48 +0000 (15:49 +0200)]
use getaddrinfo in testsrv.c

3 weeks agoCorrections in Python wrappers
root [Wed, 24 Oct 2018 12:27:09 +0000 (12:27 +0000)]
Corrections in Python wrappers
Management of file descriptors was leaking.  The cryptfd was closed
by the tlspool_starttls() call or TLS Pool but also by Python, for
instance when garbage collecting the cryptfd.  This allowed closing
the same socket twice or, more accurately put, closing of the same
file descriptor number.  An intermediate process might have opened
another stream with the same number, and seen it closed.  Yet an
other process might have opened it once again and receive spurious
information from the stashed file descriptor in, say, the syslog()
API or Python sockets.

4 weeks agoImprovements in Python support and installation of Python and includes
Rick van Rein [Tue, 23 Oct 2018 06:57:43 +0000 (06:57 +0000)]
Improvements in Python support and installation of Python and includes

4 weeks agoUpdated #bits for RSA (it used to be 2000 to tease out expectations)
Rick van Rein [Sun, 21 Oct 2018 18:17:30 +0000 (18:17 +0000)]
Updated #bits for RSA (it used to be 2000 to tease out expectations)

4 weeks agoAdded a CMake option for EXPERIMENTAL_SRP, defaulting to OFF.
Rick van Rein [Sun, 21 Oct 2018 14:49:51 +0000 (14:49 +0000)]
Added a CMake option for EXPERIMENTAL_SRP, defaulting to OFF.
SRP support was always a bit experimental, referencing files relative
to the point of invocation.  This did not help stability.  This is now
off by default, but can simply be toggled on in the CMake Cache.

4 weeks agoUpdates, mostly to testdata, to tool modernisations
Rick van Rein [Sat, 20 Oct 2018 16:10:57 +0000 (16:10 +0000)]
Updates, mostly to testdata, to tool modernisations
 - label= become object= in certtool, breaking change?
 - libsofthsm2 is readily available in distributions
 - certtool now produces multiple hashes, and references with SHA1

8 months agoPolishing (#65)
Adriaan de Groot [Tue, 27 Feb 2018 11:22:59 +0000 (06:22 -0500)]
Polishing (#65)

Some reduction of compile warnings and a little extra documentation to help people building from source.

8 months agoCmakeing (#66)
Adriaan de Groot [Tue, 27 Feb 2018 11:22:33 +0000 (06:22 -0500)]
Cmakeing (#66)

Switch TLSPool build entirely to CMake; make DANE optional (not recommended, but needed to get it to build on older Ubuntu's).

14 months agoMerge pull request #63 from adriaandegroot/pulleyback
vanrein [Mon, 28 Aug 2017 06:02:56 +0000 (08:02 +0200)]
Merge pull request #63 from adriaandegroot/pulleyback

CMake-ify

14 months agoMakefile: clean up build
Adriaan de Groot [Fri, 25 Aug 2017 08:43:23 +0000 (10:43 +0200)]
Makefile: clean up build

 - fix Quick-DER pkgconfig name
 - allow specifying BDB flags (needed on FreeBSD)
 - explicitly set c99 standard (where it wasn't set yet)
 - create directories where things will be installed

14 months agoCMake: install all libraries and executables and manpages
Adriaan de Groot [Fri, 25 Aug 2017 16:03:10 +0000 (18:03 +0200)]
CMake: install all libraries and executables and manpages

14 months agotest/: fix C code, add CMake
Adriaan de Groot [Thu, 24 Aug 2017 20:10:06 +0000 (22:10 +0200)]
test/: fix C code, add CMake

 - Run valexp tests through a supporting shell-script. This means
   less futzing with command-pipelines in the CMake code.
 - Run onlinecheck through supporting shell-script.

Fix up C code in test/ dir

 - The declaration of tlog() in internal.h is messed up by
   #defining it as empty, so see the declaration first, before
   #defining it away in the actual code.
 - Better usage message for onlinecheck (test)
 - Pulleybacksim minor pointer signedness fixes
 - Pulleybacksim executable also returns 0 on failure,
   so this test always succeeds.

14 months agotool/: fix C code, add CMake
Adriaan de Groot [Thu, 24 Aug 2017 09:32:43 +0000 (11:32 +0200)]
tool/: fix C code, add CMake

Refactor after finding 3 copies of code

 - Having fixed the same printf() format problems in 3 test
   programs, refactor the runterminal() function to be usable
   for each of those programs.
 - Introduce separate module runterminal.c, which is linked
   into targets through a CMake-level OBJECT library.

Other C fixes:
 - Arguments to main()
 - Minor constness, pointer-signedness fixes
 - Missing parameters for format-string in printf()
 - Constness
 - Lots and lots of format fixes for pgp11_genkey

14 months agolibtlspool: reduce warnings
Adriaan de Groot [Wed, 23 Aug 2017 08:18:04 +0000 (10:18 +0200)]
libtlspool: reduce warnings

 - pid is unsigned, comparison >= 0 is useless

14 months agoPulleyback: reduce warnings
Adriaan de Groot [Fri, 18 Aug 2017 10:11:54 +0000 (12:11 +0200)]
Pulleyback: reduce warnings

 - Pass int to %.*s
 - check() doesn't return anything
 - char vs uint8_t

14 months agoCMake-ify TLSPool (and pulleyback)
Adriaan de Groot [Fri, 18 Aug 2017 09:37:43 +0000 (11:37 +0200)]
CMake-ify TLSPool (and pulleyback)

 - Add top-level stub Makefile.cmake for driving cmake-builds,
   styled on the Quick-DER one. This allows 'make cmake-build'
   to be used to test the CMake system.
 - Find libunbound
 - Find libldns
 - Find p11-kit
 - Find gnutls
 - Find gnutls-dane extensions
 - Find libtasn1
 - Find openldap
 - Always include feature summary

14 months agoMerge pull request #61 from adriaandegroot/fix-build
vanrein [Tue, 22 Aug 2017 10:19:19 +0000 (12:19 +0200)]
Merge pull request #61 from adriaandegroot/fix-build

Fix build

14 months agoLDAP-types: use berelement instead of void
Adriaan de Groot [Tue, 22 Aug 2017 08:54:29 +0000 (10:54 +0200)]
LDAP-types: use berelement instead of void

14 months agoC-style: char vs uint8_t
Adriaan de Groot [Tue, 22 Aug 2017 08:52:47 +0000 (10:52 +0200)]
C-style: char vs uint8_t

14 months agoAdd some constness to parameters of strncatesc
Adriaan de Groot [Tue, 22 Aug 2017 08:50:11 +0000 (10:50 +0200)]
Add some constness to parameters of strncatesc

14 months agoFix string escaping
Adriaan de Groot [Tue, 22 Aug 2017 08:47:01 +0000 (10:47 +0200)]
Fix string escaping

14 months agoTests: try to introduce test for string escaping.
Adriaan de Groot [Tue, 22 Aug 2017 08:46:44 +0000 (10:46 +0200)]
Tests: try to introduce test for string escaping.

14 months agoC-style: char vs uint8_t
Adriaan de Groot [Tue, 22 Aug 2017 08:32:24 +0000 (10:32 +0200)]
C-style: char vs uint8_t

14 months agoC-style: char vs uint8_t
Adriaan de Groot [Tue, 22 Aug 2017 08:27:35 +0000 (10:27 +0200)]
C-style: char vs uint8_t

14 months agoC-style: massage char / uint8_t to reduce warnings
Adriaan de Groot [Tue, 22 Aug 2017 08:17:28 +0000 (10:17 +0200)]
C-style: massage char / uint8_t to reduce warnings

14 months agoLogic-typos
Adriaan de Groot [Tue, 22 Aug 2017 08:08:54 +0000 (10:08 +0200)]
Logic-typos

 - Intended was to check for both flag bits, cf. line 637

14 months agoC-style: simplify setup of validation-expression tables.
Adriaan de Groot [Tue, 22 Aug 2017 07:47:08 +0000 (09:47 +0200)]
C-style: simplify setup of validation-expression tables.

 - original code had UB due to lack of sequence point in the assignment
   of i++ to an expression indexed by i.

14 months agoC-style: drop trailing spaces
Adriaan de Groot [Tue, 22 Aug 2017 07:42:35 +0000 (09:42 +0200)]
C-style: drop trailing spaces

15 months agoTLS_KDH: code not guarded
Adriaan de Groot [Mon, 21 Aug 2017 09:35:50 +0000 (11:35 +0200)]
TLS_KDH: code not guarded

15 months agoAssignment clobbers value in if
Adriaan de Groot [Mon, 21 Aug 2017 09:08:46 +0000 (11:08 +0200)]
Assignment clobbers value in if

15 months agoC-style: reduce pointer-signedness warnings
Adriaan de Groot [Mon, 21 Aug 2017 09:05:48 +0000 (11:05 +0200)]
C-style: reduce pointer-signedness warnings

15 months agoC-style: pointer typo
Adriaan de Groot [Mon, 21 Aug 2017 08:53:49 +0000 (10:53 +0200)]
C-style: pointer typo

 - Use a 10000-byte buffer for the data, instead of a probably-80000-byte
   buffer with the wrong type.

15 months agoC-style: reduce signedness warnings
Adriaan de Groot [Mon, 21 Aug 2017 08:50:38 +0000 (10:50 +0200)]
C-style: reduce signedness warnings

15 months agoC-style: use %p to print pointers
Adriaan de Groot [Mon, 21 Aug 2017 08:49:47 +0000 (10:49 +0200)]
C-style: use %p to print pointers

15 months agoC-style: drop unused printf parameter
Adriaan de Groot [Mon, 21 Aug 2017 08:48:14 +0000 (10:48 +0200)]
C-style: drop unused printf parameter

15 months agoGnuTLS: unhandled enum values made explicit
Adriaan de Groot [Mon, 21 Aug 2017 09:28:22 +0000 (11:28 +0200)]
GnuTLS: unhandled enum values made explicit

15 months agoGnuTLS: fix call
Adriaan de Groot [Mon, 21 Aug 2017 08:47:16 +0000 (10:47 +0200)]
GnuTLS: fix call

 - gnutls_certificate_get doesn't exist in GnuTLS 3.[135]; presumed typo.

15 months agoC-style: drop casts
Adriaan de Groot [Mon, 21 Aug 2017 08:38:31 +0000 (10:38 +0200)]
C-style: drop casts

- (locally) asn1_get_length_ber takes const unsigned char *,
  so the cast is extra and introduces a warning.

15 months agoC-style: swapped format chars lead to warning
Adriaan de Groot [Mon, 21 Aug 2017 08:36:05 +0000 (10:36 +0200)]
C-style: swapped format chars lead to warning

15 months agoC-style: massage char types
Adriaan de Groot [Sun, 20 Aug 2017 22:22:18 +0000 (00:22 +0200)]
C-style: massage char types

15 months agoC-style: lengths (sizes, really) are unsigned
Adriaan de Groot [Sun, 20 Aug 2017 22:20:14 +0000 (00:20 +0200)]
C-style: lengths (sizes, really) are unsigned

15 months agoC-style: reduce signed/unsigned warnings
Adriaan de Groot [Sun, 20 Aug 2017 22:18:36 +0000 (00:18 +0200)]
C-style: reduce signed/unsigned warnings

15 months agoC-style: drop duplicate const, make read-only data
Adriaan de Groot [Sun, 20 Aug 2017 22:16:11 +0000 (00:16 +0200)]
C-style: drop duplicate const, make read-only data

15 months agoC-style: drop trailing spaces
Adriaan de Groot [Sun, 20 Aug 2017 22:15:27 +0000 (00:15 +0200)]
C-style: drop trailing spaces

15 months agoFix-build: remove duplicate flag-setting (with bad pkg-config)
Adriaan de Groot [Sun, 20 Aug 2017 21:16:02 +0000 (23:16 +0200)]
Fix-build: remove duplicate flag-setting (with bad pkg-config)

15 months agoFix-build: for FreeBSD, allow specifying /usr/local/include/db5/ for BDB
Adriaan de Groot [Sun, 20 Aug 2017 21:13:47 +0000 (23:13 +0200)]
Fix-build: for FreeBSD, allow specifying /usr/local/include/db5/ for BDB

15 months agoFix-build: package is named Quick-DER
Adriaan de Groot [Sun, 20 Aug 2017 21:12:30 +0000 (23:12 +0200)]
Fix-build: package is named Quick-DER

16 months agoMerge pull request #59 from arpa2/pulleyback
vanrein [Tue, 4 Jul 2017 09:27:58 +0000 (11:27 +0200)]
Merge pull request #59 from arpa2/pulleyback

Improved transaction handling in PulleyBack plugin (poolback)

16 months agoImproved transaction handling in PulleyBack plugin (poolback)
Rick van Rein [Tue, 4 Jul 2017 09:10:42 +0000 (10:10 +0100)]
Improved transaction handling in PulleyBack plugin (poolback)
 - Collected failures within a transaction as TXN_ABORT transactional state
 - When commit fails, enact a rollback and remove transaction
 - When prepare fails, still need to invoke rollback (see documentation)

21 months agoChanges to accommodate NixOS; thanks to Joachim Schiele <qknight>
Rick van Rein [Mon, 23 Jan 2017 11:23:34 +0000 (11:23 +0000)]
Changes to accommodate NixOS; thanks to Joachim Schiele <qknight>

23 months agoAdded tool/have_db to ensure that at least empty databases exist
Rick van Rein [Fri, 2 Dec 2016 10:48:24 +0000 (10:48 +0000)]
Added tool/have_db to ensure that at least empty databases exist

2 years agoUpdates to testdata so as to build a localid.db that works with TLS-KDH
Rick van Rein [Mon, 17 Oct 2016 23:08:39 +0000 (00:08 +0100)]
Updates to testdata so as to build a localid.db that works with TLS-KDH

2 years agoMerge pull request #46 from arpa2/tls-kdh
vanrein [Mon, 17 Oct 2016 22:09:19 +0000 (00:09 +0200)]
Merge pull request #46 from arpa2/tls-kdh

Integration of TLS-KDH

2 years agoMerge branch 'master' of https://github.com/arpa2/tlspool into tls-kdh
Rick van Rein [Mon, 17 Oct 2016 22:03:10 +0000 (23:03 +0100)]
Merge branch 'master' of https://github.com/arpa2/tlspool into tls-kdh

Conflicts:
testdata/Makefile

2 years agoMerge branch 'tls-kdh' of https://github.com/arpa2/tlspool into tls-kdh
Rick van Rein [Mon, 17 Oct 2016 22:02:01 +0000 (23:02 +0100)]
Merge branch 'tls-kdh' of https://github.com/arpa2/tlspool into tls-kdh

Conflicts:
tool/get_localid.c

2 years agoFixes of memory leaks in TLS-KDH handling
Rick van Rein [Mon, 17 Oct 2016 21:31:02 +0000 (22:31 +0100)]
Fixes of memory leaks in TLS-KDH handling

2 years agoFirst working TLS-KDH system! (Still with possible memleaks)
Rick van Rein [Mon, 17 Oct 2016 19:33:00 +0000 (20:33 +0100)]
First working TLS-KDH system!  (Still with possible memleaks)

2 years agoNow passing Ticket and Authenticator between client and server
Rick van Rein [Thu, 25 Aug 2016 14:42:24 +0000 (15:42 +0100)]
Now passing Ticket and Authenticator between client and server
 - tested for the KDH-only mode, without server certificate
 - including a keytab for `generic/testsrv\@tlspool.arpa2.lab@ARPA2.NET`

2 years agoNow returning properly from cli_kdhsig_encode()
Rick van Rein [Fri, 19 Aug 2016 10:10:18 +0000 (11:10 +0100)]
Now returning properly from cli_kdhsig_encode()
- simply forgot to add terminators to the syntax packers
- have not checked the actual data produced

2 years agoMostly working-ish, with problems in Quick DER and GnuTLS-KDH remaining
Rick van Rein [Fri, 19 Aug 2016 08:34:17 +0000 (09:34 +0100)]
Mostly working-ish, with problems in Quick DER and GnuTLS-KDH remaining
- issue in   TLS Pool: PIN entry does not work
- issue in  Quick DER: der_pack() returns incredibly large size
- issue in GnuTLS-KDH: crashes on gcm/hash size
- issue in GnuTLS-KDH: gnutls_certificate_get_peers() is empty under KDH
This release bails out of cli_kdhsig_encode(), causing GNUTLS_E_USER_ERROR

2 years agoFirst version that seems to get the ticket accross (due to hacks)
Rick van Rein [Wed, 17 Aug 2016 08:08:12 +0000 (09:08 +0100)]
First version that seems to get the ticket accross (due to hacks)
The hacks are marked to be overruled #if TOM_IS_WEG

2 years agoNow running all the way up to the reception of Certificate Request
Rick van Rein [Sun, 3 Jul 2016 18:03:36 +0000 (19:03 +0100)]
Now running all the way up to the reception of Certificate Request
This is in combination with GnuTLS-KDH 63f3e43bfb19a9105004e6dc3b278d5fdec0ff3a

2 years agoWorking up to and including clisrv_cert_retrieve()
Rick van Rein [Sun, 3 Jul 2016 16:02:39 +0000 (17:02 +0100)]
Working up to and including clisrv_cert_retrieve()
 - It fails with GnuTLS error -87, No supported cipher suites have been found.
 - This is after returning a Kerberos ticket (both empty and DER NULL)

2 years agoLast (AFAIK) functional extension to TLS-KDH
Rick van Rein [Sat, 2 Jul 2016 10:13:31 +0000 (11:13 +0100)]
Last (AFAIK) functional extension to TLS-KDH
 - overlooked retrieval of data from client's Ticket into server cmd->...
 - removed cmd->krb_tkt as it was never really needed
 - kept cmd->krb_key for decryption of what comes up next
 - added cmd->krbid_client for client principal, assured by both KDH modes
 - added cmd->krbid_server for server principal, assured by only KDH-Only
 - considering cmd->krbid_XXX to be verified identities after gnutls_handshake()
 - checked against change of server ID after it starts with user-to-user
 - it compiles, but let's not ship it quite yet

2 years agoMisc improvements
Rick van Rein [Fri, 1 Jul 2016 22:10:38 +0000 (23:10 +0100)]
Misc improvements
 - malloc() now matched by free() in cli_kdhsig_encode()
 - better GnuTLS error codes: E_DE/ENCRYPTION_FAILED, etc.

2 years agoAdded srv_kdhsig_decode() to help verification of the Kerberos "signature"
Rick van Rein [Fri, 1 Jul 2016 19:37:55 +0000 (20:37 +0100)]
Added srv_kdhsig_decode() to help verification of the Kerberos "signature"
 - Unpack the EncryptedData
 - Decrypt the EncryptedData with the key at hand
 - Unpack the Authenticator
 - Somewhat validate the Authenticator
 - Deliver information from the Authenticator

2 years agoUpdate on cli_kdhsig_encode()
Rick van Rein [Fri, 1 Jul 2016 18:52:22 +0000 (19:52 +0100)]
Update on cli_kdhsig_encode()
 - new data field in include file

2 years agoIntroduced compiling cli_kdhsig_encode()
Rick van Rein [Fri, 1 Jul 2016 18:51:06 +0000 (19:51 +0100)]
Introduced compiling cli_kdhsig_encode()
 - Construct an Authenticator
 - Deliver it in dec_authenticator
 - Encrypt the Authenticator and wrap it in EncryptedData
 - Deliver that in enc_authenticator

2 years agoCompiling code to supply Tickets as certificates to GnuTLS' TLS-KDH extension
Rick van Rein [Fri, 1 Jul 2016 12:39:13 +0000 (13:39 +0100)]
Compiling code to supply Tickets as certificates to GnuTLS' TLS-KDH extension
 - As a client, provide a service ticket
 - As a KDH-Only server, consider user-to-user mode instead of client-to-service
 - In user-to-user mode, select a server TGT and supply it
 - In client-to-service mode, select no server ticket (instead, supply 0 bytes)

2 years agoLooking good: have_key_tgt() produce a keyblock + creds in various ways
Rick van Rein [Thu, 30 Jun 2016 22:25:53 +0000 (23:25 +0100)]
Looking good: have_key_tgt() produce a keyblock + creds in various ways

2 years agoRemodelled contexts (split for clients / servers) and started have_key_ctx()
Rick van Rein [Thu, 30 Jun 2016 20:17:51 +0000 (21:17 +0100)]
Remodelled contexts (split for clients / servers) and started have_key_ctx()

2 years agoPotential extra precaution at setup of Kerberos.
Rick van Rein [Thu, 30 Jun 2016 14:58:41 +0000 (15:58 +0100)]
Potential extra precaution at setup of Kerberos.

2 years agoPotential extra precaution during startup of Kerberos
Rick van Rein [Thu, 30 Jun 2016 14:58:07 +0000 (15:58 +0100)]
Potential extra precaution during startup of Kerberos

2 years agoAdded keyblock to session, and cleanup at the end of the handshake
Rick van Rein [Thu, 30 Jun 2016 14:11:12 +0000 (15:11 +0100)]
Added keyblock to session, and cleanup at the end of the handshake

2 years agoSetup and cleanup for Kerberos: check colletion support on credential caches
Rick van Rein [Thu, 30 Jun 2016 13:52:10 +0000 (14:52 +0100)]
Setup and cleanup for Kerberos: check colletion support on credential caches

2 years agoCreated configuration variabels for Kerberos keytab,credcache of cli,srv
Rick van Rein [Thu, 30 Jun 2016 13:34:59 +0000 (14:34 +0100)]
Created configuration variabels for Kerberos keytab,credcache of cli,srv

2 years agoFirst attempt at making TLS-KDH work with the TLS Pool
Rick van Rein [Mon, 27 Jun 2016 18:46:00 +0000 (19:46 +0100)]
First attempt at making TLS-KDH work with the TLS Pool

2 years agoAdded priority string with asymmetric certificate type support (RFC 7250)
Rick van Rein [Mon, 30 May 2016 13:45:34 +0000 (14:45 +0100)]
Added priority string with asymmetric certificate type support (RFC 7250)

2 years agoInitial use of proposed GUI for TLS-KDH
Rick van Rein [Mon, 30 May 2016 11:34:14 +0000 (13:34 +0200)]
Initial use of proposed GUI for TLS-KDH

2 years agoFixes of memory leaks in TLS-KDH handling
Rick van Rein [Mon, 17 Oct 2016 21:31:02 +0000 (22:31 +0100)]
Fixes of memory leaks in TLS-KDH handling

2 years agoFirst working TLS-KDH system! (Still with possible memleaks)
Rick van Rein [Mon, 17 Oct 2016 19:33:00 +0000 (20:33 +0100)]
First working TLS-KDH system!  (Still with possible memleaks)

2 years agoUpdate to Handbook, to make it work on tlspool.readthedocs.io
Rick van Rein [Sun, 25 Sep 2016 20:09:41 +0000 (21:09 +0100)]
Update to Handbook, to make it work on tlspool.readthedocs.io

2 years agoAdded the TLS Pool Handbook, first edition.
Rick van Rein [Sun, 25 Sep 2016 20:04:04 +0000 (21:04 +0100)]
Added the TLS Pool Handbook, first edition.
Note: The text previews upcoming name changes for tools!

2 years agoNow passing Ticket and Authenticator between client and server
Rick van Rein [Thu, 25 Aug 2016 14:42:24 +0000 (15:42 +0100)]
Now passing Ticket and Authenticator between client and server
 - tested for the KDH-only mode, without server certificate
 - including a keytab for `generic/testsrv\@tlspool.arpa2.lab@ARPA2.NET`

2 years agoMerge branch 'master' of https://github.com/arpa2/tlspool
Rick van Rein [Wed, 24 Aug 2016 06:57:20 +0000 (07:57 +0100)]
Merge branch 'master' of https://github.com/arpa2/tlspool

2 years agoFixes to improve building
Rick van Rein [Wed, 24 Aug 2016 06:56:50 +0000 (07:56 +0100)]
Fixes to improve building

2 years agoNow returning properly from cli_kdhsig_encode()
Rick van Rein [Fri, 19 Aug 2016 10:10:18 +0000 (11:10 +0100)]
Now returning properly from cli_kdhsig_encode()
- simply forgot to add terminators to the syntax packers
- have not checked the actual data produced

2 years agoMostly working-ish, with problems in Quick DER and GnuTLS-KDH remaining
Rick van Rein [Fri, 19 Aug 2016 08:34:17 +0000 (09:34 +0100)]
Mostly working-ish, with problems in Quick DER and GnuTLS-KDH remaining
- issue in   TLS Pool: PIN entry does not work
- issue in  Quick DER: der_pack() returns incredibly large size
- issue in GnuTLS-KDH: crashes on gcm/hash size
- issue in GnuTLS-KDH: gnutls_certificate_get_peers() is empty under KDH
This release bails out of cli_kdhsig_encode(), causing GNUTLS_E_USER_ERROR

2 years agoMerge pull request #43 from leenaars/patch-4
vanrein [Thu, 18 Aug 2016 12:03:10 +0000 (14:03 +0200)]
Merge pull request #43 from leenaars/patch-4

Minor textual edits of README

2 years agoMinor textual edits of README
leenaars [Thu, 18 Aug 2016 11:50:31 +0000 (13:50 +0200)]
Minor textual edits of README

Is the last part about Windows porting still relevant?

2 years agoFirst version that seems to get the ticket accross (due to hacks)
Rick van Rein [Wed, 17 Aug 2016 08:08:12 +0000 (09:08 +0100)]
First version that seems to get the ticket accross (due to hacks)
The hacks are marked to be overruled #if TOM_IS_WEG

2 years agoMisc changes
Rick van Rein [Thu, 11 Aug 2016 17:31:07 +0000 (18:31 +0100)]
Misc changes

2 years agoMerge pull request #41 from arpa2/configvar-apicall
vanrein [Wed, 10 Aug 2016 13:00:25 +0000 (15:00 +0200)]
Merge pull request #41 from arpa2/configvar-apicall

Configvar apicall

2 years agoAdapted tool/* to newly added tlspool_configvar() call; testdata generates properly
Rick van Rein [Wed, 10 Aug 2016 12:58:14 +0000 (13:58 +0100)]
Adapted tool/* to newly added tlspool_configvar() call; testdata generates properly

2 years agoAdded tlspool_configvar() to libtlspool
Rick van Rein [Wed, 10 Aug 2016 11:13:48 +0000 (12:13 +0100)]
Added tlspool_configvar() to libtlspool
This retrieves a value from a configvar in a default location
Also used it to locate the TLS Pool socket
There is an environment variable to accommodate this
The TLS Pool daemon will not continue to use its own code (efficiency, security)
The tool/* and perhaps tests will later be updated to use this new facility

2 years agoMerge pull request #40 from amarsman/tlspool-gui
vanrein [Tue, 9 Aug 2016 15:24:30 +0000 (17:24 +0200)]
Merge pull request #40 from amarsman/tlspool-gui

fix c++ build: multiple definition errors of pioc_...

2 years agofix c++ build: multiple definition errors of pioc_...
Aschwin Marsman [Tue, 9 Aug 2016 15:04:37 +0000 (17:04 +0200)]
fix c++ build: multiple definition errors of pioc_...

2 years agoUndone overzealous inclusion of changes in QUICKSTART.sh
Rick van Rein [Tue, 9 Aug 2016 14:53:51 +0000 (15:53 +0100)]
Undone overzealous inclusion of changes in QUICKSTART.sh

2 years agoRemoved length valexp_varchars[] dump sequence (DEBUG)
Rick van Rein [Tue, 9 Aug 2016 10:51:45 +0000 (11:51 +0100)]
Removed length valexp_varchars[] dump sequence (DEBUG)

2 years agoUpdated header files to support C++ (notably, g++)
Rick van Rein [Tue, 9 Aug 2016 10:49:25 +0000 (11:49 +0100)]
Updated header files to support C++ (notably, g++)