samba.git/source4/lib/tls, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. s3:lib:tls: Use better priority lists for modern GnuTLS 2020-06-17T17:42:02+00:00 Andreas Schneider asn@samba.org 2020-06-15T09:50:16+00:00 53e3a959b958a3b099df6ecc5f6e294e96bd948e We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184 
We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
s4:tls: Fix generating TLS RSA certs with FIPS140-2 2020-04-08T13:02:39+00:00 Andreas Schneider asn@samba.org 2020-03-13T14:32:27+00:00 ab3394f9f5af71ab904617147dc2e24de77ebcec Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 s4:lib:tls: Fix cert and privkey types 2019-11-19T04:48:29+00:00 Andreas Schneider asn@samba.org 2019-11-18T15:33:23+00:00 71816984c31cd1a392355afdbfdadb0da2d05765 ../../source4/lib/tls/tlscert.c:42:2: warning: ‘gnutls_x509_crt’ is deprecated [-Wdeprecated-declarations] 42 | gnutls_x509_crt cacrt, crt; | ^~~~~~~~~~~~~~~ ../../source4/lib/tls/tlscert.c:43:2: warning: ‘gnutls_x509_privkey’ is deprecated [-Wdeprecated-declarations] 43 | gnutls_x509_privkey key, cakey; | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
../../source4/lib/tls/tlscert.c:42:2: warning: ‘gnutls_x509_crt’ is
    deprecated [-Wdeprecated-declarations]
   42 |  gnutls_x509_crt cacrt, crt;
      |  ^~~~~~~~~~~~~~~
../../source4/lib/tls/tlscert.c:43:2: warning: ‘gnutls_x509_privkey’ is
    deprecated [-Wdeprecated-declarations]
   43 |  gnutls_x509_privkey key, cakey;
      |  ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:lib: Remove gnutls_global_(de)init() from libtls 2019-11-14T08:01:44+00:00 Andreas Schneider asn@samba.org 2019-11-13T12:59:30+00:00 0e159b725ecf2f9a6d026170253e2d1eb73ed0c2 This is handled by the gnutls library constructor/destructor. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This is handled by the gnutls library constructor/destructor.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/tls: Remove unused header definitions from source4/lib/tls/tls.h (tls socket wrapper) 2019-06-26T04:12:32+00:00 Andrew Bartlett abartlet@samba.org 2019-06-24T23:48:37+00:00 69361a43adf369cdbb4ed2044ddb8d720e8db792 These were removed in eb15acdd35600878aba3319e070199200d9a1357 but the header declarations were not removed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
These were removed in eb15acdd35600878aba3319e070199200d9a1357 but the
header declarations were not removed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib/tls: Remove unused source4/lib/tls/tls.c (tls socket wrapper) 2019-05-06T05:46:11+00:00 Andrew Bartlett abartlet@samba.org 2019-05-06T01:45:37+00:00 eb15acdd35600878aba3319e070199200d9a1357 The last caller was removed in 72c79e30f07bcc98610cca878f5de50e7db239a0 to remove the web server as all other callers use tls_tstream. Found by callcatcher. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
The last caller was removed in 72c79e30f07bcc98610cca878f5de50e7db239a0
to remove the web server as all other callers use tls_tstream.

Found by callcatcher.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
waf: Remove configure steps from source4/lib/tls 2019-04-30T23:18:27+00:00 Andreas Schneider asn@samba.org 2018-10-10T12:34:24+00:00 1fa3c9a3cca704d9b647daa002e896f58f42d6e4 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3:tls: Remove #ifdef for GnuTLS 2019-04-30T23:18:26+00:00 Andreas Schneider asn@samba.org 2018-10-10T12:24:51+00:00 daa128f81b71feed15d3d0b490efa9b531e59670 This is a requirement now. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This is a requirement now.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:lib: Use #ifdef instead of #if for config.h definitions 2018-11-28T22:19:24+00:00 Andreas Schneider asn@samba.org 2018-11-21T10:33:51+00:00 788d9f31d5c5def8a042a937b730b5be31543809 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
source4/lib/tls/wscript: update to handle waf 2.0.4 2018-09-05T04:37:24+00:00 Alexander Bokovoy ab@samba.org 2018-02-02T14:34:32+00:00 0c423a3a9285497c5ec4fb40142020ff0fbcece5 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>