samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-07-22 16:59:09 +03:00

Author	SHA1	Message	Date
Andreas Schneider	94808cc50e	waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Sep 11 08:27:26 UTC 2020 on sn-devel-184	2020-09-11 08:27:26 +00:00
Andreas Schneider	53e3a959b9	s3:lib:tls: Use better priority lists for modern GnuTLS We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184	2020-06-17 17:42:02 +00:00
Andreas Schneider	0b84bc03e8	waf: Check if GnuTLS has support for crypto policies Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-03-19 20:46:41 +00:00
Andreas Schneider	d459ca04fc	libcli:smb: Improve check for gnutls_aead_cipher_(en\|de)cryptv2 This is available since version 3.6.10, but 3.6.10 has a bug which got fixed in 3.6.11, see: https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184	2020-02-04 06:43:59 +00:00
Andreas Schneider	fa255a36df	waf: Check for gnutls_aead_cipher_encryptv2() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>	2019-10-08 12:50:38 +00:00
Andreas Schneider	69be6b8416	waf: Check for AES128 CMAC support in GnuTLS Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-08-21 09:57:32 +00:00
Andrew Bartlett	068da56a20	build: Remove explicit check for HAVE_GNUTLS_AEAD as we require GnuTLS 3.4.7 We strictly require it and if this were to fail we would want the compile to fail. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:31 +00:00
Andrew Bartlett	52b91cb33c	s4-rpc_server: Remove Heimdal-based BackupKey server We rely on a modern GnuTLS now. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:31 +00:00
Andrew Bartlett	974cebdf95	build: Set minimum GnuTLS version at 3.4.7 This will soon be required for encrypted_secrets in the AD DC, the BackupKey server and SMB2 as we remove use of the internal AES code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:31 +00:00
Andreas Schneider	20a42459df	waf: Check for GNUTLS AES CFB support Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-08-21 09:57:29 +00:00
Andreas Schneider	1b9cd2acda	waf: Also check for gnutls_privkey_export_x509() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-05-07 00:11:25 +00:00
Andreas Schneider	712e464fb7	waf: Remove unused GNUTLS defines Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Andreas Schneider	155f697e87	waf: Move check for gnutls_aead_cipher_init to main gnutls wscript Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Andreas Schneider	e35a8598c6	waf: Add check for gnutls_x509_crt_set_subject_unique_id() This is used by the GnuTLS backupkey implementation. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Andreas Schneider	324a2eec86	waf: Move gnutls_pkcs7_get_embedded_data_oid to main gnutls file Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:27 +00:00
Andreas Schneider	382d5908a4	waf: Add mandatory requirement for GnuTLS >= 3.2.0 We plan to move to GnuTLS for crypto in Samba, this is the first step to make it mandatory and to require a version which is in LTS distributions. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-04-30 23:18:26 +00:00

16 Commits