defensive-coding-guide

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	d0d21dd5dd	crypto primitives: added text on getrandom	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	94281f474e	TLS: mention upstream documentation for libraries	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	71593bf178	TLS-Client-NSS: enable AES-GCM	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	d5b32966c7	TLS: document the update-ca-trust	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	3e6ed216b4	Mention only gnutls_certificate_verify_peers3() Also use gnutls_transport_set_int() which requires no casts. Also remove any description of code no longer applicable in Fedora 2X or RHEL7.	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	f37be6a1e4	TLS: gnutls: use gnutls_certificate_set_x509_system_trust Avoid hard-coding any paths and use the function which is portable across operating systems.	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	d4ec7135d2	mention TLS in Transport Layer Security section title	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	52e39dc096	Removed pitfalls mentioned for old versions of GnuTLS Also removed text about explicit initialization no longer applicable. That text did not apply in any recent Fedora or on RHEL7.	2017-03-28 14:17:07 +02:00
Nikos Mavrogiannopoulos	9a936ea6b7	Added a section on usage of Hardware Security Modules (HSM). The NSS parts were contributed by Robert Relyea.	2017-03-28 14:17:00 +02:00
Florian Weimer	767d0ce5ef	Cryptography: Update ciphers list	2016-09-09 09:12:00 +02:00
Eric Christensen	9dc8a003e5	Removed non-Defensive Coding Guide bits and promoted source to root	2016-07-18 10:41:17 -04:00
Florian Weimer	9eb72b454b	GNUTLS: Document that the pitfalls have been addressed Suggested by Nikos Mavrogiannopoulos.	2014-11-13 12:24:37 +01:00
Florian Weimer	0ef43f9121	Update revision history in preparation of publication	2014-10-13 09:54:53 +02:00
Florian Weimer	0c1d3d4683	Shell: Use a snippet for the input validation example Add self-tests to the snippet code. Mention that this construct is bash-specific. Fixes the broken regular expression spotted by Eric Blake.	2014-10-13 09:51:42 +02:00
Florian Weimer	0026cc05cf	Add support for shell snippets	2014-10-13 09:49:48 +02:00
Florian Weimer	b7ec6fc788	Shell: Fix internal reference Spotted by Kamil Dudka. Also use "double expansion" consistently.	2014-10-13 09:34:16 +02:00
Florian Weimer	e23c383775	Shell: Update section on input validation Also mention safety of [[ $var =~ regexp ]].	2014-10-10 16:44:53 +02:00
Florian Weimer	01cf74aac0	Shell: Example code for recognizing non-negative integers	2014-10-10 16:19:15 +02:00
Florian Weimer	2a829115ff	Add a chapter on shell programming	2014-10-10 15:36:28 +02:00
Florian Weimer	fab2049127	Go: Fix typo	2014-10-07 14:16:27 +02:00
Florian Weimer	00ae7f52e5	Go Marshaling: Fix section title	2014-08-14 10:03:03 +02:00
Florian Weimer	18654176d5	Go: Add section on deserialization In particular, warn about information leakage due to object reuse.	2014-08-13 09:44:05 +02:00
Florian Weimer	5bf22d9409	Update revision history in preparation of publication	2014-07-16 17:31:16 +02:00
Florian Weimer	e2bab31055	Update the copyright date	2014-07-16 17:31:16 +02:00
Eric Christensen	172ce9ced9	Removed file not ready for publication	2014-06-27 11:10:27 -04:00
Eric Christensen	a650892eb8	Marked up more fo this chapter	2014-06-27 11:09:50 -04:00
Florian Weimer	e97e4dc0e0	C: Add example for unsigned overflow check	2014-06-06 16:49:27 +02:00
Florian Weimer	01bd3904dc	Serialization: Add section on fragmentation and reassembly	2014-06-06 15:03:32 +02:00
Florian Weimer	f5803d1403	Packaging: Adjust RPM flags of key-related files	2014-06-06 13:33:44 +02:00
Florian Weimer	11ef1e6260	Packaging: Fix RPM macro issue	2014-06-06 13:33:44 +02:00
Florian Weimer	dc0ff1a16e	Packaging: Add section on delayed certificate generation	2014-06-06 13:33:44 +02:00
Eric Christensen	d335815349	Added instructions for generating ECDSA keys	2014-05-30 09:49:40 -04:00
Eric Christensen	72a9fc4d7c	Added installation instructions	2014-05-30 09:16:12 -04:00
Eric Christensen	cd5d541f38	Merge branch 'master' of git+ssh://git.fedorahosted.org/git/secure-coding	2014-05-30 09:07:58 -04:00
Eric Christensen	56f351145b	Added RSA key generation procedures	2014-05-30 09:07:40 -04:00
Florian Weimer	a9229ae8c6	Add auto-generated XML for the Go code snippets	2014-05-30 14:30:31 +02:00
Eric Christensen	76d368729c	Added cipher suite list for HIGH, MEDIUM, LOW, and EXPORT.	2014-05-29 15:16:08 -04:00
Eric Christensen	caf2443da9	Marked guide as draft	2014-05-29 14:53:03 -04:00
Eric Christensen	547d801744	Merge branch 'master' of git+ssh://git.fedorahosted.org/git/secure-coding	2014-05-29 11:53:43 -04:00
Eric Christensen	e9907e4c0b	Started OpenSSL chapter and added it to the guide for testing	2014-05-29 11:53:01 -04:00
Hubert Kario	c0c8caa876	securing TLS - explain SSLRandomSeed further Add infrmation why certain values for SSLRandomSeed make sense and which values are acceptable if we want to preserve security of connections	2014-05-29 17:52:41 +02:00
Eric Christensen	41d933e2db	Added productnumber back in until I can figure out how to remove it and still make the guide build	2014-05-29 11:05:58 -04:00
Eric Christensen	7c3af12ea2	Updated abstract and description	2014-05-28 22:41:13 -04:00
Eric Christensen	167374cdff	Added copyright owner	2014-05-28 22:35:46 -04:00
Eric Christensen	f62a564240	Fixed the Rev Hx for initial creation	2014-05-28 22:34:31 -04:00
Eric Christensen	0c41b02783	Added myself to the author list	2014-05-28 22:33:34 -04:00
Eric Christensen	6f16df3295	Finished annotating the ssl.conf file example	2014-05-28 22:31:48 -04:00
Eric Christensen	25f7118e6d	Started working on explaining the mod_ssl config file.	2014-05-28 16:28:20 -04:00
Eric Christensen	40444c2c1c	Fixed broken ascii	2014-05-28 13:49:41 -04:00
Eric Christensen	3aacde3a8b	Added intro and default ssl.conf file	2014-05-28 11:52:53 -04:00

1 2 3 4 5

231 commits