[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-404-gc238f7f
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-404-gc238f7f |
|
Date: |
Thu, 14 Oct 2010 13:24:10 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c238f7f49e396b0aed83d1040ecbf5bc03ec65db
The branch, master has been updated
via c238f7f49e396b0aed83d1040ecbf5bc03ec65db (commit)
via 3ae93e1c70868122ef80556767095fd3039b740c (commit)
from d5d2bdfa9473c9360f497ef3d8a9376d2b05ae6a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c238f7f49e396b0aed83d1040ecbf5bc03ec65db
Author: Simon Josefsson <address@hidden>
Date: Thu Oct 14 15:23:28 2010 +0200
Generated.
commit 3ae93e1c70868122ef80556767095fd3039b740c
Author: Simon Josefsson <address@hidden>
Date: Thu Oct 14 15:22:38 2010 +0200
Version 2.11.3.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2532 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
NEWS | 2 +-
2 files changed, 2527 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5a5170c..cacf602 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,2528 @@
+2010-10-14 Simon Josefsson <address@hidden>
+
+ * NEWS: Version 2.11.3.
+
+2010-10-14 Simon Josefsson <address@hidden>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-10-14 Simon Josefsson <address@hidden>
+
+ * doc/errcodes.c, doc/examples/ex-alert.c,
+ doc/examples/ex-cert-select-pkcs11.c,
+ doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
+ guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
+ guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
+ lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
+ lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
+ lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
+ lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/errors.c,
+ lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
+ lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
+ lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c, lib/x509_b64.c,
+ libextra/ext_inner_application.c, libextra/ext_inner_application.h,
+ libextra/gnutls_extra.c, libextra/gnutls_ia.c,
+ libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
+ src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
+ src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
+ src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
+ tests/anonself.c, tests/certder.c,
+ tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nul-in-x509-names.c, tests/openpgp-auth.c,
+ tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
+ tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/safe-renegotiation/srn0.c,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
+ tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
+ tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
+ tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
+ 2.2.11).
+
+2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, configure.ac, lib/m4/hooks.m4: bumped version
+
+2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: Revert "Applied last patch of Micah Anderson on
+ IKE status." This reverts commit
a6b2f5ce7316b4774649ee9b421da2ee7fef461f.
+
+2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * libextra/fipsmd5.c: removed unneeded code.
+
+2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: Applied last patch of Micah Anderson on IKE
+ status.
+
+2010-10-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: Applied patch on IKE extension by Micah Anderson
+
+2010-10-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
+ lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
+ code to support the linux cryptodev extensions. Removed the clone()
+ capability from HMAC. It was never used and having it prevents using
+ it with hardware accelerators that might not have this capability.
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * THANKS: Added Micah
+
+2010-10-01 Simon Josefsson <address@hidden>
+
+ * doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-library.texi, lib/ext_safe_renegotiation.c,
+ lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
+ lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
+ lib/system.c, lib/system.h, libextra/ext_inner_application.c,
+ src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
+ syntax-check errors.
+
+2010-10-01 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h: Fix compiler warnings.
+
+2010-10-01 Simon Josefsson <address@hidden>
+
+ * NEWS, doc/manpages/Makefile.am: Mention new APIs.
+
+2010-09-30 Simon Josefsson <address@hidden>
+
+ * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by
address@hidden in
+ <http://savannah.gnu.org/support/?107449>.
+
+2010-09-30 Simon Josefsson <address@hidden>
+
+ * lib/crypto-api.c: Don't return from void functions. Reported by
Dagobert Michelsen <address@hidden> in
+
+
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
+
+2010-09-30 Simon Josefsson <address@hidden>
+
+ * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <address@hidden>
+
+ * lib/includes/gnutls/x509.h: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <address@hidden>
+
+ * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
+ pkcs8-decode test work on Windows.
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: updated
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_session_ticket.c: treat absence of parameters the same as
+ having them disabled.
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/resume.c: Corrected behavior on failure (don't crash).
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
+ when restoring extensions during session resumtion.
+
+2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_extensions.c: Use more informative logging for
+ extensions.
+
+2010-09-29 Micah Anderson <address@hidden>
+
+ * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
+ lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool.c: Add new extended key usage
+ ipsecIKE According to RFC 4945 § 5.1.3.12 section title
+ "ExtendedKeyUsage"[0] the following extended key usage has been
+ added: ... this document defines an ExtendedKeyUsage keyPurposeID that
MAY
+ be used to limit a certificate's use: id-kp-ipsecIKE OBJECT
IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a
certificate is
+ intended to be used with both IKE and other applications, and one
+ of the other applications requires use of an EKU value, then such
+ certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or
anyExtendedKeyUsage [5], as well as the keyPurposeID values associated
with the other applications. Similarly, if a CA
+ issues multiple otherwise-similar certificates for multiple
+ applications including IKE, and it is intended that the IKE
+ certificate NOT be used with another application, the IKE
+ certificate MAY contain an EKU extension listing a keyPurposeID of
+ id-kp-ipsecIKE to discourage its use with the other application.
+ Recall, however, that EKU extensions in certificates meant for use
+ in IKE are NOT RECOMMENDED. Conforming IKE implementations are not
required to support EKU.
+ If a critical EKU extension appears in a certificate and EKU is
+ not supported by the implementation, then RFC 3280 requires that the
certificate be rejected. Implementations that do support EKU
+ MUST support the following logic for certificate validation: o
If no EKU extension, continue. o If EKU present AND contains either
id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject
cert. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
+ was renamed to --p11-*.
+
+2010-09-25 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_session_ticket.c: Added some comments and removed unused
+ code.
+
+2010-09-25 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
+ session tickets.
+
+2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/TODO: cleanup of TODO list. Removed very old entries, entries
+ already fixed and added new ones.
+
+2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.
+
+2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
+ lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
+ priorities moved to crypto.c
+
+2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.c: changed the fatality level of some errors.
+
+2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
+ Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
+ handshake. If the check_fatal flag is set then
+ GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
+
+2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/cli.c: fflush stdout and stderr before the call to setbuf.
+ This fixes issue in solaris where lines dissappeared from output.
+ Reported and suggested fix by Knut Anders Hatlen.
+
+2010-09-20 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: documented change
+
+2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
+ importing DSA keys are RSA ones.
+
+2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code
+
+2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: updated revision
+
+2010-09-18 Ludovic Courtès <address@hidden>
+
+ * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
+ OpenPGP authentication unit test. * tests/Makefile.am
(ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add
`srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+
+2010-09-16 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/ext_session_ticket.c, lib/gnutls_alert.c,
+ lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
+ lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c:
+ Explicit symmetric cipher state versionning. This introduces the
concept of a "cipher epoch". The epoch number is
+ the number of successful handshakes and is incremented by one each
+ time. This concept is native to DTLS and this patch makes the
+ symmetric cipher state explicit for TLS in preparation for DTLS.
+ This concept was implicit in plain TLS and ChangeCipherSpec messages
+ triggered a "pending state copy". Now, we the current epoch number
+ is simply incremented to the parameters negotiated by the handshake.
The main side effects of this patch is a slightly more abstract
+ internal API and, in some cases, simpler code. The session blob
+ format is also changed a bit since this patch avoids storing
+ information that is now redundant. If this breaks library users'
+ expectations, this side effect can be negated. The cipher_specs
structure has been removed. The conn_state has
+ become record_state_st. Only symmetric cipher information is
+ versioned. Things such as key exchange algorithm and the master
+ secret are not versioned and their handling is unchanged. I have
tested this patch as much as I could. It introduces no test
+ suite regressions on my x64 Debian GNU/Linux system. Do not hesitate
to point out shortcomings or suggest changes. Since
+ this is a big diff, I am expecting this to be an iterative process.
Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-16 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants
being made in an inline function or macro since it is used throughout the
code. This converts 4 line repetitive blocks
+ into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-14 Nikos Mavrogiannopoulos <address@hidden>
+
+ * AUTHORS, NEWS, configure.ac: updated for 2.11.1
+
+2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
+ #11 URLs. 1st level: Token level. Object is unique up to token.
+ 2nd level: Object is unique up to token and module used to access
+ it. 3rd level: Object is unique up to token and module and version
+ of module used to access it.
+
+2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: Documented changes.
+
+2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
+ tabs are being skipped.
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
+ _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation.
Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
+ _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS
code to make sure reads are stored
+ in segments that correspond to datagram boundaries. Signed-off-by:
Jonathan Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_int.h: Parenthesize size calculations. This is standard
practice and the DTLS code got bit by this. Signed-off-by: Jonathan
Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
+ mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation.
maximum_size is the maximum size of the payload, not including
+ overhead. Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
+ a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
+ API. After a year of not hacking GnuTLS, I needed to look at the code
to
+ know how mbuffers work. This will make it much easier for anybody
+ not familiar with this code. Signed-off-by: Jonathan
Bastien-Filiatrault <address@hidden>
+ Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-09-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: updated NEWS.
+
+2010-09-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
+ conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11
+ provider library (module) can be specified thus restricting objects
+ within a single provider.
+
+2010-09-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_record.c: When the %COMPAT flag is specified, larger
+ records that would otherwise violate the TLS spec, are accepted.
+
+2010-08-28 Brad Hards <address@hidden>
+
+ * src/certtool.c, src/pkcs11.c: Show which option is the default for
+ command line tools. We use "y/N" is most places - this just adapts two
places that use
+ "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+
+2010-08-20 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/x509.c: prevent a memory leak in the unique_id functions.
+
+2010-08-20 Brad Hards <address@hidden>
+
+ * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
+ lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
+ identified in a previous mail, I've added support for accessing /
+ displaying the subjectUniqueID and issuerUniqueID fields within an
+ X.509 certificate. This is provided (along with a test case) in the
+ attached patch. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+
+2010-08-20 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_int.h: By default lowat is set to zero.
+
+2010-08-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Revert "When scanning for terminator character for
+ PKCS #11 URLs ignore escaped \;." This reverts commit
583fad076506421c9007a3349784496e2927dcd1.
+
+2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * THANKS: Added Sjoerd.
+
+2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.
+
+2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c: oldstate var removed.
+
+2010-08-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
+ every two attempts. That is to remove probabilities.
+
+2010-08-11 Sjoerd Simons <address@hidden>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
+ data we're sending out Partially reverts
3ef62950845f551ebc629e50d5ddf75f71b84294.
+ gnutls_record_send needs to return the amount of user-data we sent,
+ so we need to keep this information somewhere to return it when we
+ succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+
+2010-08-11 Sjoerd Simons <address@hidden>
+
+ * lib/gnutls_handshake.c: Check whether the error is fatal in more
+ cases When stressing the async API of gnutls a lot of internal errors
are
+ hit as IMED_RET clears the handshake hash buffers as a result of
+ -EAGAIN even though it would never be re-initialized at that point,
+ but is still needed in later stages. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+
+2010-08-11 Sjoerd Simons <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
+ the handshake buffer A seperate state is needed between flushing the
handshake buffers
+ and sending the chipher spec change otherwise it's impossible to
+ determine whether _gnutls_send_change_cipher_spec is called for the
+ first time or again. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+
+2010-08-01 Simon Josefsson <address@hidden>
+
+ * lib/nettle/mpi.c: Fix warning.
+
+2010-07-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
+ no longer marked as unsupported.
+
+2010-07-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
+ lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
+ lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
+ SHA-224/384/512 and support for DSA2 when using nettle.
+
+2010-07-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: When scanning for terminator character for PKCS #11
+ URLs ignore escaped \;.
+
+2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.
+
+2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
+ ciphersuites.
+
+2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_signature.c: When signature algorithms extension is not
+ received allow SHA1 and SHA256.
+
+2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL
+
+2010-07-25 Simon Josefsson <address@hidden>
+
+ * src/common.c: Avoid fixed size buffers (now handles the big >100
+ SAN cert).
+
+2010-07-25 Simon Josefsson <address@hidden>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-07-25 Simon Josefsson <address@hidden>
+
+ * NEWS: Re-add old NEWS entries.
+
+2010-07-25 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_buffers.c: Doc fix.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
+ success.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c:
+ gnutls_x509_privkey_import() will fallback to
+ gnutls_x509_privkey_import_pkcs8() without a password, if it is
+ unable to decode the key.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c:
+ Added GNUTLS_PK_DH to differentiate in the generation of parameters
+ with PK_DSA that requires special treatment.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
+ levels.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
+ certificates.
+
+2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
+ normal and reporting them as low.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
+ lib/x509/privkey.c, src/certtool.c,
+ tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
+ parameters to key sizes matching (via a single table). Added
+ functions to return the security parameter of a private key.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Simplified documentation.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/mpi.c: Follow ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
+ lib/gnutls_algorithms.c: Updated documentation and
+ gnutls_pk_params_t mappings to ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
+ yearly report (2009-2010) recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem
+
+2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * gtk-doc.make: ignore html errors otherwise make dist doesn't work.
+
+2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: updated NEWS
+
+2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added option for certtool to print
+ certificate public key.
+
+2010-07-21 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
+ RSA. Some microsoft products were using it. Reported by Mads
+ Kiilerich.
+
+2010-07-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.
+
+2010-07-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
+ Will stay there until it is moved to nettle itself.
+
+2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/system.h: fixed
+
+2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
+ lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
+ is used if /dev/urandom is not present.
+
+2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
+ lowat behavior. Documented that it will be deprecated in later
+ versions.
+
+2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
+ instead print LF only.
+
+2010-07-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
+ lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
+ lib/system.h: system specific functions were moved to system.c
+
+2010-07-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
+ using writev(). This takes advantage of the new buffering layer and
+ allows queuing of packets and flushing them. This is currently used
+ for handshake messages only. Performance-wise the difference of
+ packing several TLS records in a single write doesn't seem to offer
+ anything over ethernet (that my tests were on). Probably on links
+ with higher latency there would be a benefit.
+
+2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-gtls-app.texi: Removed old reference.
+
+2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
+ demonstrating the verification procedure.
+
+2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-serv-export.c: Example with export ciphersuites was
+ removed.
+
+2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_pubkey.c: corrected typo
+
+2010-07-07 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
+ fastest choice.
+
+2010-07-05 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool-cfg.c: Do not crash if input is redirected from
+ /dev/null.
+
+2010-07-05 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa:
+ Changed the default pkcs-cipher to AES-128. Allowed specifying the
+ 3des-pkcs12 cipher with the --pkcs-cipher option.
+
+2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/benchmark.c: Use double to count bytes.
+
+2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/rnd.c: Added a windows version of the RNG.
+
+2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/rnd.c: Corrected locking usage in nettle's random
+ subsystem.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h:
+ Fixed to compile under mingw32.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
+ lib/pakchois/pakchois.c: Locks were converted to be in align with
+ posix locks to easier wrap around them.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
+ pakchois will use gnutls locks and will use a portable dlopen() to
+ allow compilation in win32 (untested).
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/x509/Makefile.am: Added missing files
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/crypto-api.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
+ lib/libgnutls.map: Allow encryption and decryption that are not
+ in-place only.
+
+2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/benchmark.c: Print values in a human-readable format and do
+ the calculations in fixed time to prevent stalling in slow systems.
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: corrected library version
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-cert-select-pkcs11.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
+ callback function in common.c will cache PIN if requested for second
+ time.
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
+ PIN callback. The new approach will be to provide enough information
+ for the callback to save the PIN itself.
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/init.c: removed unneeded function.
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/locks.c: Do not allow setting NULL lock functions
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/rnd.c: corrected lock usage.
+
+2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: bumped library version
+
+2010-07-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/Makefile.am: Include abstract.h in releases.
+
+2010-06-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/crypto-api.c: Correctly deinitialize crypto API handles.
+
+2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
+ HANDSHAKE_MAC_TYPE_12.
+
+2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
+ code. Locking functions always exist but are dummies if no locks
+ have been set.
+
+2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
+ lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
+ lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c:
+ Initialization of crypto libraries moved outside main gnutls code.
+
+2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/locks.c, lib/locks.h: Moved locking code to special file.
+
+2010-06-29 Simon Josefsson <address@hidden>
+
+ * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.
+
+2010-06-29 Simon Josefsson <address@hidden>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c:
+ When copying a private key the sensitive flag can be set or not.
+ This allows copying private keys that can be exported.
+
+2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
+ src/pkcs11.c: Combined object flags. No implicit login any more.
+ Login has to be specified with a flag on every call that could use
+ it.
+
+2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
+ code.
+
+2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
+ flags when importing objects from PKCS11 URLs. The only flag
+ supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
+ before accessing object on a token. The reason is that some tokens
+ do not allow access of any data without login.
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/tests.c: Added AES-128 to block ciphers.
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_session_pack.c: Corrected writing and reading order of
+ security parameters.
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
+ allow setting alternative locking procedures. By default the system
+ available locking is used. In *NIX pthreads are used and in windows
+ the critical section API. As a side effect this change avoids any API
dependance on libgcrypt
+ even if threads are used.
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
+ was checking whether verification using a trusted insecurely signed
+ self signed certificate will fail against a chain that has this as
+ intermediate. However this test should have succeeded since the
+ insecure certificate is trusted. This isn't the purpose of this test
however. It should have checked
+ whether using the same certificate as trusted and to be verified and
+ the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.
+
+2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/chainverify.c: Fail on error.
+
+2010-06-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: When generating private key allow usage of
+ --pkcs-cipher flag.
+
+2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h:
+ MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
+
+2010-06-24 Simon Josefsson <address@hidden>
+
+ * README-alpha: We also require GNU make.
+
+2010-06-24 Simon Josefsson <address@hidden>
+
+ * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
+ silent build rules. Suggested by Vincent Torri <address@hidden> in
+
+
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
+
+2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
+ functions.
+
+2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am: removed OPRFI from makefile.
+
+2010-06-21 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/verify.c: When verifying certificates use the same
+ algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
+ we were shortening certificate list if the flag was not set by the
+ size of the first certificate found in the trusted list, and keep
+ the list intact otherwise. Now we shorten the list in the latter
+ case as well, except for the first certificate.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: Added news entry for EV-certificates.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
+ Added test to check whether the %COMPAT option is required for this
+ server.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
+ the new session packing code. Saving absolute positions in buffers
+ is no longer done. Now we store only and offset to allow
+ reallocating the buffer and still do the correct reference.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
+ lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
+ code that relate to SSL 3.0.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * configure.ac: version is 2.11.0
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Some updates on renegotiation text
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
+ topic. I don't think they should be in the documentation.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Corrected example with %COMPAT.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
+ discussion.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: corrected text on AES
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Only save PIN if login was successful.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
+ Metzler
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/benchmark.c: Allow setting debug level via cmd.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/cryptodev.c: Explicitely terminate cryptodev sessions.
+
+2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
+ longer needed "active" variable.
+
+2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: documented some of the changes
+
+2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
+ internal hash/hmac and cipher functions.
+
+2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
+ Certtool has now the --pkcs11-list-privkeya option.
+
+2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11_privkey.c: Send correct token name to callback.
+
+2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
+ actual errors.
+
+2010-06-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c:
+ Added option to the PKCS11 PIN callback to save PIN if the token is
+ being used with a single pkcs11_privkey structure.
+
+2010-06-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11_privkey.c: For Private key operations new sessions are
+ opened when are needed. This makes the usage of the PKCS11 API
+ thread safe. The only drawback is the requirement to enter PIN on
+ every operation.
+
+2010-06-15 Simon Josefsson <address@hidden>
+
+ * src/cli.c: gnutls-cli: Make --starttls work again. Problem
introduced in patch to use read() instead of fgets()
+ committed on 2010-01-27.
+
+2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c, tests/sha2/key-ca-dsa.pem,
+ tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa:
+ Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
+ for DSA.
+
+2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: Do not warn multiple times for the deprecation of
+ --bits.
+
+2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
+ mbuffers is now cheaper by avoiding realloc, at the cost of
+ requiring to specify a maximum mbuffer size at creation.
+
+2010-06-13 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_safe_renegotiation.c: Removed unused functions.
+
+2010-06-13 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
+ length with the maximum extension data length.
+
+2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
+ lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
+ lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
+ lib/x509/dn.c, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
+ tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
+ packing of data for session storage. Extensions use the internal API
+ to store/retrieve during resumption. Removed OPRFI since it was never
standardized and was never actually
+ included in gnutls since it was in inactive ifdef. This was instead
+ of rewriting it to use the new API.
+
+2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
+ lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
+ simplified and integrated with the buffer to avoid having two named
+ for the same thing.
+
+2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pakchois/pakchois.c: Properly handle fork() case.
+
+2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+
+ * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
+ fips mode once gnutls_global_init_extra() is called.
+
+2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/tests.c: corrected tests.
+
+2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c:
+ Added new calls to pakchois to open an absolute filename.
+
+2010-06-07 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h: Removed several comments that
+ pointed to Alon's implementation comments. We use inline C comments
+ to generate documentation (not doxygen).
+
+2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/ext_session_ticket.c,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
+ fixes for the rebase.
+
+2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * AUTHORS: Added Jonathan.
+
+2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pakchois/pakchois.c: Provider unref must be done after all
+ sessions have been closed.
+
+2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am: Several fixes for the broken rebase.
+
+2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-intro-tls.texi: Merged with master.
+
+2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
+ (a bit more) agnostic on their internal structure.
+
+2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/verify.c: Corrected prefered hash algorithm return value
+ on RSA.
+
+2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
+ libgcrypt.
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * .gitignore: Ignore more files.
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/sha2/sha2-dsa: Remove the correct file
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
+ files.
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
+ get_preferred_hash_algorithm() functions have now an extra argument
+ to indicate whether it is mandatory to use this algorithm.
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/crq.c: Added
+ gnutls_x509_crq_get_preferred_hash_algorithm().
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
+ lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
+ gnutls_pubkey_get_preferred_hash_algorithm() and
+ gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
+ the hash algorithm to use during signing. This is needed in the case
+ of DSA that uses specific versions of SHA depending on the size of
+ the parameters.
+
+2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
+ lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c:
+ Several fixes after big rebase.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
+ SHA256 as well.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/mpi.c: Print debugging information on error.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/verify.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
+ lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
+ Except for SHA-224/384/512 nettle seems to be fully working now.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c: use --sec-param to generate privkey.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/openpgpself.c: reduced log level to a sane one
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
+ --print-certificate-info
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/sha2/sha2: Print information on failure.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
+ available.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
+ tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
+ something fails
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.
+
+2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_global.c: Fixup to compile with nettle
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
+ in debugging.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/pkcs12_encode.c: Added debugging
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
+ TLS.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkix_asn1_tab.c: removed more stuff.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
+ incorporated.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
+ more.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/dn2.c: Corrected to support new EV_ values.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
+ avoid calling gcrypt directly.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+ lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
+ tests/mini-eagain.c: exported gnutls_rnd().
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
+ recognition of DN elements is now self contained. It does not need
+ entries in pkix.asn.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
+ support for EV certificate attributes.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
+ AES.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_dh_primes.c: documentation updates
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
+ dh-params also used --sec-param.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/mpi.c: Document that the generator is the generator of
+ the subgroup and not the group.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/cli.c: Corrected certificate callback.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
+ lib/nettle/cipher.c: More AES stuff (still doesn't work).
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c: Correction in RSA encryption.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/cipher.c: Fixed issue with AES.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
+ lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added
+ gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
+ private keys using a human understandable scale.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/m4/hooks.m4: Always use included pakchois.
+
+2010-05-27 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
+ page.
+
+2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-cert-auth.texi: make example more compact by removing
+ error checking.
+
+2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
+ reference to PKCS #11.
+
+2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.
+
+2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key
+
+2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
+ lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
+ level of several messages.
+
+2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
+ values in key.
+
+2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
+ keys on import. Nettle uses more values than gcrypt does from RSA
+ decryption and it seemed that some values in our stored private keys
+ were messy (generated by very old gnutls).
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
+ internal API. The only question that remains now is how to handle
+ the gnutls_pkcs11_privkey_t. Currently it opens a session and
+ maintains a handle to the object. This will require locks to be
+ added on operations. Alternatively new sessions may be opened for
+ each operation performed. This is guarranteed by PKCS #11 to be
+ thread safe but will of course require to ask for the PIN again.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pakchois/pakchois.c: Removed debugging print.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
+ lib/pakchois/errors.c, lib/pakchois/pakchois.c,
+ lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
+ pakchois library (to open arbitrary pkcs11 modules). Current gnutls
+ works only with this one.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-gtls-app.texi: Added missing file.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/TODO: Removed finished items.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11_write.c: Noted that there things to be done.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
+ abstract types.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c:
+ Common code for calculation of RSA exp1 and exp2. Also update the
+ openpgp code to calculate those values.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c:
+ More fixes.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c:
+ Corrected nicely hidden bug that caused accesses to uninitialized
+ variables if the gcry_mpi_print() functions were pessimists and
+ returned more size than actually needed for the print.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gcrypt/pk.c: Added some sanity checks.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
+ doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
+ doc/cha-copying.texi, doc/cha-functions.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
+ doc/cha-tls-app.texi, doc/gnutls.texi,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
+ Documentation updates. Separated big gnutls.texi to chapter to allow
+ easier maintainance.
+
+2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c:
+ Added support to copy certificates and private keys to tokens. New
+ functions: gnutls_pkcs11_copy_x509_crt()
+ gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool
was updated to allow copying certificates and private keys
+ to tokens. Deleting an object has issues (segfault) but it seems to
+ be related with libopensc and its pkcs11 API.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
+ gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS: Tried to document recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to
allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
+ between hardware and soft tokens.
+
+2010-05-21 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am: Added support for libnettle backend. This uses
+ gmp for big number operations. It is not currently completed. It
+ lacks RSA blinding as well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
+ #11 URL. It can read gnome-keyring's certificates and use them in
+ the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_x509.c: Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/x509self.c: Updated self tests and examples to avoid using
+ deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Corrections to properly handle token removal and
+ insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/certtool.c, src/pkcs11.c: Added several helper functions, to
+ allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
+ from PKCS #11 tokens. Added ability to list trusted certificates,
+ or only certificates with a corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h: Added
+ gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, configure.ac, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
+ src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * .gitignore: Ignore files that should be ignored.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
+ recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to
allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
+ gnutls_pkcs11_token_get_flags() to distinguish between hardware and
+ soft tokens.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
+ symbols from C++ library. This library doesn't contain any internal
+ symbols anyway and there is no reason to mess with the C++ ABI that
+ hasn't got the problems of C.
+
+2010-05-21 Nikos Mavrogiannopoulos <address@hidden>
+
+ * configure.ac, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
+ lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
+ lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
+ lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
+ lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
+ lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
+ lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
+ src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
+ support for libnettle backend. This uses gmp for big number
+ operations. It is not currently completed. It lacks RSA blinding as
+ well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
+ gnutls-cli and gnutls-serv can accept a PKCS #11 URL.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.h, lib/gnutls_x509.h,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
+ lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c:
+ The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
+ gnome-keyring's certificates and use them in the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Documented that gnutls_global_init calls
+ gnutls_pkcs11_init.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/cli.c: Only send termination request to avoid stalling on
+ servers that do not reply.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h:
+ Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
+ works even when resuming a session.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
+ doc/gnutls.texi: Added initial example.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c:
+ Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-cert-select.c, tests/Makefile.am,
+ tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
+ self tests and examples to avoid using deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
+ the new callback function.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
+ properly handle token removal and insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ Deprecated the sign callback.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
+ lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
+ src/common.h, src/pkcs11.c, src/serv.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+
+ * .gitignore: ignore unrelated to gnutls files.
+
+2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
+ functions, to allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.c, lib/gnutls_str.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c:
+ Added ability to export certificates from PKCS #11 tokens. Added
+ ability to list trusted certificates, or only certificates with a
+ corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
+ lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
+ lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-03-07 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/verify.c: Optimized the check_if_same().
+
+2010-02-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h:
+ Added a forgoten by god OID for RSA. Warn using the actual OID on
+ unknown public key algorithms.
+
+2009-12-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
+ API.
+
+2009-08-16 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
+ handshake synthesis.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
+ mbuffer_st.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
+ Simplify handshake send buffer logic.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Fix interrupted write braino.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c: Avoid pointer warning.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Remove now useless
+ _gnutls_mbuffer_enqueue{,copy} functions.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
+ with mbuffer_st structure as suggested by Nikos.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
+ allocation by the caller.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: GNUify some missed GNUification.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Harmonize read and write function names.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
+ less lines.
+
+2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once
again, I got bit by this pretty hard.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_record.c: Use a datum for ciphered data in
+ _gnutls_send_int.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.h: Remove the prototype for the non-existant
+ function _gnutls_io_write_buffered2.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
+ internals.record_send_buffer mess.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Remove yet another address@hidden instance of
+ redundant hexadecimal dumping.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
+ Modify slightly the contract of _gnutls_io_write_buffered as
+ suggested by Nikos Mavrogiannopoulos.
+
+2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
+ by value.
+
+2009-08-08 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
+ handshake data were received during a session. It now stores them
+ for future use by a gnutls_handshake(). Reported by Peter
+ Hendrickson <address@hidden>.
+
+2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
+ _gnutls_io_write_flush with mbuffers.
+
+2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
+ internals.record_send_buffer to a mbuffer.
+
+2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Extract a simple_write function from
+ _gnutls_io_write_buffered.
+
+2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_buffers.c: Add dump_bytes function.
+
+2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
+ mbuffer operations.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_algorithms.c: Do not rely on version ordering; use
+ switch..case instead.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_state.c: Remove hardcoded version check in
+ gnutls_state.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_cipher.c: Remove hardcoded version checks in
+ gnutls_cipher.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_handshake.c: Remove hardcoded version checks in
+ gnutls_handshake.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_algorithms.c: Add version check function for selectable
+ signature/hash certificate algorithms.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_algorithms.c: Add version check functions for
+ non-minimal padding.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
+ check function for explicit IV.
+
+2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+
+ * lib/gnutls_algorithms.h: Add version check functions for
+ selectable PRF and extension handling.
+
+2010-06-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn:
+ Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will
enable safe renegotiation. This is the
+ most secure and recommended option for clients. However this will
+ prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION:
Prevents renegotiation with clients and
+ servers not supporting the safe renegotiation extension. (this is
+ the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe
ones.
+
+2010-05-31 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Minor fix.
+
+2010-05-31 Simon Josefsson <address@hidden>
+
+ * GNUmakefile, maint.mk: Update gnulib files.
+
+2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/gnutls.texi: Documented the defaults.
+
+2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
+ updates.
+
+2010-05-28 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Update.
+
+2010-05-28 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/README: Add.
+
+2010-05-28 Simon Josefsson <address@hidden>
+
+ * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
+ build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
+ configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
+ gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
+ gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
+ gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
+ gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
+ gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
+ lib/build-aux/c++defs.h, lib/gl/Makefile.am,
+ lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
+ lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
+ lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
+ lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
+ lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
+ lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
+ libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
+ gnulib files, use valgrind-tests module, fix syntax-check problems.
+
+2010-05-28 Simon Josefsson <address@hidden>
+
+ * doc/announce.txt: Doc fix.
+
+2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/verify.c: Use correct hashing algorithms for DSA with q
+ over 160 bits.
+
+2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_algorithms.c: Better checks in loops.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * lib/x509/crl.c: Doc fix.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
+ GTK-DOC PDF file.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * cfg.mk: Also build PDF manual.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Fix node/section usage.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/srn5.c: Fix self test.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_handshake.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
+ libextra/openssl_compat.c: Doc fixes.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * lib/x509/x509.c: Doc fix.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
+ doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
+ doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
+ doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
+ guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
+ guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
+ guile/src/extra.c, guile/src/make-enum-header.scm,
+ guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
+ lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
+ lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
+ lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
+ lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
+ lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
+ lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
+ lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
+ libextra/configure.ac, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/fipsmd5.c,
+ libextra/gl/Makefile.am, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
+ libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/m4/hooks.m4, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
+ src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
+ src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
+ tests/certder.c, tests/certificate_set_x509_crl.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+ tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+ tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
+ tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
+ tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
+ tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision,
+ tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
+ tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
+ tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
+ tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
+ tests/userid/userid, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
+ Change GNUTLS into GnuTLS.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
+ doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
+ doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
+ lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
+ src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.
+
+2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
+ parsing of ciphersuite or extensions when safe renegotiation is
+ disabled.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn5.c: Add test of self renegotiation
+ APIs.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c:
+ Add more rengotiation self tests.
+
+2010-05-22 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c:
+ Add more safe renegotiation self test.
+
+2010-05-21 Simon Josefsson <address@hidden>
+
+ * NEWS, doc/announce.txt, doc/gnutls.texi,
+ doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ tests/safe-renegotiation/srn2.c: Remove
+ gnutls_safe_negotiation_set_initial and
+ gnutls_safe_renegotiation_set.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_priority.c: Documented behavioral change.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
+ differentiate the behavior of server and client with regards to safe
+ renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
+ UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
+ This (as well as the safe_renegotiation_set flag) has to be removed
+ once safe renegotiation is default in both server and client side.
+
+2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
+ renegotiation if the priority_* functions are not called.
+
+2010-05-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
+ Adams.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c:
+ tests: Add srn3 to test inverse of what srn1 is testing.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn2.c: tests: Add another safe
+ renegotiation self tests.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/srn1.c: Also test
+ gnutls_safe_renegotiation_status API.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
+ renegotiation extension.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
+ X.509 rehandshake test.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/mini-x509.c: Protect against infloops.
+
+2010-05-03 Simon Josefsson <address@hidden>
+
+ * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
+ self-test.
+
+2010-04-30 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Improve text, based on suggestions from Tomas
+ Hoger <address@hidden>.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_handshake.c: Fix typo.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_handshake.c: Improve renegotiation debug messages.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * doc/announce.txt: Add.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * .gitignore: Add.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Add section on safe renegotiation.
+
+2010-04-29 Simon Josefsson <address@hidden>
+
+ * lib/gnutls_record.c: Remove debug code.
+
+2010-04-25 Simon Josefsson <address@hidden>
+
+ * doc/gnutls.texi: Mention shared library map file and GTK-DOC
+ guidelines.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * doc/announce.txt: Update URL.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * AUTHORS: Update my OpenPGP key.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * doc/announce.txt: Update my key.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * doc/announcement-template.txt: Remove.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * NEWS: Add 2.8.x NEWS entries.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * libextra/configure.ac: Also bump libgnutls-extra version.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
+ versions.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * build-aux/gendocs.sh: Chmod +x.
+
+2010-04-22 Simon Josefsson <address@hidden>
+
+ * ChangeLog: Generated.
+
2010-04-22 Simon Josefsson <address@hidden>
* NEWS: Version 2.9.10.
@@ -20958,12 +23483,7 @@
2005-11-07 Simon Josefsson <address@hidden>
- * NEWS: Version 1.2.9.
-
-2005-11-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * corrected bug in pkcs 12 ID key setting. Found and reported by Fran
- <address@hidden>.
+ * Version 1.2.9.
-----
diff --git a/NEWS b/NEWS
index 0783c3a..0d67ac1 100644
--- a/NEWS
+++ b/NEWS
@@ -3,7 +3,7 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
See the end for copying conditions.
-* Version 2.11.3 (unreleased)
+* Version 2.11.3 (released 2010-10-14)
** Indent code to follow the GNU Coding Standard.
You should be able to unpack the 2.11.2 release and run 'make indent'
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-404-gc238f7f,
Simon Josefsson <=