- Exhaustive test suite, using NIST's PKI Test vectors,
see http://csrc.nist.gov/pki/testing/x509paths_old.html
and http://csrc.nist.gov/pki/testing/x509paths.html
-- Clean up certtool. Perhaps separate the different functions into
- separate tools. Probably a rewrite is necessary.
-- Make it possible to extract the internal state of a session, to
- be able to execve a new process that take over the current
- living socket (using the fcntl close-on-exec flag) and
- continue the TLS session as well.
-- Reduce memory footprint
- - Inside gnutls_global_init, the library allocates about 64 kb of
- memory in almost 4000 calls to malloc. On my desktop, there are 22
- processes using gnutls, meaning about 1.2 MB of memory usage from
- this alone.
- - Furthermore, gnutls has 24 kb of relocations in the shared
- library. You can see this on a 2.6.16 kernel by reading
- /proc/PID/smaps and looking for:
-
- b71a5000-b71ab000 rw-p 00062000 03:01 3131118
- /usr/lib/libgnutls.so.12.3.6
- Size: 24 kB
- Rss: 24 kB
- Shared_Clean: 0 kB
- Shared_Dirty: 0 kB
- Private_Clean: 0 kB
- Private_Dirty: 24 kB
-
- This means another 24 kb used by each process that makes use of
- libgnutls.
- Make gnutls-cli-debug exit with better error messages if the
handshake fails, rather than saying that the server doesn't support
TLS.