+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.11.3.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/errcodes.c, doc/examples/ex-alert.c,
+ doc/examples/ex-cert-select-pkcs11.c,
+ doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
+ guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
+ guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
+ lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
+ lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
+ lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
+ lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/errors.c,
+ lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
+ lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
+ lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c, lib/x509_b64.c,
+ libextra/ext_inner_application.c, libextra/ext_inner_application.h,
+ libextra/gnutls_extra.c, libextra/gnutls_ia.c,
+ libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
+ src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
+ src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
+ src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
+ tests/anonself.c, tests/certder.c,
+ tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nul-in-x509-names.c, tests/openpgp-auth.c,
+ tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
+ tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/safe-renegotiation/srn0.c,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
+ tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
+ tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
+ tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
+ 2.2.11).
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/m4/hooks.m4: bumped version
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Revert "Applied last patch of Micah Anderson on
+ IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f.
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/fipsmd5.c: removed unneeded code.
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Applied last patch of Micah Anderson on IKE
+ status.
+
+2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Applied patch on IKE extension by Micah Anderson
+
+2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
+ lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
+ code to support the linux cryptodev extensions. Removed the clone()
+ capability from HMAC. It was never used and having it prevents using
+ it with hardware accelerators that might not have this capability.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Added Micah
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-library.texi, lib/ext_safe_renegotiation.c,
+ lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
+ lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
+ lib/system.c, lib/system.h, libextra/ext_inner_application.c,
+ src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
+ syntax-check errors.
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h: Fix compiler warnings.
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am: Mention new APIs.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by m.drochner@fz-juelich.de in
+ <http://savannah.gnu.org/support/?107449>.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto-api.c: Don't return from void functions. Reported by Dagobert Michelsen <dam@opencsw.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/x509.h: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
+ pkcs8-decode test work on Windows.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c: treat absence of parameters the same as
+ having them disabled.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/resume.c: Corrected behavior on failure (don't crash).
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
+ when restoring extensions during session resumtion.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c: Use more informative logging for
+ extensions.
+
+2010-09-29 Micah Anderson <micah@riseup.net>
+
+ * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
+ lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool.c: Add new extended key usage
+ ipsecIKE According to RFC 4945 § 5.1.3.12 section title
+ "ExtendedKeyUsage"[0] the following extended key usage has been
+ added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY
+ be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is
+ intended to be used with both IKE and other applications, and one
+ of the other applications requires use of an EKU value, then such
+ certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA
+ issues multiple otherwise-similar certificates for multiple
+ applications including IKE, and it is intended that the IKE
+ certificate NOT be used with another application, the IKE
+ certificate MAY contain an EKU extension listing a keyPurposeID of
+ id-kp-ipsecIKE to discourage its use with the other application.
+ Recall, however, that EKU extensions in certificates meant for use
+ in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU.
+ If a critical EKU extension appears in a certificate and EKU is
+ not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU
+ MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
+ was renamed to --p11-*.
+
+2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c: Added some comments and removed unused
+ code.
+
+2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
+ session tickets.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: cleanup of TODO list. Removed very old entries, entries
+ already fixed and added new ones.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
+ lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
+ priorities moved to crypto.c
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: changed the fatality level of some errors.
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
+ Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
+ handshake. If the check_fatal flag is set then
+ GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: fflush stdout and stderr before the call to setbuf.
+ This fixes issue in solaris where lines dissappeared from output.
+ Reported and suggested fix by Knut Anders Hatlen.
+
+2010-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented change
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
+ importing DSA keys are RSA ones.
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: updated revision
+
+2010-09-18 Ludovic Courtès <ludo@gnu.org>
+
+ * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
+ OpenPGP authentication unit test. * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add `srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_alert.c,
+ lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
+ lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c:
+ Explicit symmetric cipher state versionning. This introduces the concept of a "cipher epoch". The epoch number is
+ the number of successful handshakes and is incremented by one each
+ time. This concept is native to DTLS and this patch makes the
+ symmetric cipher state explicit for TLS in preparation for DTLS.
+ This concept was implicit in plain TLS and ChangeCipherSpec messages
+ triggered a "pending state copy". Now, we the current epoch number
+ is simply incremented to the parameters negotiated by the handshake. The main side effects of this patch is a slightly more abstract
+ internal API and, in some cases, simpler code. The session blob
+ format is also changed a bit since this patch avoids storing
+ information that is now redundant. If this breaks library users'
+ expectations, this side effect can be negated. The cipher_specs structure has been removed. The conn_state has
+ become record_state_st. Only symmetric cipher information is
+ versioned. Things such as key exchange algorithm and the master
+ secret are not versioned and their handling is unchanged. I have tested this patch as much as I could. It introduces no test
+ suite regressions on my x64 Debian GNU/Linux system. Do not hesitate to point out shortcomings or suggest changes. Since
+ this is a big diff, I am expecting this to be an iterative process. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants being made in an inline function or macro since it is used throughout the code. This converts 4 line repetitive blocks
+ into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, NEWS, configure.ac: updated for 2.11.1
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
+ #11 URLs. 1st level: Token level. Object is unique up to token.
+ 2nd level: Object is unique up to token and module used to access
+ it. 3rd level: Object is unique up to token and module and version
+ of module used to access it.
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented changes.
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
+ tabs are being skipped.
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
+ _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
+ _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS code to make sure reads are stored
+ in segments that correspond to datagram boundaries. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h: Parenthesize size calculations. This is standard practice and the DTLS code got bit by this. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
+ mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation. maximum_size is the maximum size of the payload, not including
+ overhead. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
+ a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
+ API. After a year of not hacking GnuTLS, I needed to look at the code to
+ know how mbuffers work. This will make it much easier for anybody
+ not familiar with this code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated NEWS.
+
+2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
+ conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11
+ provider library (module) can be specified thus restricting objects
+ within a single provider.
+
+2010-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_record.c: When the %COMPAT flag is specified, larger
+ records that would otherwise violate the TLS spec, are accepted.
+
+2010-08-28 Brad Hards <bradh@frogmouth.net>
+
+ * src/certtool.c, src/pkcs11.c: Show which option is the default for
+ command line tools. We use "y/N" is most places - this just adapts two places that use
+ "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: prevent a memory leak in the unique_id functions.
+
+2010-08-20 Brad Hards <bradh@frogmouth.net>
+
+ * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
+ lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
+ identified in a previous mail, I've added support for accessing /
+ displaying the subjectUniqueID and issuerUniqueID fields within an
+ X.509 certificate. This is provided (along with a test case) in the
+ attached patch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h: By default lowat is set to zero.
+
+2010-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Revert "When scanning for terminator character for
+ PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Added Sjoerd.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: oldstate var removed.
+
+2010-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
+ every two attempts. That is to remove probabilities.
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
+ data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294.
+ gnutls_record_send needs to return the amount of user-data we sent,
+ so we need to keep this information somewhere to return it when we
+ succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_handshake.c: Check whether the error is fatal in more
+ cases When stressing the async API of gnutls a lot of internal errors are
+ hit as IMED_RET clears the handshake hash buffers as a result of
+ -EAGAIN even though it would never be re-initialized at that point,
+ but is still needed in later stages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
+ the handshake buffer A seperate state is needed between flushing the handshake buffers
+ and sending the chipher spec change otherwise it's impossible to
+ determine whether _gnutls_send_change_cipher_spec is called for the
+ first time or again. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/nettle/mpi.c: Fix warning.
+
+2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
+ no longer marked as unsupported.
+
+2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
+ lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
+ lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
+ SHA-224/384/512 and support for DSA2 when using nettle.
+
+2010-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: When scanning for terminator character for PKCS #11
+ URLs ignore escaped \;.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
+ ciphersuites.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_signature.c: When signature algorithms extension is not
+ received allow SHA1 and SHA256.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Avoid fixed size buffers (now handles the big >100
+ SAN cert).
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Re-add old NEWS entries.
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Doc fix.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
+ success.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c:
+ gnutls_x509_privkey_import() will fallback to
+ gnutls_x509_privkey_import_pkcs8() without a password, if it is
+ unable to decode the key.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c:
+ Added GNUTLS_PK_DH to differentiate in the generation of parameters
+ with PK_DSA that requires special treatment.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
+ levels.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
+ certificates.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
+ normal and reporting them as low.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
+ lib/x509/privkey.c, src/certtool.c,
+ tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
+ parameters to key sizes matching (via a single table). Added
+ functions to return the security parameter of a private key.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Simplified documentation.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/mpi.c: Follow ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
+ lib/gnutls_algorithms.c: Updated documentation and
+ gnutls_pk_params_t mappings to ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
+ yearly report (2009-2010) recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * gtk-doc.make: ignore html errors otherwise make dist doesn't work.
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated NEWS
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added option for certtool to print
+ certificate public key.
+
+2010-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
+ RSA. Some microsoft products were using it. Reported by Mads
+ Kiilerich.
+
+2010-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.
+
+2010-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
+ Will stay there until it is moved to nettle itself.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/system.h: fixed
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
+ lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
+ is used if /dev/urandom is not present.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
+ lowat behavior. Documented that it will be deprecated in later
+ versions.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
+ instead print LF only.
+
+2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
+ lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
+ lib/system.h: system specific functions were moved to system.c
+
+2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
+ using writev(). This takes advantage of the new buffering layer and
+ allows queuing of packets and flushing them. This is currently used
+ for handshake messages only. Performance-wise the difference of
+ packing several TLS records in a single write doesn't seem to offer
+ anything over ethernet (that my tests were on). Probably on links
+ with higher latency there would be a benefit.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi: Removed old reference.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
+ demonstrating the verification procedure.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-serv-export.c: Example with export ciphersuites was
+ removed.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pubkey.c: corrected typo
+
+2010-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
+ fastest choice.
+
+2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c: Do not crash if input is redirected from
+ /dev/null.
+
+2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa:
+ Changed the default pkcs-cipher to AES-128. Allowed specifying the
+ 3des-pkcs12 cipher with the --pkcs-cipher option.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Use double to count bytes.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Added a windows version of the RNG.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Corrected locking usage in nettle's random
+ subsystem.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h:
+ Fixed to compile under mingw32.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
+ lib/pakchois/pakchois.c: Locks were converted to be in align with
+ posix locks to easier wrap around them.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
+ pakchois will use gnutls locks and will use a portable dlopen() to
+ allow compilation in win32 (untested).
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am: Added missing files
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
+ lib/libgnutls.map: Allow encryption and decryption that are not
+ in-place only.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Print values in a human-readable format and do
+ the calculations in fixed time to prevent stalling in slow systems.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: corrected library version
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
+ callback function in common.c will cache PIN if requested for second
+ time.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
+ PIN callback. The new approach will be to provide enough information
+ for the callback to save the PIN itself.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/init.c: removed unneeded function.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/locks.c: Do not allow setting NULL lock functions
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: corrected lock usage.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: bumped library version
+
+2010-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/Makefile.am: Include abstract.h in releases.
+
+2010-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c: Correctly deinitialize crypto API handles.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
+ HANDSHAKE_MAC_TYPE_12.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
+ code. Locking functions always exist but are dummies if no locks
+ have been set.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
+ lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
+ lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c:
+ Initialization of crypto libraries moved outside main gnutls code.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/locks.c, lib/locks.h: Moved locking code to special file.
+
+2010-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.
+
+2010-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c:
+ When copying a private key the sensitive flag can be set or not.
+ This allows copying private keys that can be exported.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
+ src/pkcs11.c: Combined object flags. No implicit login any more.
+ Login has to be specified with a flag on every call that could use
+ it.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
+ code.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
+ flags when importing objects from PKCS11 URLs. The only flag
+ supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
+ before accessing object on a token. The reason is that some tokens
+ do not allow access of any data without login.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: Added AES-128 to block ciphers.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session_pack.c: Corrected writing and reading order of
+ security parameters.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
+ allow setting alternative locking procedures. By default the system
+ available locking is used. In *NIX pthreads are used and in windows
+ the critical section API. As a side effect this change avoids any API dependance on libgcrypt
+ even if threads are used.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
+ was checking whether verification using a trusted insecurely signed
+ self signed certificate will fail against a chain that has this as
+ intermediate. However this test should have succeeded since the
+ insecure certificate is trusted. This isn't the purpose of this test however. It should have checked
+ whether using the same certificate as trusted and to be verified and
+ the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/chainverify.c: Fail on error.
+
+2010-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: When generating private key allow usage of
+ --pkcs-cipher flag.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h:
+ MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
+
+2010-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: We also require GNU make.
+
+2010-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
+ silent build rules. Suggested by Vincent Torri <vincent.torri@gmail.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
+ functions.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: removed OPRFI from makefile.
+
+2010-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: When verifying certificates use the same
+ algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
+ we were shortening certificate list if the flag was not set by the
+ size of the first certificate found in the trusted list, and keep
+ the list intact otherwise. Now we shorten the list in the latter
+ case as well, except for the first certificate.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Added news entry for EV-certificates.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
+ Added test to check whether the %COMPAT option is required for this
+ server.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
+ the new session packing code. Saving absolute positions in buffers
+ is no longer done. Now we store only and offset to allow
+ reallocating the buffer and still do the correct reference.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
+ lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
+ code that relate to SSL 3.0.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac: version is 2.11.0
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Some updates on renegotiation text
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
+ topic. I don't think they should be in the documentation.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Corrected example with %COMPAT.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
+ discussion.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: corrected text on AES
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Only save PIN if login was successful.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
+ Metzler
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Allow setting debug level via cmd.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c: Explicitely terminate cryptodev sessions.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
+ longer needed "active" variable.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented some of the changes
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
+ internal hash/hmac and cipher functions.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
+ Certtool has now the --pkcs11-list-privkeya option.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_privkey.c: Send correct token name to callback.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
+ actual errors.
+
+2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c:
+ Added option to the PKCS11 PIN callback to save PIN if the token is
+ being used with a single pkcs11_privkey structure.
+
+2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_privkey.c: For Private key operations new sessions are
+ opened when are needed. This makes the usage of the PKCS11 API
+ thread safe. The only drawback is the requirement to enter PIN on
+ every operation.
+
+2010-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: gnutls-cli: Make --starttls work again. Problem introduced in patch to use read() instead of fgets()
+ committed on 2010-01-27.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, tests/sha2/key-ca-dsa.pem,
+ tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa:
+ Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
+ for DSA.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Do not warn multiple times for the deprecation of
+ --bits.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
+ mbuffers is now cheaper by avoiding realloc, at the cost of
+ requiring to specify a maximum mbuffer size at creation.
+
+2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c: Removed unused functions.
+
+2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
+ length with the maximum extension data length.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
+ lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
+ lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
+ lib/x509/dn.c, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
+ tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
+ packing of data for session storage. Extensions use the internal API
+ to store/retrieve during resumption. Removed OPRFI since it was never standardized and was never actually
+ included in gnutls since it was in inactive ifdef. This was instead
+ of rewriting it to use the new API.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
+ lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
+ simplified and integrated with the buffer to avoid having two named
+ for the same thing.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Properly handle fork() case.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
+ fips mode once gnutls_global_init_extra() is called.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: corrected tests.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c:
+ Added new calls to pakchois to open an absolute filename.
+
+2010-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h: Removed several comments that
+ pointed to Alon's implementation comments. We use inline C comments
+ to generate documentation (not doxygen).
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/ext_session_ticket.c,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
+ fixes for the rebase.
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: Added Jonathan.
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Provider unref must be done after all
+ sessions have been closed.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: Several fixes for the broken rebase.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Merged with master.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
+ (a bit more) agnostic on their internal structure.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Corrected prefered hash algorithm return value
+ on RSA.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
+ libgcrypt.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Ignore more files.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/sha2-dsa: Remove the correct file
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
+ files.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
+ get_preferred_hash_algorithm() functions have now an extra argument
+ to indicate whether it is mandatory to use this algorithm.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/crq.c: Added
+ gnutls_x509_crq_get_preferred_hash_algorithm().
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
+ lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
+ gnutls_pubkey_get_preferred_hash_algorithm() and
+ gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
+ the hash algorithm to use during signing. This is needed in the case
+ of DSA that uses specific versions of SHA depending on the size of
+ the parameters.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
+ lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c:
+ Several fixes after big rebase.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
+ SHA256 as well.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: Print debugging information on error.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/verify.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
+ lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
+ Except for SHA-224/384/512 nettle seems to be fully working now.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: use --sec-param to generate privkey.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/openpgpself.c: reduced log level to a sane one
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
+ --print-certificate-info
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/sha2: Print information on failure.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
+ available.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
+ tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
+ something fails
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: Fixup to compile with nettle
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
+ in debugging.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pkcs12_encode.c: Added debugging
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
+ TLS.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix_asn1_tab.c: removed more stuff.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
+ incorporated.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
+ more.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/dn2.c: Corrected to support new EV_ values.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
+ avoid calling gcrypt directly.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+ lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
+ tests/mini-eagain.c: exported gnutls_rnd().
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
+ recognition of DN elements is now self contained. It does not need
+ entries in pkix.asn.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
+ support for EV certificate attributes.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
+ AES.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c: documentation updates
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
+ dh-params also used --sec-param.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/mpi.c: Document that the generator is the generator of
+ the subgroup and not the group.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Corrected certificate callback.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
+ lib/nettle/cipher.c: More AES stuff (still doesn't work).
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Correction in RSA encryption.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/cipher.c: Fixed issue with AES.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
+ lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added
+ gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
+ private keys using a human understandable scale.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Always use included pakchois.
+
+2010-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
+ page.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: make example more compact by removing
+ error checking.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
+ reference to PKCS #11.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
+ lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
+ level of several messages.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
+ values in key.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
+ keys on import. Nettle uses more values than gcrypt does from RSA
+ decryption and it seemed that some values in our stored private keys
+ were messy (generated by very old gnutls).
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
+ internal API. The only question that remains now is how to handle
+ the gnutls_pkcs11_privkey_t. Currently it opens a session and
+ maintains a handle to the object. This will require locks to be
+ added on operations. Alternatively new sessions may be opened for
+ each operation performed. This is guarranteed by PKCS #11 to be
+ thread safe but will of course require to ask for the PIN again.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Removed debugging print.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
+ lib/pakchois/errors.c, lib/pakchois/pakchois.c,
+ lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
+ pakchois library (to open arbitrary pkcs11 modules). Current gnutls
+ works only with this one.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi: Added missing file.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: Removed finished items.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_write.c: Noted that there things to be done.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
+ abstract types.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c:
+ Common code for calculation of RSA exp1 and exp2. Also update the
+ openpgp code to calculate those values.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c:
+ More fixes.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c:
+ Corrected nicely hidden bug that caused accesses to uninitialized
+ variables if the gcry_mpi_print() functions were pessimists and
+ returned more size than actually needed for the print.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/pk.c: Added some sanity checks.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
+ doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
+ doc/cha-copying.texi, doc/cha-functions.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
+ doc/cha-tls-app.texi, doc/gnutls.texi,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
+ Documentation updates. Separated big gnutls.texi to chapter to allow
+ easier maintainance.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c:
+ Added support to copy certificates and private keys to tokens. New
+ functions: gnutls_pkcs11_copy_x509_crt()
+ gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys
+ to tokens. Deleting an object has issues (segfault) but it seems to
+ be related with libopensc and its pkcs11 API.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
+ gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Tried to document recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
+ between hardware and soft tokens.
+
+2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: Added support for libnettle backend. This uses
+ gmp for big number operations. It is not currently completed. It
+ lacks RSA blinding as well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
+ #11 URL. It can read gnome-keyring's certificates and use them in
+ the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/x509self.c: Updated self tests and examples to avoid using
+ deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Corrections to properly handle token removal and
+ insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/pkcs11.c: Added several helper functions, to
+ allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
+ from PKCS #11 tokens. Added ability to list trusted certificates,
+ or only certificates with a corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h: Added
+ gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
+ src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Ignore files that should be ignored.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
+ recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
+ gnutls_pkcs11_token_get_flags() to distinguish between hardware and
+ soft tokens.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
+ symbols from C++ library. This library doesn't contain any internal
+ symbols anyway and there is no reason to mess with the C++ ABI that
+ hasn't got the problems of C.
+
+2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
+ lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
+ lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
+ lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
+ lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
+ lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
+ lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
+ src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
+ support for libnettle backend. This uses gmp for big number
+ operations. It is not currently completed. It lacks RSA blinding as
+ well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
+ gnutls-cli and gnutls-serv can accept a PKCS #11 URL.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.h, lib/gnutls_x509.h,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
+ lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c:
+ The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
+ gnome-keyring's certificates and use them in the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that gnutls_global_init calls
+ gnutls_pkcs11_init.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Only send termination request to avoid stalling on
+ servers that do not reply.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h:
+ Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
+ works even when resuming a session.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
+ doc/gnutls.texi: Added initial example.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c:
+ Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select.c, tests/Makefile.am,
+ tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
+ self tests and examples to avoid using deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
+ the new callback function.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
+ properly handle token removal and insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ Deprecated the sign callback.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
+ lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
+ src/common.h, src/pkcs11.c, src/serv.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: ignore unrelated to gnutls files.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
+ functions, to allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_str.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c:
+ Added ability to export certificates from PKCS #11 tokens. Added
+ ability to list trusted certificates, or only certificates with a
+ corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
+ lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
+ lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Optimized the check_if_same().
+
+2010-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h:
+ Added a forgoten by god OID for RSA. Warn using the actual OID on
+ unknown public key algorithms.
+
+2009-12-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
+ API.
+
+2009-08-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
+ handshake synthesis.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
+ mbuffer_st.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
+ Simplify handshake send buffer logic.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Fix interrupted write braino.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: Avoid pointer warning.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Remove now useless
+ _gnutls_mbuffer_enqueue{,copy} functions.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
+ with mbuffer_st structure as suggested by Nikos.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
+ allocation by the caller.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: GNUify some missed GNUification.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Harmonize read and write function names.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
+ less lines.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once again, I got bit by this pretty hard.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_record.c: Use a datum for ciphered data in
+ _gnutls_send_int.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.h: Remove the prototype for the non-existant
+ function _gnutls_io_write_buffered2.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
+ internals.record_send_buffer mess.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Remove yet another !@#$% instance of
+ redundant hexadecimal dumping.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
+ Modify slightly the contract of _gnutls_io_write_buffered as
+ suggested by Nikos Mavrogiannopoulos.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
+ by value.
+
+2009-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
+ handshake data were received during a session. It now stores them
+ for future use by a gnutls_handshake(). Reported by Peter
+ Hendrickson <pdh@wiredyne.com>.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
+ _gnutls_io_write_flush with mbuffers.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
+ internals.record_send_buffer to a mbuffer.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Extract a simple_write function from
+ _gnutls_io_write_buffered.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Add dump_bytes function.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
+ mbuffer operations.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Do not rely on version ordering; use
+ switch..case instead.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_state.c: Remove hardcoded version check in
+ gnutls_state.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_cipher.c: Remove hardcoded version checks in
+ gnutls_cipher.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_handshake.c: Remove hardcoded version checks in
+ gnutls_handshake.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Add version check function for selectable
+ signature/hash certificate algorithms.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Add version check functions for
+ non-minimal padding.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
+ check function for explicit IV.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.h: Add version check functions for
+ selectable PRF and extension handling.
+
+2010-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn:
+ Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the
+ most secure and recommended option for clients. However this will
+ prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and
+ servers not supporting the safe renegotiation extension. (this is
+ the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones.
+
+2010-05-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Minor fix.
+
+2010-05-31 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, maint.mk: Update gnulib files.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: Documented the defaults.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
+ updates.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Update.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/README: Add.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
+ build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
+ configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
+ gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
+ gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
+ gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
+ gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
+ gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
+ lib/build-aux/c++defs.h, lib/gl/Makefile.am,
+ lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
+ lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
+ lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
+ lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
+ lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
+ lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
+ libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
+ gnulib files, use valgrind-tests module, fix syntax-check problems.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Doc fix.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/verify.c: Use correct hashing algorithms for DSA with q
+ over 160 bits.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Better checks in loops.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c: Doc fix.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
+ GTK-DOC PDF file.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Also build PDF manual.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix node/section usage.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/srn5.c: Fix self test.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
+ libextra/openssl_compat.c: Doc fixes.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
+ doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
+ doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
+ doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
+ guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
+ guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
+ guile/src/extra.c, guile/src/make-enum-header.scm,
+ guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
+ lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
+ lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
+ lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
+ lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
+ lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
+ lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
+ lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
+ libextra/configure.ac, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/fipsmd5.c,
+ libextra/gl/Makefile.am, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
+ libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/m4/hooks.m4, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
+ src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
+ src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
+ tests/certder.c, tests/certificate_set_x509_crl.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+ tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+ tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
+ tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
+ tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
+ tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision,
+ tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
+ tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
+ tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
+ tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
+ tests/userid/userid, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
+ Change GNUTLS into GnuTLS.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
+ doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
+ doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
+ lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
+ src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
+ parsing of ciphersuite or extensions when safe renegotiation is
+ disabled.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn5.c: Add test of self renegotiation
+ APIs.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c:
+ Add more rengotiation self tests.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c:
+ Add more safe renegotiation self test.
+
+2010-05-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/announce.txt, doc/gnutls.texi,
+ doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ tests/safe-renegotiation/srn2.c: Remove
+ gnutls_safe_negotiation_set_initial and
+ gnutls_safe_renegotiation_set.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Documented behavioral change.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
+ differentiate the behavior of server and client with regards to safe
+ renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
+ UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
+ This (as well as the safe_renegotiation_set flag) has to be removed
+ once safe renegotiation is default in both server and client side.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
+ renegotiation if the priority_* functions are not called.
+
+2010-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
+ Adams.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c:
+ tests: Add srn3 to test inverse of what srn1 is testing.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn2.c: tests: Add another safe
+ renegotiation self tests.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/srn1.c: Also test
+ gnutls_safe_renegotiation_status API.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
+ renegotiation extension.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
+ X.509 rehandshake test.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/mini-x509.c: Protect against infloops.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
+ self-test.
+
+2010-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve text, based on suggestions from Tomas
+ Hoger <thoger@redhat.com>.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Fix typo.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Improve renegotiation debug messages.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Add.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Add.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add section on safe renegotiation.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Remove debug code.
+
+2010-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Mention shared library map file and GTK-DOC
+ guidelines.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Update URL.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Update my OpenPGP key.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Update my key.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Remove.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 2.8.x NEWS entries.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/configure.ac: Also bump libgnutls-extra version.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
+ versions.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh: Chmod +x.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
2010-04-22 Simon Josefsson <simon@josefsson.org>
* NEWS: Version 2.9.10.
2005-11-07 Simon Josefsson <simon@josefsson.org>
- * NEWS: Version 1.2.9.
-
-2005-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
- * corrected bug in pkcs 12 ID key setting. Found and reported by Fran
- <e_agf@yahoo.es>.
+ * Version 1.2.9.
-----
projects / thirdparty / gnutls.git / commitdiff
