1 2011-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 * README, README-alpha: simplified README
5 2011-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 * lib/accelerated/intel/aes-x86.h: documented extra alignment
9 2011-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 * lib/gnutls_record.c: cleaned-up code
13 2011-09-04 Andreas Metzler <ametzler@downhill.at.eu.org>
15 * configure.ac: Add p11-kit-1 to gnutls.pc Requires.private. If building with PKCS#11 support append p11-kit-1 to gnutls.pc
16 Requires.private. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
18 2011-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20 * .gitignore: more files to ignore
22 2011-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
24 * doc/cha-gtls-app.texi: documentation updates
26 2011-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
28 * lib/gnutlsxx.cpp: updated for lowat
30 2011-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
32 * doc/cha-auth.texi, doc/cha-cert-auth.texi,
33 doc/cha-functions.texi, doc/cha-gtls-app.texi,
34 doc/cha-intro-tls.texi: documentation updates. @acronym was removed
37 2011-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
39 * lib/includes/gnutls/compat.h: set_lowat was removed as a macro.
41 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
43 * doc/cha-programs.texi: simplified examples
45 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
47 * doc/examples/ex-serv-pgp.c, tests/openpgp-certs/testcerts:
48 explicitly enable openpgp certtype in tests.
50 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
54 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
56 * configure.ac, m4/hooks.m4: bumped version
58 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
60 * doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib:
63 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
65 * tests/openpgpself.c: explicitly enable openpgp certtype in tests.
67 2011-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
69 * doc/cha-gtls-app.texi, lib/system_override.c: Added documentation
70 on asynchronous operation.
72 2011-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
74 * configure.ac: do not exit configure if p11-kit is not found.
76 2011-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
78 * NEWS, lib/gnutls_priority.c: OpenPGP certificate type priority is
79 not enabled by default.
81 2011-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
83 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_handshake.c,
84 lib/gnutls_int.h, lib/gnutls_priority.c: Added %NO_EXTENSIONS
87 2011-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
89 * doc/printlist.c: doc fixes
91 2011-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
93 * tests/suite/testcompat-main: disabled test
95 2011-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
97 * libextra/openssl_compat.c, libextra/openssl_compat.h: removed old
98 and unused compatibility functions.
100 2011-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
102 * lib/includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
103 lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/output.c,
104 lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h,
105 libextra/gnutls_openssl.c, src/crywrap/crywrap.c: corrected sign
106 type errors for integers.
108 2011-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
110 * lib/gnutls_record.c: Corrected error checking in
113 2011-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
115 * doc/cha-gtls-app.texi: doc updates
117 2011-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
119 * NEWS, src/certtool-cfg.c, src/common.h: removed unneeded header.
122 2011-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
124 * lib/nettle/ecc.h, lib/nettle/ecc_free.c,
125 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
126 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_projective_add_point.c,
127 lib/nettle/ecc_projective_dbl_point.c,
128 lib/nettle/ecc_projective_dbl_point_3.c,
129 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
130 lib/nettle/ecc_verify_hash.c: Avoid assert() and do not include
133 2011-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
135 * tests/suite/testcompat: skip if datefudge is not available
137 2011-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
139 * lib/accelerated/x86.h: Modified cpuid for 32-bit x86 to avoid a
140 gcc issue (not finding a register).
142 2011-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
144 * NEWS, src/Makefile.am, src/benchmark-cipher.c,
145 src/benchmark-tls.c, src/benchmark.h, src/cli-gaa.c, src/cli-gaa.h,
146 src/cli.gaa: Benchmark applications were incorporated to gnutls-cli
148 2011-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
150 * lib/algorithms/ciphersuites.c: Corrected DH-ANON ciphersuite
153 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
155 * doc/cha-cert-auth.texi, doc/gnutls-pgp.eps, doc/gnutls-x509.eps:
158 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
160 * NEWS, lib/x509/x509.c: XmppAddr -> UTF8String
162 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
164 * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c,
165 lib/x509/x509.c: more updates in private key copy.
167 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
169 * lib/accelerated/intel/aes-x86.h: removed unused variable.
171 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
173 * NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
174 lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
175 lib/openpgp/gnutls_openpgp.h, lib/openpgp/privkey.c,
176 lib/x509/x509.c: gnutls_certificate_set_x509_key() and
177 gnutls_certificate_set_openpgp_key() operate as in gnutls 2.10.x and
178 do not require to hold the structures.
180 2011-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
182 * lib/accelerated/intel/aes-gcm-x86.c,
183 lib/accelerated/intel/aes-x86.c: removed unused variables.
185 2011-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
187 * lib/gnutls_record.c: Allow out-of-order change_cipher_spec in
190 2011-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
192 * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
193 doc/cha-intro-tls.texi, doc/examples/ex-cert-select-pkcs11.c,
194 lib/gnutls_buffers.c, lib/gnutls_pubkey.c, lib/gnutls_record.c:
195 documentation changes.
197 2011-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
199 * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
200 gnutls/extra.h is not required for SRP.
202 2011-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
204 * doc/latex/gnutls.tex: leave an empty page
206 2011-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
208 * doc/cha-auth.texi, doc/cha-bib.texi, doc/cha-cert-auth.texi,
209 doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
210 doc/latex/gnutls.bib, doc/latex/gnutls.tex: documentation updates
212 2011-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
214 * lib/nettle/rnd.c: unlock rnd mutex on error.
216 2011-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
218 * doc/cha-bib.texi, doc/latex/gnutls.bib: bibliography updated
220 2011-08-22 Andreas Metzler <ametzler@debian.org>
222 * lib/libgnutls.map: Export export_gnutls_openpgp_privkey_sign_hash. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
224 2011-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
226 * lib/gnutls_buffers.c, lib/system.c: AIX check moved to system.c.
228 2011-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
230 * src/crywrap/crywrap.c: Handle memory allocation errors.
232 2011-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
234 * doc/manpages/Makefile.am, doc/manpages/crywrap.8: The crywrap
235 manpage was removed due to license reasons.
237 2011-08-22 Ludovic Courtès <ludo@gnu.org>
239 * guile/tests/priorities.scm: guile: Fix `priorities' test to use
240 `run-test'. This is a followup to commit
241 cd7b8102316cd4151356c4b2b7909c7435593890 ("guile: Fix tests to match
242 the `exit' behavior introduced in Guile 2.0.1.").
244 2011-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
246 * src/crywrap/Makefile.am: include README to distribution.
248 2011-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
250 * lib/gnutls_ui.c: documentation fixes.
252 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
254 * doc/cha-cert-auth.texi, doc/cha-internals.texi,
255 doc/cha-intro-tls.texi, doc/cha-library.texi,
256 doc/scripts/mytexi2latex: Use texinfo's word break.
258 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
260 * NEWS, m4/hooks.m4: updated for release
262 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
264 * src/crywrap/Makefile.am: Added missing file
266 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
268 * po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
269 po/uk.po.in: Sync with TP.
271 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
273 * lib/Makefile.am: corrected typo
275 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
277 * lib/gnutls_buffers.c: Added hack for AIX systems that may not set
278 errno property on EAGAIN.
280 2011-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
282 * doc/examples/ex-cert-select-pkcs11.c: simplified PKCS #11 token
285 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
287 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
288 lib/gnutls_record.c, lib/system_override.c: documentation updates
290 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
292 * .gitignore: updated ignored files.
294 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
296 * tests/resume.c: Corrected session resumption test.
298 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
300 * tests/utils.c: Avoid using vfprintf() and use a combination of
301 vsnprintf and fputs instead. My gnulib has issues with them.
303 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
305 * gl/Makefile.am, gl/m4/gnulib-cache.m4: added vfprintf-posix
308 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
310 * configure.ac: depend on p11-kit 0.4+.
312 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
314 * NEWS, lib/Makefile.am, lib/auth/cert.c, lib/auth/cert.h,
315 lib/gnutls_cert.c, lib/gnutls_str_array.h, lib/gnutls_x509.c,
316 lib/openpgp/gnutls_openpgp.c: Removed the limitation of one name per
319 2011-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
321 * doc/cha-auth.texi: rephrased text on anonymous authentication.
323 2011-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
325 * doc/cha-programs.texi: small update in psktool
327 2011-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
329 * NEWS: updated crywrap
331 2011-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
333 * NEWS: documented changes
335 2011-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
337 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
338 lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
339 lib/openpgp/gnutls_openpgp.c: gnutls_certificate_set_x509_key_file()
340 and friends support server name indication. If multiple
341 certificates are set using this function the proper one will be
342 selected during a handshake, with the limitation of a single name
345 2011-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
347 * lib/x509/x509.c: Documentation fixes.
349 2011-08-17 Simon Josefsson <simon@josefsson.org>
351 * cfg.mk, src/crywrap/crywrap.c: Fix syntax-check nits.
353 2011-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
355 * NEWS, lib/algorithms/ciphers.c: Added AES-256-GCM. Reported by
358 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
360 * NEWS: documented fix
362 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
364 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/p11common.c:
365 Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously
368 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
370 * NEWS: documented fix
372 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
374 * doc/cha-programs.texi: some discussion on tokens.
376 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
378 * lib/pkcs11.c: Corrected issue when asking multiple times for PIN.
380 2011-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
382 * configure.ac: corrected configure test
384 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
386 * src/crywrap/crywrap.c: dhparams have now the 'r' option.
388 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
390 * src/crywrap/crywrap.c: use audit_log
392 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
394 * src/crywrap/crywrap.c, src/crywrap/crywrap.h: removed unneeded
397 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
399 * src/cli.c: unload_file was modified to accept a pointer.
401 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
403 * NEWS, src/crywrap/Makefile.am, src/crywrap/crywrap.c: corrected
404 child process cleanup and added option to specify diffie hellman
407 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
409 * .gitignore: more files to ignore
411 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
413 * doc/manpages/crywrap.8, src/crywrap/crywrap.c,
414 src/crywrap/crywrap.h: Corrected crywrap's verification procedure.
416 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
418 * src/serv.c: use gnutls_sec_param_to_pk_bits() for DH parameter
421 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
423 * .gitignore, configure.ac, doc/manpages/Makefile.am,
424 doc/manpages/crywrap.8, gl/Makefile.am, gl/alphasort.c,
425 gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
426 gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
427 gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
428 gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/basename-lgpl.c,
429 gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h,
430 gl/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseeko.c, gl/fseterr.c,
431 gl/fseterr.h, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c,
432 gl/getopt_int.h, gl/getsubopt.c, gl/isnan.c, gl/isnand-nolibm.h,
433 gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
434 gl/isnanl.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/dirent_h.m4,
435 gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
436 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/exponentd.m4,
437 gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
438 gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getopt.m4,
439 gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
440 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
441 gl/m4/lstat.m4, gl/m4/malloca.m4, gl/m4/math_h.m4,
442 gl/m4/mempcpy.m4, gl/m4/mode_t.m4, gl/m4/nocrash.m4, gl/m4/open.m4,
443 gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/putenv.m4,
444 gl/m4/rawmemchr.m4, gl/m4/scandir.m4, gl/m4/setenv.m4,
445 gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4,
446 gl/m4/strchrnul.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
447 gl/m4/symlink.m4, gl/m4/sysexits.m4, gl/m4/vfprintf-posix.m4,
448 gl/m4/vprintf-posix.m4, gl/math.in.h, gl/mempcpy.c,
449 gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c,
450 gl/printf-frexpl.h, gl/rawmemchr.c, gl/rawmemchr.valgrind,
451 gl/scandir.c, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
452 gl/sleep.c, gl/strchrnul.c, gl/strchrnul.valgrind, gl/stripslash.c,
453 gl/strndup.c, gl/strnlen.c, gl/sysexits.in.h, gl/tests/Makefile.am,
454 gl/tests/dummy.c, gl/tests/dup2.c, gl/tests/fpucw.h,
455 gl/tests/getcwd-lgpl.c, gl/tests/ignore-value.h, gl/tests/lstat.c,
456 gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind,
457 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
458 gl/tests/putenv.c, gl/tests/same-inode.h, gl/tests/setenv.c,
459 gl/tests/stat.c, gl/tests/symlink.c, gl/tests/test-argp-2.sh,
460 gl/tests/test-argp.c, gl/tests/test-dirent.c, gl/tests/test-dup2.c,
461 gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
462 gl/tests/test-frexp.c, gl/tests/test-frexpl.c,
463 gl/tests/test-fseeko3.c, gl/tests/test-fseeko3.sh,
464 gl/tests/test-fseterr.c, gl/tests/test-getcwd-lgpl.c,
465 gl/tests/test-getopt.c, gl/tests/test-getopt.h,
466 gl/tests/test-getopt_long.h, gl/tests/test-ignore-value.c,
467 gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
468 gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
469 gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
470 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
471 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
472 gl/tests/test-math.c, gl/tests/test-open.c, gl/tests/test-open.h,
473 gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
474 gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
475 gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
476 gl/tests/test-signbit.c, gl/tests/test-sleep.c,
477 gl/tests/test-stat.c, gl/tests/test-stat.h,
478 gl/tests/test-strchrnul.c, gl/tests/test-strnlen.c,
479 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
480 gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
481 gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
482 gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
483 gl/tests/unsetenv.c, gl/vfprintf.c, gl/vprintf.c, m4/hooks.m4,
484 src/Makefile.am, src/crywrap/Makefile.am, src/crywrap/README,
485 src/crywrap/crywrap.c, src/crywrap/crywrap.h, src/crywrap/primes.h:
486 Added crywrap to the distributed programs.
488 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
490 * lib/accelerated/intel/.gitignore: files to ignore
492 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
494 * doc/cha-internals.texi: doc updates
496 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
498 * doc/cha-auth.texi, doc/cha-cert-auth.texi,
499 doc/cha-ciphersuites.texi, doc/cha-errors.texi,
500 doc/cha-functions.texi, doc/cha-gtls-app.texi,
501 doc/cha-internals.texi, doc/cha-intro-tls.texi,
502 doc/cha-library.texi, doc/cha-support.texi: do not use capitals in
505 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
507 * .gitignore, doc/latex/.gitignore: more files to ignore.
509 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
511 * NEWS, lib/pkcs11.c: If a module is dlopened twice, then
512 deinitialize the second load.
514 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
516 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
517 doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_record.c:
518 documentation updates
520 2011-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
522 * doc/cha-library.texi: memory handling section is no longer
525 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
527 * doc/cha-gtls-app.texi: Added discussion on DTLS functionality
529 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
531 * doc/cha-programs.texi, doc/cha-support.texi, doc/cha-tls-app.texi:
534 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
536 * doc/cha-gtls-app.texi: updated openssl text
538 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
540 * doc/cha-gtls-app.texi: correct typos
542 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
544 * doc/manpages/gnutls-cli.1: do not escape \#
546 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
548 * doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: more updates
550 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
552 * doc/cha-bib.texi, doc/cha-preface.texi, doc/latex/gnutls.bib:
553 Added reference to anderson's book
555 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
557 * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
558 doc/gnutls-certificate-user-use-case.eps,
559 doc/gnutls-extensions.eps, doc/gnutls.texi,
560 doc/scripts/mytexi2latex, lib/x509/crl_write.c, lib/x509/crq.c,
561 lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c:
562 Internals section updated.
564 2011-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
566 * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/examples/ex-crq.c,
567 lib/gnutls_pubkey.c, lib/includes/gnutls/compat.h,
568 lib/includes/gnutls/x509.h, lib/pkcs11.c, lib/pkcs11_write.c,
569 lib/x509/crq.c: Documentation updates. gnutls_x509_crq_sign2() and
570 gnutls_x509_crl_sign2() were removed from the deprecate list to ease
571 generation of crl and crq structures.
573 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
575 * doc/alert-printlist.c, doc/cha-intro-tls.texi,
576 doc/cha-library.texi, doc/cha-programs.texi, doc/errcodes.c,
577 doc/printlist.c: updates
579 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
581 * doc/latex/gnutls.tex: changed paper size.
583 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
585 * lib/gnutls_global.c: doc update
587 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
589 * doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: reduced
590 space taken by descriptions.
592 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
594 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: more updates.
596 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
598 * NEWS: documented fixes
600 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
602 * lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h:
603 Force alignment for AES-NI to the runtime rather than on the
604 structures. Corrects issue on some systems (reported by Andreas
607 2011-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
609 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
610 doc/cha-library.texi, lib/system_override.c: Added session
611 initialization discussion
613 2011-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
615 * doc/cha-cert-auth.texi: more updates
617 2011-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
619 * doc/cha-auth.texi, doc/cha-gtls-app.texi, lib/gnutls_psk.c,
620 lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: updated
623 2011-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
625 * lib/pkcs11.c: document flags
627 2011-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
629 * NEWS: corrected typo
631 2011-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
633 * lib/README: removed reference to pakchois
635 2011-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
637 * lib/pkcs11.c: Prevent from loading twice the same module.
639 2011-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
641 * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
642 lib/accelerated/intel/asm/appro-aes-x86-64.s,
643 lib/accelerated/intel/asm/appro-aes-x86.s: Added note.GNU-stack to
644 prevent marking the library as using an executable stack. Reported
647 2011-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
649 * configure.ac: bumped version
651 2011-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
653 * lib/accelerated/intel/asm/appro-aes-x86-64.s,
654 lib/accelerated/intel/asm/appro-aes-x86.s: Included appro's updates
657 2011-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
659 * lib/auth/cert.c: better placement of ifdefs.
661 2011-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
663 * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
664 doc/gnutls-extensions.eps, doc/gnutls-extensions_st.eps,
665 doc/gnutls-mod_auth_st.eps, doc/gnutls-modauth.eps,
666 doc/latex/Makefile.am, doc/latex/gnutls.tex,
667 doc/scripts/mytexi2latex: Added discussion of the provided
668 cryptographic functions. Internals is now included in the latex
669 document (needs rewrite though)
671 2011-08-03 Simon Josefsson <simon@josefsson.org>
673 * lib/Makefile.am, lib/accelerated/Makefile.am,
674 lib/accelerated/accelerated.c, lib/accelerated/cryptodev.c,
675 lib/accelerated/intel/Makefile.am,
676 lib/accelerated/intel/aes-gcm-x86.c,
677 lib/accelerated/intel/aes-x86.c, lib/algorithms.h,
678 lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
679 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
680 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
681 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
682 lib/algorithms/secparams.c, lib/algorithms/sign.c,
683 lib/auth/Makefile.am, lib/auth/anon.c, lib/auth/anon.h,
684 lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h,
685 lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
686 lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
687 lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c,
688 lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c,
689 lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c,
690 lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
691 lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h,
692 lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
693 lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
694 lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
695 lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
696 lib/ext/server_name.c, lib/ext/server_name.h,
697 lib/ext/session_ticket.c, lib/ext/session_ticket.h,
698 lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
699 lib/ext/srp.h, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
700 lib/gcrypt/init.c, lib/gcrypt/mac.c, lib/gcrypt/mpi.c,
701 lib/gcrypt/pk.c, lib/gcrypt/rnd.c, lib/gnutls_alert.c,
702 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
703 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
704 lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
705 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
706 lib/gnutls_compress.h, lib/gnutls_constate.c,
707 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
708 lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
709 lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
710 lib/gnutls_ecc.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
711 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
712 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
713 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
714 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
715 lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c,
716 lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h,
717 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c,
718 lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c,
719 lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c,
720 lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
721 lib/gnutls_record.h, lib/gnutls_rsa_export.c,
722 lib/gnutls_rsa_export.h, lib/gnutls_session.c,
723 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
724 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
725 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
726 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
727 lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
728 lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
729 lib/hash.c, lib/includes/Makefile.am,
730 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
731 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
732 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
733 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
734 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
735 lib/libgnutls.map, lib/libgnutlsxx.map, lib/locks.c,
736 lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/ecc_free.c,
737 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
738 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
739 lib/nettle/ecc_projective_add_point.c,
740 lib/nettle/ecc_projective_dbl_point.c,
741 lib/nettle/ecc_projective_dbl_point_3.c,
742 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
743 lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
744 lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
745 lib/nettle/rnd.c, lib/opencdk/Makefile.am, lib/opencdk/armor.c,
746 lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
747 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
748 lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
749 lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
750 lib/opencdk/packet.h, lib/opencdk/pubkey.c,
751 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
752 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
753 lib/opencdk/stream.h, lib/opencdk/types.h,
754 lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
755 lib/openpgp/compat.c, lib/openpgp/extras.c,
756 lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
757 lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
758 lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
759 lib/pkcs11_write.c, lib/random.c, lib/random.h, lib/system.c,
760 lib/system_override.c, lib/x509/Makefile.am, lib/x509/common.c,
761 lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
762 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
763 lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
764 lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
765 lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
766 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
767 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
768 lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
769 lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c,
770 lib/x509_b64.h: Clarify license and copyright.
772 2011-08-03 Simon Josefsson <simon@josefsson.org>
774 * README: Clarify licensing.
776 2011-08-03 Simon Josefsson <simon@josefsson.org>
778 * lib/AUTHORS, lib/ChangeLog, lib/NEWS, lib/autogen.sh,
779 lib/build-aux/arg-nonnull.h, lib/build-aux/c++defs.h,
780 lib/build-aux/config.rpath, lib/build-aux/warn-on-use.h,
781 libextra/AUTHORS, libextra/COPYING, libextra/ChangeLog,
782 libextra/NEWS, libextra/README, libextra/build-aux/config.rpath:
785 2011-08-03 Simon Josefsson <simon@josefsson.org>
787 * libextra/includes/gnutls/extra.h: Finish removal of inner
788 application extension support.
790 2011-08-03 Simon Josefsson <simon@josefsson.org>
792 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/dtls.h: More
795 2011-08-03 Simon Josefsson <simon@josefsson.org>
797 * .x-sc_GPL_version, .x-sc_avoid_if_before_free,
798 .x-sc_bindtextdomain, .x-sc_cast_of_alloca_return_value,
799 .x-sc_cast_of_argument_to_free, .x-sc_file_system,
800 .x-sc_m4_quote_check, .x-sc_makefile_check, .x-sc_program_name,
801 .x-sc_prohibit_HAVE_MBRTOWC, .x-sc_prohibit_S_IS_definition,
802 .x-sc_prohibit_empty_lines_at_EOF,
803 .x-sc_prohibit_strings_without_use, .x-sc_space_tab, .x-sc_the_the,
804 .x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens,
805 GNUmakefile, THANKS, build-aux/arg-nonnull.h, build-aux/c++defs.h,
806 build-aux/config.rpath, build-aux/snippet/_Noreturn.h,
807 build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
808 build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
809 build-aux/vc-list-files, build-aux/warn-on-use.h, cfg.mk,
810 configure.ac, doc/Makefile.am, gl/Makefile.am, gl/alignof.h,
811 gl/alloca.c, gl/errno.in.h, gl/error.c, gl/float.c, gl/float.in.h,
812 gl/fseek.c, gl/fseeko.c, gl/ftell.c, gl/intprops.h,
813 gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
814 gl/m4/extensions.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
815 gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
816 gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4,
817 gl/m4/getpass.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
818 gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
819 gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/include_next.m4,
820 gl/m4/largefile.m4, gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/md5.m4,
821 gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/memxor.m4,
822 gl/m4/mmap-anon.m4, gl/m4/po.m4, gl/m4/printf.m4,
823 gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/snprintf.m4,
824 gl/m4/strcase.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
825 gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
826 gl/m4/time_r.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
827 gl/m4/warnings.m4, gl/netdb.in.h, gl/netinet_in.in.h,
828 gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h,
829 gl/stdlib.in.h, gl/strerror-override.c, gl/strerror-override.h,
830 gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/sys_socket.in.h,
831 gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_uio.in.h,
832 gl/tests/Makefile.am, gl/tests/fcntl.in.h, gl/tests/fpucw.h,
833 gl/tests/init.sh, gl/tests/macros.h, gl/tests/test-float.c,
834 gl/tests/test-fseek.c, gl/tests/test-fseek.sh,
835 gl/tests/test-fseek2.sh, gl/tests/test-ftell.c,
836 gl/tests/test-ftell.sh, gl/tests/test-ftell2.sh,
837 gl/tests/test-ftell3.c, gl/tests/test-intprops.c,
838 gl/tests/test-snprintf.c, gl/tests/test-strerror.c,
839 gl/tests/test-vc-list-files-cvs.sh,
840 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
841 gl/tests/test-vsnprintf.c, gl/time.in.h, gl/timespec.h,
842 gl/unistd.in.h, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
843 lib/hash.c, lib/pkcs11_privkey.c, maint.mk, src/benchmark-cipher.c,
844 src/certtool.c, src/cli.c, src/serv.c, tests/Makefile.am,
845 tests/scripts/common.sh: Update gnulib files. Fix syntax-check
848 2011-08-03 Simon Josefsson <simon@josefsson.org>
850 * NEWS, README: Add NEWS entries. Use copyright ranges (now
853 2011-08-03 Simon Josefsson <simon@josefsson.org>
855 * po/LINGUAS, po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in,
856 po/sv.po.in, po/uk.po.in: Sync with TP.
858 2011-08-02 Simon Josefsson <simon@josefsson.org>
860 * doc/manpages/Makefile.am, doc/reference/Makefile.am,
861 doc/reference/gnutls-docs.sgml, lib/algorithms/secparams.c,
862 lib/crypto-api.c, lib/gnutls_cert.c, lib/gnutls_db.c,
863 lib/gnutls_global.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
864 lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
865 lib/includes/gnutls/pkcs11.h, lib/locks.c, lib/openpgp/privkey.c,
866 lib/pkcs11.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
867 lib/random.c, lib/system_override.c, lib/x509/crl_write.c,
868 lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: More GTK-DOC
871 2011-08-02 Simon Josefsson <simon@josefsson.org>
873 * doc/reference/Makefile.am: Simplify GTK-DOC makefile
876 2011-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
878 * lib/includes/gnutls/gnutls.h.in: updated
880 2011-08-02 Simon Josefsson <simon@josefsson.org>
882 * lib/algorithms/sign.c, lib/gnutls_dtls.c, lib/gnutls_pubkey.c,
883 lib/gnutls_record.c, lib/includes/gnutls/abstract.h,
884 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
885 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
886 lib/includes/gnutls/pkcs11.h, lib/nettle/ecc_free.c,
887 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
888 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
889 lib/nettle/ecc_projective_add_point.c,
890 lib/nettle/ecc_projective_dbl_point.c,
891 lib/nettle/ecc_projective_dbl_point_3.c,
892 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
893 lib/nettle/ecc_verify_hash.c, lib/pkcs11.c: Fix GTK-DOC manual.
895 2011-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
897 * lib/gnutls_record.c: detect premature termination of connection
899 2011-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
901 * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: the
902 deprecated_config_file from 2.12.x was incorporated.
904 2011-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
906 * lib/pkcs11.c: documentation update
908 2011-08-02 Simon Josefsson <simon@josefsson.org>
910 * doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml,
911 lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
912 lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
913 lib/gnutls_pcert.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
914 lib/gnutls_state.c, lib/system_override.c, lib/x509/crl.c,
915 lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: Add
916 GTK-DOC Since: tags for 3.0.0 additions.
918 2011-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
920 * lib/pkcs11_privkey.c: added asserts.
922 2011-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
924 * README, README-alpha: Refer to nettle alone and p11-kit.
926 2011-08-01 Stef Walter <stefw@collabora.co.uk>
928 * lib/pkcs11.c: Don't try to do PKCS#11 login if session is already
929 logged in. * It is possible for new PKCS#11 sessions to be logged in if another logged in session already exists. * In these cases, don't log in, but detect the condition and return success. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
931 2011-08-01 Stef Walter <stefw@collabora.co.uk>
933 * lib/pkcs11_privkey.c: When finding private keys fail, return error
934 code. * Previously this would result in an endless loop. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
936 2011-08-01 Stef Walter <stefw@collabora.co.uk>
938 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Mark the config
939 argument of gnutls_pkcs11_init() as unused * Since its no longer used. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
941 2011-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
943 * NEWS, lib/gnutls_str.h, lib/gnutls_x509.c,
944 lib/includes/gnutls/x509.h, lib/x509/x509.c, tests/x509cert.c: Added
945 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
946 gnutls_x509_crt_list_import. It checks whether the list to be
947 imported is properly sorted.
949 2011-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
951 * NEWS, lib/gnutls_errors.c, lib/gnutls_x509.c,
952 lib/includes/gnutls/gnutls.h.in: Added
953 GNUTLS_E_CERTIFICATE_LIST_UNSORTED. If a certificate list is loaded
954 then verify that it is sorted with order to starts with the subject
955 and finished with the trusted root. That way we make sure we don't
956 send data that violate the TLS protocol.
958 2011-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
960 * doc/cha-cert-auth.texi, doc/latex/macros.tex: documentation
963 2011-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
965 * ChangeLog: updated changelog
967 2011-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
969 * NEWS: released 3.0.0
971 2011-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
973 * configure.ac: updated version
975 2011-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
977 * src/certtool-gaa.c, src/certtool.gaa: Corrected typo.
979 2011-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
981 * NEWS: documented updates.
983 2011-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
985 * THANKS: Added Petr.
987 2011-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
989 * lib/gnutls_pcert.c, lib/gnutls_privkey.c,
990 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
991 gnutls_pcert_list_import_x509_raw() and few doc fixes.
993 2011-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
995 * lib/gnutls.pc.in: corrected for libnettle.
997 2011-06-24 Andreas Metzler <ametzler@downhill.at.eu.org>
999 * configure.ac: fix zlib handling in gnutls.pc Only add zlib to gnutls.pc's Requies.private if zlib ships a
1000 pkg-config file. Ancient (<< 1.2.3.1) versions don't. Otherwise add
1001 -lz to Libs.private. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1003 2011-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1005 * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
1006 gnutls_global_init_extra() is not needed for SRP.
1008 2011-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1010 * NEWS: documented changes.
1012 2011-07-25 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
1014 * lib/gnutls_buffers.c: writev_emu: stop on the first incomplete
1015 write Just like standard writev, we should only move on to the next block
1016 if all the previous ones have been successfully written out.
1017 Otherwise there is a potential for data loss and/or confusing push
1018 functions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1020 2011-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1022 * doc/latex/fdl.tex: increased size of fdl.
1024 2011-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1026 * lib/pkcs11.c: Added debug message to indicate usage of
1027 compatibility mode for /etc/gnutls/pkcs11.conf
1029 2011-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1031 * AUTHORS: removed pgp key from authors file.
1033 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1035 * ChangeLog: updated changelog.
1037 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1039 * NEWS, configure.ac, doc/announce.txt, m4/hooks.m4: released 2.99.4
1041 2011-06-29 Petr Písař <petr.pisar@atlas.cz>
1043 * lib/gnutls_privkey.c: Honor uninitialized private key in
1044 destructor Fixes bug #107730. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1046 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1048 * src/certtool.c: Corrected initialization of key when generating
1049 request. Reported by Petr Pisar.
1051 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1055 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1057 * lib/gnutls_rsa_export.c, lib/x509/privkey.c,
1058 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: The crippled status
1059 of an gnutls_x509_privkey_t was removed.
1061 2011-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1063 * doc/examples/ex-pkcs11-list.c: Example compilation fix.
1065 2011-07-07 Stef Walter <stefw@collabora.co.uk>
1067 * configure.ac, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
1068 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
1069 Use p11_kit_pin_xxx() functionality when 'pinfile' is in uris. * This allows other apps to register a handler for a specific
1070 pinfile and then that application will be able to provide the PIN
1071 for those URIs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1073 2011-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1075 * lib/pkcs11.c: Added compatibility mode with
1076 /etc/gnutls/pkcs11.conf
1078 2011-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1080 * doc/cha-tls-app.texi: Updates in upward negotiation section.
1082 2011-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1084 * doc/latex/gnutls.bib: Corrected bibliography
1086 2011-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1088 * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1089 doc/cha-intro-tls.texi, doc/cha-library.texi,
1090 doc/cha-programs.texi, doc/cha-tls-app.texi: corrected section
1093 2011-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1095 * doc/cha-library.texi, doc/cha-support.texi, lib/gnutls_errors.c,
1096 lib/gnutls_srp.c: Updated information on required libraries.
1098 2011-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1100 * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1101 doc/cha-intro-tls.texi, doc/cha-library.texi, doc/cha-preface.texi:
1104 2011-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1106 * doc/.gitignore, doc/Makefile.am, doc/alert-printlist.c,
1107 doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1108 doc/cha-intro-tls.texi, doc/cha-library.texi, doc/gnutls.texi,
1109 doc/latex/Makefile.am, doc/latex/gnutls.tex, doc/latex/macros.tex,
1110 doc/scripts/gdoc, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
1111 doc/scripts/split.pl, lib/gnutls_x509.c: updated function listing.
1113 2011-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1115 * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in,
1116 lib/libgnutls.map: Added gnutls_alert_get_strname().
1118 2011-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1120 * lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
1121 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
1122 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
1123 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
1124 lib/auth/psk.c, lib/auth/rsa_export.c, lib/crypto-api.c,
1125 lib/crypto-backend.c, lib/ext/max_record.c,
1126 lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
1127 lib/ext/session_ticket.c, lib/gcrypt/mpi.c, lib/gnutls_alert.c,
1128 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
1129 lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c,
1130 lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
1131 lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_priority.c,
1132 lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
1133 lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
1134 lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
1135 lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
1136 lib/nettle/ecc_verify_hash.c, lib/opencdk/kbnode.c,
1137 lib/opencdk/sig-check.c, lib/openpgp/extras.c,
1138 lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
1139 lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c,
1140 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
1141 lib/random.c, lib/x509/common.c, lib/x509/crl.c,
1142 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
1143 lib/x509/extensions.c, lib/x509/output.c, lib/x509/pkcs12.c,
1144 lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
1145 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
1146 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
1147 lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
1148 lib/x509/x509_write.c: documentation fixes
1150 2011-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1152 * NEWS, lib/COPYING, lib/accelerated/accelerated.c,
1153 lib/accelerated/cryptodev.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
1154 lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/dhe.c,
1155 lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/psk.c,
1156 lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
1157 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
1158 lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
1159 lib/debug.c, lib/ext/cert_type.c, lib/ext/ecc.c,
1160 lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
1161 lib/ext/server_name.c, lib/ext/session_ticket.c,
1162 lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_alert.c,
1163 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
1164 lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
1165 lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
1166 lib/gnutls_db.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
1167 lib/gnutls_dtls.c, lib/gnutls_ecc.c, lib/gnutls_errors.c,
1168 lib/gnutls_extensions.c, lib/gnutls_global.c,
1169 lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_helper.c,
1170 lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mem.c,
1171 lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pcert.c,
1172 lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
1173 lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
1174 lib/gnutls_rsa_export.c, lib/gnutls_session.c,
1175 lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
1176 lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
1177 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
1178 lib/hash.c, lib/locks.c, lib/nettle/cipher.c,
1179 lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
1180 lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
1181 lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
1182 lib/nettle/ecc_projective_dbl_point.c,
1183 lib/nettle/ecc_projective_dbl_point_3.c,
1184 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
1185 lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
1186 lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
1187 lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
1188 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
1189 lib/opencdk/main.c, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
1190 lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
1191 lib/opencdk/seskey.c, lib/opencdk/sig-check.c,
1192 lib/opencdk/stream.c, lib/opencdk/write-packet.c,
1193 lib/openpgp/compat.c, lib/openpgp/extras.c,
1194 lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
1195 lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
1196 lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
1197 lib/pkcs11_write.c, lib/random.c, lib/system.c,
1198 lib/system_override.c, lib/x509/common.c, lib/x509/crl.c,
1199 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
1200 lib/x509/extensions.c, lib/x509/key_decode.c,
1201 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
1202 lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
1203 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
1204 lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
1205 lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
1206 lib/x509/x509.c, lib/x509/x509_write.c, lib/x509_b64.c: Upgraded to
1209 2011-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1211 * doc/latex/cover.tex.in: updated cover.
1213 2011-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1215 * doc/latex/fdl.tex: improvements on fdl.
1217 2011-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1219 * AUTHORS: Added LRN.
1221 2011-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1223 * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1224 doc/cha-intro-tls.texi, doc/cha-library.texi,
1225 doc/cha-programs.texi, doc/scripts/mytexi2latex: documentation
1228 2011-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1230 * NEWS, lib/gnutls_srp.c, lib/gnutls_srp.h: gnutls_srp_verifier()
1231 returns data allocated with gnutls_malloc() for consistency.
1233 2011-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1235 * lib/gnutls_errors.c: reduced error message.
1237 2011-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1239 * doc/cha-intro-tls.texi: simplified text.
1241 2011-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1243 * doc/latex/fdl.tex, doc/latex/gnutls.tex: FDL is now included using
1246 2011-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1248 * doc/cha-auth.texi, doc/cha-intro-tls.texi,
1249 doc/examples/ex-client1.c, doc/scripts/mytexi2latex: Tables were
1252 2011-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1254 * doc/cha-cert-auth.texi, doc/cha-internals.texi,
1255 doc/cha-intro-tls.texi, doc/cha-library.texi,
1256 doc/scripts/mytexi2latex: figures were made floating.
1258 2011-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1260 * doc/latex/cover.tex.in, doc/scripts/mytexi2latex: Added
1261 high-quality pdf images.
1263 2011-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1265 * .gitignore, doc/latex/.gitignore: more files to ignore
1267 2011-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1269 * configure.ac, doc/Makefile.am, doc/cha-auth.texi,
1270 doc/cha-bib.texi, doc/cha-cert-auth.texi,
1271 doc/cha-ciphersuites.texi, doc/cha-errors.texi,
1272 doc/cha-functions.texi, doc/cha-gtls-app.texi,
1273 doc/cha-internals.texi, doc/cha-intro-tls.texi,
1274 doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
1275 doc/cha-support.texi, doc/cha-tls-app.texi, doc/errcodes.c,
1276 doc/examples/ex-client1.c, doc/examples/ex-pkcs11-list.c,
1277 doc/examples/ex-serv-anon.c, doc/gnutls.texi,
1278 doc/latex/Makefile.am, doc/latex/cover.tex.in, doc/latex/fdl.tex,
1279 doc/latex/gnutls.bib, doc/latex/gnutls.tex, doc/latex/macros.tex,
1280 doc/printlist.c, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
1281 doc/signatures.texi: updated documentation to allow latex output.
1283 2011-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1285 * lib/gnutls_record.c, lib/x509/crq.c, lib/x509/x509.c,
1286 lib/x509/x509_write.c: corrected typos
1288 2011-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1290 * doc/cha-cert-auth.texi, doc/examples/Makefile.am,
1291 doc/examples/ex-cert-select.c, doc/examples/ex-client-udp.c,
1292 doc/examples/ex-crq.c, doc/examples/ex-pkcs11-list.c,
1293 doc/examples/ex-session-info.c, doc/examples/ex-verify.c: indented
1294 code. Corrected PKCS #11 example.
1296 2011-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1298 * doc/Makefile.am: added missing file.
1300 2011-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1302 * AUTHORS, NEWS, lib/includes/gnutls/gnutls.h.in, m4/hooks.m4:
1305 2011-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1307 * NEWS, lib/gnutls_errors.c, lib/includes/gnutls/pkcs11.h,
1308 lib/pkcs11.c, lib/pkcs11_write.c, src/p11tool-gaa.c,
1309 src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
1310 src/pkcs11.c: Added new PKCS #11 flags to force an object being
1311 private or not. Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
1312 GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE. p11tool supports now the
1313 --no-private and --private options.
1315 2011-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1317 * src/p11common.c: Limit the number of attempts with the same PIN,
1318 to avoid attempting again and again with a wrong PIN.
1320 2011-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1322 * lib/pkcs11_write.c: When writing an object with CKA_TRUSTED set
1323 CKA_PRIVATE explicitly to FALSE, to allow the SO to write it.
1324 Reported by Rickard Bellgrim.
1326 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1330 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1332 * src/pkcs11.c: removed unneeded test.
1334 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1336 * lib/pkcs11.c: Enforce the GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO even if
1337 GNUTLS_PKCS11_OBJ_FLAG_LOGIN is specified.
1339 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1341 * src/Makefile.am, src/p11common.c, src/pkcs11.c: Use common code
1342 for PKCS #11 callbacks across clients. Require SO login to write a
1345 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1347 * lib/algorithms/ciphersuites.c, lib/ext/safe_renegotiation.h: bit
1348 fields changed to unsigned.
1350 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1352 * lib/gnutls_pubkey.c, lib/x509/privkey.c: Moved null check before
1355 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1357 * lib/opencdk/keydb.c: removed unreachable code warning
1359 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1361 * lib/opencdk/hash.c, lib/opencdk/main.h, lib/opencdk/stream.c,
1362 lib/opencdk/write-packet.c: eliminated wipemem().
1364 2011-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1366 * lib/gnutls_pk.c: corrected uninitialized variable warning.
1368 2011-06-16 Rickard Bellgrim <rickard@opendnssec.org>
1370 * lib/pkcs11_write.c: The CKA_SUBJECT must be specified for a
1371 certificate. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1373 2011-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1375 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/pkcs11.c: When
1376 setting the TRUSTED flag login as security officer.
1378 2011-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1380 * lib/pkcs11_write.c: write label in PKCS #11 privkey.
1382 2011-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1384 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
1385 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
1386 lib/pkcs11_write.c: define ck_bool_t to be compatible with PKCS #11
1389 2011-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1391 * configure.ac: ignore more warnings.
1393 2011-06-09 Stef Walter <stefw@collabora.co.uk>
1395 * lib/Makefile.am, lib/pkcs11_int.h, lib/pkcs11_spec.h: Use pkcs11.h
1396 specification file from p11-kit. * Remove one included briefly in gnutls. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1398 2011-06-09 Stef Walter <stefw@collabora.co.uk>
1400 * lib/pkcs11.c, src/cli.c, src/p11common.c, src/pkcs11.c,
1401 tests/suite/mini-eagain2.c: Fix up compiler warnings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1403 2011-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1405 * lib/pkcs11_spec.h: Added missing file
1407 2011-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1409 * doc/cha-cert-auth.texi: document new config file format and path.
1411 2011-06-07 Stef Walter <stefw@collabora.co.uk>
1413 * configure.ac, doc/examples/Makefile.am, lib/Makefile.am,
1414 lib/auth/cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
1415 lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/pakchois/README,
1416 lib/pakchois/dlopen.c, lib/pakchois/dlopen.h,
1417 lib/pakchois/errors.c, lib/pakchois/pakchois.c,
1418 lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
1419 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
1420 lib/pkcs11_write.c, src/Makefile.am, src/certtool-common.c,
1421 src/certtool.c, src/cli.c, src/p11tool.c, src/serv.c: The attached
1422 patch ports gnutls to p11-kit. p11-kit is added as a dependency.
1423 p11-kit itself has no dependencies outside of basic libc stuff. The
1424 source code for p11-kit is available both in git and tarball form.
1425 [3] If the gnutls dependency on p11-kit is disabled (via a configure
1426 option) then the PKCS#11 support is disabled. This is useful in bare
1427 bones embedded systems or places where very minimal dependencies are
1430 2011-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1432 * doc/manpages/Makefile.am: updated
1434 2011-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1436 * lib/pkcs11.c, lib/pkcs11_privkey.c: Return error code when an
1437 object is not found. Only request for token insertion if the
1438 expected data is not found. Based on patch by Stef Walter.
1440 2011-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1442 * configure.ac: Depend on automake 1.11.
1444 2011-06-06 Stef Walter <stefw@collabora.co.uk>
1446 * tests/suite/Makefile.am: tests: Build eagain-cli with correct
1447 libraries * Add -ldl -lpthread to linker flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1449 2011-05-30 Stef Walter <stefw@collabora.co.uk>
1451 * src/cli.c: gnutls-cli: Fix uninitialized variable when PKCS#11
1452 uris in use. * When PKCS#11 URIs are in use previously tried to free
1453 uninitialized memory. Initialize to zero. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1455 2011-05-30 Stef Walter <stefw@collabora.co.uk>
1457 * lib/pkcs11.c: pkcs11: Accept CKR_USER_ALREADY_LOGGED_IN as
1458 successful result for PAP Login * When doing CKF_PROTECTED_AUTHENTICATION_PATH login, accept CKR_USER_ALREADY_LOGGED_IN as a successful result. * Another code path, or another consumer of the same PKCS#11 module may have already logged in. * This is what the non PAP code path already does. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1460 2011-06-06 Stef Walter <stefw@collabora.co.uk>
1462 * lib/auth/srp.c, lib/auth/srp_rsa.c, lib/ext/session_ticket.c,
1463 lib/gnutls_compress.c, lib/hash.c, lib/nettle/ecc_mulmod.c,
1464 lib/x509/common.c: Remove unused variables * GCC 4.6.0 prints a warning, and build failes with -Wunused Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1466 2011-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1468 * lib/nettle/rnd.c: use gnutls_assert_val() in EGD errors.
1470 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1472 * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
1473 tests/scripts/common.sh, tests/suite/testcompat-main,
1474 tests/suite/testsrn: Corrected fail() shell function. Reported by
1477 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1479 * tests/dsa/testdsa: Corrected typo. Reported by Andreas Metzler.
1481 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1483 * doc/manpages/Makefile.am: regenerated makefile.
1485 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1487 * lib/x509/common.c: documentation fix.
1489 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1491 * lib/accelerated/intel/Makefile.am,
1492 lib/accelerated/intel/aes-x86.c,
1493 lib/accelerated/intel/asm/appro-aes-gcm-x86.s: pclmul is not used on
1494 intel 32-bit systems.
1496 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1498 * lib/accelerated/intel/aes-x86.c, lib/gnutls_global.h,
1499 lib/gnutls_priority.c: When AES and GCM acceleration is available
1500 increase the priority of AES-GCM ciphersuites in performance and
1503 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1505 * lib/gcrypt/cipher.c, lib/gcrypt/pk.c: prevent compilation of
1506 gcrypt support since it is incomplete.
1508 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1510 * lib/Makefile.am, lib/algorithms/ciphers.c,
1511 lib/algorithms/ciphersuites.c, lib/gcrypt/cipher.c,
1512 lib/nettle/cipher.c, m4/hooks.m4: do not use NETTLE_LIBS to include
1513 hogweed and gmp. removed ENABLE_CAMELLIA and NETTLE_GCM.
1515 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1517 * src/benchmark-tls.c: improved benchmark.
1519 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1521 * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
1522 doc/cha-intro-tls.texi, doc/cha-library.texi,
1523 doc/cha-programs.texi, doc/examples/ex-session-info.c,
1524 doc/gnutls-certificate-user-use-case.pdf,
1525 doc/gnutls-client-server-use-case.pdf,
1526 doc/gnutls-extensions_st.pdf, doc/gnutls-handshake-sequence.pdf,
1527 doc/gnutls-handshake-state.pdf, doc/gnutls-internals.pdf,
1528 doc/gnutls-layers.pdf, doc/gnutls-logo.pdf,
1529 doc/gnutls-mod_auth_st.pdf, doc/gnutls-objects.pdf,
1530 doc/gnutls-pgp.pdf, doc/gnutls-x509.pdf, doc/gnutls.texi: Updated
1531 documentation. Removed all .pdf files. They were not needed.
1533 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1535 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
1536 lib/gnutls_handshake.c: Avoid memory allocations when requesting the
1537 supported ciphersuites.
1539 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1541 * lib/accelerated/intel/aes-x86.c: more verbose if the PCLMUL
1542 instruction is detected.
1544 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1546 * tests/cipher-test.c: Added debugging ability to cipher-test.
1548 2011-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1550 * doc/TODO: more cleanup.
1552 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1554 * doc/TODO: Added new TODO items.
1556 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1558 * doc/TODO: removed completed items from todo list
1560 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1562 * lib/gnutls_priority.c: reinstated MAC-ALL semantics.
1564 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1566 * .gitignore: more files to ignore.
1568 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1570 * lib/gnutls_session_pack.c: store the ECC curve in the session
1571 resumption parameters.
1573 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1575 * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-verify.c,
1576 lib/gnutls_cert.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
1577 lib/x509/verify-high.c, tests/Makefile.am, tests/x509cert-tl.c:
1578 Added gnutls_x509_trust_list_add_named_crt() and
1579 gnutls_x509_trust_list_verify_named_crt() that allow having a list
1580 of certificates in the trusted list that will be associated with a
1581 name (e.g. server name) and will not be used as CAs.
1583 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1585 * NEWS, doc/cha-intro-tls.texi,
1586 lib/accelerated/intel/aes-gcm-x86.c,
1587 lib/accelerated/intel/aes-x86.c, lib/algorithms/ciphersuites.c,
1588 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
1589 lib/nettle/cipher.c: Added SuiteB ciphersuites. Added SUITEB128 and
1590 SUITEB192 priority strings. SECURE256 was renamed to SECURE192
1591 (because TLS ciphersuite's security level was not enough to justify
1594 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1596 * NEWS, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
1597 gnutls_ecc_curve_get() was added.
1599 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1601 * lib/gnutls_state.c: The PRF is now read from the ciphersuite
1604 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1606 * src/common.c: Print information on elliptic curve sessions.
1608 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1610 * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
1611 lib/gnutls_sig.h, lib/includes/gnutls/abstract.h,
1612 lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/common.c,
1613 lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
1614 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Split
1615 pubkey_verify_sig() to pubkey_verify_hashed_data() and
1616 pubkey_verify_data(). Added gnutls_pubkey_verify_data2() to allow
1617 verification of a signature when the signature algorithm cannot be
1618 determined by the signature and the public key only.
1620 2011-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1622 * lib/gnutls_hash_int.h, lib/gnutls_sig.c: Allow all SHA algorithms
1625 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1627 * lib/x509/verify.c: fixes for
1628 http://tools.ietf.org/html/draft-mavrogiannopoulos-tls-dss-00
1630 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1632 * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_handshake.c:
1633 simplified _gnutls_selected_cert_supported_kx().
1635 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1637 * lib/gnutls_pubkey.c, lib/nettle/pk.c, lib/x509/verify.c:
1638 Truncation of ECDSA and DSA signatures moved to
1639 _wrap_nettle_pk_sign() and _wrap_nettle_pk_verify().
1641 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1643 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
1644 lib/algorithms/sign.c, lib/ext/signature.c, lib/gnutls_buffers.c,
1645 lib/gnutls_buffers.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
1646 lib/gnutls_sig.c, lib/nettle/pk.c: Simplified the handling of
1647 handshake messages to be hashed. Instead of doing a hash during the
1648 handshake process we now keep the data until handshake is over and
1649 hash them on demand. This uses more memory but eliminates issues
1650 with TLS 1.2 and makes the handling simpler.
1652 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1654 * lib/ext/signature.c, lib/gnutls_pubkey.c, lib/nettle/pk.c,
1655 lib/x509/common.h, lib/x509/verify.c: Hash algorithms used for DSA
1656 and ECDSA correspond to draft-mavrogiannopoulos-tls-dss-00.txt.
1658 2011-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1660 * lib/ext/ecc.c: updated
1662 2011-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1664 * doc/cha-internals.texi, doc/gnutls.texi: Added refint macro to
1665 refer to internal -non exported- functions. Used it to reference to
1666 the gnutls_*_register() functions.
1668 2011-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1670 * NEWS, lib/Makefile.am, lib/auth/psk_passwd.c, lib/auth/rsa.c,
1671 lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-api.c,
1672 lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.c,
1673 lib/ext/session_ticket.c, lib/gnutls_cipher.c,
1674 lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
1675 lib/gnutls_hash_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
1676 lib/gnutls_pk.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
1677 lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/misc.c,
1678 lib/pkcs11_secret.c, lib/random.h, lib/x509/pkcs12.c,
1679 lib/x509/privkey_pkcs8.c, libextra/gnutls_openssl.c, src/psk.c,
1680 src/srptool.c, tests/Makefile.am, tests/crypto_rng.c,
1681 tests/rng-fork.c: gnutls/crypto.h no longer includes functions to
1682 register ciphers. Thus the following functions - gnutls_crypto_bigint_register - gnutls_crypto_cipher_register - gnutls_crypto_digest_register - gnutls_crypto_mac_register - gnutls_crypto_pk_register - gnutls_crypto_rnd_register - gnutls_crypto_single_cipher_register - gnutls_crypto_single_digest_register - gnutls_crypto_single_mac_register are only available internally
1683 via crypto-backend.h.
1685 2011-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1687 * build-aux/config.rpath: updated
1689 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1691 * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
1692 lib/accelerated/intel/asm/appro-aes-gcm-x86.s,
1693 lib/accelerated/intel/asm/appro-aes-x86-64.s,
1694 lib/accelerated/intel/asm/appro-aes-x86.s: typos and date fix in
1697 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1699 * src/benchmark-tls.c: Added benchmark on GCM ciphersuites and
1700 arcfour for comparison.
1702 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1704 * lib/gnutls_int.h: corrected typo.
1706 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1708 * lib/accelerated/intel/aes-gcm-x86.c,
1709 lib/accelerated/intel/aes-x86.c: indented code
1711 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1713 * src/benchmark.c: properly initialize benchmarks.
1715 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1717 * configure.ac, m4/hooks.m4: bumped version.
1719 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1721 * lib/accelerated/intel/aes-gcm-x86.c: Corrections in encryption and
1722 decryption of incomplete blocks.
1724 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1726 * lib/accelerated/intel/aes-gcm-x86.c, lib/gnutls_int.h,
1727 lib/gnutls_state.c: Use nettle's memxor or gnulib's if it doesn't
1730 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1732 * NEWS, lib/accelerated/intel/Makefile.am,
1733 lib/accelerated/intel/aes-gcm-x86.c,
1734 lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
1735 lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
1736 lib/accelerated/intel/asm/appro-aes-gcm-x86.s, lib/gnutls_num.c,
1737 lib/gnutls_num.h, tests/cipher-test.c: Added AES-GCM optimizations
1738 using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code.
1740 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1742 * lib/crypto-api.c: documented usage of gnutls_cipher_add_auth().
1744 2011-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1746 * doc/cha-intro-tls.texi: updates.
1748 2011-05-31 Roman Bogorodskiy <bogorodskiy@gmail.com>
1750 * lib/Makefile.am: Prevent including installed gnutls' headers.
1752 2011-05-31 Roman Bogorodskiy <bogorodskiy@gmail.com>
1754 * src/udp-serv.c: Add missing <netinet/in.h> to get sockaddr_in.
1756 2011-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1758 * doc/cha-intro-tls.texi: Compatibility text updated.
1760 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1762 * lib/accelerated/intel/asm/appro-aes-x86-64.s,
1763 lib/accelerated/intel/asm/appro-aes-x86.s: Added new AES code by
1766 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1768 * doc/credentials/x509/ca-key.pem: Added missing file.
1770 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1772 * .gitignore: more files to ignore
1774 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1776 * lib/nettle/Makefile.am, lib/nettle/ecc_free.c,
1777 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
1778 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
1779 lib/nettle/ecc_projective_add_point.c,
1780 lib/nettle/ecc_projective_dbl_point_3.c,
1781 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
1782 lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c: Added FSF
1783 copyright to public domain files.
1785 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1787 * configure.ac, lib/accelerated/x86.h: Use cpuid.h if it exists, to
1788 use the x86 CPUID instruction.
1790 2011-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1792 * THANKS: Added Dash.
1794 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1796 * lib/gnutls_compress.c, lib/gnutls_compress.h,
1797 lib/gnutls_handshake.c: simplified
1798 _gnutls_supported_compression_methods().
1800 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1802 * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
1803 lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c: Correctly set
1804 compression method when resuming sessions. Reported by Dash Shendy.
1806 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1808 * lib/gnutls_hash_int.c: digest_length() uses int as input.
1810 2011-05-28 Stef Walter <stefw@collabora.co.uk>
1812 * lib/nettle/cipher.c: Fix warnings with GCC 4.5.2
1814 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1816 * doc/credentials/Makefile.am, doc/credentials/x509/Makefile.am:
1817 Corrected EXTRA_DIST
1819 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1821 * tests/suite/testcompat-main: updated keys.
1823 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1825 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_handshake.c,
1826 lib/gnutls_handshake.h: Take into account each and every advertized
1827 public key algorithm when selecting a certificate. Previously we
1828 were assuming only RSA or DSA, or ANY.
1830 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1832 * doc/credentials/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h,
1833 src/serv.c, src/serv.gaa: Added feature to specify ecc private keys
1836 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1838 * lib/algorithms.h, lib/gnutls_handshake.c, lib/gnutls_state.c:
1839 Corrected ECC ciphersuite detection.
1841 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1843 * doc/credentials/x509-ca-key.pem, doc/credentials/x509-ca.pem,
1844 doc/credentials/x509-client-key.pem,
1845 doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
1846 doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
1847 doc/credentials/x509-server-dsa.pem,
1848 doc/credentials/x509-server-key-dsa.pem,
1849 doc/credentials/x509-server-key.pem,
1850 doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
1851 doc/credentials/x509/ca.pem, doc/credentials/x509/cert-dsa.pem,
1852 doc/credentials/x509/cert-ecc.pem,
1853 doc/credentials/x509/cert-rsa.pem, doc/credentials/x509/cert.pem,
1854 doc/credentials/x509/clicert-dsa.pem,
1855 doc/credentials/x509/clicert.pem, doc/credentials/x509/key-dsa.pem,
1856 doc/credentials/x509/key-ecc.pem, doc/credentials/x509/key-rsa.pem,
1857 doc/credentials/x509/key.pem, lib/nettle/pk.c, lib/x509/verify.c:
1858 Laxed verification checks for DSA to allow SHA256 in place of
1859 SHA224. Added new certificate sets in doc/credentials/x509/.
1861 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1863 * lib/gnutls_priority.c: ECDHE and ECDSA were added to deafult
1866 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1868 * lib/auth/rsa.c, lib/x509/key_encode.c, lib/x509/privkey_pkcs8.c:
1869 gnutls_secure_malloc() is no longer used.
1871 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1873 * lib/auth/dhe_psk.c, lib/auth/psk.c: deinitialize PSK key memory.
1875 2011-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1877 * lib/auth/psk.c: explicitly request for client key in server side.
1879 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1881 * NEWS, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
1882 lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/dh_common.c,
1883 lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
1884 lib/auth/ecdh_common.c, lib/auth/ecdh_common.h, lib/gnutls_state.c,
1885 lib/includes/gnutls/gnutls.h.in: Added ECDHE-PSK ciphersuites for
1888 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1890 * doc/gnutls-guile.texi: Corrections.
1892 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1894 * doc/.gitignore: ignore tex files.
1896 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1898 * doc/cha-copying.texi: Do not list all licenses in the manual of
1899 gnutls. Just the license of the manual is enough.
1901 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1903 * doc/Makefile.am, doc/cha-ciphersuites.texi,
1904 doc/cha-functions.texi, doc/cha-preface.texi,
1905 doc/gnutls-guile.texi, doc/guile.texi, guile/src/core.c: guile
1906 bindings added as a separate document.
1908 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1910 * doc/gnutls.texi: reorganization. Removed guile bindings.
1912 2011-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1914 * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1915 doc/gnutls.texi: reorganization and added section on parameter
1918 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1920 * lib/Makefile.am, lib/auth/Makefile.am, lib/ext/Makefile.am,
1921 lib/nettle/Makefile.am: Added new headers.
1923 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1925 * NEWS: document elliptic curves addition.
1927 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1929 * m4/hooks.m4: libgcrypt support was removed.
1931 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1933 * NEWS: listed newly added functions.
1935 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1937 * lib/nettle/Makefile.am, lib/nettle/ecc.h,
1938 lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
1939 lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c,
1940 lib/nettle/mp_unsigned_bin.c: Use nettle's functions for integer
1943 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1945 * lib/algorithms/publickey.c, lib/gnutls_sig.c: more updates for
1948 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1950 * lib/ext/ecc.c: reduced debugging.
1952 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1954 * lib/gnutls_pubkey.c, lib/gnutls_sig.c: Changes to allow ECDH-DSA
1955 with client mode certificates.
1957 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1959 * tests/certs/ca-cert-ecc.pem, tests/certs/ca-ecc.pem,
1960 tests/certs/cert-ecc.pem, tests/certs/ecc.pem,
1961 tests/suite/testcompat-main: Added server and client mode tests for
1964 2011-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1966 * lib/ext/session_ticket.c, lib/gnutls_db.c, lib/gnutls_dtls.c,
1967 lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
1968 lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c,
1969 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
1970 lib/nettle/rnd.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
1971 lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
1972 lib/openpgp/gnutls_openpgp.c, lib/system.c, lib/system.h,
1973 lib/x509/common.c, lib/x509/verify.c, tests/chainverify.c: Added
1974 gnutls_global_set_time_function() to allow overriding the default
1975 system time() function.
1977 2011-05-25 Giuseppe Scrivano <gscrivano@gnu.org>
1979 * doc/cha-programs.texi: Fix example in the documentation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1981 2011-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1983 * doc/cha-programs.texi: updated documentation on PSK. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1985 2011-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1987 * lib/nettle/ecc_projective_add_point.c: If Q=-P return the point at
1990 2011-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1992 * tests/chainverify.c: Added elliptic curves chain certificate.
1994 2011-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1996 * lib/gnutls_buffers.c: do not try to write to a socket when no
1999 2011-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2001 * tests/openpgpself.c: increased log level
2003 2011-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2005 * lib/gnutls_buffers.h, lib/gnutls_handshake.c:
2006 _gnutls_handshake_hash_buffer_clear was replaced by
2007 _gnutls_buffer_clear();
2009 2011-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2011 * lib/nettle/pk.c: Only warn on invalid security level hashes.
2013 2011-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015 * src/certtool.c: SHA256 is the default hash algorithm in certtool.
2017 2011-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2019 * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
2020 lib/gnutls_sig.c, lib/x509/verify.c: Several updates to allow
2021 generation and signing of an ECC certificate.
2023 2011-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2025 * doc/manpages/certtool.1: updated certtool info.
2027 2011-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2029 * lib/algorithms/ciphersuites.c: corrected bug in ciphersuite name
2032 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2034 * doc/cha-auth.texi: Discussed the newly added ciphersuites.
2036 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2038 * doc/Makefile.am: Added algorithms/ to function index.
2040 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2042 * lib/algorithms/ciphersuites.c: Added ECC ciphersuites from
2045 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2047 * src/certtool.c: Print the private key after generation. Print ECC
2050 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2052 * lib/algorithms/ecc.c, lib/gnutls_ecc.c,
2053 lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
2054 lib/libgnutls.map, lib/x509/privkey.c: Added
2055 gnutls_x509_privkey_import_ecc_raw() and
2056 gnutls_x509_privkey_export_ecc_raw().
2058 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2060 * lib/x509/privkey.c: Decode PEM ECC private keys.
2062 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2064 * lib/algorithms.h, lib/algorithms/ecc.c, lib/x509/key_encode.c,
2065 lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
2066 src/certtool.c, src/certtool.gaa: updates to allow the generation of
2069 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2071 * lib/x509_b64.c: do not crash on null message.
2073 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2075 * .gitignore: updated
2077 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2079 * lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
2080 lib/auth/cert.c, lib/auth/dhe.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
2081 lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_state.c,
2082 lib/includes/gnutls/gnutls.h.in, lib/nettle/ecc_sign_hash.c,
2083 lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
2084 lib/x509/common.h, lib/x509/verify.c: Added support for verifying
2085 server certificates with ECDSA.
2087 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2089 * lib/ext/ecc.c: Only reply with ECC Packet format extension if we
2090 have negotiated ECC.
2092 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2094 * tests/pathlen/ca-no-pathlen.pem,
2095 tests/pathlen/no-ca-or-pathlen.pem, tests/pkcs12_s2k_pem.c: leak fix
2096 and updates for new formats.
2098 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2100 * tests/suite/testcompat-main: Added ECDHE-RSA tests.
2102 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2104 * lib/algorithms/secparams.c, lib/gnutls_pubkey.c: always put
2105 leading zero to output keys
2107 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2109 * lib/x509/output.c: print the bits together with the security
2112 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2114 * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: leaks fixes.
2116 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2118 * lib/pkcs11.c: corrected file descriptor leak.
2120 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2122 * libextra/gnutls_extra.c: gnutls_algorithms.h -> algorithms.h
2124 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2126 * lib/x509/key_decode.c, lib/x509/key_encode.c: corrected ECC public
2127 key encoding/decoding.
2129 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2131 * src/certtool-common.c, src/certtool.c: Corrected bug in public key
2132 import. print information on ECC public keys.
2134 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2136 * lib/includes/gnutls/crypto.h, lib/nettle/pk.c,
2137 lib/x509/key_encode.c, lib/x509/x509_int.h: No need to keep Z in
2138 parameters since the pubkey can always be converted to an affine
2141 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2143 * lib/algorithms/secparams.c, lib/gnutls_pubkey.c,
2144 lib/includes/gnutls/abstract.h, lib/libgnutls.map,
2145 lib/x509/common.c, lib/x509/key_decode.c, lib/x509/mpi.c,
2146 lib/x509/output.c: print information on ECC certificates.
2148 2011-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2150 * lib/abstract_int.h, lib/algorithms.h, lib/algorithms/ecc.c,
2151 lib/auth/anon.h, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
2152 lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/ecc.c,
2153 lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/gnutls_ecc.c,
2154 lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_int.h,
2155 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
2156 lib/gnutls_pubkey.c, lib/gnutls_rsa_export.c,
2157 lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
2158 lib/gnutls_state.c, lib/gnutls_state.h,
2159 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
2160 lib/libgnutls.map, lib/nettle/ecc_test.c, lib/nettle/pk.c,
2161 lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
2162 lib/openpgp/privkey.c, lib/x509/Makefile.am, lib/x509/common.c,
2163 lib/x509/common.h, lib/x509/crq.c, lib/x509/key_decode.c,
2164 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
2165 lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
2166 lib/x509/x509_int.h, lib/x509/x509_write.c: gnutls_pk_params_st is
2167 used internally to transfer public key parameters. This replaces the
2168 raw bigint_t arrays.
2170 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2172 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
2173 lib/algorithms/ecc.c, lib/auth/ecdh_common.c, lib/ext/ecc.c,
2174 lib/ext/ecc.h: Curve TLS ID is being stored in algorithms/ecc.c.
2176 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2178 * configure.ac, lib/Makefile.am, lib/algorithms.h,
2179 lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
2180 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
2181 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
2182 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
2183 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
2184 lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/ecdh_common.c,
2185 lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/session_ticket.c,
2186 lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_algorithms.c,
2187 lib/gnutls_algorithms.h, lib/gnutls_auth.c, lib/gnutls_cert.c,
2188 lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
2189 lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_ecc.c,
2190 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
2191 lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
2192 lib/gnutls_v2_compat.c, lib/gnutls_x509.c, lib/nettle/ecc_test.c,
2193 lib/nettle/mpi.c, lib/opencdk/read-packet.c, lib/x509/common.h,
2194 lib/x509/privkey_pkcs8.c: gnutls_algorithms.c was split into
2195 manageable files in algorithms/.
2197 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2199 * lib/gnutls_handshake.c: use the _gnutls_session_is_ecc() to check
2202 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2204 * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
2205 lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c, lib/x509/x509.c:
2206 Added OIDs and definitions for ECDSA signature algorithm.
2208 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2210 * src/benchmark-tls.c: Print purpose of testing.
2212 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2214 * src/benchmark-tls.c: compare ECDH and DH on the same security
2217 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2219 * doc/cha-intro-tls.texi, lib/gnutls_algorithms.c,
2220 lib/gnutls_algorithms.h, lib/gnutls_priority.c: Added ability to
2221 specify curves as priority strings.
2223 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2225 * lib/nettle/ecc.h: removed ecc_is_valid_idx() prototype
2227 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2229 * lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
2230 lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
2231 lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
2232 lib/nettle/ecc_projective_dbl_point.c,
2233 lib/nettle/ecc_projective_dbl_point_3.c,
2234 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_test.c,
2235 lib/nettle/ecc_verify_hash.c, lib/nettle/pk.c: Dropped ltc_ from
2236 function and type names.
2238 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2240 * tests/x509cert.c: corrected memory leak.
2242 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2244 * lib/nettle/cipher.c: use new nettle's name for gcm_aes_auth().
2246 2011-05-21 Simon Josefsson <simon@josefsson.org>
2248 * gl/hmac-md5.c, gl/m4/valgrind-tests.m4, gl/memxor.c, gl/memxor.h,
2249 gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
2250 gl/override/lib/memxor.h.diff,
2251 gl/override/m4/valgrind-tests.m4.diff: Override gnulib code with fix
2252 for memxor and valgrind.
2254 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2256 * lib/auth/anon_ecdh.c, lib/auth/dh_common.c, lib/auth/dhe.c,
2257 lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
2258 lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
2259 lib/gnutls_state.h, lib/includes/gnutls/gnutls.h.in: Added support
2260 for ECDHE-RSA ciphersuites.
2262 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2264 * tests/eagain-common.h: inlined function to avoid gcc warnings
2266 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2268 * lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
2269 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
2270 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
2271 lib/nettle/ecc_projective_add_point.c,
2272 lib/nettle/ecc_projective_dbl_point.c,
2273 lib/nettle/ecc_projective_dbl_point_3.c,
2274 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
2275 lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
2276 lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
2277 lib/nettle/ltc_ecc_points.c,
2278 lib/nettle/ltc_ecc_projective_add_point.c,
2279 lib/nettle/ltc_ecc_projective_dbl_point.c: Added previous code that
2280 was fixed for y^2 = x^3 - 3x + b, because all secg curves have a
2281 fixed to -3. Simplified file naming scheme.
2283 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2285 * lib/gnutls_algorithms.c, lib/gnutls_int.h: Added SECP224R1.
2287 2011-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2289 * src/Makefile.am, src/benchmark-cipher.c, src/benchmark-tls.c,
2290 src/benchmark.c, src/benchmark.h: updates to benchmarks.
2292 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2294 * lib/gnutls_algorithms.c, lib/gnutls_int.h, lib/gnutls_priority.c,
2295 lib/nettle/ecc_test.c: Added curve SECP512R1.
2297 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2299 * src/benchmark-cipher.c, src/benchmark-common.c, src/benchmark.c:
2300 benchmark ECDH and DH.
2302 2011-05-20 Simon Josefsson <simon@josefsson.org>
2304 * build-aux/config.rpath, gl/Makefile.am, gl/alignof.h,
2305 gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
2306 gl/hmac-md5.c, gl/intprops.h, gl/m4/gnulib-cache.m4,
2307 gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4,
2308 gl/m4/thread.m4, gl/m4/valgrind-tests.m4, gl/m4/yield.m4,
2309 gl/memxor.c, gl/memxor.h, gl/stdint.in.h, gl/strerror-impl.h,
2310 gl/strerror.c, gl/strerror_r.c, gl/tests/Makefile.am,
2311 gl/tests/dummy.c, gl/tests/glthread/thread.c,
2312 gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
2313 gl/tests/test-intprops.c, gl/tests/test-lock.c,
2314 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c: Update gnulib
2317 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2319 * lib/auth/ecdh_common.c, lib/gnutls_handshake.c, src/common.c:
2320 client side ECC fixes.
2322 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2324 * src/cli.c: corrected debugging.
2326 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2328 * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
2329 lib/gnutls_algorithms.h, lib/gnutls_global.c,
2330 lib/includes/gnutls/crypto.h, lib/nettle/ecc.h,
2331 lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
2332 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
2333 lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
2334 lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
2335 lib/nettle/ltc_ecc_points.c,
2336 lib/nettle/ltc_ecc_projective_add_point.c,
2337 lib/nettle/ltc_ecc_projective_dbl_point.c, lib/nettle/pk.c,
2338 lib/x509/x509_int.h: Account 'A' in calculations for point doubling.
2340 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2342 * gl/Makefile.am, gl/alignof.h, gl/close-hook.c, gl/close-hook.h,
2343 gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
2344 gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
2345 gl/intprops.h, gl/m4/error.m4, gl/m4/fcntl_h.m4, gl/m4/fseeko.m4,
2346 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes.m4,
2347 gl/m4/manywarnings.m4, gl/m4/memchr.m4, gl/m4/netdb_h.m4,
2348 gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/strerror.m4,
2349 gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/sys_uio_h.m4,
2350 gl/m4/thread.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
2351 gl/m4/wchar_h.m4, gl/m4/yield.m4, gl/malloc.c, gl/netdb.in.h,
2352 gl/realloc.c, gl/sockets.c, gl/stdint.in.h, gl/stdio.in.h,
2353 gl/stdlib.in.h, gl/strerror-impl.h, gl/strerror.c, gl/strerror_r.c,
2354 gl/string.in.h, gl/sys_socket.in.h, gl/sys_uio.in.h,
2355 gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/fcntl.in.h,
2356 gl/tests/glthread/thread.c, gl/tests/glthread/thread.h,
2357 gl/tests/glthread/yield.h, gl/tests/intprops.h,
2358 gl/tests/inttypes.in.h, gl/tests/test-fcntl-h.c,
2359 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
2360 gl/tests/test-lock.c, gl/tests/test-strerror.c,
2361 gl/tests/test-strerror_r.c, gl/tests/test-sys_socket.c,
2362 gl/tests/test-sys_uio.c, gl/unistd.in.h, gl/verify.h, gl/wchar.in.h:
2363 Added new gnulib and error.h.
2365 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2367 * lib/gnutls_global.c: removed debugging.
2369 2011-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2371 * cfg.mk: added error.h
2373 2011-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2375 * lib/Makefile.am, lib/auth/Makefile.am, lib/auth/anon.h,
2376 lib/auth/anon_ecdh.c, lib/auth/ecdh_common.c,
2377 lib/auth/ecdh_common.h, lib/ext/Makefile.am, lib/ext/ecc.c,
2378 lib/ext/ecc.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
2379 lib/gnutls_dh.c, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
2380 lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
2381 lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
2382 lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
2383 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
2384 lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
2385 lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
2386 lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_test.c,
2387 lib/nettle/ecc_verify_hash.c, lib/nettle/gnettle.h,
2388 lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
2389 lib/nettle/ltc_ecc_points.c,
2390 lib/nettle/ltc_ecc_projective_add_point.c,
2391 lib/nettle/ltc_ecc_projective_dbl_point.c,
2392 lib/nettle/mp_unsigned_bin.c, lib/nettle/mpi.c, lib/nettle/multi.c,
2393 lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
2394 lib/x509/x509_int.h: Initial ecc support. Adds support for anonymous
2397 2011-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2399 * src/benchmark-common.c, src/benchmark.h: more win32 fixes.
2401 2011-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2403 * src/benchmark-common.c: corrections in win32 version.
2405 2011-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2407 * lib/ext/signature.c, lib/gnutls_extensions.c: Some debugging moved
2410 2011-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2412 * src/Makefile.am, src/benchmark-common.c, src/benchmark-tls.c,
2413 src/benchmark.c, src/benchmark.h, tests/eagain-common.h: Added
2414 benchmark utility that tests the encryption time in TLS packets.
2416 2011-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2418 * src/p11common.c: corrected message reporting.
2420 2011-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2422 * src/p11common.c: Corrected PIN caching.
2424 2011-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2426 * lib/gnutls_record.c: assign value
2428 2011-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2430 * lib/nettle/mpi.c: reduce the repetitions for rabin-miller to a
2433 2011-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2435 * doc/cha-intro-tls.texi: discuss missing algorithms.
2437 2011-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2441 2011-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2443 * lib/gnutls_str.c, lib/gnutls_str.h, lib/pkcs11.c: Correctly import
2444 and export pkcs11-urls with ID field set.
2446 2011-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2448 * lib/nettle/egd.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
2449 lib/opencdk/read-packet.c, lib/pkcs11.c, lib/x509/common.c,
2450 lib/x509_b64.c, lib/x509_b64.h: eliminated last instances of
2451 strcpy() and strcat() to keep pendantics happy.
2453 2011-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2455 * doc/cha-intro-tls.texi: update on compatibility issues text.
2457 2011-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2459 * lib/pkcs11.c: doc update in gnutls_pkcs11_init()
2461 2011-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2463 * doc/cha-preface.texi: removed references that produced nothing in
2466 2011-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2468 * doc/cha-intro-tls.texi: Added missing nodes.
2470 2011-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2472 * doc/cha-intro-tls.texi: Added discussion on compatibility issues.
2474 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2476 * libextra/gnutls_openssl.c: undef X509_NAME before including
2479 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2481 * NEWS, doc/cha-gtls-app.texi, lib/accelerated/intel/aes-x86.c,
2482 lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
2483 lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_errors.c,
2484 lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_global.h,
2485 lib/gnutls_handshake.c, lib/gnutls_record.c,
2486 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
2487 src/serv.c: Added gnutls_global_set_audit_log_function() that allows
2488 associating TLS session with several important issues.
2490 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2492 * NEWS, lib/x509/crq.c: updates
2494 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2496 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
2497 lib/x509/crq.c, lib/x509/x509_write.c, tests/crq_key_id.c: Added
2498 gnutls_x509_crq_verify().
2500 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2502 * doc/manpages/certtool.1, src/Makefile.am, src/certtool-common.c,
2503 src/certtool-common.h, src/certtool.c, src/common.c,
2504 src/p11common.c, src/p11common.h, src/pkcs11.c: certtool can now
2505 load private keys and public keys from PKCS #11 tokens (via URLs).
2507 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2509 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_import_url() will
2510 correctly set algorithm of private key.
2512 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2514 * src/Makefile.am, src/certtool.c, src/p11tool.c: No libgnutls-extra
2515 is required for certtool or p11tool.
2517 2011-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2519 * tests/rng-fork.c: Do not use /tmp for temporary file. Just use the
2520 local (test) directory.
2522 2011-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2524 * tests/hostname-check.c: Added a check to verify that we don't try
2525 forever trying to verify too many wildcards.
2527 2011-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2529 * THANKS, lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
2530 lib/x509/rfc2818_hostname.c: _gnutls_hostname_compare() was
2531 incredibly slow when over ten wildcards were present. Set a limit on
2532 6 wildcards to avoid any denial of service attack. Reported by Kalle
2535 2011-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2537 * lib/gnutls_str.c, lib/opencdk/misc.c: Use c_toupper to avoid
2538 converting characters non in the english ASCII set. Reported by
2539 Kalle Olavi Niemitalo.
2541 2011-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2543 * lib/x509/verify-high.c: use > 0 instead of == 1.
2545 2011-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2547 * .gitignore, NEWS, lib/gnutls_cert.c,
2548 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
2549 lib/libgnutls.map, lib/x509/verify-high.c, tests/Makefile.am,
2550 tests/x509cert.c: Added gnutls_certificate_get_issuer() to allow
2551 getting the issuer a certificate from the certificate credentials
2554 2011-04-30 Andreas Metzler <ametzler@downhill.at.eu.org>
2556 * doc/manpages/p11tool.1: escape dashes in manpage Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2558 2011-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2560 * .gitignore, gl/m4/.gitignore, gl/m4/byteswap.m4,
2561 gl/m4/codeset.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
2562 gl/m4/func.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4,
2563 gl/m4/hmac-md5.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
2564 gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
2565 gl/m4/inttypes-pri.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
2566 gl/m4/ld-version-script.m4, gl/m4/lock.m4, gl/m4/md5.m4,
2567 gl/m4/memmem.m4, gl/m4/memxor.m4, gl/m4/nls.m4, gl/m4/po.m4,
2568 gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/strcase.m4,
2569 gl/m4/strdup.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
2570 gl/m4/threadlib.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4,
2571 gl/m4/valgrind-tests.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4,
2572 gl/m4/vsnprintf.m4, gl/tests/.gitignore, gl/tests/intprops.h,
2573 gl/tests/test-byteswap.c, gl/tests/test-func.c,
2574 gl/tests/test-hmac-md5.c, gl/tests/test-md5.c,
2575 gl/tests/test-strings.c, gl/tests/test-strverscmp.c,
2576 gl/tests/test-u64.c, gl/tests/test-vasprintf.c,
2577 gl/tests/test-vsnprintf.c: Added missing m4 gl files.
2579 2011-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2581 * NEWS: documented previous updates.
2583 2011-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2585 * tests/suite/testcompat-main: Check for openssl 1.0.x to test DTLS.
2587 2011-04-28 Ludovic Courtès <ludo@gnu.org>
2589 * guile/modules/Makefile.am, guile/modules/gnutls/build/tests.scm,
2590 guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
2591 guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
2592 guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
2593 guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
2594 guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm: guile:
2595 Fix tests to match the `exit' behavior introduced in Guile 2.0.1. This fix makes tests behave correctly wrt. to the Guile bug fix at
2597 <http://git.sv.gnu.org/cgit/guile.git/commit/?id=e309f3bf9ee910c4772353ca3ff95f6f4ef466b5>.
2599 2011-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2601 * lib/gnutls.pc.in: removed pakchois dependency
2603 2011-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2605 * NEWS, configure.ac: updated for release
2607 2011-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2609 * tests/x509dn.c: added missing header.
2611 2011-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2613 * lib/accelerated/intel/Makefile.am: pass tag=CC to libtool. It
2614 seems automake cannot really work with assembler sources.
2616 2011-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2618 * lib/gnutls_pcert.c, lib/openpgp/gnutls_openpgp.c: documentation
2621 2011-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2623 * cfg.mk: start counting from 2009 for ChangeLog.
2625 2011-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2627 * tests/hostname-check.c: Removed incorrect test on IPAddresses (was
2628 relying on IPaddresses encoded as text)
2630 2011-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2632 * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() will
2633 never compare against IPaddress. (previous comparison was flawed)
2635 2011-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2637 * doc/examples/ex-cert-select.c, lib/auth/cert.c, lib/auth/cert.h,
2638 lib/gnutls_cert.c, lib/includes/gnutls/abstract.h,
2639 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/certtool.c,
2640 src/cli.c, tests/x509dn.c: Added
2641 gnutls_certificate_set_retrieve_function2() to replace
2642 gnutls_certificate_set_retrieve_function(). The new one is a
2643 efficient for busy servers because it eliminates the need for the
2644 server to encode the certificate to DER format.
2646 2011-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2648 * lib/gnutls_alert.c, lib/gnutls_errors.c,
2649 lib/includes/gnutls/gnutls.h.in: Added GNUTLS_E_USER_ERROR
2651 2011-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2653 * lib/auth/cert.c, lib/ext/signature.c, lib/ext/signature.h,
2654 lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
2655 lib/libgnutls.map: Eliminated the need for sign_algo in
2656 gnutls_pcert_st. This means that we don't follow RFC5246 by letter,
2657 but there wasn't any other implementation using the sign_algorithm
2658 part of the certificate selection, and this helps reduce complexity.
2660 2011-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2662 * src/cfg/Makefile.am, src/cfg/README: Added readme for libcfg.
2664 2011-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2666 * configure.ac: No need to check for -maes and -mpclmul with the
2667 current AES-NI code.
2669 2011-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2671 * .gitignore: updated
2673 2011-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2675 * lib/Makefile.am, lib/abstract_int.h, lib/auth/cert.c,
2676 lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
2677 lib/auth/rsa_export.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
2678 lib/ext/signature.h, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
2679 lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
2680 lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_privkey.c,
2681 lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
2682 lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
2683 lib/gnutls_x509.h, lib/includes/gnutls/abstract.h,
2684 lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
2685 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
2686 lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
2687 lib/pkcs11_int.h, lib/x509/common.h, lib/x509/pkcs12_encr.c,
2688 lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
2689 lib/x509/x509.c, lib/x509/x509_int.h: Combined external abstract API
2690 with internal usage of gnutls_cert. This results to a
2691 gnutls_pcert_st struct exported in abstract.h. This change will allow a certificate retrieval callback that does
2692 not require gnutls to decode or encode the provided certificate.
2694 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2696 * NEWS, lib/gnutls_priority.c: Restored HMAC-MD5 for compatibility.
2697 Although considered weak, several sites require it for connection.
2698 It is enabled for "NORMAL" and "PERFORMANCE" priority strings.
2700 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2702 * lib/accelerated/intel/aes-x86.c: Try to detect AES-NI on Intel and
2705 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2707 * NEWS, configure.ac, lib/accelerated/intel/Makefile.am,
2708 lib/accelerated/intel/README, lib/accelerated/intel/aes-x86.c,
2709 lib/accelerated/intel/asm/appro-aes-x86-64.s,
2710 lib/accelerated/intel/asm/appro-aes-x86.s,
2711 lib/accelerated/intel/asm/x64_iaesx64.s,
2712 lib/accelerated/intel/asm/x86_iaesx86.s,
2713 lib/accelerated/intel/iaes_asm_interface.h,
2714 lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt:
2715 Added Andy Polyakov's version of AES-NI optimizations.
2717 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2719 * .gitignore: more files to ignore
2721 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2723 * src/tests.c: COMP-ZLIB -> COMP-DEFLATE
2725 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2727 * lib/Makefile.am, m4/hooks.m4: Link with pthreads.
2729 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2731 * doc/Makefile.am: read API from new directories as well.
2733 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2735 * lib/accelerated/Makefile.am: corrected filename
2737 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2739 * lib/ext/session_ticket.c: removed conditional compilation
2741 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2743 * lib/ext/session_ticket.h: removed conditional compilation.
2745 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2747 * lib/accelerated/cryptodev.c: use correct header.
2749 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2751 * lib/README: documented directories.
2753 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2755 * lib/Makefile.am, lib/accelerated/Makefile.am,
2756 lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
2757 lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_global.c: Moved
2758 cryptodev to accelerated/
2760 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2762 * lib/gnutls_extensions.c, lib/gnutls_handshake.c: Session tickets
2763 are included unconditionally.
2765 2011-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2767 * configure.ac, lib/Makefile.am, lib/auth/Makefile.am,
2768 lib/auth/anon.c, lib/auth/anon.h, lib/auth/cert.c, lib/auth/cert.h,
2769 lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
2770 lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk.h,
2771 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
2772 lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
2773 lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
2774 lib/auth/srp_sb64.c, lib/auth_anon.c, lib/auth_anon.h,
2775 lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
2776 lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_dhe_psk.c,
2777 lib/auth_psk.c, lib/auth_psk.h, lib/auth_psk_passwd.c,
2778 lib/auth_psk_passwd.h, lib/auth_rsa.c, lib/auth_rsa_export.c,
2779 lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
2780 lib/auth_srp_passwd.h, lib/auth_srp_rsa.c, lib/auth_srp_sb64.c,
2781 lib/ext/Makefile.am, lib/ext/cert_type.c, lib/ext/cert_type.h,
2782 lib/ext/max_record.c, lib/ext/max_record.h,
2783 lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
2784 lib/ext/server_name.c, lib/ext/server_name.h,
2785 lib/ext/session_ticket.c, lib/ext/session_ticket.h,
2786 lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
2787 lib/ext/srp.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
2788 lib/ext_max_record.c, lib/ext_max_record.h,
2789 lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
2790 lib/ext_server_name.c, lib/ext_server_name.h,
2791 lib/ext_session_ticket.c, lib/ext_session_ticket.h,
2792 lib/ext_signature.c, lib/ext_signature.h, lib/ext_srp.c,
2793 lib/ext_srp.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
2794 lib/gnutls_cert.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
2795 lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
2796 lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
2797 lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.h,
2798 m4/hooks.m4: The auth_ and ext_ files were moved to respective
2801 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2803 * doc/cha-intro-tls.texi: Reorganized sections in documentation.
2805 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2807 * doc/examples/ex-cxx.cpp: removed unneeded comment.
2809 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2811 * tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: Added missing
2814 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2816 * tests/suite/Makefile.am, tests/suite/chain, tests/suite/testbig,
2817 tests/suite/testbig-main, tests/suite/testcompat,
2818 tests/suite/testcompat-main, tests/suite/x509paths/.gitignore,
2819 tests/suite/x509paths/README, tests/x509paths/README,
2820 tests/x509paths/chain: x509paths tests moved to suite/.
2822 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2824 * tests/certs/cert-rsa-2432.pem, tests/certs/rsa-2432.pem,
2825 tests/scripts/common.sh, tests/suite/Makefile.am,
2826 tests/suite/testbig, tests/suite/testbig-main: Added
2827 interoperability tests with openssl.
2829 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2831 * lib/gnutls_buffers.c: Corrected SSLv2 header parsing.
2833 2011-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2835 * doc/credentials/x509-server-dsa.pem,
2836 doc/credentials/x509-server-key-dsa.pem: corrected illegal DSA key.
2838 2011-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2840 * tests/suite/Makefile.am, tests/suite/testsrn: Enabled the extra
2841 safe renegotiation tests.
2843 2011-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2845 * m4/hooks.m4: removed opaque PRF from m4.
2847 2011-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2849 * lib/gnutls_buffers.c: removed text about select().
2851 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2853 * configure.ac, lib/Makefile.am: check for libdl that pakchois
2856 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2858 * lib/Makefile.am, lib/pakchois/README: Added readme about pakchois
2859 and removed checks for pakchois in Makefile.am.
2861 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2863 * configure.ac, m4/hooks.m4: Reorganization in configure file.
2864 Pakchois is not longer checked for being present. The included
2865 version is always used.
2867 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2869 * gl/.gitignore, gl/asprintf.c, gl/byteswap.in.h, gl/hmac-md5.c,
2870 gl/hmac.h, gl/md5.c, gl/md5.h, gl/memmem.c, gl/memxor.c,
2871 gl/memxor.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strdup.c,
2872 gl/strings.in.h, gl/strncasecmp.c, gl/strverscmp.c, gl/time_r.c,
2873 gl/u64.h, gl/unistd.h, gl/vasprintf.c, gl/vsnprintf.c,
2874 gl/warn-on-use.h, gl/wchar.h: Added missing gnulib files
2876 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2878 * lib/crypto-api.c: Added missing const.
2880 2011-04-12 Ludovic Courtès <ludo@gnu.org>
2882 * NEWS, src/certtool-common.c, src/certtool.c, src/p11tool.c,
2883 tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
2884 Don't include <gcrypt.h> when it's not needed.
2886 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2888 * doc/cha-internals.texi: fixed and updates in documentation
2890 2011-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2892 * doc/gnutls-crypto-layers.eps: Updated crypto layers documentation.
2894 2011-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2896 * NEWS, lib/accelerated/intel/Makefile.am,
2897 lib/accelerated/intel/aes-x86.c,
2898 lib/accelerated/intel/asm/x64_do_rdtsc.s,
2899 lib/accelerated/intel/asm/x86_do_rdtsc.s, tests/cipher-test.c:
2900 Updates in the AES-NI accelerator.
2902 2011-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2904 * lib/crypto-api.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map:
2905 Added gnutls_cipher_set_iv().
2907 2011-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2909 * tests/Makefile.am, tests/cipher-test.c: Added test vectors for
2912 2011-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2914 * lib/accelerated/intel/aes-x86.c, lib/crypto.c,
2915 lib/includes/gnutls/crypto.h: Increased priority of CPU assisted
2918 2011-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2920 * src/cli.c: Do not rely on lowat being set.
2922 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2924 * lib/accelerated/Makefile.am, lib/accelerated/intel/Makefile.am,
2925 lib/accelerated/intel/README: Added README explaining the usage of
2928 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2930 * lib/gnutls_buffers.c: Corrected parsing error in TLS, when many
2931 handshake messages were packed in a single record message.
2933 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2935 * .gitignore, configure.ac, lib/accelerated/Makefile.am,
2936 lib/accelerated/accelerated.c, lib/accelerated/aes-x86.c,
2937 lib/accelerated/aes-x86.h, lib/accelerated/intel/Makefile.am,
2938 lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
2939 lib/accelerated/intel/asm/x64_do_rdtsc.s,
2940 lib/accelerated/intel/asm/x64_iaesx64.s,
2941 lib/accelerated/intel/asm/x86_do_rdtsc.s,
2942 lib/accelerated/intel/asm/x86_iaesx86.s,
2943 lib/accelerated/intel/iaes_asm_interface.h,
2944 lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt,
2945 m4/gcc.m4: fixes in acceleration detection. Added Intel's library
2946 code for AES-NI acceleration.
2948 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2950 * guile/modules/gnutls/build/enums.scm, lib/libgnutls.map,
2951 libextra/Makefile.am: Purged all references of LZO.
2953 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2955 * configure.ac: removed duplicate test
2957 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2959 * doc/examples/ex-cxx.cpp, gl/time.in.h: No need to under restrict
2960 for C++. Only use config.h.
2962 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2964 * NEWS, lib/includes/gnutls/gnutls.h.in, lib/system_override.c:
2965 gnutls_transport_set_global_errno() is no more.
2967 2011-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2969 * tests/eagain-common.h, tests/safe-renegotiation/Makefile.am,
2970 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
2971 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
2972 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c:
2973 Combined the safe renegotiation tests with the again-common lib.
2975 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2977 * NEWS, configure.ac, doc/cha-intro-tls.texi, doc/cha-preface.texi,
2978 doc/cha-programs.texi, lib/gnutls_compress.c, lib/gnutls_errors.c,
2979 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
2980 lib/libgnutls.map, libextra/gnutls_extra.c, m4/hooks.m4: Support for
2983 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2985 * NEWS, configure.ac: bumped version
2987 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2989 * .gitignore, gl/time.h, gl/time.in.h: updated time.h.in
2991 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2993 * lib/gnutls_algorithms.c, lib/gnutls_dtls.c, lib/gnutls_mem.c,
2994 lib/gnutls_psk.c, lib/gnutls_record.c,
2995 lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c,
2996 lib/pkcs11_privkey.c, lib/x509/verify-high.c, lib/x509/verify.c:
2997 Corrected documentation of several API functions.
2999 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3001 * doc/cha-gtls-app.texi, doc/cha-library.texi: documentation
3004 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3006 * doc/scripts/gdoc, doc/scripts/sort2.pl: remove perl warnings from
3009 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3011 * configure.ac, lib/Makefile.am, lib/accelerated/Makefile.am,
3012 lib/accelerated/accelerated.c, lib/accelerated/accelerated.h,
3013 lib/accelerated/aes-x86.c, lib/accelerated/aes-x86.h,
3014 lib/accelerated/x86.h, lib/gnutls_global.c, m4/gcc.m4: Added support
3015 for x86 intel AES instruction acceleration if detected.
3017 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3019 * gl/time.h, gl/unistd.h, gl/warn-on-use.h, gl/wchar.h: Added gl/
3022 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3024 * cfg.mk: corrected po directory and build-aux paths.
3026 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3028 * doc/examples/Makefile.am: include gnulib files.
3030 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3032 * doc/TODO: updated TODO
3034 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3036 * tests/openpgp-certs/testselfsigs: Use --infile in certtool to
3037 avoid issues with streams in windows. Patch by LRN.
3039 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3041 * lib/opencdk/armor.c: Changes armor.c to be able to handle both LF
3042 and CRLF inputs (output is still either LF-only or CRLF-only
3043 depending on the platform). Patch by LRN. Optimizations in the usage of strlen().
3045 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3047 * src/cli.c, src/psk.c, src/serv.c, src/srptool.c, src/tests.c:
3048 Define variables within the intended scope (not windows). Based on
3051 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3053 * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/pkcs11.c:
3054 Use getpass.h (from gnulib). Patch by LRN.
3056 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3058 * lib/pakchois/dlopen.c: Return correct value for dlclose() in
3059 windows. Patch by LRN.
3061 2011-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3063 * tests/openpgp-auth.c: Disable openpgp-auth run in windows due to
3064 lack of socketpair(). Patch by LRN.
3066 2011-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3068 * Makefile.am: gl before lib or libextra
3070 2011-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3072 * ChangeLog: generated
3074 2011-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3078 2011-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3080 * .gitignore, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
3081 doc/examples/Makefile.am, doc/examples/ex-client-udp.c,
3082 doc/examples/udp.c, lib/gnutls_state.c: Added documentation for
3085 2011-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3089 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3091 * tests/chainverify.c: disable test in windows.
3093 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3095 * tests/mini-x509-rehandshake.c, tests/openpgp-auth.c,
3096 tests/openpgp-auth2.c: corrected leaks in tests.
3098 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3100 * lib/auth_cert.c, lib/gnutls_pk.c: corrected memory leak on RSA
3103 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3105 * lib/x509/common.c: more leaks fixed in common.c
3107 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3109 * lib/gnutls_pubkey.c: Corrected leaks in gnutls_pubkey_t
3112 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3114 * lib/x509/verify-high.c: fix in trusted_list certificate
3117 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3119 * lib/gnutls_privkey.c: correction in deinitialization of privkey.
3121 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3123 * tests/mini-x509-rehandshake.c, tests/mini-x509.c: combined more
3124 tests with eagain-common.h.
3126 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3128 * lib/auth_dh_common.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
3129 lib/nettle/pk.c, lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
3130 lib/pkcs11.c, lib/x509/verify-high.c, tests/mini-x509.c: Corrected
3133 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3135 * build-aux/arg-nonnull.h, build-aux/c++defs.h,
3136 build-aux/config.rpath, build-aux/warn-on-use.h, cfg.mk,
3137 gl/Makefile.am, gl/m4/.gitignore, gl/m4/gnulib-cache.m4,
3138 gl/m4/gnulib-comp.m4: added valgrind from gnulib.
3140 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3142 * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Do not run the
3143 test scripts in win32 environment.
3145 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3147 * cfg.mk: use the system wide gnulib-tool.
3149 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3151 * .gitignore: updated
3153 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3157 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3159 * tests/suite/ecore/src/lib/ecore_exe.c: include priority headers
3162 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3164 * configure.ac, tests/Makefile.am, tests/suite/Makefile.am,
3165 tests/suite/Makefile.in: Better way of not including the tests/suite
3166 directory. Based on discussion with LRN and Vincent Torri.
3168 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3170 * .gitignore, Makefile.am, cfg.mk, configure.ac,
3171 doc/examples/Makefile.am, doc/gendocs_template, gl/.gitignore,
3172 gl/Makefile.am, gl/accept.c, gl/alignof.h, gl/alloca.c,
3173 gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c,
3174 gl/c-ctype.c, gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h,
3175 gl/close.c, gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h,
3176 gl/fclose.c, gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/ftello.c,
3177 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
3178 gl/getpass.c, gl/getpass.h, gl/gettext.h, gl/gettime.c,
3179 gl/gettimeofday.c, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h,
3180 gl/listen.c, gl/lseek.c, gl/m4/.gitignore, gl/m4/00gnulib.m4,
3181 gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/asm-underscore.m4,
3182 gl/m4/autobuild.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
3183 gl/m4/errno_h.m4, gl/m4/error.m4, gl/m4/extensions.m4,
3184 gl/m4/fclose.m4, gl/m4/float_h.m4, gl/m4/fseeko.m4,
3185 gl/m4/ftello.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
3186 gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
3187 gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
3188 gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
3189 gl/m4/hostent.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
3190 gl/m4/inet_pton.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
3191 gl/m4/ioctl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
3192 gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
3193 gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/memchr.m4,
3194 gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/multiarch.m4,
3195 gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/perror.m4,
3196 gl/m4/printf.m4, gl/m4/read-file.m4, gl/m4/readline.m4,
3197 gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
3198 gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4,
3199 gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
3200 gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
3201 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
3202 gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
3203 gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
3204 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
3205 gl/m4/timespec.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
3206 gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/version-etc.m4,
3207 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
3208 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
3209 gl/memchr.c, gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
3210 gl/perror.c, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
3211 gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/read-file.c,
3212 gl/read-file.h, gl/readline.c, gl/readline.h, gl/realloc.c,
3213 gl/recv.c, gl/select.c, gl/send.c, gl/setsockopt.c, gl/shutdown.c,
3214 gl/size_max.h, gl/snprintf.c, gl/socket.c, gl/sockets.c,
3215 gl/sockets.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
3216 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h,
3217 gl/stdlib.in.h, gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
3218 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
3219 gl/tests/.gitignore, gl/tests/Makefile.am, gl/tests/binary-io.h,
3220 gl/tests/dummy.c, gl/tests/fcntl.in.h, gl/tests/getpagesize.c,
3221 gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/macros.h,
3222 gl/tests/signature.h, gl/tests/sys_ioctl.in.h,
3223 gl/tests/test-alignof.c, gl/tests/test-alloca-opt.c,
3224 gl/tests/test-arpa_inet.c, gl/tests/test-binary-io.c,
3225 gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
3226 gl/tests/test-fcntl-h.c, gl/tests/test-fseeko.c,
3227 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
3228 gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
3229 gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
3230 gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c,
3231 gl/tests/test-lseek.c, gl/tests/test-lseek.sh,
3232 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
3233 gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
3234 gl/tests/test-perror.sh, gl/tests/test-read-file.c,
3235 gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
3236 gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c,
3237 gl/tests/test-select.c, gl/tests/test-snprintf.c,
3238 gl/tests/test-sockets.c, gl/tests/test-stdbool.c,
3239 gl/tests/test-stddef.c, gl/tests/test-stdint.c,
3240 gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
3241 gl/tests/test-strerror.c, gl/tests/test-string.c,
3242 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
3243 gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
3244 gl/tests/test-sys_time.c, gl/tests/test-sys_wait.h,
3245 gl/tests/test-time.c, gl/tests/test-unistd.c,
3246 gl/tests/test-update-copyright.sh, gl/tests/test-vasnprintf.c,
3247 gl/tests/test-vc-list-files-cvs.sh,
3248 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
3249 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
3250 gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
3251 gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/vasnprintf.c,
3252 gl/vasnprintf.h, gl/verify.h, gl/version-etc-fsf.c,
3253 gl/version-etc.c, gl/version-etc.h, gl/w32sock.h, gl/wchar.in.h,
3254 gl/xsize.h, guile/src/Makefile.am, lib/Makefile.am,
3255 lib/configure.ac, lib/gcrypt/Makefile.am, lib/gl/Makefile.am,
3256 lib/gl/alignof.h, lib/gl/alloca.in.h, lib/gl/asnprintf.c,
3257 lib/gl/asprintf.c, lib/gl/byteswap.in.h, lib/gl/c-ctype.c,
3258 lib/gl/c-ctype.h, lib/gl/close-hook.c, lib/gl/close-hook.h,
3259 lib/gl/errno.in.h, lib/gl/float+.h, lib/gl/float.in.h,
3260 lib/gl/fseeko.c, lib/gl/ftello.c, lib/gl/gettext.h, lib/gl/lseek.c,
3261 lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
3262 lib/gl/m4/asm-underscore.m4, lib/gl/m4/byteswap.m4,
3263 lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
3264 lib/gl/m4/extensions.m4, lib/gl/m4/fcntl-o.m4,
3265 lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4, lib/gl/m4/ftello.m4,
3266 lib/gl/m4/func.m4, lib/gl/m4/getpagesize.m4, lib/gl/m4/gettext.m4,
3267 lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
3268 lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-common.m4,
3269 lib/gl/m4/gnulib-comp.m4, lib/gl/m4/gnulib-tool.m4,
3270 lib/gl/m4/iconv.m4, lib/gl/m4/include_next.m4,
3271 lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4, lib/gl/m4/intldir.m4,
3272 lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
3273 lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
3274 lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
3275 lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
3276 lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
3277 lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
3278 lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
3279 lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
3280 lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
3281 lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
3282 lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
3283 lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
3284 lib/gl/m4/socketlib.m4, lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4,
3285 lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4,
3286 lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
3287 lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
3288 lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
3289 lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
3290 lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
3291 lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
3292 lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
3293 lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
3294 lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar_h.m4,
3295 lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4, lib/gl/m4/xsize.m4,
3296 lib/gl/malloc.c, lib/gl/memchr.c, lib/gl/memchr.valgrind,
3297 lib/gl/memmem.c, lib/gl/minmax.h, lib/gl/netdb.in.h,
3298 lib/gl/override/lib/gc-libgcrypt.c.diff,
3299 lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
3300 lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
3301 lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
3302 lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
3303 lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
3304 lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
3305 lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
3306 lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
3307 lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
3308 lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
3309 lib/gl/tests/binary-io.h, lib/gl/tests/dummy.c,
3310 lib/gl/tests/getpagesize.c, lib/gl/tests/init.sh,
3311 lib/gl/tests/intprops.h, lib/gl/tests/macros.h,
3312 lib/gl/tests/signature.h, lib/gl/tests/test-alloca-opt.c,
3313 lib/gl/tests/test-binary-io.c, lib/gl/tests/test-binary-io.sh,
3314 lib/gl/tests/test-byteswap.c, lib/gl/tests/test-c-ctype.c,
3315 lib/gl/tests/test-errno.c, lib/gl/tests/test-fseeko.c,
3316 lib/gl/tests/test-fseeko.sh, lib/gl/tests/test-fseeko2.sh,
3317 lib/gl/tests/test-ftello.c, lib/gl/tests/test-ftello.sh,
3318 lib/gl/tests/test-ftello2.sh, lib/gl/tests/test-ftello3.c,
3319 lib/gl/tests/test-func.c, lib/gl/tests/test-memchr.c,
3320 lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
3321 lib/gl/tests/test-snprintf.c, lib/gl/tests/test-sockets.c,
3322 lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
3323 lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
3324 lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
3325 lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
3326 lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
3327 lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-time.c,
3328 lib/gl/tests/test-unistd.c, lib/gl/tests/test-vasnprintf.c,
3329 lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
3330 lib/gl/tests/test-verify.sh, lib/gl/tests/test-vsnprintf.c,
3331 lib/gl/tests/test-wchar.c, lib/gl/tests/zerosize-ptr.h,
3332 lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
3333 lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
3334 lib/gl/verify.h, lib/gl/vsnprintf.c, lib/gl/w32sock.h,
3335 lib/gl/wchar.in.h, lib/gl/xsize.h, lib/gnutls_int.h,
3336 lib/m4/hooks.m4, lib/minitasn1/Makefile.am, lib/nettle/Makefile.am,
3337 lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, lib/po/LINGUAS,
3338 lib/po/Makevars, lib/po/POTFILES.in, lib/po/cs.po.in,
3339 lib/po/de.po.in, lib/po/fr.po.in, lib/po/it.po.in, lib/po/ms.po.in,
3340 lib/po/nl.po.in, lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in,
3341 lib/po/zh_CN.po.in, lib/x509/Makefile.am, libextra/Makefile.am,
3342 libextra/configure.ac, libextra/gl/Makefile.am,
3343 libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
3344 libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
3345 libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
3346 libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
3347 libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
3348 libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
3349 libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
3350 libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
3351 libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
3352 libextra/gl/override/lib/md5.c.diff, libextra/m4/hooks.m4,
3353 m4/hooks.m4, po/LINGUAS, po/Makevars, po/POTFILES.in, po/cs.po.in,
3354 po/de.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
3355 po/pl.po.in, po/sv.po.in, po/vi.po.in, po/zh_CN.po.in,
3356 src/Makefile.am, tests/suite/Makefile.in: Use a single configure.ac.
3357 This speed ups compilation and reduces duplication of code (multiple
3358 gl/ libraries etc.). This saves about 2mb in distributed size
3361 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3363 * src/certtool-cfg.c: Avoid using readline.
3365 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3367 * lib/gnutls_buffers.c: initialized ret in _gnutls_writev_emu().
3369 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3371 * lib/includes/gnutls/x509.h: doc fix
3373 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3375 * lib/system.c: removed unneeded variable.
3377 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3379 * lib/auth_cert.c: Corrected check for an unknown sign algorithm.
3382 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3384 * lib/openpgp/output.c: Do not use %e in strftime. Use %d instead
3385 which is identically available in windows as well. Based on patch
3388 2011-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3390 * lib/x509/output.c, tests/certuniqueid.c: Fixed mismatch in size_t
3393 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3395 * lib/system.c, lib/system_override.c: Correctly set errno in win32
3396 using gnutls_transport_set_global_errno(). Based on patch by LRN.
3398 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3400 * tests/eagain-common.h, tests/mini-eagain-dtls.c,
3401 tests/mini-eagain.c, tests/mini.c: Avoid using
3402 gnutls_transport_set_global_errno() and use
3403 gnutls_transport_set_errno() instead.
3405 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3407 * lib/system_override.c: win32 fixes for set_global_errno().
3410 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3412 * src/benchmark.c: Win32 changes for benchmark. Patch by LRN.
3414 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3416 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
3417 tests/pskself.c, tests/resume.c, tests/rng-fork.c, tests/x509dn.c,
3418 tests/x509self.c: win32 fixes. Patch by LRN.
3420 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3422 * lib/gnutls_buffers.c: minor modification in write_emu().
3424 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3426 * lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c:
3427 simplified cdk_trim_string() to make it safer to use.
3429 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3431 * lib/x509/privkey_pkcs8.c: correctly reset params.
3433 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3435 * lib/x509/crl.c, lib/x509/x509.c: use correct pointer size.
3437 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3439 * lib/gnutls_algorithms.c: correctly compare sign algorithm_st.
3441 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3443 * lib/opencdk/Makefile.am, lib/opencdk/context.h,
3444 lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
3445 lib/opencdk/verify.c: removed unused code
3447 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3449 * lib/opencdk/armor.c: null terminate the armored string
3451 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3453 * src/cli.c: properly null terminate string.
3455 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3457 * src/common.c, src/pkcs11.c: check PIN size.
3459 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3461 * src/srptool.c: check salt size.
3463 2011-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3465 * lib/opencdk/read-packet.c: more clear bounds checking
3467 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3469 * lib/x509/privkey.c: initialize e and d.
3471 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3473 * lib/pkcs11_write.c: deinitialize pks variable only when needed.
3475 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3477 * lib/openpgp/pgpverify.c: Initialize verify.
3479 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3481 * src/cli.c: initialize session_id_size.
3483 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3485 * lib/opencdk/misc.c, lib/opencdk/opencdk.h: removed unneeded
3488 2011-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3490 * lib/pakchois/pakchois.c: correctly traverse slots
3492 2011-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3494 * guile/src/core.c: avoid using a freed pointer.
3496 2011-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3498 * lib/pkcs11.c: Initialize tinfo using the initially available
3501 2011-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3503 * lib/gnutls_dtls.c: corrected debugging info.
3505 2011-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3507 * tests/eagain-common.h, tests/mini-eagain-dtls.c,
3508 tests/mini-eagain.c, tests/mini.c: The mini-* programs were
3511 2011-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3513 * lib/gnutls_record.c: Do not cleanup bufel after it has been
3514 inserted into buffer.
3516 2011-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3518 * lib/gnutls_mbuffers.c: Combined dequeue with remove_front() and
3521 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3523 * doc/examples/Makefile.am: Compile ex-cert-select-pkcs11 as a
3526 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3528 * .gitignore, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
3529 lib/gnutls_int.h, lib/gnutls_state.c,
3530 lib/includes/gnutls/gnutls.h.in, lib/system.h, tests/Makefile.am,
3531 tests/eagain-common.h, tests/mini-eagain-dtls.c,
3532 tests/mini-eagain.c, tests/utils.c: Added support for non-blocking
3533 DTLS. Added mini-eagain-dtls to test its operation. Improved
3536 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3538 * lib/nettle/init.c: gcrypt.h is not really needed. Reported by
3541 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3543 * src/srptool.c: corrected header inclusion.
3545 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3547 * src/Makefile.am, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c,
3548 src/crypt.gaa, src/srptool-gaa.c, src/srptool-gaa.h, src/srptool.c,
3549 src/srptool.gaa: crypt.* renamed to srptool.*.
3551 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3553 * lib/gnutls_srp.c: Corrected bug in gnutls_srp_verifier() that
3554 prevented the allocation of a verifier. Reported by Andrew Wiseman.
3556 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3558 * src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c, src/crypt.gaa:
3559 Added debug option to srptool.
3561 2011-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3563 * doc/cha-cert-auth.texi: Documented p11-kit.
3565 2011-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3567 * doc/cha-library.texi: corrected typo
3569 2011-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3571 * tests/scripts/common.sh: Added copyright.
3573 2011-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3575 * configure.ac, tests/Makefile.am, tests/dsa/testdsa,
3576 tests/openpgp-certs/testcerts, tests/scripts/Makefile.am,
3577 tests/scripts/common.sh: Reorganized scripts that use test servers,
3578 based on patch by Cedric Arbogast.
3580 2011-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3582 * src/certtool-gaa.c, src/certtool.gaa: Create certificate request
3583 with stricter permissions. Reported by Luca Capello.
3585 2011-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3587 * tests/openpgp-certs/Makefile.am: enabled testcerts.
3589 2011-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3591 * tests/openpgp-certs/testcerts: made more silent.
3593 2011-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3595 * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Made scripts
3596 bourne shell compliant and not bash.
3598 2011-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3600 * THANKS: e-mail addresses are not directly recognizable.
3602 2011-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3604 * lib/opencdk/stream.c: Corrected access to freed memory location.
3605 Reported by Vitaly Kruglikov.
3607 2011-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3609 * THANKS: added Mark and Vitaly to THANKS.
3611 2011-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3613 * lib/system.c: Corrected windows system_errno() function. Reported
3614 and patch by Mark Brand.
3616 2011-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3618 * lib/includes/gnutls/compat.h: C++ compatibility fix for compat.h.
3619 Suggested by Mark Brand.
3621 2011-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3623 * lib/opencdk/verify.c: Corrected uninitialized var deinitiation.
3624 Reported by Vitaly Kruglikov.
3626 2011-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3628 * lib/gnutls_sig.c: eliminate compiler warning. Reported by Andreas
3631 2011-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3633 * lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
3634 lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fix size of
3635 gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE
3636 definition. Reported by Andreas Metzler.
3638 2011-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3640 * NEWS: included news of 2.12.0
3642 2011-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3644 * guile/tests/Makefile.am: added missing files.
3646 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3648 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
3649 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
3650 lib/pkcs11.c, lib/x509/crl.c: documentation fixes.
3652 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3654 * tests/dsa/testdsa: Added DSA tests for client certificates as
3657 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3659 * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_handshake.c,
3660 lib/gnutls_sig.c, lib/includes/gnutls/abstract.h, lib/x509/verify.c:
3661 Simplified signature algorithm selection.
3663 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3665 * src/cli.c: The processed messages go to stdout.
3667 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3669 * lib/gnutls_privkey.c: updated documentation
3671 2011-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3673 * lib/gnutls_algorithms.c, lib/gnutls_int.h,
3674 lib/includes/gnutls/gnutls.h.in: Increased GNUTLS_MAX_ALGORITHM_NUM
3675 to 32. The gnutls_*_list() functions generate the list of algorithm
3676 on the spot and no longer require a static duplicate list of
3677 algorithms. This comes at a cost of not being thread safe (which is
3678 not significant since those functions are only used for special
3681 2011-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3683 * lib/gnutls_privkey.c: corrected parameter.
3685 2011-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3687 * lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
3688 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/x509/privkey.c:
3689 Documentation fixes and cleanups.
3691 2011-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3693 * src/cli.c: define variable locally
3695 2011-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3697 * src/cli.c, src/serv.c: use IP_DONTFRAG if it is defined.
3699 2011-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3701 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
3702 lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
3703 lib/gnutls_int.h, lib/gnutls_record.c,
3704 lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
3705 src/cli.c, src/common.h, src/serv.c, src/udp-serv.c: Avoided waiting
3706 for peer's retransmission to ensure receipt of finished messages,
3707 and used a 'timer'-like to retransmit packets.
3709 2011-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3711 * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map:
3712 added gnutls_dtls_get_data_mtu().
3714 2011-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3716 * tests/dsa/testdsa: make gnutls-cli more quiet.
3718 2011-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3720 * configure.ac, tests/Makefile.am, tests/dsa/Makefile.am,
3721 tests/dsa/cert.dsa.1024.pem, tests/dsa/cert.dsa.2048.pem,
3722 tests/dsa/cert.dsa.3072.pem, tests/dsa/dsa.1024.pem,
3723 tests/dsa/dsa.2048.pem, tests/dsa/dsa.3072.pem, tests/dsa/testdsa,
3724 tests/suite/Makefile.in: Added test to verify connections with DSA
3725 keys of various sizes.
3727 2011-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3729 * src/certtool.c: warn on generation of DSA keys of over 1024 bits.
3731 2011-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3733 * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_sig.c,
3734 lib/includes/gnutls/gnutls.h.in: Return a special error code if DSA
3735 keys with over 1024 are being used with TLS 1.x, x<2.
3737 2011-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3739 * lib/nettle/pk.c: truncate hash size when asking to sign or verify
3740 DSA with a longer hash.
3742 2011-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3744 * lib/gnutls_buffers.c, lib/system.c: Check for rejected connections
3745 in system_recv_timeout().
3747 2011-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3749 * lib/system_override.c: quickly discuss callback format.
3751 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3753 * lib/gnutls_dtls.c: When sending multiple cookies due to
3754 verification errors do not increase the handshake sequence number
3755 only the record sequence.
3757 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3759 * AUTHORS: updated Jonathan
3761 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3763 * tests/openpgp-auth.c: Added check for RSA ciphersuite in openpgp
3766 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3768 * lib/openpgp/privkey.c: read correct algorithm when decrypting data
3769 and use correct number of private parameters.
3771 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3773 * libextra/gnutls_extra.c: added missing ret.
3775 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3777 * lib/auth_cert.c: Set type when sending empty openpgp key.
3779 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3781 * lib/nettle/rnd.c, tests/Makefile.am, tests/rng-fork.c: Corrected
3782 nettle's RNG behavior on fork and added a test case.
3784 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3786 * guile/tests/openpgp-auth.scm: enabled RSA and removed debugging.
3788 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3790 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
3791 lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
3792 tests/openpgp-auth.c, tests/openpgp-auth2.c: gnutls_pubkey_t and
3793 gnutls_privkey_t can import either an openpgp subkey or a master
3796 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3798 * guile/tests/openpgp-auth.scm, guile/tests/openpgp-elg-pub.asc,
3799 guile/tests/openpgp-elg-sec.asc, guile/tests/openpgp-keys.scm,
3800 guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc: split the
3801 pgp keys to elgamal and dsa.
3803 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3805 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
3806 lib/openpgp/pgp.c, lib/openpgp/privkey.c: introduced
3807 GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
3809 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3811 * lib/gnutls_algorithms.c: On unknown public key algorithms return
3814 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3816 * lib/gnutls_privkey.c: Read the public key algorithm from the
3817 selected subkey and not the master key when importing to a
3820 2011-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3822 * lib/openpgp/gnutls_openpgp.c, tests/openpgpself.c: Documentation
3823 fixed. Added fresh keys to test.
3825 2011-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3827 * tests/openpgpself.c: Test openpgp authentication with DSA-2048 bit
3830 2011-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3832 * lib/openpgp/pgp.c: gnutls_openpgp_crt_get_auth_subkey() will no
3833 longer return an unsupported subkey.
3835 2011-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3837 * lib/x509/verify.c: Corrected verification of DSA-2048 keys.
3838 Reported by teddy@fukt.bsnet.se.
3840 2011-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3842 * doc/cha-intro-tls.texi: Added
3843 gnutls_transport_set_vec_push_function().
3845 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3847 * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map,
3848 src/udp-serv.c: updated cookie negotiation to use only a prestate
3849 structure and avoids setting data to cookie.
3851 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3853 * lib/gnutls_handshake.c: Use DTLS 1.0 instead of SSL 3.0 headers on
3854 client hello in DTLS.
3856 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3858 * lib/gnutls_dtls.c, lib/gnutls_errors.c,
3859 lib/includes/gnutls/dtls.h, lib/libgnutls.map, src/udp-serv.c: Added
3860 photuris-like resource protection on the server. Added
3861 gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
3862 gnutls_dtls_cookie_set() to avoid initializing a session before
3865 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3867 * lib/crypto-api.c, lib/ext_session_ticket.c,
3868 lib/includes/gnutls/gnutls.h.in: added gnutls_key_generate() to API.
3870 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3872 * lib/ext_session_ticket.c: Avoid the usage of structures where the
3873 attribute packed is assumed.
3875 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3877 * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
3878 lib/gnutls_handshake.c: renamed gnutls_handshake_buffer_* functions
3879 to gnutls_handshake_hash_buffer_* to separate from new API functions
3880 and corrected its usage.
3882 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3884 * lib/gnutls_algorithms.c: Added DSA-SHA256, DSA-SHA224 and
3885 RSA-SHA224 to the supported signature algorithms list. Suggested by
3888 2011-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3890 * lib/gnutls_constate.c, lib/gnutls_constate.h,
3891 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c:
3892 session->internals.compression_method was removed. It was no longer
3893 required since the new compression algorithm was stored to next
3896 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3898 * lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
3899 lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.h:
3900 _gnutls_is_dtls() is no more. IS_DTLS() is being used instead.
3902 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3904 * lib/ext_session_ticket.c: do not print debugging output on
3907 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3909 * lib/ext_session_ticket.c, lib/gnutls_cipher.c,
3910 lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
3911 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_record.c:
3912 Properly reset the SSL 3.0 MAC algorithm.
3914 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3916 * lib/gnutls_buffers.c, lib/gnutls_errors.h,
3917 lib/gnutls_handshake.c, lib/x509/verify-high.c: cleanups. Introduced
3918 gnutls_assert_val_fatal() that only prints debugging messages on
3921 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3923 * lib/gnutls_alert.c: Added string for GNUTLS_A_SSL3_NO_CERTIFICATE.
3925 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3927 * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h:
3928 gnutls_version_has_variable_padding is not really needed. A check
3929 for SSL3.0 is more clear.
3931 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3933 * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
3934 lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c:
3935 Corrected SSL2 client hello handling.
3937 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3939 * lib/gnutls_record.c: do not set default record version (i.e. SSL
3940 3.0) during a re-handshake.
3942 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3944 * lib/gnutls_priority.c: default behavior is to send SSL3.0 client
3947 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3949 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
3950 corrected ssl3 record version sending in client hello.
3952 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3954 * NEWS, doc/cha-intro-tls.texi, lib/gnutls_buffers.c,
3955 lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
3956 lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
3957 lib/libgnutls.map: gnutls_transport_set_lowat() is no more.
3959 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3961 * lib/gnutls_buffers.c, lib/gnutls_record.c: some cleanups
3963 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3965 * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
3966 gnutls_x509_trust_list_verify_crt shortens the provided certificate
3967 list based on the existing trusted CAs.
3969 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3971 * lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutlsxx.cpp,
3972 lib/includes/gnutls/compat.h, lib/includes/gnutls/dtls.h,
3973 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
3974 lib/libgnutls.map, libextra/includes/gnutls/openssl.h, src/cli.c,
3975 src/serv.c: gnutls_init_dtls() was made redundant. The same for
3976 gnutls_end_connection_t which was replaced by a flags integer..
3978 2011-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3980 * lib/auth_psk.c, lib/auth_psk.h, lib/ext_session_ticket.c,
3981 lib/ext_srp.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
3982 lib/pkcs11_int.h, lib/system.c, lib/system.h, lib/x509/mpi.c,
3983 lib/x509/verify.c, src/certtool-common.h, src/certtool.c,
3984 src/common.c, src/pkcs11.c, src/udp-serv.c: Corrected types.
3986 2011-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3988 * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
3989 src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
3990 src/udp-serv.c, src/udp-serv.h: Added --mtu option.
3992 2011-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3994 * lib/gnutls_buffers.c: properly re-generate headers of fragmented
3997 2011-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3999 * lib/gnutls_state.c: increased initial retransmission time to 1
4002 2011-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4004 * lib/gnutls_handshake.c: In DTLS do not hash messages that
4005 shouldn't be hashed (i.e. hello verify request).
4007 2011-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4009 * lib/gnutls_cipher.c: Corrected size check in block encrypted
4012 2011-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4014 * lib/gnutls_buffers.c, lib/gnutls_handshake.c: Corrected behavior
4015 in normal TLS handshake.
4017 2011-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4019 * libextra/Makefile.am: link libgnutls-extra against libgcrypt if
4020 required. Based on patch by Andreas Metzler
4021 <ametzler@downhill.at.eu.org>
4023 2011-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4025 * NEWS, lib/m4/hooks.m4, libextra/Makefile.am: increased the so
4026 version of libgnutls-openssl.
4028 2011-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4030 * lib/ext_session_ticket.c, lib/gnutls_buffers.c,
4031 lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
4032 lib/gnutls_errors.c, lib/gnutls_handshake.c,
4033 lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
4034 lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c,
4035 lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_v2_compat.c,
4036 lib/includes/gnutls/gnutls.h.in: Added intermediate handshake layer
4037 that will order handshake packets and drop duplicates.
4039 2011-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4041 * lib/gnutls_record.c: handle non fatal errors when receiving record
4044 2011-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4046 * lib/gnutls_cipher.c: memcpy -> memmove.
4048 2011-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4050 * lib/gnutls_buffers.c, lib/gnutls_int.h: removed GMAX
4052 2011-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4054 * src/certtool.c: Allow providing no password for PKCS #12 structure
4055 generation. Reported by Daniel Kahn Gillmor.
4057 2011-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4059 * src/certtool-cfg.c: consistently print all interactive questions
4060 to stderr. Reported by Daniel Kahn Gillmor.
4062 2011-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4064 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
4065 lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
4066 lib/gnutls_record.c, lib/gnutls_state.c: combined all the record
4069 2011-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4071 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
4072 lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
4073 lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c:
4074 internal buffering for record and handshake data changed from
4075 gnutls_buffers to gnutls_mbuffers.
4077 2011-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4079 * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
4080 lib/gnutls_record.c, lib/gnutls_state.c,
4081 lib/includes/gnutls/gnutls.h.in: Removed last pieces of inner
4084 2011-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4086 * lib/gnutls_record.c: some cleanups
4088 2011-03-01 Ludovic Courtès <ludo@gnu.org>
4090 * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
4091 guile/tests/x509-auth.scm: guile: Change tests to use priority
4094 2011-03-01 Ludovic Courtès <ludo@gnu.org>
4096 * src/Makefile.am: Add `udp-serv.h' to the distribution.
4098 2011-02-28 Andreas Metzler <ametzler@downhill.at.eu.org>
4100 * lib/libgnutls.map: fix duplicate symbols in version script These three symbols are listed both in the GNUTLS_2_8 and the
4101 GNUTLS_2_10 section. binutils uses the first occurence, drop the
4102 second one. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4104 2011-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4106 * doc/cha-intro-tls.texi: updates on -ALL priorities.
4108 2011-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4110 * lib/ext_signature.c: Restrict the signature algorithms we
4111 advertize to SHA1 and SHA256.
4113 2011-02-28 Ludovic Courtès <ludo@gnu.org>
4115 * lib/includes/Makefile.am: Add `gnutls/dtls.h' to the distribution.
4117 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4119 * guile/modules/system/documentation/c-snarf.scm: guile: Fix
4120 docstring extraction with CPP 4.5+.
4122 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4124 * doc/Makefile.am: Pass the right CPPFLAGS when building Guile doc.
4126 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4128 * doc/cha-intro-tls.texi, guile/src/core.c: Add nodes for the
4129 subsections of "The TLS Handshake Protocol".
4131 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4133 * lib/Makefile.am: Add `lib/gnutls_dtls.h' to the distribution.
4135 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4137 * guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
4138 guile/modules/gnutls/build/priorities.scm, guile/src/core.c,
4139 guile/src/errors.c, guile/src/errors.h, guile/tests/Makefile.am,
4140 guile/tests/priorities.scm: guile: Wrap
4141 `gnutls_priority_set_direct'; deprecate the old method.
4143 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4145 * doc/scripts/gdoc, doc/scripts/sort2.pl: Avoid hard-coded
4146 /usr/bin/perl (trick taken from Gnulib.)
4148 2011-02-27 Ludovic Courtès <ludo@gnu.org>
4150 * libextra/gnutls_extra.c: Fix LZO-enabled builds.
4152 2011-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4154 * lib/nettle/rnd.c: Detect fork() in the random number generator and
4157 2011-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4159 * lib/gnutls_dtls.c, lib/gnutls_state.c: use timeouts closer to DTLS
4162 2011-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4164 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
4165 lib/libgnutls.map, lib/system_override.c: Renamed
4166 gnutls_transport_set_push_function2() to
4167 gnutls_transport_set_vec_push_function().
4169 2011-02-20 Simon Josefsson <simon@josefsson.org>
4171 * NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/compat.h,
4172 lib/libgnutls.map, lib/x509/crq.c: Remove
4173 gnutls_x509_crq_get_preferred_hash_algorithm.
4175 2011-02-20 Simon Josefsson <simon@josefsson.org>
4177 * lib/libgnutls.map: Remove dropped functions.
4179 2011-02-20 Simon Josefsson <simon@josefsson.org>
4181 * lib/x509/crl_write.c: Add deprecated docstring.
4183 2011-02-20 Simon Josefsson <simon@josefsson.org>
4185 * lib/x509/crq.c: Fix deprecated docstring.
4187 2011-02-20 Simon Josefsson <simon@josefsson.org>
4189 * lib/x509/privkey.c: Fix docstring.
4191 2011-02-20 Simon Josefsson <simon@josefsson.org>
4193 * lib/gnutls_pubkey.c: Fix docstring of new function.
4195 2011-02-20 Simon Josefsson <simon@josefsson.org>
4197 * lib/gnutls_cert.c: Fix docstring for deprecated functions.
4199 2011-02-20 Simon Josefsson <simon@josefsson.org>
4201 * lib/gnutls_sig.c: Make it build.
4203 2011-02-20 Simon Josefsson <simon@josefsson.org>
4205 * lib/openpgp/privkey.c: Fix docstring of deprecated function.
4207 2011-02-20 Simon Josefsson <simon@josefsson.org>
4209 * lib/gnutls_pubkey.c: Fix docstrinf of new function.
4211 2011-02-20 Simon Josefsson <simon@josefsson.org>
4213 * doc/reference/gnutls-docs.sgml: Fix typo.
4215 2011-02-20 Simon Josefsson <simon@josefsson.org>
4217 * doc/reference/gnutls-docs.sgml: Improve text.
4219 2011-02-20 Simon Josefsson <simon@josefsson.org>
4221 * lib/x509/crl.c: Doc fix of new function.
4223 2011-02-20 Simon Josefsson <simon@josefsson.org>
4225 * lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/x509/privkey.c: Fix
4226 docstring of deprecated functions.
4228 2011-02-20 Simon Josefsson <simon@josefsson.org>
4230 * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
4231 lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/crq.c,
4232 lib/x509/sign.c, tests/x509sign-verify.c: Rename
4233 gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and
4234 gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash. These were added during the 2.11 cycle where we don't promise ABI
4237 2011-02-20 Simon Josefsson <simon@josefsson.org>
4239 * doc/gnutls-crypto-layers.eps: Add doc/gnutls-crypto-layers.eps.
4241 2011-02-20 Simon Josefsson <simon@josefsson.org>
4243 * doc/Makefile.am: Dist gnutls-crypto-layers.*.
4245 2011-02-20 Simon Josefsson <simon@josefsson.org>
4247 * lib/Makefile.am: Add abstract_int.h.
4249 2011-02-20 Simon Josefsson <simon@josefsson.org>
4251 * .gitignore: Ignore more.
4253 2011-02-20 Simon Josefsson <simon@josefsson.org>
4255 * lib/Makefile.am: Link with -lnettle too.
4257 2011-02-20 Simon Josefsson <simon@josefsson.org>
4259 * doc/Makefile.am, doc/cha-programs.texi, lib/gnutls_privkey.c,
4260 lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
4261 lib/openpgp/pgp.c: Fix syntax-check warnings.
4263 2011-02-22 Ludovic Courtès <ludo@gnu.org>
4265 * guile/modules/gnutls/build/enums.scm: guile: Remove
4266 GNUTLS_A_INNER_APPLICATION_FAILURE and
4267 GNUTLS_A_INNER_APPLICATION_VERIFICATION.
4269 2011-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4271 * lib/gnutls_session_pack.c: store entities as numbers to avoid
4272 issues in big-little endian machines.
4274 2011-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4276 * lib/gnutls_record.c: documented the DTLS sequence particularities.
4278 2011-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4280 * lib/gnutls_buffers.c, lib/gnutls_handshake.c,
4281 lib/gnutls_record.c, lib/gnutls_record.h,
4282 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/udp-serv.c:
4283 Added gnutls_record_recv_seq() that can return the sequence number
4284 of the record packet, in addition to data.
4286 2011-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4288 * lib/gnutls_record.c: reorganized and simplified gnutls_recv_int().
4289 It will discard invalid DTLS packets.
4291 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4293 * lib/gnutls_constate.h, lib/gnutls_record.c: Discard messages that
4294 contain a different epoch than the current one.
4296 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4298 * lib/gnutls_record.c: renamed internal function to reflect
4301 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4303 * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
4304 lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c:
4305 Implemented a sliding window-like thing to discard replayed packets.
4307 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4309 * src/cli.c: gnutls-cli shouldn't print errors on EAGAIN and
4312 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4314 * lib/gnutls_num.c: corrected uint48pp.
4316 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4318 * lib/gnutls_constate.c, lib/gnutls_mbuffers.c, lib/gnutls_state.c:
4319 Epoch garbage collector is being run when handshake is being cleaned
4322 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4324 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
4325 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
4326 lib/gnutls_state.c: skip replays in handshake packets.
4328 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4330 * lib/gnutls_record.c: Forbid SSL v.2 client hello in DTLS.
4332 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4334 * lib/gnutls_buffers.c, lib/gnutls_int.h: removed unneeded
4337 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4339 * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c,
4340 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mbuffers.c:
4341 Cleanups in combination of DTLS and TLS buffers.
4343 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4345 * lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
4346 lib/auth_srp.c, lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
4347 lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_sig.c,
4348 lib/opencdk/main.h, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
4349 lib/openpgp/privkey.c, lib/x509/common.c, lib/x509/dn.c,
4350 lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c,
4351 lib/x509/verify.c, lib/x509/x509_write.c, lib/x509_b64.c:
4352 gnutls_x509_log replaced with gnutls_audit_log.
4354 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4356 * lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
4357 lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Return a
4358 more precise mtu unit to applications.
4360 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4362 * src/udp-serv.c: restart handshake on signals.
4364 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4366 * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c:
4367 reference counting in epochs is being done using functions.
4369 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4371 * lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_dtls.c,
4372 lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
4373 lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
4374 gnutls_dtls_g/set_mtu() to allow setting and getting the DTLS mtu
4377 2011-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4379 * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
4380 lib/gnutls_int.h, lib/gnutls_state.c: Combined DTLS buffers and
4383 2011-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4385 * lib/Makefile.am, lib/ext_session_ticket.c, lib/gnutls_buffers.c,
4386 lib/gnutls_buffers.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
4387 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
4388 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
4389 lib/system.h, lib/system_override.c, src/Makefile.am,
4390 src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
4391 src/udp-serv.c, src/udp-serv.h: Changes to allow DTLS server side to
4392 operate. Added a simple UDP server on gnutls-serv. Server other
4395 2011-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4397 * lib/gnutls_dtls.c, lib/gnutls_errors.c, lib/gnutls_int.h,
4398 lib/gnutls_state.c, lib/includes/gnutls/dtls.h,
4399 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Allow
4400 setting the DTLS timeouts explicitly.
4402 2011-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4404 * doc/TODO: updated.
4406 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4408 * lib/auth_cert.c, lib/debug.c, lib/gnutls_algorithms.c,
4409 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
4410 lib/gnutls_cipher.h, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
4411 lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
4412 lib/gnutls_mbuffers.h, lib/gnutls_num.c, lib/gnutls_num.h,
4413 lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
4414 lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
4415 src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Several
4416 updates for DTLS (client side only) to work.
4418 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4420 * lib/opencdk/main.h: Increased level of opencdk debug messages.
4422 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4424 * lib/gnutls_sig.c: DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1
4425 as hash. That is we reverted to previous gnutls behavior. That
4426 violates DSS but all implementations handle it like that.
4428 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4430 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
4431 lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_int.h: use
4432 similar API when caching messages in DTLS or TLS.
4434 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4436 * lib/gnutls_algorithms.c: corrected is_version_supported().
4438 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4440 * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c:
4441 Simplified _gnutls_recv_handshake().
4443 2011-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4445 * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
4446 lib/gnutls_dtls.c, lib/gnutls_handshake.c: ciphersuites have a bit
4447 that indicates whether they are usable with DTLS or not.
4449 2011-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4451 * lib/auth_dhe.c, lib/gnutls_algorithms.c, lib/gnutls_cipher.c: fix
4454 2010-10-02 Jonathan Bastien-Filiatrault <joe@x2a.org>
4456 * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_num.c,
4457 lib/gnutls_num.h: dtls: Add uint48 handling functions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4459 2010-10-02 Jonathan Bastien-Filiatrault <joe@x2a.org>
4461 * lib/gnutls_record.c: dtls: Bring epoch choice on receive closer to
4462 the first usage. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4464 2010-09-24 Jonathan Bastien-Filiatrault <joe@x2a.org>
4466 * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Add DTLS
4467 support to command-line client. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4469 2010-09-17 Jonathan Bastien-Filiatrault <joe@x2a.org>
4471 * lib/gnutls_constate.c: dtls: Write epoch to sequence number. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4473 2010-09-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
4475 * lib/gnutls_handshake.c: dtls: Send consistent a client_random. This is necessary when challenged by HelloVerifiyRequest as we MUST
4476 send the same client parameters. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4478 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4480 * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Limit the number
4481 of HelloVerifyRequest round trips. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4483 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4485 * lib/gnutls_dtls.c, lib/gnutls_handshake.c: dtls: TEMP: Sprinkle
4486 transmits. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4488 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4490 * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Do
4491 HANDSHAKE_HELLO_VERIFY_REQUEST processing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4493 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4495 * lib/gnutls_handshake.c: dtls: Add
4496 _gnutls_recv_hello_verify_request. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4498 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4500 * lib/gnutls_record.c: Decrypt using the proper sequence number. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4502 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4504 * lib/gnutls_cipher.c, lib/gnutls_cipher.h: dtls: Use proper record
4505 sequence for DTLS decrypt. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4507 2011-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4509 * lib/gnutls_handshake.c: corrected extdatalen
4511 2010-09-05 Jonathan Bastien-Filiatrault <joe@x2a.org>
4513 * lib/gnutls_buffers.c: dtls: Read whole datagrams. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4515 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4517 * lib/gnutls_handshake.c: dtls: Queue outgoing handshake messages in
4518 the retransmission layer. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4520 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4522 * lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add outgoing flight buffer
4523 handling code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4525 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4527 * lib/gnutls_errors.h: Define _gnutls_dtls_log for DTLS. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4529 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4531 * lib/gnutls_int.h, lib/gnutls_state.c: Add structures for the
4532 buffered outgoing flight. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4534 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4536 * lib/gnutls_int.h, lib/gnutls_state.c: Add state for handshake mtu. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4538 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4540 * lib/gnutls_handshake.c: dtls: Fixup outgoing ClientHello hashing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4542 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4544 * lib/gnutls_handshake.c, lib/gnutls_int.h: Add proper handshake
4545 outgoing sequence number. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4547 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4549 * lib/Makefile.am, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add
4550 gnutls_dtls.{c,h}. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4552 2009-08-02 Jonathan Bastien-Filiatrault <joe@x2a.org>
4554 * lib/gnutls_handshake.c: dtls: Remove unsuitable ciphers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4556 2009-07-28 Jonathan Bastien-Filiatrault <joe@x2a.org>
4558 * lib/debug.c, lib/gnutls_handshake.c,
4559 lib/includes/gnutls/gnutls.h.in: dtls: Add hanshake fragment headers
4560 when sending handshake. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4562 2009-07-28 Jonathan Bastien-Filiatrault <joe@x2a.org>
4564 * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: dtls:
4565 Add epoch and sequence number to DTLS packets. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4567 2009-07-28 Jonathan Bastien-Filiatrault <joe@x2a.org>
4569 * lib/gnutls_record.c: Use increment functions for sequence number. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4571 2009-07-27 Jonathan Bastien-Filiatrault <joe@x2a.org>
4573 * lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_num.h,
4574 lib/gnutls_record.c: dtls: Add types and operations required for the
4575 DTLS epoch and sequence. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4577 2009-07-29 Jonathan Bastien-Filiatrault <joe@x2a.org>
4579 * lib/gnutls_algorithms.c, lib/gnutls_priority.c: Make version
4580 lookup transport dependent. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4582 2009-08-03 Jonathan Bastien-Filiatrault <joe@x2a.org>
4584 * lib/gnutls_state.h: dtls: Add _gnutls_is_dtls to check if a
4585 session uses DTLS. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4587 2009-07-25 Jonathan Bastien-Filiatrault <joe@x2a.org>
4589 * lib/gnutls_int.h, lib/gnutls_state.c,
4590 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add
4591 gnutls_init_dtls function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4593 2009-07-25 Jonathan Bastien-Filiatrault <joe@x2a.org>
4595 * lib/gnutls_int.h: Add DTLS state. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4597 2009-07-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
4599 * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Add
4600 DTLS1.0 protocol entry. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4602 2010-09-17 Jonathan Bastien-Filiatrault <joe@x2a.org>
4604 * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
4605 lib/gnutls_kx.c, lib/gnutls_mbuffers.h: Allocate session buffers of
4606 size, depending on type of session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4608 2010-09-25 Jonathan Bastien-Filiatrault <joe@x2a.org>
4610 * lib/gnutls_constate.c: Harmonize "d" argument between constate.c
4611 and compress.c. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4613 2010-09-24 Jonathan Bastien-Filiatrault <joe@x2a.org>
4615 * src/cli-gaa.c, src/cli.gaa: Fix typo. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4617 2010-09-21 Jonathan Bastien-Filiatrault <joe@x2a.org>
4619 * lib/gnutls_num.h: Parenthesize UINT64DATA again. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4621 2011-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4623 * doc/cha-intro-tls.texi: reorganization of ciphersuite discussion.
4625 2011-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4627 * lib/gnutls_priority.c: Allow using the minus "-" in the -ALL
4630 2011-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4632 * lib/gnutls_algorithms.c: Added fixme note on TLS 1.2 PRF per
4635 2011-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4637 * lib/gnutls_algorithms.c: The safe renegotiation ciphersuite is not
4638 required to be registered.
4640 2011-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4642 * lib/auth_dhe_psk.c: Corrected bug in DHE-PSK in freeing
4645 2011-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4647 * lib/gnutls_algorithms.c: Added ciphersuites (from RFC5487):
4648 TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
4649 TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
4650 TLS_PSK_WITH_NULL_SHA256 TLS_DHE_PSK_WITH_NULL_SHA256
4652 2011-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4654 * NEWS, lib/gnutls_extensions.c, lib/gnutls_sig.c: Corrected
4655 signature generation and verification in the Certificate Verify
4656 message when in TLS 1.2. Reported by Todd A. Ouska.
4658 2011-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4660 * lib/gnutls_state.c: removed duplicate assignments.
4662 2011-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4664 * lib/nettle/cipher.c: upgraded to nettle's new GCM API.
4666 2011-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4668 * lib/m4/hooks.m4: increased the C++ library current version.
4670 2011-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4672 * NEWS, lib/gnutlsxx.cpp: The C++ interface returns exception on
4673 every error and not only on fatal ones. This allows easier handling
4676 2011-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4678 * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: removed the old
4679 set_priority functions.
4681 2011-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4683 * src/cli.c, src/serv.c: removed more deprecated stuff.
4685 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4687 * libextra/gnutls_openssl.c, libextra/includes/gnutls/openssl.h:
4688 updated openssl layer to new priority functions (untested).
4690 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4692 * lib/gnutls_sig.c: removed unused variable.
4694 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4696 * NEWS, lib/gnutls_sig.c: Allow DSA2 even in protocols before TLS
4699 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4701 * src/cli.c: set the psk callback only if username/key were not
4702 supplied at command line.
4704 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4706 * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_pk.c,
4707 lib/gnutls_sig.c: In TLS 1.2 under DSS use the hash algorithm
4710 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4712 * tests/Makefile.am, tests/openpgp-auth.c, tests/openpgp-auth2.c:
4713 Added new test openpgp-auth2.c that tests openpgp under TLS1.2 and
4716 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4718 * tests/anonself.c, tests/dhepskself.c, tests/mini-eagain.c,
4719 tests/mini.c, tests/openpgp-auth.c, tests/pskself.c, tests/resume.c:
4720 Modernized the test applications that now use the
4721 gnutls_priority_set_direct().
4723 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4725 * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
4726 deprecated gnutls_*_set_priority().
4728 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4730 * lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_max_record.c,
4731 lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
4732 lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_srp.c,
4733 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
4734 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
4735 lib/gnutls_sig.c, lib/gnutls_state.c,
4736 lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c: The extensions
4737 code is now using the gnutls_buffer_st.
4739 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4741 * lib/gnutls_algorithms.c, lib/x509/x509_int.h: Added sha224 to the
4744 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4746 * lib/gnutls_priority.c: The PSK and SRP key exchange algorithms are
4747 not included in the preset priority strings.
4749 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4751 * lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe_psk.c,
4752 lib/auth_psk.c, lib/auth_psk.h: Callback function is being called in
4753 both PSK-DHE and PSK. Using the callback function will not
4754 overwrite the credentials, which were wrongly being overwritten
4755 using the retrieved username/key. The credentials structure is now
4756 accessed for reading only, as it should have been.
4758 2011-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4760 * configure.ac: bumped version.
4762 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4764 * doc/cha-programs.texi: Added documentation on p11tool.
4766 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4768 * doc/cha-intro-tls.texi, doc/cha-library.texi,
4769 doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
4770 lib/gnutls_priority.c, src/common.c: Moved documentation of priority
4771 strings to manual and removed information from manpages and function
4772 pages that now reference the manual section.
4774 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4776 * lib/auth_anon.c, lib/auth_cert.c, lib/auth_cert.h,
4777 lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
4778 lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
4779 lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
4780 lib/auth_srp_rsa.c, lib/gnutls_auth.h, lib/gnutls_kx.c,
4781 lib/gnutls_str.c, lib/gnutls_str.h: Simplified code in
4782 authentication methods by using gnutls_buffer_st instead of
4785 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4787 * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Combined
4790 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4792 * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
4793 lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Several updates in
4794 signature algorithms parsing and sending to avoid sending invalid
4795 signature algorithms.
4797 2011-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4799 * lib/gnutls_algorithms.c: Removed unused debugging code.
4801 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4803 * lib/nettle/cipher.c: Removed unneeded initialization.
4805 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4807 * NEWS, doc/cha-auth.texi, doc/cha-programs.texi, lib/Makefile.am,
4808 lib/gnutls_psk_netconf.c, lib/includes/gnutls/compat.h: Removed
4809 gnutls_psk_netconf_derive_key.
4811 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4813 * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/compat.h: Removed
4814 gnutls_certificate_verify_peers.
4816 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4818 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
4819 lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed
4820 gnutls_session_set_finished_function().
4822 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4824 * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in: Removed
4825 remaining TLS/IA stuff.
4827 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4829 * src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
4830 src/serv-gaa.h, src/serv.gaa: Removed more leftovers from opaque PRF
4833 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4835 * lib/gnutls_record.c: Corrected return message from
4838 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4840 * lib/nettle/mac.c: Removed upper limit on MAC algorithm key.
4842 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4844 * lib/gnutls_errors.c: improved premature_termination error message
4846 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4848 * doc/reference/Makefile.am, lib/libgnutls.map: Removed leftovers
4849 from OPRFI extension.
4851 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4853 * NEWS, lib/gnutls_errors.c, lib/gnutls_record.c,
4854 lib/includes/gnutls/gnutls.h.in: gnutls_recv() returns
4855 GNUTLS_E_PREMATURE_TERMINATION on EOF.
4857 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4859 * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
4860 src/common.c, src/common.h, src/serv-gaa.c, src/serv-gaa.h,
4861 src/serv.c, src/serv.gaa: Removed deprecated option such as
4862 --protocols, ciphers etc.
4864 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4866 * NEWS: not untested.
4868 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4870 * src/benchmark.c: Set correct iv in GCM.
4872 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4874 * lib/gnutls_cipher.c, lib/gnutls_int.h: Cleanups and moved
4875 definitions to gnutls_int.h. AEAD modes now use the record packet
4878 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4880 * lib/nettle/cipher.c: Reset GCM mode when setting IV.
4882 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4884 * lib/gnutls_algorithms.c: Added more GCM ciphersuites (DHE-* and
4887 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4889 * lib/gnutls_priority.c: updated priorities. Removed ARCFOUR from
4890 the secure ciphersuites and moved GCM to bottom of the ciphers in
4893 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4895 * NEWS, lib/crypto-api.c, lib/gnutls_algorithms.c,
4896 lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
4897 lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
4898 lib/libgnutls.map, src/benchmark.c: Added gnutls_cipher_add_auth()
4899 gnutls_cipher_tag() to export the GCM interface. Updated the
4902 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4904 * lib/gnutls_cert.c: removed
4905 gnutls_certificate_get_openpgp_keyring().
4907 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4909 * lib/gnutls_hash_int.c: minor optimizations.
4911 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4913 * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
4914 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: inlined several small
4917 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4919 * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
4920 lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
4921 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_sig.c:
4922 Better error checking on SSL3.
4924 2011-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4926 * lib/gnutls_cipher.c: calculation for c_length occurs in a single
4929 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4931 * NEWS: unstable -> untested.
4933 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4935 * lib/nettle/mac.c: Increase the maximum HMAC key to account for
4936 anonymous ciphersuites.
4938 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4940 * lib/gnutls_hash_int.c: check the error of hash set_key.
4942 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4944 * lib/gnutls_kx.c: do not use strlen for fixed string.
4946 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4948 * NEWS: updated NEWS on GCM mode.
4950 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4952 * lib/nettle/cipher.c: Use nettle's new API for GCM.
4954 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4956 * src/cli.c: removed old comment
4958 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4960 * NEWS, doc/Makefile.am, doc/cha-functions.texi,
4961 doc/cha-gtls-app.texi, doc/examples/Makefile.am,
4962 doc/examples/ex-client-tlsia.c, lib/gnutls_kx.c,
4963 libextra/Makefile.am, libextra/ext_inner_application.c,
4964 libextra/ext_inner_application.h, libextra/gnutls_extra.c,
4965 libextra/gnutls_ia.c, libextra/libgnutls-extra.map,
4966 tests/Makefile.am, tests/tlsia.c: Removed inner application
4969 2011-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4971 * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
4972 gnutls_certificate_verify_peers is deprecated.
4974 2011-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4976 * lib/gcrypt/mac.c, lib/gnutls_algorithms.c,
4977 lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
4978 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
4979 lib/gnutls_constate.c, lib/gnutls_hash_int.c,
4980 lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
4981 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
4982 lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c: Added
4983 support for GCM ciphersuites (not tested with other implementation).
4985 2011-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4987 * lib/gnutls_int.h: Added missing definitions (GNUTLS_MASTER_SIZE
4990 2011-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4992 * NEWS, lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed:
4993 gnutls_session_get_server_random, gnutls_session_get_client_random,
4994 gnutls_session_get_master_secret
4996 2011-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4998 * lib/build-aux/config.rpath, tests/suite/Makefile.in: updated.
5000 2011-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5002 * lib/Makefile.am, lib/gnutls.pc.in, lib/m4/hooks.m4: Add the nettle
5003 libs into gnutls.pc.
5005 2011-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5007 * NEWS, lib/gnutls_cert.c, lib/gnutls_extensions.c,
5008 lib/includes/gnutls/compat.h, lib/m4/hooks.m4: Removed functions:
5009 gnutls_ext_register, gnutls_certificate_get_x509_crls,
5010 gnutls_certificate_get_x509_cas and bumped library version number.
5012 2011-02-05 Andreas Metzler <ametzler@downhill.at.eu.org>
5014 * lib/configure.ac, lib/gnutls.pc.in, lib/m4/hooks.m4: [PATCH 1/4]
5015 adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to
5016 AC_LIB_HAVE_LINKFLAGS [PATCH 2/4] pkg-config: Move libtasn1 from
5017 Libs.private to Requires.private since libtasn1 provides a .pc file.
5018 [PATCH 3/4] pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private.
5019 This library only contains gnutls itself nowadays, which is in Libs
5020 already. [PATCH 4/4] pkg-config: If gnutls is built with zlib
5021 support list zlib in Requires.private.
5023 2011-02-04 Simon Josefsson <simon@josefsson.org>
5025 * doc/cha-ciphersuites.texi, doc/signatures.texi: Fix MD2
5026 documentation. Suggested by "brian m. carlson" <sandals@crustytoothpaste.net> in
5029 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5031 * doc/README.CODING_STYLE: updated coding style.
5033 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5035 * NEWS: documented gnutls_session_get_* deprecated functions.
5037 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5039 * tests/x509paths/README: updated README on certificate
5040 verifications that fail.
5042 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5044 * NEWS, src/certtool-common.h, src/certtool-gaa.c,
5045 src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added new
5046 functionality to certtool, and can verify certificates against a
5047 list of CAs using the --verify option.
5049 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5051 * lib/x509/verify.c, tests/chainverify.c: Time checks were moved to
5052 _gnutls_verify_certificate2(). This allows for straightforward
5053 chain verification, and thus better printing of the chain output,
5054 although some checks might be performed in duplicate. As a
5055 side-effect better errors are returned (or precisely more
5056 combinations of verification errors), thus chainverify test was
5059 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5061 * lib/x509/verify-high.c: Set memory to zero on allocation.
5063 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5065 * doc/cha-gtls-app.texi: fix in contents.
5067 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5069 * doc/examples/examples.h: prototype fix.
5071 2011-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5073 * doc/examples/ex-verify.c, lib/gnutls_cert.c,
5074 lib/includes/gnutls/x509.h, lib/x509/verify-high.c, src/certtool.c:
5075 gnutls_x509_trust_list_init() has an extra argument that allows
5076 fine-tuning of the used memory.
5078 2011-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5080 * doc/cha-bib.texi: Updated references of rfc5081 to rfc6091.
5082 2011-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5084 * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
5085 doc/examples/ex-verify.c: Documented the new verification functions.
5087 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5089 * src/certtool.c, tests/sha2/sha2: Modified output to not confuse
5092 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5094 * lib/x509/verify.c: Better output when removing certificates from
5097 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5099 * tests/pkcs1-padding/pkcs1-pad: Modified to work on new certtool -e
5102 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5104 * NEWS, doc/examples/ex-verify.c, lib/auth_cert.h,
5105 lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/compat.h,
5106 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
5107 lib/libgnutls.map, lib/x509/crl.c, lib/x509/x509.c, src/certtool.c,
5108 tests/certificate_set_x509_crl.c: The internal subsystem uses the
5109 new certificate verification functions. This has the side effect of
5110 deprecating gnutls_certificate_get_x509_crls() and
5111 gnutls_certificate_get_x509_cas() that can no longer operation since
5112 they relied on internal structures.
5114 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5116 * NEWS, doc/cha-gtls-app.texi, doc/examples/ex-verify.c,
5117 lib/Makefile.am, lib/hash.c, lib/hash.h,
5118 lib/includes/gnutls/x509.h, lib/libgnutls.map,
5119 lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/verify-high.c,
5120 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
5121 src/certtool.c: Added a new API to verify certificates. It is more
5122 efficient and can be used to get details about the verification
5125 2011-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5127 * tests/x509paths/chain: better output in chain output.
5129 2011-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5131 * NEWS, lib/includes/gnutls/x509.h, lib/x509/crl.c,
5132 lib/x509/verify.c, lib/x509/x509.c: exported
5133 gnutls_x509_crl_get_raw_issuer_dn()
5135 2011-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5137 * lib/x509/x509.c: corrected typos
5139 2011-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5141 * lib/pakchois/pakchois.c: CKR_CRYPTOKI_ALREADY_INITIALIZED is not
5142 treated as an error, and Finalize is not called in that case.
5144 2011-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5146 * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
5147 lib/openpgp/privkey.c: Reverted removal of
5148 gnutls_openpgp_privkey_sign_hash() to retain compatibility with
5149 2.10.x. That function is now deprecated instead.
5151 2011-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5153 * lib/gnutls_privkey.c: Added checks before importing keys and
5154 updated documentation.
5156 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5158 * tests/suite/Makefile.in: updated Makefile.in
5160 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5162 * doc/examples/ex-crq.c, lib/configure.ac,
5163 lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
5164 lib/includes/gnutls/x509.h, src/certtool.c, tests/crq_key_id.c:
5165 fixes in internal build with the new deprecated functions. We allow
5166 them to be used since they are inter-dependent.
5168 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5170 * lib/x509/x509_int.h: replaced old gnutls_pk_algorithm.
5172 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5174 * lib/includes/gnutls/compat.h: depends on gnutls/x509.h to compile.
5176 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5178 * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
5179 lib/x509/crl_write.c: deprecated gnutls_x509_crl_sign(),
5180 gnutls_x509_crl_sign2() and
5181 gnutls_x509_crq_get_preferred_hash_algorithm().
5183 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5185 * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
5186 lib/x509/crq.c: Deprecated gnutls_x509_crq_sign2() and
5187 gnutls_x509_crq_sign() in favor for gnutls_x509_crq_privkey_sign().
5189 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5191 * NEWS, lib/libgnutls.map: minor fixes.
5193 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5195 * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
5196 lib/libgnutls.map, lib/x509/privkey.c, lib/x509/x509.c,
5197 src/certtool.c, tests/cve-2009-1415.c, tests/x509sign-verify.c:
5198 gnutls_x509_crt_verify_hash: DEPRECATED gnutls_x509_crt_verify_data:
5199 DEPRECATED gnutls_x509_crt_get_verify_algorithm: DEPRECATED
5200 gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED Removed the
5201 new gnutls_x509_privkey_sign_data2() and
5202 gnutls_x509_privkey_sign_hash2(). That functionality will be only in the abstract.h pubkey and privkey
5203 structures, to avoid duplication for every certificate type.
5205 2011-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5207 * src/serv.c: Simplified macro to snprintf() in order to prevent
5208 issues caused when snprintf() is a macro itself. Reported and
5209 initial patch by Camillo Lugaresi.
5211 2011-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5213 * tests/suite/Makefile.in: Revert "Remove, it is generated." This reverts commit de3a601e502b24f047412a161085f7fbd898b3f3 because
5214 this file is not automatically generated (not included in top
5217 2011-01-02 Simon Josefsson <simon@josefsson.org>
5219 * lib/m4/hooks.m4: Specify minimum libgcrypt version.
5221 2010-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5223 * doc/cha-internals.texi: Added discussion on crypto backend for
5224 crypto libraries and /dev/crypto.
5226 2010-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5228 * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
5229 lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
5230 lib/x509/crq.c, lib/x509/privkey.c, lib/x509/sign.c: Renamed
5231 gnutls_privkey_sign_data() to gnutls_privkey_sign_data2() to match
5232 the similar function gnutls_x509_privkey_sign_data2().
5233 gnutls_x509_privkey_sign_data() was deprecated.
5235 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5237 * lib/gnutls_str.c: Extra sanity check.
5239 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5241 * lib/auth_srp_passwd.c: Use snprintf() to print an integer.
5243 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5245 * lib/x509/output.c: Use snprintf() to print IPs. There was a check
5246 just before that, but be safe, just in case.
5248 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5250 * doc/cha-auth.texi: Use SRP for password authentication.
5252 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5254 * doc/cha-auth.texi, lib/gnutls_cert.c, lib/gnutls_extensions.c,
5255 lib/gnutls_psk_netconf.c, lib/gnutls_state.c,
5256 lib/includes/gnutls/compat.h, lib/x509/privkey.c: Do not include
5257 deprecated functions to library documentation.
5259 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5261 * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
5262 lib/x509/privkey.c: gnutls_x509_privkey_verify_data() was
5265 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5267 * lib/gnutls_pubkey.c: Documented key usage of pubkey.
5269 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5271 * lib/gnutls_pubkey.c: Set public key bits on all import functions.
5272 Issue reported by Murray Kucheawy.
5274 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5276 * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
5277 lib/pkcs11_int.h, lib/pkcs11_privkey.c:
5278 gnutls_pkcs11_privkey_sign_data(),
5279 gnutls_pkcs11_privkey_sign_hash2() and
5280 gnutls_pkcs11_privkey_decrypt_data() were removed. The abstract.h
5281 functions should be used instead.
5283 2010-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5285 * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/openpgp.h,
5286 lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
5287 lib/openpgp/privkey.c: Removed the newly added functions:
5288 gnutls_openpgp_privkey_sign_hash2(),
5289 gnutls_openpgp_privkey_sign_data2(),
5290 gnutls_openpgp_crt_verify_hash() That way the operations in
5291 abstract.h should be used to get the same functionality, and API
5292 will be kept simple and easier to maintain. The corresponding
5293 gnutls_x509_* are kept for backwards compatibility.
5295 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5297 * lib/gnutls_sig.c: Do not be strict on RSA hash algorithm selection
5300 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5302 * lib/gnutls_cert.h, lib/gnutls_sig.c, lib/gnutls_x509.c: Removed
5303 unneeded definitions, and more careful deinitializations in
5304 parse_der_cert_mem().
5306 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5308 * tests/pathlen/ca-no-pathlen.pem,
5309 tests/pathlen/no-ca-or-pathlen.pem: updated certificates to account
5310 for extra null byte added in negative numbers.
5312 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5314 * tests/cve-2009-1415.c: Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.
5316 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5318 * lib/gnutls_privkey.c: Corrected bug in gnutls_privkey_sign_data().
5320 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5322 * lib/gnutls_sig.c: some fixes in pk_prepare_hash().
5324 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5326 * NEWS, lib/gnutls_pubkey.c, lib/openpgp/pgp.c, lib/x509/privkey.c,
5327 lib/x509/verify.c, lib/x509/x509.c, tests/x509sign-verify.c: The
5328 verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on
5329 signature verification error.
5331 2010-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5333 * src/p11tool-gaa.c, src/p11tool.gaa: The default input format for
5336 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5338 * lib/gnutls_pubkey.c: importing a pubkey from raw params will set
5339 the bits field correctly.
5341 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5343 * NEWS: Documented the addtion of gnutls_pubkey_import_privkey() and
5344 gnutls_pubkey_verify_data()
5346 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5348 * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
5349 lib/libgnutls.map, lib/x509/verify.c, tests/x509sign-verify.c: Added
5350 gnutls_pubkey_verify_data and test vectors.
5352 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5354 * doc/errcodes.c, doc/examples/ex-alert.c,
5355 doc/examples/ex-cert-select-pkcs11.c,
5356 doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
5357 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
5358 doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
5359 doc/examples/ex-client2.c, doc/examples/ex-crq.c,
5360 doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
5361 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
5362 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
5363 doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
5364 doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
5365 doc/examples/examples.h, doc/examples/tcp.c, doc/printlist.c,
5366 guile/src/core.c, guile/src/extra.c, guile/src/utils.h,
5367 lib/abstract_int.h, lib/auth_anon.c, lib/auth_cert.c,
5368 lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
5369 lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c,
5370 lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
5371 lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
5372 lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
5373 lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
5374 lib/cryptodev.c, lib/debug.c, lib/ext_cert_type.c,
5375 lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
5376 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
5377 lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_signature.h,
5378 lib/ext_srp.c, lib/gcrypt/cipher.c, lib/gcrypt/init.c,
5379 lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
5380 lib/gnutls_alert.c, lib/gnutls_algorithms.c,
5381 lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
5382 lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
5383 lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
5384 lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
5385 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
5386 lib/gnutls_compress.h, lib/gnutls_constate.c,
5387 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
5388 lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
5389 lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
5390 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
5391 lib/gnutls_global.c, lib/gnutls_handshake.c,
5392 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
5393 lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
5394 lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
5395 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
5396 lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
5397 lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
5398 lib/gnutls_psk_netconf.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
5399 lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
5400 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
5401 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
5402 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
5403 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
5404 lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
5405 lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
5406 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
5407 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
5408 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
5409 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
5410 lib/includes/gnutls/x509.h, lib/locks.c, lib/nettle/cipher.c,
5411 lib/nettle/egd.c, lib/nettle/mpi.c, lib/nettle/pk.c,
5412 lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h,
5413 lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
5414 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
5415 lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
5416 lib/opencdk/misc.c, lib/opencdk/new-packet.c,
5417 lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
5418 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
5419 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
5420 lib/opencdk/stream.h, lib/opencdk/verify.c,
5421 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
5422 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
5423 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
5424 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
5425 lib/openpgp/privkey.c, lib/pakchois/pakchois.c,
5426 lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
5427 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
5428 lib/pkcs11_write.c, lib/random.c, lib/system.c, lib/system.h,
5429 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
5430 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
5431 lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
5432 lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
5433 lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
5434 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
5435 lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
5436 lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
5437 lib/x509_b64.c, lib/x509_b64.h, libextra/ext_inner_application.c,
5438 libextra/ext_inner_application.h, libextra/gnutls_extra.c,
5439 libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
5440 libextra/includes/gnutls/extra.h,
5441 libextra/includes/gnutls/openssl.h, libextra/openssl_compat.c,
5442 libextra/openssl_compat.h, maint.mk, src/benchmark.c,
5443 src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c,
5444 src/certtool-common.h, src/certtool.c, src/cli.c, src/common.c,
5445 src/common.h, src/crypt.c, src/p11tool.c, src/p11tool.h,
5446 src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
5447 src/tests.h, src/tls_test.c, tests/anonself.c,
5448 tests/certificate_set_x509_crl.c, tests/chainverify.c,
5449 tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
5450 tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/gc.c,
5451 tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
5452 tests/mini-x509.c, tests/mini.c, tests/mpi.c,
5453 tests/nul-in-x509-names.c, tests/openpgp-auth.c,
5454 tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c,
5455 tests/openssl.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
5456 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
5457 tests/resume.c, tests/safe-renegotiation/srn0.c,
5458 tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
5459 tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
5460 tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
5461 tests/simple.c, tests/tlsia.c, tests/utils.c, tests/utils.h,
5462 tests/x509_altname.c, tests/x509_test.c, tests/x509dn.c,
5463 tests/x509self.c, tests/x509sign-verify.c: Indented code. Use same
5464 indentation but with -nut to avoid usage of tabs. In several editors
5465 tabs can be configured not to be 8 spaces and this produces
5466 artifacts with the current indentation that is a mixture of tabs and
5469 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5471 * lib/gnutls_privkey.c: _gnutls_privkey_get_public_mpis() handles
5474 2010-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5476 * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
5477 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
5478 gnutls_pubkey_import_privkey(), that will copy the public key from a
5479 gnutls_privkey_t structure.
5481 2010-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5483 * NEWS, lib/libgnutls.map: Do not export the non-existant symbols
5484 gnutls_pkcs11_privkey_sign_hash and gnutls_privkey_sign_hash.
5486 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5488 * NEWS: documented new functions
5490 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5492 * NEWS: Added new functions.
5494 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5496 * lib/libgnutls.map: Added new functions.
5498 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5500 * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
5501 de-deprecated gnutls_x509_crt_verify_hash()
5503 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5505 * lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
5506 lib/openpgp/pgp.c, tests/x509sign-verify.c: Added
5507 gnutls_openpgp_crt_verify_hash().
5509 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5511 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: added
5512 gnutls_privkey_sign_hash2()
5514 2010-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5516 * lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
5517 lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c:
5518 Simplified preparation of signing code.
5520 2010-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5522 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
5523 lib/gnutls_sig.h, lib/openpgp/gnutls_openpgp.h,
5524 lib/openpgp/privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
5525 lib/x509/Makefile.am, lib/x509/privkey.c, lib/x509/sign.c,
5526 lib/x509/sign.h: deprecated x509/sign.h and moved functionality of
5529 2010-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5531 * lib/x509/sign.c: pk_hash_data() will fail unless DSA or RSA are
5534 2010-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5536 * lib/x509/privkey.c: better comments
5538 2010-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5540 * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c:
5541 reorganization of the privkey_ functions().
5543 2010-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5545 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
5546 lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
5547 lib/includes/gnutls/x509.h, lib/libgnutls.map,
5548 lib/openpgp/gnutls_openpgp.c, lib/x509/privkey.c: Introduced
5549 gnutls_*_privkey_sign_hash2() that is a high level function to
5552 2010-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5554 * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
5555 lib/x509/sign.c, lib/x509/sign.h: Separated the sign_data functions
5556 to a hashing phase, a preparing phase, and the actual signing.
5558 2010-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5560 * NEWS: documented deprecated functions.
5562 2010-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5564 * lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
5565 lib/includes/gnutls/pkcs11.h: All the sign hash functions were
5568 2010-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5570 * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
5571 gnutls_x509_privkey_sign_hash() is dangerous and was deprecated.
5572 Added some text explaining why some functions were deprecated.
5574 2010-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5576 * NEWS: documented previous update.
5578 2010-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5580 * lib/x509/privkey.c, lib/x509/x509.c: export_raw() functions now
5581 add leading zero in mpis.
5583 2010-12-07 Simon Josefsson <simon@josefsson.org>
5587 2010-12-07 Simon Josefsson <simon@josefsson.org>
5589 * lib/includes/gnutls/crypto.h: C++ fixes, tiny patch from "Brendan
5590 Doherty" <brendand@gentrack.com>.
5592 2010-12-07 Simon Josefsson <simon@josefsson.org>
5594 * gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/memchr.m4,
5595 gl/m4/printf.m4, gl/m4/stdint.m4, lib/gl/m4/fcntl-o.m4,
5596 lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/memchr.m4,
5597 lib/gl/m4/memmem.m4, lib/gl/m4/printf.m4, lib/gl/m4/stdint.m4:
5598 Update gnulib files.
5600 2010-12-07 Simon Josefsson <simon@josefsson.org>
5602 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
5603 libextra/configure.ac: Bump versions.
5605 2010-12-07 Simon Josefsson <simon@josefsson.org>
5607 * ChangeLog: Generated.
5609 2010-12-07 Simon Josefsson <simon@josefsson.org>
5611 * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
5612 libextra/configure.ac: Bump versions.
5614 2010-12-06 Simon Josefsson <simon@josefsson.org>
5616 * ChangeLog: Generated.
5618 2010-12-06 Simon Josefsson <simon@josefsson.org>
5620 * tests/Makefile.am: Don't fail on 'make distcheck'.
5622 2010-12-06 Simon Josefsson <simon@josefsson.org>
5624 * NEWS: Version 2.11.6.
5626 2010-12-06 Simon Josefsson <simon@josefsson.org>
5628 * lib/gnutls_str.c: Indent.
5630 2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5632 * NEWS: documented SSL 3.0 record version change.
5634 2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5636 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
5637 SSL3_RECORD_VERSION priority option is now the default. That is in
5638 order to not confuse non TLS 1.2 compliant implementations that
5639 don't like a TLS 1.2 record.
5641 2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5643 * lib/gnutls_str.c: simplified escape and unescape.
5645 2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5647 * THANKS: Added Michael.
5649 2010-12-06 Simon Josefsson <simon@josefsson.org>
5651 * cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
5652 lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
5653 lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
5654 lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
5655 lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
5656 src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
5657 src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
5658 tests/openpgp-auth.c: Indent code.
5660 2010-12-06 Simon Josefsson <simon@josefsson.org>
5662 * maint.mk: Update gnulib files.
5664 2010-12-06 Simon Josefsson <simon@josefsson.org>
5666 * gl/override/top/maint.mk.diff: Remove.
5668 2010-12-06 Simon Josefsson <simon@josefsson.org>
5670 * .gitignore: Update.
5672 2010-12-06 Simon Josefsson <simon@josefsson.org>
5674 * lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
5675 src/p11tool.gaa: Fix syntax-check nits.
5677 2010-12-06 Simon Josefsson <simon@josefsson.org>
5679 * .x-sc_bindtextdomain: Ignore more.
5681 2010-12-06 Simon Josefsson <simon@josefsson.org>
5683 * GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
5684 build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
5685 gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
5686 gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
5687 gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
5688 gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
5689 gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
5690 gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
5691 gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
5692 gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
5693 gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
5694 gl/tests/Makefile.am, gl/tests/init.sh,
5695 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
5696 gl/tests/test-update-copyright.sh, gl/tests/verify.h, gl/time.in.h,
5697 gl/unistd.in.h, gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h,
5698 lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
5699 lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
5700 lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
5701 lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
5702 lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
5703 lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
5704 lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
5705 lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
5706 lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
5707 lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
5708 lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
5709 lib/gl/tests/verify.h, lib/gl/time.in.h, lib/gl/unistd.in.h,
5710 lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h,
5711 libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.
5713 2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5715 * tests/Makefile.am: Temporarily remove gendh test. It takes
5716 extremely long time under valgrind.
5718 2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5720 * NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
5721 lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
5722 when writing parameters for RSA signatures. This makes us comply
5723 with RFC3279. Reported by Michael Rommel.
5725 2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5727 * NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
5728 Tomas Mraz. The gnutls-serv uses fixed allocated buffer for the response which
5729 can be pretty long if a client certificate is presented to it and
5730 the http header is large. This causes buffer overflow and heap
5731 corruption which then leads to random segfaults or aborts. It was reported originally here:
5732 https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to
5733 snprintf so the buffer is never overflowed.
5735 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5737 * lib/m4/hooks.m4: increased revision
5739 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5741 * src/Makefile.am: Added p11tool.h
5743 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5745 * NEWS: released 2.11.5
5747 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5749 * doc/cha-internals.texi: escaped chars.
5751 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5753 * doc/cha-internals.texi: Updated extension writing code. Still not
5756 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5758 * doc/cha-cert-auth.texi: PKCS #11 fixes
5760 2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5762 * doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
5765 2010-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5767 * src/pkcs11.c: Prefix mechanism number with 0x.
5769 2010-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5771 * lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
5774 2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5776 * configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
5777 present. Moved check to correct config and included resource.h
5780 2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5782 * lib/nettle/rnd.c: More details on the text
5784 2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5786 * lib/pkcs11.c: Corrected copyright statement
5788 2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5790 * lib/nettle/rnd.c: Corrected copyright header. Added Niels.
5792 2010-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5794 * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
5795 lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c:
5796 Reverted default behavior for verification and introduced
5797 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1
5798 trusted CAs are allowed, unless the new flag is specified.
5800 2010-11-25 Simon Josefsson <simon@josefsson.org>
5804 2010-11-25 Simon Josefsson <simon@josefsson.org>
5806 * tests/suite/Makefile.in: Remove, it is generated.
5808 2010-11-25 Simon Josefsson <simon@josefsson.org>
5810 * README: No space at eol.
5812 2010-11-25 Simon Josefsson <simon@josefsson.org>
5814 * tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.
5816 2010-11-25 Simon Josefsson <simon@josefsson.org>
5818 * cfg.mk: Ignore tests/suite for syntax-checks, not our code.
5820 2010-11-25 Simon Josefsson <simon@josefsson.org>
5822 * README: Recommend git format-patch rather than git diff.
5824 2010-11-24 Jeffrey Walton <noloader@gmail.com>
5826 * README: Attached is a proposed modification to the README file,
5827 including recent comments by Simon.
5829 2010-11-23 Simon Josefsson <simon@josefsson.org>
5831 * guile/src/Makefile.am: Fix dependencies, fixes parallel builds. Tiny patch from Graham Gower <graham.gower@gmail.com>.
5833 2010-11-19 Simon Josefsson <simon@josefsson.org>
5835 * doc/Makefile.am: Remove file.
5837 2010-11-19 Simon Josefsson <simon@josefsson.org>
5839 * doc/manpages/Makefile.am: Generated.
5841 2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5843 * configure.ac, tests/suite/Makefile.in: Create Makefile in
5846 2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5848 * src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
5849 tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
5850 password and use a key only.
5852 2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5854 * doc/credentials/gnutls-http-serv: correctly set psk params.
5856 2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5860 2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5862 * lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
5863 (add leading zero). Reported by Jeffrey Walton.
5865 2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5867 * lib/x509/mpi.c: cleanups
5869 2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5871 * doc/cha-auth.texi, lib/includes/gnutls/compat.h,
5872 lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
5873 method from netconf. The published RFC does not include this method
5874 and it is not known whether it has been used at all in practice. No
5877 2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5879 * NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
5880 and VERS-TLS-ALL priority strings.
5882 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5884 * lib/gnutls_x509.c: Removed redundant error check. Reported by
5887 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5889 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
5890 src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
5891 src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
5892 --list-mechanisms option to p11tool. Lists all mechanisms supported
5895 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5897 * doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
5900 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5902 * doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
5903 doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
5906 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5908 * src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
5911 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5913 * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
5914 src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
5917 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5919 * lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to internal representation. * When generating secret keys include a generic key type and a
5922 2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5924 * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: Added
5925 option --no-detailed-url to p11tool. More detailed url is the
5928 2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5930 * NEWS, lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
5931 lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
5932 lib/pkcs11_secret.c, lib/pkcs11_write.c, src/pkcs11.c: Added
5933 gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to
5934 enable manipulating tokens purely from PKCS #11.
5936 2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5938 * doc/README.gaa: Removed README.gaa.
5940 2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5942 * .gitignore, src/Makefile.am, src/certtool-common.c,
5943 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
5944 src/certtool.c, src/certtool.gaa, src/p11tool-gaa.c,
5945 src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
5946 src/pkcs11.c: Introduced p11tool to separate PKCS #11 functionality
5949 2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5951 * tests/Makefile.am, tests/finished.c: Removed check on deprecated
5954 2010-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5956 * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
5957 Deprecated old functions.
5959 2010-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5961 * doc/cha-intro-tls.texi: use @code for SAFE_RENEGOTIATION string.
5963 2010-06-07 Simon Josefsson <simon@josefsson.org>
5965 * lib/gnutls_priority.c: Doc fix.
5967 2010-10-16 Simon Josefsson <simon@josefsson.org>
5971 2010-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5973 * tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
5974 tests/safe-renegotiation/params.dh,
5975 tests/safe-renegotiation/testsrn, tests/suite/Makefile.am,
5976 tests/suite/README, tests/suite/eagain,
5977 tests/suite/ecore/eina_config.h,
5978 tests/suite/ecore/src/include/Eina.h,
5979 tests/suite/ecore/src/include/eina_accessor.h,
5980 tests/suite/ecore/src/include/eina_array.h,
5981 tests/suite/ecore/src/include/eina_benchmark.h,
5982 tests/suite/ecore/src/include/eina_binshare.h,
5983 tests/suite/ecore/src/include/eina_config.h,
5984 tests/suite/ecore/src/include/eina_convert.h,
5985 tests/suite/ecore/src/include/eina_counter.h,
5986 tests/suite/ecore/src/include/eina_cpu.h,
5987 tests/suite/ecore/src/include/eina_error.h,
5988 tests/suite/ecore/src/include/eina_file.h,
5989 tests/suite/ecore/src/include/eina_fp.h,
5990 tests/suite/ecore/src/include/eina_hamster.h,
5991 tests/suite/ecore/src/include/eina_hash.h,
5992 tests/suite/ecore/src/include/eina_inline_array.x,
5993 tests/suite/ecore/src/include/eina_inline_f16p16.x,
5994 tests/suite/ecore/src/include/eina_inline_f32p32.x,
5995 tests/suite/ecore/src/include/eina_inline_f8p24.x,
5996 tests/suite/ecore/src/include/eina_inline_fp.x,
5997 tests/suite/ecore/src/include/eina_inline_hash.x,
5998 tests/suite/ecore/src/include/eina_inline_list.x,
5999 tests/suite/ecore/src/include/eina_inline_log.x,
6000 tests/suite/ecore/src/include/eina_inline_mempool.x,
6001 tests/suite/ecore/src/include/eina_inline_rbtree.x,
6002 tests/suite/ecore/src/include/eina_inline_rectangle.x,
6003 tests/suite/ecore/src/include/eina_inline_str.x,
6004 tests/suite/ecore/src/include/eina_inline_stringshare.x,
6005 tests/suite/ecore/src/include/eina_inline_tiler.x,
6006 tests/suite/ecore/src/include/eina_inline_trash.x,
6007 tests/suite/ecore/src/include/eina_inline_ustringshare.x,
6008 tests/suite/ecore/src/include/eina_inlist.h,
6009 tests/suite/ecore/src/include/eina_iterator.h,
6010 tests/suite/ecore/src/include/eina_lalloc.h,
6011 tests/suite/ecore/src/include/eina_list.h,
6012 tests/suite/ecore/src/include/eina_log.h,
6013 tests/suite/ecore/src/include/eina_magic.h,
6014 tests/suite/ecore/src/include/eina_main.h,
6015 tests/suite/ecore/src/include/eina_matrixsparse.h,
6016 tests/suite/ecore/src/include/eina_mempool.h,
6017 tests/suite/ecore/src/include/eina_module.h,
6018 tests/suite/ecore/src/include/eina_quadtree.h,
6019 tests/suite/ecore/src/include/eina_rbtree.h,
6020 tests/suite/ecore/src/include/eina_rectangle.h,
6021 tests/suite/ecore/src/include/eina_safety_checks.h,
6022 tests/suite/ecore/src/include/eina_sched.h,
6023 tests/suite/ecore/src/include/eina_str.h,
6024 tests/suite/ecore/src/include/eina_strbuf.h,
6025 tests/suite/ecore/src/include/eina_stringshare.h,
6026 tests/suite/ecore/src/include/eina_tiler.h,
6027 tests/suite/ecore/src/include/eina_trash.h,
6028 tests/suite/ecore/src/include/eina_types.h,
6029 tests/suite/ecore/src/include/eina_unicode.h,
6030 tests/suite/ecore/src/include/eina_ustrbuf.h,
6031 tests/suite/ecore/src/include/eina_ustringshare.h,
6032 tests/suite/ecore/src/lib/Ecore.h,
6033 tests/suite/ecore/src/lib/Ecore_Getopt.h,
6034 tests/suite/ecore/src/lib/ecore.c,
6035 tests/suite/ecore/src/lib/ecore_anim.c,
6036 tests/suite/ecore/src/lib/ecore_app.c,
6037 tests/suite/ecore/src/lib/ecore_events.c,
6038 tests/suite/ecore/src/lib/ecore_exe.c,
6039 tests/suite/ecore/src/lib/ecore_getopt.c,
6040 tests/suite/ecore/src/lib/ecore_glib.c,
6041 tests/suite/ecore/src/lib/ecore_idle_enterer.c,
6042 tests/suite/ecore/src/lib/ecore_idle_exiter.c,
6043 tests/suite/ecore/src/lib/ecore_idler.c,
6044 tests/suite/ecore/src/lib/ecore_job.c,
6045 tests/suite/ecore/src/lib/ecore_main.c,
6046 tests/suite/ecore/src/lib/ecore_pipe.c,
6047 tests/suite/ecore/src/lib/ecore_poll.c,
6048 tests/suite/ecore/src/lib/ecore_private.h,
6049 tests/suite/ecore/src/lib/ecore_signal.c,
6050 tests/suite/ecore/src/lib/ecore_thread.c,
6051 tests/suite/ecore/src/lib/ecore_time.c,
6052 tests/suite/ecore/src/lib/ecore_timer.c,
6053 tests/suite/ecore/src/lib/eina_accessor.c,
6054 tests/suite/ecore/src/lib/eina_array.c,
6055 tests/suite/ecore/src/lib/eina_benchmark.c,
6056 tests/suite/ecore/src/lib/eina_binshare.c,
6057 tests/suite/ecore/src/lib/eina_chained_mempool.c,
6058 tests/suite/ecore/src/lib/eina_convert.c,
6059 tests/suite/ecore/src/lib/eina_counter.c,
6060 tests/suite/ecore/src/lib/eina_cpu.c,
6061 tests/suite/ecore/src/lib/eina_error.c,
6062 tests/suite/ecore/src/lib/eina_file.c,
6063 tests/suite/ecore/src/lib/eina_fp.c,
6064 tests/suite/ecore/src/lib/eina_hamster.c,
6065 tests/suite/ecore/src/lib/eina_hash.c,
6066 tests/suite/ecore/src/lib/eina_inlist.c,
6067 tests/suite/ecore/src/lib/eina_iterator.c,
6068 tests/suite/ecore/src/lib/eina_lalloc.c,
6069 tests/suite/ecore/src/lib/eina_list.c,
6070 tests/suite/ecore/src/lib/eina_log.c,
6071 tests/suite/ecore/src/lib/eina_magic.c,
6072 tests/suite/ecore/src/lib/eina_main.c,
6073 tests/suite/ecore/src/lib/eina_matrixsparse.c,
6074 tests/suite/ecore/src/lib/eina_mempool.c,
6075 tests/suite/ecore/src/lib/eina_module.c,
6076 tests/suite/ecore/src/lib/eina_private.h,
6077 tests/suite/ecore/src/lib/eina_quadtree.c,
6078 tests/suite/ecore/src/lib/eina_rbtree.c,
6079 tests/suite/ecore/src/lib/eina_rectangle.c,
6080 tests/suite/ecore/src/lib/eina_safety_checks.c,
6081 tests/suite/ecore/src/lib/eina_sched.c,
6082 tests/suite/ecore/src/lib/eina_share_common.c,
6083 tests/suite/ecore/src/lib/eina_share_common.h,
6084 tests/suite/ecore/src/lib/eina_str.c,
6085 tests/suite/ecore/src/lib/eina_strbuf.c,
6086 tests/suite/ecore/src/lib/eina_strbuf_common.c,
6087 tests/suite/ecore/src/lib/eina_strbuf_common.h,
6088 tests/suite/ecore/src/lib/eina_strbuf_template_c.x,
6089 tests/suite/ecore/src/lib/eina_stringshare.c,
6090 tests/suite/ecore/src/lib/eina_tiler.c,
6091 tests/suite/ecore/src/lib/eina_unicode.c,
6092 tests/suite/ecore/src/lib/eina_ustrbuf.c,
6093 tests/suite/ecore/src/lib/eina_ustringshare.c,
6094 tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
6095 tests/suite/params.dh, tests/suite/testsrn: Added tests/suite which
6096 contains tests to be executed during development time and will not
6097 be distributed (not included in make dist). Added "ecore" and a new
6098 mini-eagain to test EAGAIN behavior.
6100 2010-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6102 * .gitignore: updated .gitignore.
6104 2010-10-16 Simon Josefsson <simon@josefsson.org>
6106 * NEWS, src/common.c: gnutls-cli: Print channel binding only in
6107 verbose mode. Before it printed it after the 'Compression:' output, thus breaking
6108 Emacs starttls.el string searches.
6110 2010-10-15 Simon Josefsson <simon@josefsson.org>
6112 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
6113 libextra/configure.ac: Bump versions.
6115 2010-10-15 Simon Josefsson <simon@josefsson.org>
6117 * ChangeLog: Generated.
6119 2010-10-15 Simon Josefsson <simon@josefsson.org>
6121 * NEWS: Version 2.11.4.
6123 2010-10-15 Simon Josefsson <simon@josefsson.org>
6125 * lib/libgnutls.map: Rename new symbol prefix after next stable
6126 branch instead of development branch.
6128 2010-10-15 Simon Josefsson <simon@josefsson.org>
6132 2010-10-15 Simon Josefsson <simon@josefsson.org>
6134 * NEWS, doc/cha-bib.texi, doc/cha-gtls-app.texi: Document channel
6137 2010-10-15 Simon Josefsson <simon@josefsson.org>
6139 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
6140 src/common.c: Implement RFC 5929 tls-unique channel binding.
6142 2010-10-14 Simon Josefsson <simon@josefsson.org>
6144 * NEWS, doc/manpages/Makefile.am, lib/gnutls_errors.c,
6145 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
6146 lib/libgnutls.map: Add gnutls_session_channel_binding API.
6148 2010-10-14 Simon Josefsson <simon@josefsson.org>
6150 * doc/manpages/Makefile.am: Generated.
6152 2010-10-14 Simon Josefsson <simon@josefsson.org>
6156 2010-10-14 Simon Josefsson <simon@josefsson.org>
6158 * tests/Makefile.am, tests/gendh.c: Add self test gendh to check DH
6161 2010-10-14 Simon Josefsson <simon@josefsson.org>
6163 * tests/openpgp-auth.c: Fix compiler warnings.
6165 2010-10-14 Simon Josefsson <simon@josefsson.org>
6167 * guile/tests/Makefile.am, guile/tests/anonymous-auth.scm,
6168 guile/tests/dh-parameters.pem, guile/tests/openpgp-auth.scm,
6169 guile/tests/pkcs-import-export.scm,
6170 guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
6171 Don't generate DH primes in Guile self checks (for speed).
6173 2010-10-14 Simon Josefsson <simon@josefsson.org>
6175 * tests/userid/userid: Cleanup, fixing distcheck.
6177 2010-10-14 Simon Josefsson <simon@josefsson.org>
6179 * tests/openpgp-auth.c: Make it work with srcdir != objdir.
6181 2010-10-14 Simon Josefsson <simon@josefsson.org>
6183 * doc/reference/gnutls-docs.sgml: Improve GTK-DOC manual.
6185 2010-10-14 Simon Josefsson <simon@josefsson.org>
6189 2010-10-14 Simon Josefsson <simon@josefsson.org>
6191 * .x-sc_two_space_separator_in_usage, lib/cryptodev.c,
6192 lib/m4/hooks.m4, lib/pakchois/pakchois11.h: Fix syntax-check
6195 2010-10-14 Simon Josefsson <simon@josefsson.org>
6197 * build-aux/gendocs.sh, build-aux/pmccabe2html, doc/fdl-1.3.texi,
6198 gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/float.in.h,
6199 gl/ftello.c, gl/getaddrinfo.c, gl/m4/errno_h.m4, gl/m4/error.m4,
6200 gl/m4/float_h.m4, gl/m4/ftello.m4, gl/m4/getpagesize.m4,
6201 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
6202 gl/m4/include_next.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
6203 gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lseek.m4,
6204 gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/printf.m4,
6205 gl/m4/realloc.m4, gl/m4/servent.m4, gl/m4/size_max.m4,
6206 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
6207 gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
6208 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdlib_h.m4,
6209 gl/m4/time_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/malloc.c,
6210 gl/netdb.in.h, gl/netinet_in.in.h, gl/read-file.c, gl/realloc.c,
6211 gl/select.c, gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h,
6212 gl/stdio.in.h, gl/stdlib.in.h, gl/strerror.c, gl/string.in.h,
6213 gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
6214 gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
6215 gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/sys_ioctl.in.h,
6216 gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
6217 gl/tests/test-ftello.c, gl/tests/test-ftello.sh,
6218 gl/tests/test-ftello2.sh, gl/tests/test-ftello3.c,
6219 gl/tests/test-getaddrinfo.c, gl/tests/test-memchr.c,
6220 gl/tests/test-netdb.c, gl/tests/test-read-file.c,
6221 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
6222 gl/tests/test-stdlib.c, gl/tests/test-sys_socket.c,
6223 gl/tests/test-sys_wait.h, gl/tests/test-update-copyright.sh,
6224 gl/tests/test-vc-list-files-cvs.sh,
6225 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
6226 gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/wchar.in.h,
6227 lib/build-aux/config.rpath, lib/gl/Makefile.am, lib/gl/errno.in.h,
6228 lib/gl/float.in.h, lib/gl/ftello.c, lib/gl/m4/codeset.m4,
6229 lib/gl/m4/errno_h.m4, lib/gl/m4/fcntl-o.m4, lib/gl/m4/float_h.m4,
6230 lib/gl/m4/ftello.m4, lib/gl/m4/getpagesize.m4,
6231 lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-cache.m4,
6232 lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4,
6233 lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
6234 lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
6235 lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
6236 lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
6237 lib/gl/m4/ld-version-script.m4, lib/gl/m4/lib-ld.m4,
6238 lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4, lib/gl/m4/lseek.m4,
6239 lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4,
6240 lib/gl/m4/minmax.m4, lib/gl/m4/printf-posix.m4,
6241 lib/gl/m4/printf.m4, lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4,
6242 lib/gl/m4/size_max.m4, lib/gl/m4/socketlib.m4,
6243 lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
6244 lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4,
6245 lib/gl/m4/stdlib_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
6246 lib/gl/m4/visibility.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
6247 lib/gl/malloc.c, lib/gl/netdb.in.h, lib/gl/read-file.c,
6248 lib/gl/realloc.c, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
6249 lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
6250 lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/sys_socket.in.h,
6251 lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
6252 lib/gl/tests/binary-io.h, lib/gl/tests/getpagesize.c,
6253 lib/gl/tests/init.sh, lib/gl/tests/test-binary-io.c,
6254 lib/gl/tests/test-binary-io.sh, lib/gl/tests/test-ftello.c,
6255 lib/gl/tests/test-ftello.sh, lib/gl/tests/test-ftello2.sh,
6256 lib/gl/tests/test-ftello3.c, lib/gl/tests/test-memchr.c,
6257 lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
6258 lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
6259 lib/gl/tests/test-stdlib.c, lib/gl/tests/test-sys_socket.c,
6260 lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-verify.c,
6261 lib/gl/time.in.h, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
6262 libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
6263 libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/ld-version-script.m4,
6264 libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4, maint.mk:
6265 Update gnulib files.
6267 2010-10-14 Simon Josefsson <simon@josefsson.org>
6269 * cfg.mk: Don't assume chmod +x on gendocs.sh.
6271 2010-10-14 Simon Josefsson <simon@josefsson.org>
6273 * cfg.mk: Use gnulib --add-import.
6275 2010-10-14 Simon Josefsson <simon@josefsson.org>
6277 * .gitignore: Sort and update.
6279 2010-10-14 Simon Josefsson <simon@josefsson.org>
6281 * lib/po/nl.po.in: Sync with TP.
6283 2010-10-14 Simon Josefsson <simon@josefsson.org>
6285 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
6286 libextra/configure.ac: Bump versions.
6288 2010-10-14 Simon Josefsson <simon@josefsson.org>
6290 * ChangeLog: Generated.
6292 2010-10-14 Simon Josefsson <simon@josefsson.org>
6294 * NEWS: Version 2.11.3.
6296 2010-10-14 Simon Josefsson <simon@josefsson.org>
6298 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
6299 libextra/configure.ac: Bump versions.
6301 2010-10-14 Simon Josefsson <simon@josefsson.org>
6303 * doc/errcodes.c, doc/examples/ex-alert.c,
6304 doc/examples/ex-cert-select-pkcs11.c,
6305 doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
6306 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
6307 doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
6308 doc/examples/ex-client2.c, doc/examples/ex-crq.c,
6309 doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
6310 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
6311 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
6312 doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
6313 doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
6314 doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
6315 guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
6316 guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
6317 lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
6318 lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
6319 lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
6320 lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
6321 lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
6322 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
6323 lib/ext_server_name.h, lib/ext_session_ticket.c,
6324 lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
6325 lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
6326 lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
6327 lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
6328 lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
6329 lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
6330 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
6331 lib/gnutls_compress.h, lib/gnutls_constate.c,
6332 lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
6333 lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
6334 lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
6335 lib/gnutls_handshake.c, lib/gnutls_handshake.h,
6336 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
6337 lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
6338 lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
6339 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
6340 lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
6341 lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
6342 lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
6343 lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
6344 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
6345 lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
6346 lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
6347 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
6348 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
6349 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
6350 lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
6351 lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
6352 lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
6353 lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
6354 lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
6355 lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
6356 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
6357 lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
6358 lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
6359 lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
6360 lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
6361 lib/pakchois/dlopen.h, lib/pakchois/errors.c,
6362 lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
6363 lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
6364 lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
6365 lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
6366 lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
6367 lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
6368 lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
6369 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
6370 lib/x509/x509_write.c, lib/x509_b64.c,
6371 libextra/ext_inner_application.c, libextra/ext_inner_application.h,
6372 libextra/gnutls_extra.c, libextra/gnutls_ia.c,
6373 libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
6374 src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
6375 src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
6376 src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
6377 tests/anonself.c, tests/certder.c,
6378 tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
6379 tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
6380 tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
6381 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
6382 tests/finished.c, tests/gc.c, tests/hostname-check.c,
6383 tests/init_roundtrip.c, tests/mini-eagain.c,
6384 tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
6385 tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
6386 tests/nul-in-x509-names.c, tests/openpgp-auth.c,
6387 tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
6388 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
6389 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
6390 tests/resume.c, tests/safe-renegotiation/srn0.c,
6391 tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
6392 tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
6393 tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
6394 tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
6395 tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
6396 tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
6399 2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6401 * NEWS, configure.ac, lib/m4/hooks.m4: bumped version
6403 2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6405 * src/certtool.c: Revert "Applied last patch of Micah Anderson on
6406 IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f.
6408 2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6410 * libextra/fipsmd5.c: removed unneeded code.
6412 2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6414 * src/certtool.c: Applied last patch of Micah Anderson on IKE
6417 2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6419 * src/certtool.c: Applied patch on IKE extension by Micah Anderson
6421 2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6423 * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
6424 lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
6425 code to support the linux cryptodev extensions. Removed the clone()
6426 capability from HMAC. It was never used and having it prevents using
6427 it with hardware accelerators that might not have this capability.
6429 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6431 * THANKS: Added Micah
6433 2010-10-01 Simon Josefsson <simon@josefsson.org>
6435 * doc/cha-cert-auth.texi, doc/cha-internals.texi,
6436 doc/cha-library.texi, lib/ext_safe_renegotiation.c,
6437 lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
6438 lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
6439 lib/system.c, lib/system.h, libextra/ext_inner_application.c,
6440 src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
6441 syntax-check errors.
6443 2010-10-01 Simon Josefsson <simon@josefsson.org>
6445 * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
6446 lib/includes/gnutls/pkcs11.h: Fix compiler warnings.
6448 2010-10-01 Simon Josefsson <simon@josefsson.org>
6450 * NEWS, doc/manpages/Makefile.am: Mention new APIs.
6452 2010-09-30 Simon Josefsson <simon@josefsson.org>
6454 * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by m.drochner@fz-juelich.de in
6455 <http://savannah.gnu.org/support/?107449>.
6457 2010-09-30 Simon Josefsson <simon@josefsson.org>
6459 * lib/crypto-api.c: Don't return from void functions. Reported by Dagobert Michelsen <dam@opencsw.org> in
6461 <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
6463 2010-09-30 Simon Josefsson <simon@josefsson.org>
6465 * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.
6467 2010-09-30 Simon Josefsson <simon@josefsson.org>
6469 * lib/includes/gnutls/x509.h: Remove spurious comma.
6471 2010-09-30 Simon Josefsson <simon@josefsson.org>
6473 * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
6474 pkcs8-decode test work on Windows.
6476 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6480 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6482 * lib/ext_session_ticket.c: treat absence of parameters the same as
6483 having them disabled.
6485 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6487 * tests/resume.c: Corrected behavior on failure (don't crash).
6489 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6491 * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
6492 when restoring extensions during session resumtion.
6494 2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6496 * lib/gnutls_extensions.c: Use more informative logging for
6499 2010-09-29 Micah Anderson <micah@riseup.net>
6501 * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
6502 lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
6503 src/certtool-cfg.h, src/certtool.c: Add new extended key usage
6504 ipsecIKE According to RFC 4945 § 5.1.3.12 section title
6505 "ExtendedKeyUsage"[0] the following extended key usage has been
6506 added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY
6507 be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is
6508 intended to be used with both IKE and other applications, and one
6509 of the other applications requires use of an EKU value, then such
6510 certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA
6511 issues multiple otherwise-similar certificates for multiple
6512 applications including IKE, and it is intended that the IKE
6513 certificate NOT be used with another application, the IKE
6514 certificate MAY contain an EKU extension listing a keyPurposeID of
6515 id-kp-ipsecIKE to discourage its use with the other application.
6516 Recall, however, that EKU extensions in certificates meant for use
6517 in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU.
6518 If a critical EKU extension appears in a certificate and EKU is
6519 not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU
6520 MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6522 2010-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6524 * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
6525 was renamed to --p11-*.
6527 2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6529 * lib/ext_session_ticket.c: Added some comments and removed unused
6532 2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6534 * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
6537 2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6539 * doc/TODO: cleanup of TODO list. Removed very old entries, entries
6540 already fixed and added new ones.
6542 2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6544 * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.
6546 2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6548 * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
6549 lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
6550 priorities moved to crypto.c
6552 2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6554 * lib/gnutls_errors.c: changed the fatality level of some errors.
6556 2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6558 * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
6559 Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
6560 handshake. If the check_fatal flag is set then
6561 GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
6563 2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6565 * src/cli.c: fflush stdout and stderr before the call to setbuf.
6566 This fixes issue in solaris where lines dissappeared from output.
6567 Reported and suggested fix by Knut Anders Hatlen.
6569 2010-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6571 * NEWS: documented change
6573 2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6575 * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
6576 importing DSA keys are RSA ones.
6578 2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6580 * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code
6582 2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6584 * lib/m4/hooks.m4: updated revision
6586 2010-09-18 Ludovic Courtès <ludo@gnu.org>
6588 * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
6589 OpenPGP authentication unit test. * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add `srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6591 2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
6593 * lib/ext_session_ticket.c, lib/gnutls_alert.c,
6594 lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
6595 lib/gnutls_compress.c, lib/gnutls_compress.h,
6596 lib/gnutls_constate.c, lib/gnutls_constate.h,
6597 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
6598 lib/gnutls_record.c, lib/gnutls_record.h,
6599 lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c:
6600 Explicit symmetric cipher state versionning. This introduces the concept of a "cipher epoch". The epoch number is
6601 the number of successful handshakes and is incremented by one each
6602 time. This concept is native to DTLS and this patch makes the
6603 symmetric cipher state explicit for TLS in preparation for DTLS.
6604 This concept was implicit in plain TLS and ChangeCipherSpec messages
6605 triggered a "pending state copy". Now, we the current epoch number
6606 is simply incremented to the parameters negotiated by the handshake. The main side effects of this patch is a slightly more abstract
6607 internal API and, in some cases, simpler code. The session blob
6608 format is also changed a bit since this patch avoids storing
6609 information that is now redundant. If this breaks library users'
6610 expectations, this side effect can be negated. The cipher_specs structure has been removed. The conn_state has
6611 become record_state_st. Only symmetric cipher information is
6612 versioned. Things such as key exchange algorithm and the master
6613 secret are not versioned and their handling is unchanged. I have tested this patch as much as I could. It introduces no test
6614 suite regressions on my x64 Debian GNU/Linux system. Do not hesitate to point out shortcomings or suggest changes. Since
6615 this is a big diff, I am expecting this to be an iterative process. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6616 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6618 2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
6620 * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants being made in an inline function or macro since it is used throughout the code. This converts 4 line repetitive blocks
6621 into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6622 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6624 2010-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6626 * AUTHORS, NEWS, configure.ac: updated for 2.11.1
6628 2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6630 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
6631 lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
6632 src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
6633 #11 URLs. 1st level: Token level. Object is unique up to token.
6634 2nd level: Object is unique up to token and module used to access
6635 it. 3rd level: Object is unique up to token and module and version
6636 of module used to access it.
6638 2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6640 * NEWS: Documented changes.
6642 2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6644 * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
6645 tabs are being skipped.
6647 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6649 * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
6650 _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6651 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6653 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6655 * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6656 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6658 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6660 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
6661 lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
6662 _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS code to make sure reads are stored
6663 in segments that correspond to datagram boundaries. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6664 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6666 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6668 * lib/gnutls_int.h: Parenthesize size calculations. This is standard practice and the DTLS code got bit by this. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6669 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6671 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6673 * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
6674 mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6675 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6677 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6679 * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation. maximum_size is the maximum size of the payload, not including
6680 overhead. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6681 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6683 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6685 * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
6686 a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6687 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6689 2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
6691 * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
6692 API. After a year of not hacking GnuTLS, I needed to look at the code to
6693 know how mbuffers work. This will make it much easier for anybody
6694 not familiar with this code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
6695 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6697 2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6699 * NEWS: updated NEWS.
6701 2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6703 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
6704 lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
6705 src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
6706 src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
6707 conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11
6708 provider library (module) can be specified thus restricting objects
6709 within a single provider.
6711 2010-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6713 * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
6714 lib/gnutls_record.c: When the %COMPAT flag is specified, larger
6715 records that would otherwise violate the TLS spec, are accepted.
6717 2010-08-28 Brad Hards <bradh@frogmouth.net>
6719 * src/certtool.c, src/pkcs11.c: Show which option is the default for
6720 command line tools. We use "y/N" is most places - this just adapts two places that use
6721 "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6723 2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6725 * lib/x509/x509.c: prevent a memory leak in the unique_id functions.
6727 2010-08-20 Brad Hards <bradh@frogmouth.net>
6729 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
6730 lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
6731 identified in a previous mail, I've added support for accessing /
6732 displaying the subjectUniqueID and issuerUniqueID fields within an
6733 X.509 certificate. This is provided (along with a test case) in the
6734 attached patch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6736 2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6738 * NEWS, lib/gnutls_int.h: By default lowat is set to zero.
6740 2010-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6742 * lib/pkcs11.c: Revert "When scanning for terminator character for
6743 PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1.
6745 2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6747 * THANKS: Added Sjoerd.
6749 2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6751 * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.
6753 2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6755 * lib/gnutls_handshake.c: oldstate var removed.
6757 2010-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6759 * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
6760 every two attempts. That is to remove probabilities.
6762 2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
6764 * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
6765 data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294.
6766 gnutls_record_send needs to return the amount of user-data we sent,
6767 so we need to keep this information somewhere to return it when we
6768 succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6770 2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
6772 * lib/gnutls_handshake.c: Check whether the error is fatal in more
6773 cases When stressing the async API of gnutls a lot of internal errors are
6774 hit as IMED_RET clears the handshake hash buffers as a result of
6775 -EAGAIN even though it would never be re-initialized at that point,
6776 but is still needed in later stages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6778 2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
6780 * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
6781 the handshake buffer A seperate state is needed between flushing the handshake buffers
6782 and sending the chipher spec change otherwise it's impossible to
6783 determine whether _gnutls_send_change_cipher_spec is called for the
6784 first time or again. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6786 2010-08-01 Simon Josefsson <simon@josefsson.org>
6788 * lib/nettle/mpi.c: Fix warning.
6790 2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6792 * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
6793 no longer marked as unsupported.
6795 2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6797 * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
6798 lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
6799 lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
6800 SHA-224/384/512 and support for DSA2 when using nettle.
6802 2010-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6804 * lib/pkcs11.c: When scanning for terminator character for PKCS #11
6805 URLs ignore escaped \;.
6807 2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6809 * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.
6811 2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6813 * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
6816 2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6818 * lib/ext_signature.c: When signature algorithms extension is not
6819 received allow SHA1 and SHA256.
6821 2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6823 * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL
6825 2010-07-25 Simon Josefsson <simon@josefsson.org>
6827 * src/common.c: Avoid fixed size buffers (now handles the big >100
6830 2010-07-25 Simon Josefsson <simon@josefsson.org>
6832 * doc/manpages/Makefile.am: Generated.
6834 2010-07-25 Simon Josefsson <simon@josefsson.org>
6836 * NEWS: Re-add old NEWS entries.
6838 2010-07-25 Simon Josefsson <simon@josefsson.org>
6840 * lib/gnutls_buffers.c: Doc fix.
6842 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6844 * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
6847 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6849 * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c:
6850 gnutls_x509_privkey_import() will fallback to
6851 gnutls_x509_privkey_import_pkcs8() without a password, if it is
6852 unable to decode the key.
6854 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6856 * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
6857 lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c:
6858 Added GNUTLS_PK_DH to differentiate in the generation of parameters
6859 with PK_DSA that requires special treatment.
6861 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6863 * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
6866 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6868 * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
6871 2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6873 * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
6874 normal and reporting them as low.
6876 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6878 * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
6879 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
6880 lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
6881 lib/x509/privkey.c, src/certtool.c,
6882 tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
6883 parameters to key sizes matching (via a single table). Added
6884 functions to return the security parameter of a private key.
6886 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6888 * doc/cha-intro-tls.texi: Simplified documentation.
6890 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6892 * lib/nettle/mpi.c: Follow ECRYPT II recommendations.
6894 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6896 * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
6897 lib/gnutls_algorithms.c: Updated documentation and
6898 gnutls_pk_params_t mappings to ECRYPT II recommendations.
6900 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6902 * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
6903 yearly report (2009-2010) recommendations.
6905 2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6907 * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem
6909 2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6911 * gtk-doc.make: ignore html errors otherwise make dist doesn't work.
6913 2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6915 * NEWS: updated NEWS
6917 2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6919 * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
6920 src/certtool.c, src/certtool.gaa: Added option for certtool to print
6921 certificate public key.
6923 2010-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6925 * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
6926 RSA. Some microsoft products were using it. Reported by Mads
6929 2010-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6931 * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.
6933 2010-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6935 * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
6936 Will stay there until it is moved to nettle itself.
6938 2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6940 * lib/system.h: fixed
6942 2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6944 * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
6945 lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
6946 is used if /dev/urandom is not present.
6948 2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6950 * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
6951 lowat behavior. Documented that it will be deprecated in later
6954 2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6956 * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
6957 instead print LF only.
6959 2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6961 * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
6962 lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
6963 lib/system.h: system specific functions were moved to system.c
6965 2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6967 * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
6968 lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
6969 lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
6970 lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
6971 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
6972 lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
6973 using writev(). This takes advantage of the new buffering layer and
6974 allows queuing of packets and flushing them. This is currently used
6975 for handshake messages only. Performance-wise the difference of
6976 packing several TLS records in a single write doesn't seem to offer
6977 anything over ethernet (that my tests were on). Probably on links
6978 with higher latency there would be a benefit.
6980 2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6982 * doc/cha-gtls-app.texi: Removed old reference.
6984 2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6986 * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
6987 doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
6988 demonstrating the verification procedure.
6990 2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6992 * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
6993 doc/examples/ex-serv-export.c: Example with export ciphersuites was
6996 2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6998 * lib/gnutls_pubkey.c: corrected typo
7000 2010-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7002 * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
7005 2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7007 * src/certtool-cfg.c: Do not crash if input is redirected from
7010 2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7012 * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa:
7013 Changed the default pkcs-cipher to AES-128. Allowed specifying the
7014 3des-pkcs12 cipher with the --pkcs-cipher option.
7016 2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7018 * src/benchmark.c: Use double to count bytes.
7020 2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7022 * lib/nettle/rnd.c: Added a windows version of the RNG.
7024 2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7026 * lib/nettle/rnd.c: Corrected locking usage in nettle's random
7029 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7031 * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
7032 lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h:
7033 Fixed to compile under mingw32.
7035 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7037 * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.
7039 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7041 * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
7042 lib/pakchois/pakchois.c: Locks were converted to be in align with
7043 posix locks to easier wrap around them.
7045 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7047 * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
7048 lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
7049 pakchois will use gnutls locks and will use a portable dlopen() to
7050 allow compilation in win32 (untested).
7052 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7054 * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.
7056 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7058 * lib/Makefile.am, lib/x509/Makefile.am: Added missing files
7060 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7062 * lib/crypto-api.c, lib/gnutls_cipher_int.c,
7063 lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
7064 lib/libgnutls.map: Allow encryption and decryption that are not
7067 2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7069 * src/benchmark.c: Print values in a human-readable format and do
7070 the calculations in fixed time to prevent stalling in slow systems.
7072 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7074 * lib/m4/hooks.m4: corrected library version
7076 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7078 * doc/examples/ex-cert-select-pkcs11.c,
7079 lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
7080 src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
7081 callback function in common.c will cache PIN if requested for second
7084 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7086 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
7087 lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
7088 lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
7089 PIN callback. The new approach will be to provide enough information
7090 for the callback to save the PIN itself.
7092 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7094 * lib/gcrypt/init.c: removed unneeded function.
7096 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7098 * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names
7100 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7102 * lib/locks.c: Do not allow setting NULL lock functions
7104 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7106 * lib/nettle/rnd.c: corrected lock usage.
7108 2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7110 * lib/m4/hooks.m4: bumped library version
7112 2010-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7114 * lib/includes/Makefile.am: Include abstract.h in releases.
7116 2010-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7118 * lib/crypto-api.c: Correctly deinitialize crypto API handles.
7120 2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7122 * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
7123 HANDSHAKE_MAC_TYPE_12.
7125 2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7127 * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
7128 code. Locking functions always exist but are dummies if no locks
7131 2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7133 * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
7134 lib/gnutls_global.c, lib/gnutls_global.h,
7135 lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
7136 lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c:
7137 Initialization of crypto libraries moved outside main gnutls code.
7139 2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7141 * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
7142 lib/locks.c, lib/locks.h: Moved locking code to special file.
7144 2010-06-29 Simon Josefsson <simon@josefsson.org>
7146 * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.
7148 2010-06-29 Simon Josefsson <simon@josefsson.org>
7150 * doc/manpages/Makefile.am: Generated.
7152 2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7154 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c:
7155 When copying a private key the sensitive flag can be set or not.
7156 This allows copying private keys that can be exported.
7158 2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7160 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
7161 lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
7162 src/pkcs11.c: Combined object flags. No implicit login any more.
7163 Login has to be specified with a flag on every call that could use
7166 2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7168 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
7169 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
7172 2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7174 * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
7175 lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
7176 lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
7177 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
7178 src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
7179 flags when importing objects from PKCS11 URLs. The only flag
7180 supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
7181 before accessing object on a token. The reason is that some tokens
7182 do not allow access of any data without login.
7184 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7186 * src/tests.c: Added AES-128 to block ciphers.
7188 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7190 * lib/gnutls_session_pack.c: Corrected writing and reading order of
7191 security parameters.
7193 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7195 * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere
7197 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7199 * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
7200 lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
7201 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
7202 lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
7203 allow setting alternative locking procedures. By default the system
7204 available locking is used. In *NIX pthreads are used and in windows
7205 the critical section API. As a side effect this change avoids any API dependance on libgcrypt
7206 even if threads are used.
7208 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7210 * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
7211 was checking whether verification using a trusted insecurely signed
7212 self signed certificate will fail against a chain that has this as
7213 intermediate. However this test should have succeeded since the
7214 insecure certificate is trusted. This isn't the purpose of this test however. It should have checked
7215 whether using the same certificate as trusted and to be verified and
7216 the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.
7218 2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7220 * tests/chainverify.c: Fail on error.
7222 2010-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7224 * src/certtool.c: When generating private key allow usage of
7227 2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7229 * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
7230 lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h:
7231 MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
7233 2010-06-24 Simon Josefsson <simon@josefsson.org>
7235 * README-alpha: We also require GNU make.
7237 2010-06-24 Simon Josefsson <simon@josefsson.org>
7239 * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
7240 silent build rules. Suggested by Vincent Torri <vincent.torri@gmail.com> in
7242 <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
7244 2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7246 * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
7249 2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7251 * lib/Makefile.am: removed OPRFI from makefile.
7253 2010-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7255 * lib/x509/verify.c: When verifying certificates use the same
7256 algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
7257 we were shortening certificate list if the flag was not set by the
7258 size of the first certificate found in the trusted list, and keep
7259 the list intact otherwise. Now we shorten the list in the latter
7260 case as well, except for the first certificate.
7262 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7264 * NEWS: Added news entry for EV-certificates.
7266 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7268 * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
7269 Added test to check whether the %COMPAT option is required for this
7272 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7274 * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
7275 the new session packing code. Saving absolute positions in buffers
7276 is no longer done. Now we store only and offset to allow
7277 reallocating the buffer and still do the correct reference.
7279 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7281 * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
7282 lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
7283 code that relate to SSL 3.0.
7285 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7287 * configure.ac: version is 2.11.0
7289 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7291 * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.
7293 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7295 * doc/cha-intro-tls.texi: Some updates on renegotiation text
7297 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7299 * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
7300 topic. I don't think they should be in the documentation.
7302 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7304 * doc/cha-intro-tls.texi: Corrected example with %COMPAT.
7306 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7308 * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
7311 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7313 * doc/cha-intro-tls.texi: corrected text on AES
7315 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7317 * lib/pkcs11.c: Only save PIN if login was successful.
7319 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7321 * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
7324 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7326 * src/benchmark.c: Allow setting debug level via cmd.
7328 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7330 * lib/cryptodev.c: Explicitely terminate cryptodev sessions.
7332 2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7334 * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
7335 longer needed "active" variable.
7337 2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7339 * NEWS: documented some of the changes
7341 2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7343 * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
7344 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
7345 internal hash/hmac and cipher functions.
7347 2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7349 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
7350 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
7351 src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
7352 Certtool has now the --pkcs11-list-privkeya option.
7354 2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7356 * lib/pkcs11_privkey.c: Send correct token name to callback.
7358 2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7360 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
7361 lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
7362 lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
7365 2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7367 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
7368 lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
7369 lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c:
7370 Added option to the PKCS11 PIN callback to save PIN if the token is
7371 being used with a single pkcs11_privkey structure.
7373 2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7375 * lib/pkcs11_privkey.c: For Private key operations new sessions are
7376 opened when are needed. This makes the usage of the PKCS11 API
7377 thread safe. The only drawback is the requirement to enter PIN on
7380 2010-06-15 Simon Josefsson <simon@josefsson.org>
7382 * src/cli.c: gnutls-cli: Make --starttls work again. Problem introduced in patch to use read() instead of fgets()
7383 committed on 2010-01-27.
7385 2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7387 * src/certtool.c, tests/sha2/key-ca-dsa.pem,
7388 tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa:
7389 Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
7392 2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7394 * src/certtool.c: Do not warn multiple times for the deprecation of
7397 2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7399 * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
7400 lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
7401 lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
7402 mbuffers is now cheaper by avoiding realloc, at the cost of
7403 requiring to specify a maximum mbuffer size at creation.
7405 2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7407 * lib/ext_safe_renegotiation.c: Removed unused functions.
7409 2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7411 * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
7412 length with the maximum extension data length.
7414 2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7416 * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
7417 lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
7418 lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
7419 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
7420 lib/ext_server_name.h, lib/ext_session_ticket.c,
7421 lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
7422 lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
7423 lib/gnutls_constate.c, lib/gnutls_extensions.c,
7424 lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
7425 lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
7426 lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
7427 lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
7428 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
7429 lib/x509/dn.c, libextra/ext_inner_application.c,
7430 libextra/ext_inner_application.h, libextra/gnutls_extra.c,
7431 libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
7432 tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
7433 packing of data for session storage. Extensions use the internal API
7434 to store/retrieve during resumption. Removed OPRFI since it was never standardized and was never actually
7435 included in gnutls since it was in inactive ifdef. This was instead
7436 of rewriting it to use the new API.
7438 2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7440 * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
7441 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
7442 lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
7443 lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
7444 simplified and integrated with the buffer to avoid having two named
7447 2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7449 * lib/pakchois/pakchois.c: Properly handle fork() case.
7451 2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7453 * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
7454 fips mode once gnutls_global_init_extra() is called.
7456 2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7458 * src/tests.c: corrected tests.
7460 2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7462 * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c:
7463 Added new calls to pakchois to open an absolute filename.
7465 2010-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7467 * lib/includes/gnutls/pkcs11.h: Removed several comments that
7468 pointed to Alon's implementation comments. We use inline C comments
7469 to generate documentation (not doxygen).
7471 2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7473 * lib/Makefile.am, lib/ext_session_ticket.c,
7474 lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
7475 lib/gnutls_buffers.h, lib/gnutls_handshake.c,
7476 lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
7477 lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
7478 fixes for the rebase.
7480 2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7482 * AUTHORS: Added Jonathan.
7484 2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7486 * lib/pakchois/pakchois.c: Provider unref must be done after all
7487 sessions have been closed.
7489 2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7491 * lib/Makefile.am: Several fixes for the broken rebase.
7493 2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7495 * doc/cha-intro-tls.texi: Merged with master.
7497 2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7499 * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
7500 lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
7501 (a bit more) agnostic on their internal structure.
7503 2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7505 * lib/x509/verify.c: Corrected prefered hash algorithm return value
7508 2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7510 * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
7513 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7515 * .gitignore: Ignore more files.
7517 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7519 * tests/sha2/sha2-dsa: Remove the correct file
7521 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7523 * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
7526 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7528 * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
7529 lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
7530 lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
7531 get_preferred_hash_algorithm() functions have now an extra argument
7532 to indicate whether it is mandatory to use this algorithm.
7534 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7536 * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
7537 lib/libgnutls.map, lib/x509/crq.c: Added
7538 gnutls_x509_crq_get_preferred_hash_algorithm().
7540 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7542 * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
7543 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
7544 lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
7545 gnutls_pubkey_get_preferred_hash_algorithm() and
7546 gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
7547 the hash algorithm to use during signing. This is needed in the case
7548 of DSA that uses specific versions of SHA depending on the size of
7551 2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7553 * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
7554 lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
7555 lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
7556 lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c:
7557 Several fixes after big rebase.
7559 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7561 * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
7564 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7566 * lib/x509/mpi.c: Print debugging information on error.
7568 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7570 * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
7571 lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
7572 lib/opencdk/sig-check.c, lib/opencdk/verify.c,
7573 lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
7574 lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
7575 lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
7576 Except for SHA-224/384/512 nettle seems to be fully working now.
7578 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7580 * src/certtool.c: use --sec-param to generate privkey.
7582 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7584 * tests/openpgpself.c: reduced log level to a sane one
7586 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7588 * tests/pathlen/ca-no-pathlen.pem,
7589 tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
7590 --print-certificate-info
7592 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7594 * tests/sha2/sha2: Print information on failure.
7596 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7598 * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
7601 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7603 * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
7604 tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
7607 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7609 * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.
7611 2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7613 * lib/gnutls_global.c: Fixup to compile with nettle
7615 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7617 * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.
7619 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7621 * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
7624 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7626 * tests/pkcs12_encode.c: Added debugging
7628 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7630 * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
7633 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7635 * lib/pkix_asn1_tab.c: removed more stuff.
7637 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7639 * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
7642 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7644 * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
7647 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7649 * tests/dn2.c: Corrected to support new EV_ values.
7651 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7653 * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
7654 avoid calling gcrypt directly.
7656 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7658 * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
7659 lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
7660 tests/mini-eagain.c: exported gnutls_rnd().
7662 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7664 * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
7665 recognition of DN elements is now self contained. It does not need
7666 entries in pkix.asn.
7668 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7670 * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
7671 support for EV certificate attributes.
7673 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7675 * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
7678 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7680 * lib/gnutls_dh_primes.c: documentation updates
7682 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7684 * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
7685 dh-params also used --sec-param.
7687 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7689 * lib/nettle/mpi.c: Document that the generator is the generator of
7690 the subgroup and not the group.
7692 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7694 * src/cli.c: Corrected certificate callback.
7696 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7698 * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
7699 lib/nettle/cipher.c: More AES stuff (still doesn't work).
7701 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7703 * lib/nettle/pk.c: Correction in RSA encryption.
7705 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7707 * lib/nettle/cipher.c: Fixed issue with AES.
7709 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7711 * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
7712 lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
7713 lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
7714 src/certtool.c, src/certtool.gaa: Added
7715 gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
7716 private keys using a human understandable scale.
7718 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7720 * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
7721 lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.
7723 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7725 * lib/m4/hooks.m4: Always use included pakchois.
7727 2010-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7729 * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
7732 2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7734 * doc/cha-cert-auth.texi: make example more compact by removing
7737 2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7739 * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
7740 reference to PKCS #11.
7742 2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7744 * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.
7746 2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7748 * doc/credentials/x509-server-dsa.pem,
7749 doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key
7751 2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7753 * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
7754 lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
7755 level of several messages.
7757 2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7759 * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
7762 2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7764 * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
7765 keys on import. Nettle uses more values than gcrypt does from RSA
7766 decryption and it seemed that some values in our stored private keys
7767 were messy (generated by very old gnutls).
7769 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7771 * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
7772 lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
7773 lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
7774 internal API. The only question that remains now is how to handle
7775 the gnutls_pkcs11_privkey_t. Currently it opens a session and
7776 maintains a handle to the object. This will require locks to be
7777 added on operations. Alternatively new sessions may be opened for
7778 each operation performed. This is guarranteed by PKCS #11 to be
7779 thread safe but will of course require to ask for the PIN again.
7781 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7783 * lib/pakchois/pakchois.c: Removed debugging print.
7785 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7787 * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
7788 lib/pakchois/errors.c, lib/pakchois/pakchois.c,
7789 lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
7790 pakchois library (to open arbitrary pkcs11 modules). Current gnutls
7791 works only with this one.
7793 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7795 * doc/cha-gtls-app.texi: Added missing file.
7797 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7799 * doc/TODO: Removed finished items.
7801 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7803 * lib/pkcs11_write.c: Noted that there things to be done.
7805 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7807 * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
7810 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7812 * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
7813 lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c:
7814 Common code for calculation of RSA exp1 and exp2. Also update the
7815 openpgp code to calculate those values.
7817 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7819 * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c:
7822 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7824 * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c:
7825 Corrected nicely hidden bug that caused accesses to uninitialized
7826 variables if the gcry_mpi_print() functions were pessimists and
7827 returned more size than actually needed for the print.
7829 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7831 * lib/gcrypt/pk.c: Added some sanity checks.
7833 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7835 * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
7836 doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
7837 doc/cha-copying.texi, doc/cha-functions.texi,
7838 doc/cha-internals.texi, doc/cha-intro-tls.texi,
7839 doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
7840 doc/cha-tls-app.texi, doc/gnutls.texi,
7841 lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
7842 Documentation updates. Separated big gnutls.texi to chapter to allow
7843 easier maintainance.
7845 2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7847 * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
7848 lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
7849 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
7850 lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
7851 lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
7852 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
7853 src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c:
7854 Added support to copy certificates and private keys to tokens. New
7855 functions: gnutls_pkcs11_copy_x509_crt()
7856 gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys
7857 to tokens. Deleting an object has issues (segfault) but it seems to
7858 be related with libopensc and its pkcs11 API.
7860 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7862 * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
7863 gnutls_pubkey_get_verify_algorithm().
7865 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7867 * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
7868 gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
7869 gnutls_pkcs11_obj_export().
7871 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7873 * NEWS: Tried to document recent changes.
7875 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7877 * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
7878 src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
7879 gnutls_pubkey_t abstract type to handle public keys. It can
7880 currently import/export public keys from existing certificate types
7881 as well as from PKCS #11 URL. This allows generating a certificate
7882 or certificate request from a given public key (currently one could
7883 only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
7884 just certificates. Certtool updated to list those objects.
7886 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7888 * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
7889 between hardware and soft tokens.
7891 2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7893 * lib/Makefile.am: Added support for libnettle backend. This uses
7894 gmp for big number operations. It is not currently completed. It
7895 lacks RSA blinding as well as optimizations.
7897 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7899 * lib/x509/sign.c: Corrected bug in DSA signature generation.
7901 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7903 * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
7904 and requests with an abstract key and thus with a PKCS #11 key as
7907 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7909 * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h
7911 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7913 * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
7914 #11 URL. It can read gnome-keyring's certificates and use them in
7917 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7919 * lib/gnutls_x509.c: Corrections in openpgp private key usage.
7921 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7923 * tests/x509self.c: Updated self tests and examples to avoid using
7924 deprecated functions such as
7925 gnutls_certificate_server_set_retrieve_function and the sign
7928 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7930 * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
7931 documentation for most of the new functions.
7933 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7935 * lib/pkcs11.c: Documented that it was initially based on neon
7936 pkcs11 and got ideas from pkcs11-helper library.
7938 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7940 * lib/pkcs11.c: Corrections to properly handle token removal and
7943 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7945 * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
7946 lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
7947 gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
7948 abstract private key type that can be used to sign/encrypt any
7949 private key of pkcs11,x509 or openpgp types. Added support for
7950 PKCS11 in gnutls-cli/gnutls-serv.
7952 2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7954 * src/certtool.c, src/pkcs11.c: Added several helper functions, to
7955 allow printing of tokens.
7957 2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7959 * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
7960 src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
7961 from PKCS #11 tokens. Added ability to list trusted certificates,
7962 or only certificates with a corresponding private key or just all.
7964 2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7966 * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
7967 lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
7968 src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
7969 Certtool can now print lists of certificates available in system.
7971 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7973 * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
7974 lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
7975 lib/x509/x509.c, lib/x509/x509_int.h: Added
7976 gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
7978 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7980 * NEWS, configure.ac, lib/gnutls_pubkey.c,
7981 lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
7982 lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
7983 src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
7984 gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
7985 gnutls_pkcs11_obj_export().
7987 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7989 * .gitignore: Ignore files that should be ignored.
7991 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7993 * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
7996 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7998 * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
7999 lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
8000 lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
8001 lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
8002 lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
8003 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
8004 src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
8005 gnutls_pubkey_t abstract type to handle public keys. It can
8006 currently import/export public keys from existing certificate types
8007 as well as from PKCS #11 URL. This allows generating a certificate
8008 or certificate request from a given public key (currently one could
8009 only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
8010 just certificates. Certtool updated to list those objects.
8012 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8014 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
8015 gnutls_pkcs11_token_get_flags() to distinguish between hardware and
8018 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8020 * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
8021 symbols from C++ library. This library doesn't contain any internal
8022 symbols anyway and there is no reason to mess with the C++ ABI that
8023 hasn't got the problems of C.
8025 2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8027 * configure.ac, doc/examples/ex-serv-export.c,
8028 doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
8029 lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
8030 lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
8031 lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
8032 lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
8033 lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
8034 lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
8035 lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
8036 lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
8037 src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
8038 support for libnettle backend. This uses gmp for big number
8039 operations. It is not currently completed. It lacks RSA blinding as
8040 well as optimizations.
8042 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8044 * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
8045 src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
8046 gnutls-cli and gnutls-serv can accept a PKCS #11 URL.
8048 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8050 * lib/x509/sign.c: Corrected bug in DSA signature generation.
8052 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8054 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
8055 lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
8056 lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
8057 lib/x509/x509_write.c: Added operations to sign CRLs, certificates
8058 and requests with an abstract key and thus with a PKCS #11 key as
8061 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8063 * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
8064 lib/gnutls_sig.h, lib/gnutls_x509.h,
8065 lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
8066 lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h
8068 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8070 * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c:
8071 The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
8072 gnome-keyring's certificates and use them in the trusted list.
8074 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8076 * lib/pkcs11.c: Documented that gnutls_global_init calls
8079 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8081 * src/cli.c: Only send termination request to avoid stalling on
8082 servers that do not reply.
8084 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8086 * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h:
8087 Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
8088 works even when resuming a session.
8090 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8092 * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
8093 doc/gnutls.texi: Added initial example.
8095 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8097 * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c:
8098 Corrections in openpgp private key usage.
8100 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8102 * doc/examples/ex-cert-select.c, tests/Makefile.am,
8103 tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
8104 self tests and examples to avoid using deprecated functions such as
8105 gnutls_certificate_server_set_retrieve_function and the sign
8108 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8110 * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
8111 the new callback function.
8113 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8115 * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
8116 lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
8117 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
8118 documentation for most of the new functions.
8120 2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8122 * lib/pkcs11.c: Documented that it was initially based on neon
8123 pkcs11 and got ideas from pkcs11-helper library.
8125 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8127 * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
8128 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
8129 properly handle token removal and insert.
8131 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8133 * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
8134 Deprecated the sign callback.
8136 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8138 * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
8139 lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
8140 lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
8141 lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
8142 lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
8143 lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
8144 lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
8145 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
8146 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
8147 lib/includes/gnutls/x509.h, lib/libgnutls.map,
8148 lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
8149 lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
8150 lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
8151 lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
8152 src/common.h, src/pkcs11.c, src/serv.c: Added
8153 gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
8154 abstract private key type that can be used to sign/encrypt any
8155 private key of pkcs11,x509 or openpgp types. Added support for
8156 PKCS11 in gnutls-cli/gnutls-serv.
8158 2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8160 * .gitignore: ignore unrelated to gnutls files.
8162 2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8164 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
8165 src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
8166 src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
8167 functions, to allow printing of tokens.
8169 2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8171 * lib/gnutls_errors.c, lib/gnutls_str.c,
8172 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
8173 lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
8174 src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c:
8175 Added ability to export certificates from PKCS #11 tokens. Added
8176 ability to list trusted certificates, or only certificates with a
8177 corresponding private key or just all.
8179 2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8181 * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
8182 lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
8183 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
8184 lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
8185 lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
8186 lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
8187 lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
8188 src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
8189 src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
8190 Certtool can now print lists of certificates available in system.
8192 2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8194 * lib/x509/verify.c: Optimized the check_if_same().
8196 2010-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8198 * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h:
8199 Added a forgoten by god OID for RSA. Warn using the actual OID on
8200 unknown public key algorithms.
8202 2009-12-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8204 * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
8207 2009-08-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
8209 * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
8210 lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
8211 handshake synthesis.
8213 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8215 * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
8216 lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
8219 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8221 * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
8222 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
8223 Simplify handshake send buffer logic.
8225 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8227 * lib/gnutls_buffers.c: Fix interrupted write braino.
8229 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8231 * lib/gnutls_mbuffers.c: Avoid pointer warning.
8233 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8235 * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
8236 lib/gnutls_mbuffers.h: Remove now useless
8237 _gnutls_mbuffer_enqueue{,copy} functions.
8239 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8241 * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
8242 lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
8243 with mbuffer_st structure as suggested by Nikos.
8245 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8247 * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
8248 allocation by the caller.
8250 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8252 * lib/gnutls_buffers.c: GNUify some missed GNUification.
8254 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8256 * lib/gnutls_buffers.c: Harmonize read and write function names.
8258 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8260 * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
8263 2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
8265 * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once again, I got bit by this pretty hard.
8267 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8269 * lib/gnutls_record.c: Use a datum for ciphered data in
8272 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8274 * lib/gnutls_buffers.h: Remove the prototype for the non-existant
8275 function _gnutls_io_write_buffered2.
8277 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8279 * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
8280 internals.record_send_buffer mess.
8282 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8284 * lib/gnutls_buffers.c: Remove yet another !@#$% instance of
8285 redundant hexadecimal dumping.
8287 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8289 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
8290 Modify slightly the contract of _gnutls_io_write_buffered as
8291 suggested by Nikos Mavrogiannopoulos.
8293 2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
8295 * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
8296 lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
8299 2009-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8301 * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
8302 handshake data were received during a session. It now stores them
8303 for future use by a gnutls_handshake(). Reported by Peter
8304 Hendrickson <pdh@wiredyne.com>.
8306 2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
8308 * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
8309 _gnutls_io_write_flush with mbuffers.
8311 2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
8313 * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
8314 internals.record_send_buffer to a mbuffer.
8316 2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
8318 * lib/gnutls_buffers.c: Extract a simple_write function from
8319 _gnutls_io_write_buffered.
8321 2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
8323 * lib/gnutls_buffers.c: Add dump_bytes function.
8325 2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
8327 * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
8328 lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
8331 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8333 * lib/gnutls_algorithms.c: Do not rely on version ordering; use
8334 switch..case instead.
8336 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8338 * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.
8340 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8342 * lib/gnutls_state.c: Remove hardcoded version check in
8345 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8347 * lib/gnutls_cipher.c: Remove hardcoded version checks in
8350 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8352 * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.
8354 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8356 * lib/gnutls_handshake.c: Remove hardcoded version checks in
8359 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8361 * lib/gnutls_algorithms.c: Add version check function for selectable
8362 signature/hash certificate algorithms.
8364 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8366 * lib/gnutls_algorithms.c: Add version check functions for
8367 non-minimal padding.
8369 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8371 * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
8372 check function for explicit IV.
8374 2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
8376 * lib/gnutls_algorithms.h: Add version check functions for
8377 selectable PRF and extension handling.
8379 2010-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8381 * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
8382 doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
8383 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
8384 lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
8385 tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn:
8386 Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the
8387 most secure and recommended option for clients. However this will
8388 prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and
8389 servers not supporting the safe renegotiation extension. (this is
8390 the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones.
8392 2010-05-31 Simon Josefsson <simon@josefsson.org>
8394 * doc/gnutls.texi: Minor fix.
8396 2010-05-31 Simon Josefsson <simon@josefsson.org>
8398 * GNUmakefile, maint.mk: Update gnulib files.
8400 2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8402 * doc/gnutls.texi: Documented the defaults.
8404 2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8406 * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
8409 2010-05-28 Simon Josefsson <simon@josefsson.org>
8411 * doc/gnutls.texi: Update.
8413 2010-05-28 Simon Josefsson <simon@josefsson.org>
8415 * tests/safe-renegotiation/README: Add.
8417 2010-05-28 Simon Josefsson <simon@josefsson.org>
8419 * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
8420 build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
8421 configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
8422 gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
8423 gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
8424 gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
8425 gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
8426 gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
8427 gl/tests/test-vc-list-files-cvs.sh,
8428 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
8429 gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
8430 gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
8431 lib/build-aux/c++defs.h, lib/gl/Makefile.am,
8432 lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
8433 lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
8434 lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
8435 lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
8436 lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
8437 lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
8438 lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
8439 lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
8440 lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
8441 libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
8442 gnulib files, use valgrind-tests module, fix syntax-check problems.
8444 2010-05-28 Simon Josefsson <simon@josefsson.org>
8446 * doc/announce.txt: Doc fix.
8448 2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8450 * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
8451 lib/x509/verify.c: Use correct hashing algorithms for DSA with q
8454 2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8456 * lib/gnutls_algorithms.c: Better checks in loops.
8458 2010-05-22 Simon Josefsson <simon@josefsson.org>
8460 * lib/x509/crl.c: Doc fix.
8462 2010-05-22 Simon Josefsson <simon@josefsson.org>
8466 2010-05-22 Simon Josefsson <simon@josefsson.org>
8470 2010-05-22 Simon Josefsson <simon@josefsson.org>
8472 * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
8475 2010-05-22 Simon Josefsson <simon@josefsson.org>
8477 * cfg.mk: Also build PDF manual.
8479 2010-05-22 Simon Josefsson <simon@josefsson.org>
8481 * doc/gnutls.texi: Fix node/section usage.
8483 2010-05-22 Simon Josefsson <simon@josefsson.org>
8485 * tests/safe-renegotiation/srn5.c: Fix self test.
8487 2010-05-22 Simon Josefsson <simon@josefsson.org>
8489 * lib/gnutls_handshake.c: Readd lost fix from Nikos.
8491 2010-05-22 Simon Josefsson <simon@josefsson.org>
8493 * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.
8495 2010-05-22 Simon Josefsson <simon@josefsson.org>
8499 2010-05-22 Simon Josefsson <simon@josefsson.org>
8501 * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
8502 libextra/openssl_compat.c: Doc fixes.
8504 2010-05-22 Simon Josefsson <simon@josefsson.org>
8506 * lib/x509/x509.c: Doc fix.
8508 2010-05-22 Simon Josefsson <simon@josefsson.org>
8510 * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
8511 doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
8512 doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
8513 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
8514 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
8515 doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
8516 doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
8517 guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
8518 guile/modules/gnutls/build/priorities.scm,
8519 guile/modules/gnutls/build/smobs.scm,
8520 guile/modules/gnutls/build/utils.scm,
8521 guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
8522 guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
8523 guile/src/extra.c, guile/src/make-enum-header.scm,
8524 guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
8525 guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
8526 guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
8527 guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
8528 guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
8529 guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
8530 guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
8531 guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
8532 lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
8533 lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
8534 lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
8535 lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
8536 lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
8537 lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
8538 lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
8539 lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
8540 lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
8541 lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
8542 lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
8543 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
8544 lib/ext_server_name.h, lib/ext_session_ticket.c,
8545 lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
8546 lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
8547 lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
8548 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
8549 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
8550 lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
8551 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
8552 lib/gnutls_compress.c, lib/gnutls_compress.h,
8553 lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
8554 lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
8555 lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
8556 lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
8557 lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
8558 lib/gnutls_handshake.c, lib/gnutls_handshake.h,
8559 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
8560 lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
8561 lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
8562 lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
8563 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
8564 lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
8565 lib/gnutls_record.h, lib/gnutls_rsa_export.c,
8566 lib/gnutls_rsa_export.h, lib/gnutls_session.c,
8567 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
8568 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
8569 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
8570 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
8571 lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
8572 lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
8573 lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
8574 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
8575 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
8576 lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
8577 lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
8578 lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
8579 lib/openpgp/Makefile.am, lib/openpgp/compat.c,
8580 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
8581 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
8582 lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
8583 lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
8584 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
8585 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
8586 lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
8587 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
8588 lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
8589 lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
8590 lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
8591 lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
8592 libextra/configure.ac, libextra/ext_inner_application.c,
8593 libextra/ext_inner_application.h, libextra/fipsmd5.c,
8594 libextra/gl/Makefile.am, libextra/gnutls_extra.c,
8595 libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
8596 libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
8597 libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
8598 libextra/m4/hooks.m4, libextra/openssl_compat.c,
8599 libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
8600 src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
8601 src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
8602 src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
8603 tests/certder.c, tests/certificate_set_x509_crl.c,
8604 tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
8605 tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
8606 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
8607 tests/finished.c, tests/gc.c, tests/hostname-check.c,
8608 tests/init_roundtrip.c, tests/key-id/Makefile.am,
8609 tests/key-id/key-id, tests/mini-eagain.c,
8610 tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
8611 tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
8612 tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
8613 tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
8614 tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
8615 tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
8616 tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
8617 tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
8618 tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
8619 tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
8620 tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
8621 tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
8622 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
8623 tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
8624 tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
8625 tests/rsa-md5-collision/Makefile.am,
8626 tests/rsa-md5-collision/rsa-md5-collision,
8627 tests/safe-renegotiation/Makefile.am,
8628 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
8629 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
8630 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
8631 tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
8632 tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
8633 tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
8634 tests/userid/userid, tests/utils.c, tests/utils.h,
8635 tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
8636 tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
8637 Change GNUTLS into GnuTLS.
8639 2010-05-22 Simon Josefsson <simon@josefsson.org>
8641 * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
8642 doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
8643 doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
8644 doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
8645 lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
8646 src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
8647 src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.
8649 2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8651 * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
8652 parsing of ciphersuite or extensions when safe renegotiation is
8655 2010-05-22 Simon Josefsson <simon@josefsson.org>
8657 * tests/safe-renegotiation/Makefile.am,
8658 tests/safe-renegotiation/srn5.c: Add test of self renegotiation
8661 2010-05-22 Simon Josefsson <simon@josefsson.org>
8663 * tests/safe-renegotiation/Makefile.am,
8664 tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c:
8665 Add more rengotiation self tests.
8667 2010-05-22 Simon Josefsson <simon@josefsson.org>
8669 * tests/safe-renegotiation/Makefile.am,
8670 tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c:
8671 Add more safe renegotiation self test.
8673 2010-05-21 Simon Josefsson <simon@josefsson.org>
8675 * NEWS, doc/announce.txt, doc/gnutls.texi,
8676 doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
8677 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
8678 tests/safe-renegotiation/srn2.c: Remove
8679 gnutls_safe_negotiation_set_initial and
8680 gnutls_safe_renegotiation_set.
8682 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8684 * lib/gnutls_priority.c: Documented behavioral change.
8686 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8688 * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
8689 differentiate the behavior of server and client with regards to safe
8690 renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
8691 UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
8692 This (as well as the safe_renegotiation_set flag) has to be removed
8693 once safe renegotiation is default in both server and client side.
8695 2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8697 * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
8698 renegotiation if the priority_* functions are not called.
8700 2010-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8702 * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
8705 2010-05-03 Simon Josefsson <simon@josefsson.org>
8707 * tests/safe-renegotiation/Makefile.am,
8708 tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c:
8709 tests: Add srn3 to test inverse of what srn1 is testing.
8711 2010-05-03 Simon Josefsson <simon@josefsson.org>
8713 * tests/safe-renegotiation/Makefile.am,
8714 tests/safe-renegotiation/srn2.c: tests: Add another safe
8715 renegotiation self tests.
8717 2010-05-03 Simon Josefsson <simon@josefsson.org>
8719 * tests/safe-renegotiation/srn1.c: Also test
8720 gnutls_safe_renegotiation_status API.
8722 2010-05-03 Simon Josefsson <simon@josefsson.org>
8724 * tests/safe-renegotiation/Makefile.am,
8725 tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
8726 renegotiation extension.
8728 2010-05-03 Simon Josefsson <simon@josefsson.org>
8730 * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
8731 X.509 rehandshake test.
8733 2010-05-03 Simon Josefsson <simon@josefsson.org>
8735 * tests/mini-x509.c: Protect against infloops.
8737 2010-05-03 Simon Josefsson <simon@josefsson.org>
8739 * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
8742 2010-04-30 Simon Josefsson <simon@josefsson.org>
8744 * doc/gnutls.texi: Improve text, based on suggestions from Tomas
8745 Hoger <thoger@redhat.com>.
8747 2010-04-29 Simon Josefsson <simon@josefsson.org>
8749 * lib/gnutls_handshake.c: Fix typo.
8751 2010-04-29 Simon Josefsson <simon@josefsson.org>
8753 * lib/gnutls_handshake.c: Improve renegotiation debug messages.
8755 2010-04-29 Simon Josefsson <simon@josefsson.org>
8757 * doc/announce.txt: Add.
8759 2010-04-29 Simon Josefsson <simon@josefsson.org>
8763 2010-04-29 Simon Josefsson <simon@josefsson.org>
8765 * doc/gnutls.texi: Add section on safe renegotiation.
8767 2010-04-29 Simon Josefsson <simon@josefsson.org>
8769 * lib/gnutls_record.c: Remove debug code.
8771 2010-04-25 Simon Josefsson <simon@josefsson.org>
8773 * doc/gnutls.texi: Mention shared library map file and GTK-DOC
8776 2010-04-22 Simon Josefsson <simon@josefsson.org>
8778 * doc/announce.txt: Update URL.
8780 2010-04-22 Simon Josefsson <simon@josefsson.org>
8782 * AUTHORS: Update my OpenPGP key.
8784 2010-04-22 Simon Josefsson <simon@josefsson.org>
8786 * doc/announce.txt: Update my key.
8788 2010-04-22 Simon Josefsson <simon@josefsson.org>
8790 * doc/announcement-template.txt: Remove.
8792 2010-04-22 Simon Josefsson <simon@josefsson.org>
8794 * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.
8796 2010-04-22 Simon Josefsson <simon@josefsson.org>
8798 * NEWS: Add 2.8.x NEWS entries.
8800 2010-04-22 Simon Josefsson <simon@josefsson.org>
8802 * libextra/configure.ac: Also bump libgnutls-extra version.
8804 2010-04-22 Simon Josefsson <simon@josefsson.org>
8806 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
8809 2010-04-22 Simon Josefsson <simon@josefsson.org>
8811 * build-aux/gendocs.sh: Chmod +x.
8813 2010-04-22 Simon Josefsson <simon@josefsson.org>
8815 * ChangeLog: Generated.
8817 2010-04-22 Simon Josefsson <simon@josefsson.org>
8819 * NEWS: Version 2.9.10.
8821 2010-04-21 Simon Josefsson <simon@josefsson.org>
8823 * NEWS, lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
8824 lib/minitasn1/decoding.c, lib/minitasn1/element.h,
8825 lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h,
8826 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
8827 lib/minitasn1/structure.h, lib/minitasn1/version.c: Upgrade to
8828 libtasn1 version 2.6.
8830 2010-04-21 Simon Josefsson <simon@josefsson.org>
8832 * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
8833 gl/m4/netdb_h.m4, gl/stdbool.in.h, gl/tests/test-lseek.sh,
8834 gl/tests/test-select-in.sh, gl/tests/test-stdbool.c,
8835 gl/tests/test-stdint.c, lib/gl/Makefile.am, lib/gl/m4/netdb_h.m4,
8836 lib/gl/m4/visibility.m4, lib/gl/stdbool.in.h,
8837 lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stdint.c,
8838 lib/gl/tests/test-vasprintf.c, maint.mk: Update gnulib files.
8840 2010-04-21 Simon Josefsson <simon@josefsson.org>
8842 * configure.ac: Structure fork check together.
8844 2010-04-15 Simon Josefsson <simon@josefsson.org>
8846 * lib/gnutls_priority.c: Fix compiler warning.
8848 2010-04-15 Simon Josefsson <simon@josefsson.org>
8850 * gl/override/top/maint.mk.diff, libextra/gl/hmac-md5.c,
8851 libextra/gl/md5.c, maint.mk: Update gnulib files.
8853 2010-04-15 Simon Josefsson <simon@josefsson.org>
8855 * lib/crypto-api.c, lib/gnutls_priority.c: Indent code.
8857 2010-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8859 * lib/crypto-api.c, lib/includes/gnutls/crypto.h: Use size_t instead
8860 of int for input variables that represent sizes.
8862 2010-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8864 * lib/gnutls_priority.c: Free the priority structure on error.
8865 Reported by Paul Aurich.
8867 2010-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8869 * lib/gnutls_priority.c: The string is colon separated. Reported by
8872 2010-04-14 Simon Josefsson <simon@josefsson.org>
8874 * lib/includes/gnutls/gnutls.h.in: Fix indent bug.
8876 2010-04-14 Simon Josefsson <simon@josefsson.org>
8878 * cfg.mk, doc/examples/examples.h, guile/src/errors.h,
8879 guile/src/utils.h, lib/auth_cert.h, lib/auth_dh_common.h,
8880 lib/crypto.h, lib/ext_oprfi.h, lib/ext_safe_renegotiation.h,
8881 lib/ext_session_ticket.h, lib/ext_signature.h,
8882 lib/gnutls_algorithms.h, lib/gnutls_cipher_int.h,
8883 lib/gnutls_compress.h, lib/gnutls_cryptodev.h, lib/gnutls_errors.h,
8884 lib/gnutls_extensions.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
8885 lib/gnutls_mpi.h, lib/gnutls_pk.h, lib/gnutls_sig.h,
8886 lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
8887 lib/gnutls_supplemental.h, lib/includes/gnutls/crypto.h,
8888 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
8889 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
8890 lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/keydb.h,
8891 lib/opencdk/main.h, lib/opencdk/opencdk.h, lib/opencdk/packet.h,
8892 lib/opencdk/stream.h, lib/opencdk/types.h,
8893 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
8894 lib/x509/pbkdf2-sha1.h, lib/x509/x509_int.h,
8895 libextra/includes/gnutls/extra.h,
8896 libextra/includes/gnutls/openssl.h, src/certtool-cfg.h,
8897 src/certtool-common.h, src/common.h: More indentation.
8899 2010-04-14 Simon Josefsson <simon@josefsson.org>
8903 2010-04-14 Simon Josefsson <simon@josefsson.org>
8907 2010-04-14 Simon Josefsson <simon@josefsson.org>
8911 2010-04-14 Simon Josefsson <simon@josefsson.org>
8913 * doc/manpages/Makefile.am: Generated.
8915 2010-04-14 Simon Josefsson <simon@josefsson.org>
8917 * doc/examples/ex-client-tlsia.c, doc/examples/ex-verify.c,
8918 doc/examples/ex-x509-info.c, lib/auth_cert.c, lib/auth_rsa.c,
8919 lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_oprfi.c,
8920 lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
8921 lib/ext_session_ticket.c, lib/ext_signature.c,
8922 lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
8923 lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
8924 lib/gnutls_constate.c, lib/gnutls_extensions.c,
8925 lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
8926 lib/gnutls_priority.c, lib/gnutls_record.c,
8927 lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
8928 lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
8929 lib/minitasn1/decoding.c, lib/opencdk/read-packet.c,
8930 lib/opencdk/sig-check.c, lib/x509/pkcs12.c, lib/x509/verify.c,
8931 libextra/gl/hmac-md5.c, libextra/gl/md5.c, src/benchmark.c,
8932 src/certtool.c, src/cli.c, src/serv.c, src/tests.c, src/tls_test.c,
8933 tests/anonself.c, tests/certder.c, tests/chainverify.c,
8934 tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
8935 tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/finished.c,
8936 tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
8937 tests/mini-eagain.c, tests/mini.c, tests/netconf-psk.c,
8938 tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
8939 tests/openpgpself.c, tests/parse_ca.c, tests/pkcs12_encode.c,
8940 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
8941 tests/resume.c, tests/set_pkcs12_cred.c, tests/simple.c,
8942 tests/tlsia.c, tests/utils.c, tests/x509_altname.c, tests/x509dn.c,
8943 tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
8946 2010-04-14 Simon Josefsson <simon@josefsson.org>
8948 * NEWS, lib/crypto-api.c, lib/ext_safe_renegotiation.c,
8949 lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/libgnutls.map,
8950 lib/x509/x509.c: Export new ABIs. Doc fixes for new APIs.
8952 2010-04-14 Simon Josefsson <simon@josefsson.org>
8954 * tests/safe-renegotiation/Makefile.am: Disable self-test
8955 temporarily until we make it work cross-platform.
8957 2010-04-13 Simon Josefsson <simon@josefsson.org>
8959 * NEWS, lib/ext_safe_renegotiation.c, lib/gnutls_algorithms.c,
8960 lib/includes/gnutls/gnutls.h.in: Doc fixes.
8962 2010-04-13 Simon Josefsson <simon@josefsson.org>
8964 * doc/manpages/Makefile.am, src/certtool-gaa.c: Generated.
8966 2010-04-13 Simon Josefsson <simon@josefsson.org>
8968 * doc/reference/Makefile.am: Ignore c++defs.h.
8970 2010-04-13 Simon Josefsson <simon@josefsson.org>
8972 * .x-sc_prohibit_empty_lines_at_EOF, GNUmakefile,
8973 build-aux/c++defs.h, build-aux/warn-on-use.h, doc/certtool.cfg,
8974 doc/credentials/gnutls-http-serv, doc/credentials/params.pem,
8975 doc/credentials/x509/Makefile.am, doc/credentials/x509/cert.pem,
8976 doc/credentials/x509/clicert-dsa.pem, gl/Makefile.am, gl/fseeko.c,
8977 gl/m4/fseeko.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
8978 gl/m4/lib-link.m4, gl/m4/memchr.m4, gl/m4/stdio_h.m4,
8979 gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/time_h.m4,
8980 gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/stdio-impl.h,
8981 gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
8982 gl/sys_stat.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
8983 gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
8984 gl/tests/test-vasnprintf.c, gl/time.in.h, gl/unistd.in.h,
8985 gl/vasnprintf.c, gl/wchar.in.h, guile/modules/gnutls/extra.scm,
8986 guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
8987 lib/build-aux/c++defs.h, lib/build-aux/warn-on-use.h,
8988 lib/ext_cert_type.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
8989 lib/gl/m4/fseeko.m4, lib/gl/m4/gnulib-common.m4,
8990 lib/gl/m4/gnulib-comp.m4, lib/gl/m4/lib-link.m4,
8991 lib/gl/m4/memchr.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
8992 lib/gl/m4/string_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
8993 lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
8994 lib/gl/m4/vasnprintf.m4, lib/gl/stdio-impl.h, lib/gl/stdio.in.h,
8995 lib/gl/stdlib.in.h, lib/gl/string.in.h, lib/gl/sys_socket.in.h,
8996 lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
8997 lib/gl/tests/test-vasnprintf.c, lib/gl/time.in.h, lib/gl/time_r.c,
8998 lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
8999 lib/minitasn1/Makefile.am, lib/minitasn1/README,
9000 lib/opencdk/keydb.h, lib/opencdk/packet.h,
9001 libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
9002 libextra/gl/m4/lib-link.m4, maint.mk, src/certtool.gaa,
9003 src/cfg/Makefile.am, src/crypt.gaa, src/tls_test.gaa,
9004 tests/key-id/ca-gnutls-keyid.pem, tests/key-id/ca-no-keyid.pem,
9005 tests/key-id/ca-weird-keyid.pem,
9006 tests/pkcs1-padding/pkcs1-pad-broken.pem,
9007 tests/pkcs1-padding/pkcs1-pad-broken2.pem,
9008 tests/pkcs1-padding/pkcs1-pad-broken3.pem,
9009 tests/pkcs1-padding/pkcs1-pad-ok.pem,
9010 tests/pkcs1-padding/pkcs1-pad-ok2.pem,
9011 tests/safe-renegotiation/Makefile.am, tests/test25.pem: Update
9012 gnulib files, fix syntax-check warnings.
9014 2010-03-31 Simon Josefsson <simon@josefsson.org>
9016 * .gitignore, gl/m4/wchar_h.m4, lib/gl/m4/wchar_h.m4: Add forgotten
9017 gnulib files, and fix .gitignore.
9019 2010-03-31 Simon Josefsson <simon@josefsson.org>
9023 2010-03-31 Simon Josefsson <simon@josefsson.org>
9025 * lib/po/LINGUAS, lib/po/it.po.in, lib/po/nl.po.in: Sync with TP.
9027 2010-03-31 Simon Josefsson <simon@josefsson.org>
9029 * .x-sc_program_name, .x-sc_the_the, cfg.mk,
9030 lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
9031 lib/m4/hooks.m4, lib/opencdk/sig-check.c, src/certtool.c,
9032 src/serv.c, tests/dn.c, tests/mini.c: Update gnulib files. Fix
9033 syntax-check warnings.
9035 2010-03-31 Simon Josefsson <simon@josefsson.org>
9037 * build-aux/c++defs.h, build-aux/vc-list-files,
9038 build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c,
9039 gl/arpa_inet.in.h, gl/bind.c, gl/connect.c, gl/getaddrinfo.c,
9040 gl/gettext.h, gl/gettimeofday.c, gl/m4/arpa_inet_h.m4,
9041 gl/m4/getaddrinfo.m4, gl/m4/gettimeofday.m4,
9042 gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
9043 gl/m4/inet_pton.m4, gl/m4/lseek.m4, gl/m4/netdb_h.m4,
9044 gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
9045 gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
9046 gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
9047 gl/m4/time_h.m4, gl/m4/unistd_h.m4, gl/m4/warn-on-use.m4,
9048 gl/m4/wchar.m4, gl/netdb.in.h, gl/netinet_in.in.h, gl/recv.c,
9049 gl/select.c, gl/send.c, gl/stdint.in.h, gl/stdio.in.h,
9050 gl/stdlib.in.h, gl/string.in.h, gl/sys_select.in.h,
9051 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
9052 gl/tests/Makefile.am, gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
9053 gl/tests/test-vc-list-files-git.sh, gl/time.in.h, gl/unistd.in.h,
9054 gl/wchar.in.h, lib/build-aux/c++defs.h,
9055 lib/build-aux/warn-on-use.h, lib/gl/Makefile.am, lib/gl/gettext.h,
9056 lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
9057 lib/gl/m4/intldir.m4, lib/gl/m4/lseek.m4, lib/gl/m4/netdb_h.m4,
9058 lib/gl/m4/printf-posix.m4, lib/gl/m4/stddef_h.m4,
9059 lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/string_h.m4,
9060 lib/gl/m4/strings_h.m4, lib/gl/m4/sys_socket_h.m4,
9061 lib/gl/m4/sys_stat_h.m4, lib/gl/m4/time_h.m4,
9062 lib/gl/m4/unistd_h.m4, lib/gl/m4/visibility.m4,
9063 lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar.m4, lib/gl/netdb.in.h,
9064 lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
9065 lib/gl/string.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
9066 lib/gl/tests/Makefile.am, lib/gl/time.in.h, lib/gl/unistd.in.h,
9067 lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
9068 libextra/gl/m4/gnulib-comp.m4, maint.mk: Update gnulib files.
9070 2010-03-30 Simon Josefsson <simon@josefsson.org>
9072 * m4/valgrind.m4: Check for what we use. Bump serial.
9074 2010-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9076 * m4/valgrind.m4, tests/Makefile.am: Valgrind -q is now set by the
9077 valgrind detection script to avoid issue when running tests without
9080 2010-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9082 * lib/gnutls_cert.c: increased small value for certificates. Typical
9083 certificates are much longer than that.
9085 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9087 * configure.ac, tests/Makefile.am, tests/anonself.c,
9088 tests/certder.c, tests/chainverify.c, tests/crq_apis.c,
9089 tests/crq_key_id.c, tests/cve-2009-1415.c, tests/dhepskself.c,
9090 tests/dn.c, tests/dn2.c, tests/finished.c, tests/gc.c,
9091 tests/hostname-check.c, tests/init_roundtrip.c,
9092 tests/mini-eagain.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
9093 tests/netconf-psk.c, tests/nul-in-x509-names.c,
9094 tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
9095 tests/parse_ca.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
9096 tests/pskself.c, tests/resume.c, tests/set_pkcs12_cred.c,
9097 tests/sha2/sha2, tests/simple.c, tests/tlsia.c,
9098 tests/x509_altname.c, tests/x509dn.c, tests/x509self.c,
9099 tests/x509sign-verify.c, tests/x509signself.c: Reduced several
9100 unneeded messages during the make check procedure. Verbose messages
9101 can be obtained with --verbose.
9103 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9105 * doc/Makefile.am: use mv -f to avoid interactiveness.
9107 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9109 * tests/dn2.c: Modified to account for postalcode.
9111 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9113 * NEWS: added news entry for postalcode.
9115 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9117 * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
9118 lib/x509/common.c: Display postalCode and Name X.509 DN attributes
9119 correctly. Based on patch by Pavan Konjarla.
9121 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9123 * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
9124 lib/includes/gnutls/gnutls.h.in, src/serv-gaa.c, src/serv.gaa: Each
9125 ciphersuite is now tight with a minimum TLS version and a maximum
9126 one. It is valid if it is between (and including) those. This was
9127 added to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not
9128 available with TLS 1.1. Reported by Adrian F. Dimcev.
9130 2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9132 * .gitignore: Ignore more files.
9134 2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9136 * NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_alert.c,
9137 lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
9138 lib/libgnutls.map, src/cli.c: Added
9139 gnutls_certificate_set_verify_function() to allow checking
9140 (verifying) certificate before the handshake is completed.
9142 2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9144 * doc/examples/ex-rfc2818.c, doc/examples/ex-verify.c: Use the flags
9145 for expiration instead of getting the time of each certificate.
9147 2010-03-17 Simon Josefsson <simon@josefsson.org>
9149 * README-alpha: Mention datefudge.
9151 2010-03-17 Simon Josefsson <simon@josefsson.org>
9153 * tests/pkcs1-padding/pkcs1-pad: Skip test if datefudge is not
9156 2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9158 * lib/gnutls_priority.c: INITIAL_SAFE_RENEGOTIATION implies
9161 2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9163 * lib/includes/gnutls/gnutls.h.in: Added missing prototype.
9165 2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9167 * tests/safe-renegotiation/testsrn: made SAFE_RENEGOTIATION flags
9170 2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9172 * lib/x509/verify.c, src/certtool.c: gnutls_x509_crt_verify() and
9173 gnutls_x509_crt_list_verify() behave identically. That means that
9174 gnutls_x509_crt_verify() will now check dates as well. Certool --verify-chain will use the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
9175 flag to gnutls_x509_crt_verify() to force verification even if
9176 certificates are the same. The only exception is at the final
9177 certificate (self-checking) where the extra flag
9178 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is specified to allow for v1 CA
9181 2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9183 * lib/x509/common.c: Handle dates before 1-1-1970 (handle as being
9186 2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9188 * tests/pkcs1-padding/pkcs1-pad: Fail if required programs are not
9191 2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9193 * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
9194 lib/ext_safe_renegotiation.c, lib/gnutls_priority.c,
9195 lib/gnutls_record.c: Safe renegotiation is not enabled by default in
9198 2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9200 * doc/manpages/gnutls-cli.1, lib/gnutls_priority.c: better
9201 documentation for %INITIAL_SAFE_RENEGOTIATION
9203 2010-03-15 Simon Josefsson <simon@josefsson.org>
9207 2010-03-15 Simon Josefsson <simon@josefsson.org>
9209 * tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
9210 Rewrite tests/openpgp-certs/testselfsigs portably for Solaris. Fix
9213 2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9215 * tests/safe-renegotiation/testsrn: localhost -> 127.0.0.1 to work
9216 in places where localhost does not resolve.
9218 2010-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9220 * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: Extended time
9221 verification to trusted certificate list as well. Introduced the
9222 flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the
9223 trusted certificate list verification.
9225 2010-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9227 * src/tests.c, src/tests.h, src/tls_test.c: Added tests for safe
9228 renegotiation. Removed old tests for obsolete features (lzo) and
9229 tests that were not actually working (srp).
9231 2010-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9233 * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
9234 lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in,
9235 tests/safe-renegotiation/testsrn: Extension generation in SSL 3.0
9236 (as a reply to SCSV) is not using common code with normal extension
9237 generation. Solve issue reported by Tomas Mraz that caused SSL 3.0
9240 2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9242 * lib/x509/verify.c: Removed artificial constrained that prevented
9243 end-user certificates, being added to the trusted list, treated as
9244 trusted. Suggestion and patch by Tomas Mraz.
9246 2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9248 * doc/manpages/gnutls-cli.1: Documented that
9249 initial_safe_renegotiation is the default.
9251 2010-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9253 * src/serv.c: gnutls-serv will terminate connection on rehandshake
9256 2010-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9258 * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
9259 lib/includes/gnutls/gnutls.h.in: Avoid sending alerts during
9260 handshake. Alerts might be interrupted and return a non-fatal error
9261 which will propagate and in many cases it shouldn't. Avoid sending no renegotiation alert when a client connects to an
9262 unsafe server. Thanks to Tomas Hoger for the report.
9264 2010-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9266 * src/cli.c: On handshake error send appropriate alert and terminate
9269 2010-02-18 Simon Josefsson <simon@josefsson.org>
9271 * doc/reference/gnutls-docs.sgml: Add id's to chapters.
9273 2010-02-18 Simon Josefsson <simon@josefsson.org>
9275 * .gitignore: Update.
9277 2010-02-18 Simon Josefsson <simon@josefsson.org>
9279 * lib/po/zh_CN.po: Remove.
9281 2010-02-18 Simon Josefsson <simon@josefsson.org>
9283 * src/Makefile.am: Fix -lrt usage.
9285 2010-02-18 Simon Josefsson <simon@josefsson.org>
9287 * src/benchmark.c: Use gnulib gettime module. Indent.
9289 2010-02-18 Simon Josefsson <simon@josefsson.org>
9291 * lib/po/zh_CN.po: Add.
9293 2010-02-18 Simon Josefsson <simon@josefsson.org>
9295 * lib/gl/netdb.in.h: Update gnulib files.
9297 2010-02-18 Simon Josefsson <simon@josefsson.org>
9299 * gl/Makefile.am, gl/gettime.c, gl/gettimeofday.c,
9300 gl/m4/clock_time.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
9301 gl/m4/gnulib-comp.m4, gl/m4/timespec.m4, gl/netdb.in.h,
9302 gl/tests/Makefile.am, gl/tests/gettimeofday.c, gl/timespec.h: Update
9305 2010-02-17 Simon Josefsson <simon@josefsson.org>
9307 * lib/cryptodev.c: Indent. Don't include fcntl.h and sys/ioctl.h on
9308 (for example) Windows.
9310 2010-02-17 Simon Josefsson <simon@josefsson.org>
9312 * tests/safe-renegotiation/testsrn: Fix objdir != srcdir.
9314 2010-02-17 Simon Josefsson <simon@josefsson.org>
9316 * tests/safe-renegotiation/testsrn: Drop bashism. Make it work on
9319 2010-02-17 Simon Josefsson <simon@josefsson.org>
9323 2010-02-17 Simon Josefsson <simon@josefsson.org>
9327 2010-02-17 Simon Josefsson <simon@josefsson.org>
9329 * doc/manpages/Makefile.am: Generated.
9331 2010-02-17 Simon Josefsson <simon@josefsson.org>
9333 * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml,
9334 lib/ext_safe_renegotiation.c, lib/ext_signature.c,
9335 lib/gnutls_supplemental.c: More GTK-DOC fixes.
9337 2010-02-17 Simon Josefsson <simon@josefsson.org>
9339 * lib/gnutls_db.c: Doc fix.
9341 2010-02-17 Simon Josefsson <simon@josefsson.org>
9343 * lib/openpgp/gnutls_openpgp.c: Doc fix.
9345 2010-02-17 Simon Josefsson <simon@josefsson.org>
9347 * lib/includes/gnutls/gnutls.h.in: Doc fix.
9349 2010-02-17 Simon Josefsson <simon@josefsson.org>
9351 * lib/includes/gnutls/gnutls.h.in: Fix enum doc.
9353 2010-02-17 Simon Josefsson <simon@josefsson.org>
9355 * lib/includes/gnutls/gnutls.h.in: More enum docs.
9357 2010-02-17 Simon Josefsson <simon@josefsson.org>
9359 * lib/includes/gnutls/crypto.h: More enum documentation.
9361 2010-02-17 Simon Josefsson <simon@josefsson.org>
9363 * libextra/gnutls_ia.c: Doc fix.
9365 2010-02-17 Simon Josefsson <simon@josefsson.org>
9367 * lib/includes/gnutls/x509.h: More enum documentation.
9369 2010-02-17 Simon Josefsson <simon@josefsson.org>
9371 * libextra/includes/gnutls/extra.h: Document more.
9373 2010-02-17 Simon Josefsson <simon@josefsson.org>
9375 * lib/includes/gnutls/openpgp.h: Document more.
9377 2010-02-17 Simon Josefsson <simon@josefsson.org>
9379 * lib/includes/gnutls/pkcs12.h: Document enum.
9381 2010-02-17 Simon Josefsson <simon@josefsson.org>
9383 * lib/includes/gnutls/gnutls.h.in: More enum.
9385 2010-02-17 Simon Josefsson <simon@josefsson.org>
9387 * lib/includes/gnutls/gnutls.h.in: Fix typo.
9389 2010-02-17 Simon Josefsson <simon@josefsson.org>
9391 * lib/includes/gnutls/gnutls.h.in: More GTK-DOC documentation.
9393 2010-02-17 Simon Josefsson <simon@josefsson.org>
9395 * lib/includes/gnutls/gnutls.h.in: Improve GTK-DOC coverage.
9397 2010-02-17 Simon Josefsson <simon@josefsson.org>
9399 * lib/includes/gnutls/crypto.h: Fix comments, for GTK-DOC.
9401 2010-02-17 Simon Josefsson <simon@josefsson.org>
9403 * doc/reference/Makefile.am: Ignore more headers.
9405 2010-02-17 Simon Josefsson <simon@josefsson.org>
9407 * lib/x509/crl.c: Doc fix.
9409 2010-02-17 Simon Josefsson <simon@josefsson.org>
9411 * lib/includes/gnutls/crypto.h: Fix for GTK-DOC parse breakage.
9413 2010-02-17 Simon Josefsson <simon@josefsson.org>
9415 * doc/reference/Makefile.am: Ignore gnutlsxx.h too, GTK-DOC doesn't
9418 2010-02-17 Simon Josefsson <simon@josefsson.org>
9420 * doc/reference/Makefile.am: Need crypto.h too.
9422 2010-02-17 Simon Josefsson <simon@josefsson.org>
9424 * doc/reference/Makefile.am: Improve header ignores.
9426 2010-02-17 Simon Josefsson <simon@josefsson.org>
9428 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
9429 lib/minitasn1/element.c, lib/minitasn1/errors.c,
9430 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
9431 lib/minitasn1/structure.c: Upgrade to libtasn1 2.5 snapshot, for
9434 2010-02-17 Simon Josefsson <simon@josefsson.org>
9436 * lib/includes/gnutls/openpgp.h: Another GTK-DOC fix.
9438 2010-02-17 Simon Josefsson <simon@josefsson.org>
9440 * lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c,
9441 lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
9442 lib/ext_signature.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
9443 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
9444 lib/gnutls_cert.c, lib/gnutls_compress.c, lib/gnutls_db.c,
9445 lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
9446 lib/gnutls_extensions.c, lib/gnutls_global.c,
9447 lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_priority.c,
9448 lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
9449 lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_srp.c,
9450 lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
9451 lib/gnutls_x509.c, lib/includes/gnutls/crypto.h,
9452 lib/opencdk/stream.c, lib/openpgp/compat.c, lib/openpgp/extras.c,
9453 lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
9454 lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
9455 lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
9456 lib/x509/crq.c, lib/x509/dn.c, lib/x509/output.c,
9457 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
9458 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
9459 lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/x509.c,
9460 lib/x509/x509_write.c, lib/x509_b64.c, libextra/gnutls_extra.c,
9461 libextra/gnutls_ia.c, libextra/openssl_compat.c: Fix GTK-DOC syntax.
9462 Unfortunately this looses some information.
9464 2010-02-17 Simon Josefsson <simon@josefsson.org>
9466 * lib/auth_srp_sb64.c, lib/crypto-api.c,
9467 lib/ext_safe_renegotiation.c, lib/gnutls_anon_cred.c,
9468 lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_db.c,
9469 lib/gnutls_dh.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
9470 lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
9471 lib/gnutls_session.c, lib/gnutls_srp.c, lib/gnutls_state.c,
9472 lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
9473 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
9474 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
9475 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
9476 libextra/openssl_compat.c: Align indentation of GTK-DOC comments.
9478 2010-02-17 Simon Josefsson <simon@josefsson.org>
9480 * lib/po/vi.po.in: Sync with TP.
9482 2010-02-17 Simon Josefsson <simon@josefsson.org>
9484 * doc/examples/Makefile.am: Silence gnulib warning about fseek.
9486 2010-02-17 Simon Josefsson <simon@josefsson.org>
9488 * build-aux/gendocs.sh, build-aux/gnupload, gl/Makefile.am,
9489 gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gettimeofday.m4,
9490 gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/sys_time_h.m4,
9491 gl/netdb.in.h, gl/stdio.in.h, gl/sys_time.in.h,
9492 gl/tests/test-getdelim.c, gl/tests/test-getline.c,
9493 gl/tests/test-gettimeofday.c, lib/gl/Makefile.am,
9494 lib/gl/m4/stdio_h.m4, lib/gl/netdb.in.h, lib/gl/stdio.in.h,
9495 maint.mk: Update gnulib files.
9497 2010-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9499 * lib/gnutls_session_pack.c: Corrected calculation of session data
9500 for PSK ciphersuites. Solves issue #107256 reported by Wolfgang
9503 2010-02-03 Simon Josefsson <simon@josefsson.org>
9505 * doc/ANNOUNCE: Add announcement message.
9507 2010-01-27 Simon Josefsson <simon@josefsson.org>
9511 2010-01-27 Simon Josefsson <simon@josefsson.org>
9515 2010-01-27 Simon Josefsson <simon@josefsson.org>
9517 * lib/po/LINGUAS, lib/po/cs.po.in, lib/po/de.po.in,
9518 lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
9519 lib/po/sv.po.in, lib/po/zh_CN.po.in: Sync with TP.
9521 2010-01-27 Simon Josefsson <simon@josefsson.org>
9523 * build-aux/gnupload, doc/gendocs_template,
9524 gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
9525 gl/tests/test-read-file.c, gl/tests/test-sockets.c,
9526 lib/gl/tests/test-memchr.c, lib/gl/tests/test-read-file.c,
9527 lib/gl/tests/test-sockets.c: Update gnulib files.
9529 2010-01-27 Simon Josefsson <simon@josefsson.org>
9533 2010-01-27 Simon Josefsson <simon@josefsson.org>
9535 * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
9536 lib/minitasn1/element.c, lib/minitasn1/errors.c,
9537 lib/minitasn1/gstr.c, lib/minitasn1/int.h,
9538 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
9539 lib/minitasn1/structure.c: Use libtasn1 v2.4.
9541 2010-01-27 Simon Josefsson <simon@josefsson.org>
9543 * lib/gnutls.pc.in: Fix license.
9545 2010-01-27 Simon Josefsson <simon@josefsson.org>
9547 * .clcopying: Fix license.
9549 2010-01-27 Simon Josefsson <simon@josefsson.org>
9551 * AUTHORS: Fix license.
9553 2010-01-27 Simon Josefsson <simon@josefsson.org>
9555 * tests/key-id/README, tests/libgcrypt.supp,
9556 tests/rsa-md5-collision/Makefile.am,
9557 tests/rsa-md5-collision/README, tests/rsa-md5-collision/mbox,
9558 tests/userid/userid.pem: License fix.
9560 2010-01-27 Simon Josefsson <simon@josefsson.org>
9562 * ChangeLog, cfg.mk, configure.ac, doc/Makefile.am,
9563 doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
9564 doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
9565 doc/gendocs_template, doc/manpages/Makefile.am, doc/printlist.c,
9566 gl/gnulib.mk, gl/m4/onceonly_2_57.m4, gl/tests/gnulib.mk,
9567 guile/Makefile.am, guile/modules/Makefile.am,
9568 guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
9569 guile/modules/gnutls/build/priorities.scm,
9570 guile/modules/gnutls/build/smobs.scm,
9571 guile/modules/gnutls/build/utils.scm,
9572 guile/modules/gnutls/extra.scm,
9573 guile/modules/system/documentation/c-snarf.scm,
9574 guile/modules/system/documentation/output.scm,
9575 guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
9576 guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
9577 guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
9578 guile/src/make-session-priorities.scm,
9579 guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
9580 guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
9581 guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
9582 guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
9583 guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
9584 guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
9585 guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
9586 lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
9587 lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
9588 lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
9589 lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
9590 lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
9591 lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
9592 lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
9593 lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
9594 lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
9595 lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
9596 lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
9597 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
9598 lib/ext_server_name.h, lib/ext_session_ticket.c,
9599 lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
9600 lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
9601 lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
9602 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
9603 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
9604 lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
9605 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
9606 lib/gnutls_compress.h, lib/gnutls_constate.c,
9607 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
9608 lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
9609 lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
9610 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
9611 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
9612 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
9613 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
9614 lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
9615 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
9616 lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
9617 lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
9618 lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
9619 lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
9620 lib/gnutls_session.c, lib/gnutls_session_pack.c,
9621 lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
9622 lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
9623 lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
9624 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
9625 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
9626 lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
9627 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
9628 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
9629 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
9630 lib/m4/hooks.m4, lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
9631 lib/minitasn1/gstr.c, lib/minitasn1/int.h,
9632 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
9633 lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
9634 lib/opencdk/Makefile.am, lib/opencdk/armor.c,
9635 lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
9636 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
9637 lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
9638 lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
9639 lib/opencdk/packet.h, lib/opencdk/pubkey.c,
9640 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
9641 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
9642 lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
9643 lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
9644 lib/openpgp/compat.c, lib/openpgp/extras.c,
9645 lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
9646 lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
9647 lib/pk-libgcrypt.c, lib/po/cs.po.in, lib/po/de.po.in,
9648 lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
9649 lib/po/sv.po.in, lib/random.c, lib/random.h, lib/rnd-libgcrypt.c,
9650 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
9651 lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
9652 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
9653 lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
9654 lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
9655 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
9656 lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
9657 lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
9658 lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
9659 libextra/configure.ac, libextra/ext_inner_application.c,
9660 libextra/ext_inner_application.h, libextra/fipsmd5.c,
9661 libextra/gl/Makefile.am, libextra/gnutls-extra.pc.in,
9662 libextra/gnutls_extra.c, libextra/gnutls_ia.c,
9663 libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
9664 libextra/includes/gnutls/extra.h,
9665 libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
9666 libextra/m4/hooks.m4, libextra/openssl_compat.c,
9667 libextra/openssl_compat.h, m4/guile.m4, m4/valgrind.m4,
9668 src/Makefile.am, src/common.c, src/serv.c, tests/Makefile.am,
9669 tests/anonself.c, tests/certder.c,
9670 tests/certificate_set_x509_crl.c, tests/chainverify.c,
9671 tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
9672 tests/cve-2008-4989.c, tests/cve-2009-1415.c,
9673 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
9674 tests/finished.c, tests/gc.c, tests/hostname-check.c,
9675 tests/init_roundtrip.c, tests/key-id/Makefile.am,
9676 tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
9677 tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
9678 tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
9679 tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
9680 tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
9681 tests/openpgp-certs/Makefile.am, tests/openpgp-keyring.c,
9682 tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
9683 tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
9684 tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
9685 tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
9686 tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
9687 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
9688 tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
9689 tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
9690 tests/rsa-md5-collision/Makefile.am,
9691 tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
9692 tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
9693 tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
9694 tests/userid/userid, tests/utils.c, tests/utils.h,
9695 tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
9696 tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
9697 Update copyright years.
9699 2010-01-27 Simon Josefsson <simon@josefsson.org>
9701 * Makefile.am: Fix license.
9703 2010-01-27 Simon Josefsson <simon@josefsson.org>
9705 * README: Fix license.
9707 2010-01-27 Simon Josefsson <simon@josefsson.org>
9709 * README-alpha: Fix license.
9711 2010-01-27 Simon Josefsson <simon@josefsson.org>
9713 * src/cli.c: Fix license.
9715 2010-01-27 Simon Josefsson <simon@josefsson.org>
9717 * src/crypt.c: Fix license.
9719 2010-01-27 Simon Josefsson <simon@josefsson.org>
9721 * src/tls_test.c: Fix license.
9723 2010-01-27 Simon Josefsson <simon@josefsson.org>
9725 * src/tests.c: Fix license.
9727 2010-01-27 Simon Josefsson <simon@josefsson.org>
9729 * src/psk.c: Fix license.
9731 2010-01-27 Simon Josefsson <simon@josefsson.org>
9733 * src/prime.c: Fix license.
9735 2010-01-27 Simon Josefsson <simon@josefsson.org>
9737 * src/certtool.c: Fix license.
9739 2010-01-27 Simon Josefsson <simon@josefsson.org>
9741 * src/certtool-cfg.c: Fix copyright/license.
9743 2010-01-27 Simon Josefsson <simon@josefsson.org>
9745 * src/benchmark.c: Indent and fix copyright notices.
9747 2010-01-27 Simon Josefsson <simon@josefsson.org>
9749 * build-aux/gnupload, gl/tests/test-gettimeofday.c,
9750 gl/tests/test-memchr.c, gl/tests/test-read-file.c,
9751 gl/tests/test-sockets.c, lib/gl/tests/test-memchr.c,
9752 lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c: Update
9755 2010-01-27 Simon Josefsson <simon@josefsson.org>
9757 * ChangeLog, ChangeLog.1, THANKS, build-aux/gnupload, cfg.mk,
9758 doc/Makefile.am, doc/credentials/Makefile.am,
9759 doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
9760 doc/extract-guile-c-doc.scm, doc/manpages/Makefile.am,
9761 doc/printlist.c, gl/tests/test-gettimeofday.c,
9762 gl/tests/test-memchr.c, gl/tests/test-read-file.c,
9763 gl/tests/test-sockets.c, guile/Makefile.am,
9764 guile/modules/Makefile.am, guile/modules/gnutls.scm,
9765 guile/modules/gnutls/build/enums.scm,
9766 guile/modules/gnutls/build/priorities.scm,
9767 guile/modules/gnutls/build/smobs.scm,
9768 guile/modules/gnutls/build/utils.scm,
9769 guile/modules/gnutls/extra.scm,
9770 guile/modules/system/documentation/c-snarf.scm,
9771 guile/modules/system/documentation/output.scm,
9772 guile/pre-inst-guile.in, guile/src/errors.h,
9773 guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
9774 guile/src/make-session-priorities.scm,
9775 guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
9776 guile/src/utils.h, guile/tests/anonymous-auth.scm,
9777 guile/tests/errors.scm, guile/tests/openpgp-auth.scm,
9778 guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
9779 guile/tests/pkcs-import-export.scm,
9780 guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
9781 guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
9782 lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
9783 lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
9784 lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
9785 lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
9786 lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
9787 lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
9788 lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/crypto-api.c,
9789 lib/crypto.c, lib/crypto.h, lib/cryptodev.c, lib/debug.c,
9790 lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
9791 lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
9792 lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
9793 lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
9794 lib/ext_server_name.h, lib/ext_session_ticket.c,
9795 lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
9796 lib/ext_srp.c, lib/ext_srp.h, lib/gl/tests/test-memchr.c,
9797 lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c,
9798 lib/gnutls_alert.c, lib/gnutls_algorithms.c,
9799 lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
9800 lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
9801 lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
9802 lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
9803 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
9804 lib/gnutls_compress.h, lib/gnutls_constate.c,
9805 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
9806 lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
9807 lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
9808 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
9809 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
9810 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
9811 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
9812 lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
9813 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
9814 lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
9815 lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
9816 lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
9817 lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
9818 lib/gnutls_session.c, lib/gnutls_session_pack.c,
9819 lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
9820 lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
9821 lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
9822 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
9823 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
9824 lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
9825 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
9826 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
9827 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
9828 lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
9829 lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
9830 lib/minitasn1/element.c, lib/minitasn1/gstr.c,
9831 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
9832 lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
9833 lib/opencdk/Makefile.am, lib/opencdk/hash.c,
9834 lib/openpgp/Makefile.am, lib/openpgp/compat.c,
9835 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
9836 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
9837 lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
9838 lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
9839 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
9840 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
9841 lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
9842 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
9843 lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
9844 lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
9845 lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
9846 lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
9847 libextra/ext_inner_application.c, libextra/ext_inner_application.h,
9848 libextra/fipsmd5.c, libextra/gl/Makefile.am,
9849 libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
9850 libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
9851 libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
9852 libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
9853 libextra/openssl_compat.c, libextra/openssl_compat.h,
9854 src/Makefile.am, src/benchmark.c, src/certtool-cfg.c,
9855 src/certtool.c, src/common.c, src/crypt.c, src/prime.c, src/psk.c,
9856 src/serv.c, src/tests.c, src/tls_test.c, tests/Makefile.am,
9857 tests/anonself.c, tests/certder.c, tests/chainverify.c,
9858 tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
9859 tests/cve-2008-4989.c, tests/cve-2009-1415.c,
9860 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
9861 tests/finished.c, tests/gc.c, tests/hostname-check.c,
9862 tests/init_roundtrip.c, tests/key-id/Makefile.am,
9863 tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
9864 tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
9865 tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
9866 tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
9867 tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
9868 tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
9869 tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
9870 tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
9871 tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
9872 tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
9873 tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
9874 tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
9875 tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
9876 tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
9877 tests/rsa-md5-collision/Makefile.am,
9878 tests/rsa-md5-collision/rsa-md5-collision,
9879 tests/safe-renegotiation/Makefile.am,
9880 tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
9881 tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
9882 tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
9883 tests/userid/userid, tests/utils.c, tests/utils.h,
9884 tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
9885 tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: Fix
9886 FSF copyright notices.
9888 2010-01-27 Simon Josefsson <simon@josefsson.org>
9890 * THANKS, doc/gnutls.texi: doc: Fix pkg-config recommendation. Reported by Claudio Saavedra <csaavedra@igalia.com> in
9892 <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4095>.
9894 2010-01-27 Simon Josefsson <simon@josefsson.org>
9896 * NEWS, THANKS, src/cli.c: gnutls-cli: Handle reading binary data
9897 from server. Reported by and tiny patch from Vitaly Mayatskikh
9898 <v.mayatskih@gmail.com> in
9900 <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
9902 2010-01-26 Simon Josefsson <simon@josefsson.org>
9904 * build-aux/update-copyright, gl/Makefile.am,
9905 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
9906 gl/tests/test-update-copyright.sh: Update gnulib files.
9908 2010-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9910 * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
9911 tests/safe-renegotiation/testsrn: Added copyright notices!
9913 2010-01-26 Simon Josefsson <simon@josefsson.org>
9915 * NEWS, doc/manpages/Makefile.am: Generated.
9917 2010-01-26 Simon Josefsson <simon@josefsson.org>
9919 * .gitignore: Improve.
9921 2010-01-26 Simon Josefsson <simon@josefsson.org>
9923 * doc/reference/Makefile.am: Ignore more.
9925 2010-01-26 Simon Josefsson <simon@josefsson.org>
9927 * .gitignore, lib/gl/m4/warn-on-use.m4: Update gnulib files.
9929 2010-01-26 Simon Josefsson <simon@josefsson.org>
9931 * gl/m4/warn-on-use.m4, lib/build-aux/arg-nonnull.h,
9932 lib/build-aux/warn-on-use.h: Update gnulib files.
9934 2010-01-26 Simon Josefsson <simon@josefsson.org>
9938 2010-01-26 Simon Josefsson <simon@josefsson.org>
9940 * lib/gl/tests/macros.h, lib/gl/tests/signature.h: Update gnulib
9943 2010-01-26 Simon Josefsson <simon@josefsson.org>
9947 2010-01-26 Simon Josefsson <simon@josefsson.org>
9949 * gl/tests/macros.h, gl/tests/signature.h,
9950 gl/tests/test-sys_ioctl.c: Update gnulib files.
9952 2010-01-26 Simon Josefsson <simon@josefsson.org>
9954 * GNUmakefile, build-aux/arg-nonnull.h, build-aux/config.rpath,
9955 build-aux/gendocs.sh, build-aux/gnupload, build-aux/link-warning.h,
9956 build-aux/pmccabe2html, build-aux/useless-if-before-free,
9957 build-aux/vc-list-files, build-aux/warn-on-use.h, gl/Makefile.am,
9958 gl/accept.c, gl/alignof.h, gl/alloca.c, gl/alloca.in.h,
9959 gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c, gl/c-ctype.c,
9960 gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h, gl/close.c,
9961 gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fclose.c,
9962 gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/gai_strerror.c,
9963 gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c,
9964 gl/getpass.h, gl/gettext.h, gl/inet_ntop.c, gl/inet_pton.c,
9965 gl/intprops.h, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
9966 gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/autobuild.m4,
9967 gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
9968 gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/float_h.m4,
9969 gl/m4/fseeko.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
9970 gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gettimeofday.m4,
9971 gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
9972 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
9973 gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
9974 gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4,
9975 gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
9976 gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
9977 gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
9978 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
9979 gl/m4/perror.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
9980 gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
9981 gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
9982 gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
9983 gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
9984 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
9985 gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
9986 gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
9987 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
9988 gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
9989 gl/m4/version-etc.m4, gl/m4/warnings.m4, gl/m4/wchar.m4,
9990 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/memchr.c,
9991 gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
9992 gl/override/lib/gettext.h.diff, gl/perror.c, gl/printf-args.c,
9993 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
9994 gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
9995 gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
9996 gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
9997 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
9998 gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
9999 gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
10000 gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
10001 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
10002 gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/gettimeofday.c,
10003 gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h, gl/tests/test-alignof.c,
10004 gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
10005 gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
10006 gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
10007 gl/tests/test-getdelim.c, gl/tests/test-getline.c,
10008 gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
10009 gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
10010 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
10011 gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
10012 gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
10013 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
10014 gl/tests/test-snprintf.c, gl/tests/test-stdbool.c,
10015 gl/tests/test-stddef.c, gl/tests/test-stdint.c,
10016 gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
10017 gl/tests/test-strerror.c, gl/tests/test-string.c,
10018 gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
10019 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
10020 gl/tests/test-time.c, gl/tests/test-unistd.c,
10021 gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
10022 gl/tests/test-vc-list-files-git.sh, gl/tests/test-version-etc.c,
10023 gl/tests/test-version-etc.sh, gl/tests/test-wchar.c,
10024 gl/tests/verify.h, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
10025 gl/time.in.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h,
10026 gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
10027 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
10028 lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
10029 lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
10030 lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
10031 lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
10032 lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
10033 lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
10034 lib/gl/lseek.c, lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
10035 lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
10036 lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
10037 lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
10038 lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
10039 lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
10040 lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
10041 lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
10042 lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
10043 lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
10044 lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
10045 lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
10046 lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
10047 lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
10048 lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
10049 lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
10050 lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
10051 lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
10052 lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
10053 lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
10054 lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
10055 lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
10056 lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
10057 lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
10058 lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
10059 lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
10060 lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
10061 lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
10062 lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
10063 lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
10064 lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
10065 lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memmem.c,
10066 lib/gl/minmax.h, lib/gl/netdb.in.h,
10067 lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
10068 lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
10069 lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
10070 lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
10071 lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
10072 lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
10073 lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
10074 lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
10075 lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
10076 lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
10077 lib/gl/tests/dummy.c, lib/gl/tests/intprops.h,
10078 lib/gl/tests/test-alloca-opt.c, lib/gl/tests/test-byteswap.c,
10079 lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
10080 lib/gl/tests/test-fseeko.c, lib/gl/tests/test-func.c,
10081 lib/gl/tests/test-memchr.c, lib/gl/tests/test-netdb.c,
10082 lib/gl/tests/test-read-file.c, lib/gl/tests/test-snprintf.c,
10083 lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
10084 lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
10085 lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
10086 lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
10087 lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
10088 lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
10089 lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
10090 lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
10091 lib/gl/tests/verify.h, lib/gl/tests/zerosize-ptr.h,
10092 lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
10093 lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
10094 lib/gl/vsnprintf.c, lib/gl/w32sock.h, lib/gl/wchar.in.h,
10095 lib/gl/xsize.h, libextra/build-aux/config.rpath,
10096 libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
10097 libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
10098 libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
10099 libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
10100 libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
10101 libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
10102 libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
10103 libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
10104 libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
10105 maint.mk: Update gnulib files.
10107 2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10109 * NEWS: Documented addition of new priority strings.
10111 2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10113 * NEWS: Documented Steve Dispensa's patch addition.
10115 2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10117 * tests/safe-renegotiation/testsrn: Added tests for new behaviour of
10120 2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10122 * lib/gnutls_handshake.c: Revert "Always allow initial negotiation.
10123 Disable subsequent unsafe renegotiations." This reverts commit
10124 1e4981cfbec360a19cfb7470ce96093aaa95b32e. Ah, this was to twart the attack (description by Daniel Kahn
10125 Gilmor): The problem, as i understand it, is that the client is
10126 incapable of telling whether the plaintext prefix injection attack
10127 has already happened. I don't think disabling renegotiation for the
10128 session resolves the problem. For a server which does not announce and enforce safe renegotiation,
10129 what the client sees as an initial connection may unknowingly
10130 actually be renegotiating an existing session that was started by an
10131 attacker. The concern isn't that the (legitimate) client will have their
10132 session re-negotiated by an attacker; it's that the MITM attacker
10133 can trick the server into viewing the client's initial
10134 authentication as a re-negotiation of a TLS session already
10135 underway. for servers which do odd things like apply the credentials of the
10136 post-renegotiation client to the traffic that happened before the
10137 renegotiation (e.g. HTTPS, with client-side certificates required
10138 only for certain subdirectories), a safe-renegotiation-aware client
10139 *should* refuse to connect to servers which do not announce safe
10140 renegotiation if they want to resist this attack.
10142 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10144 * configure.ac: Added safe-renegotiation subdir.
10146 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10148 * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
10149 lib/gnutls_int.h, lib/gnutls_priority.c, tests/Makefile.am,
10150 tests/safe-renegotiation/Makefile.am,
10151 tests/safe-renegotiation/params.dh,
10152 tests/safe-renegotiation/testsrn: Added safe renegotiation test
10153 cases. Added priority string option to completely disable
10154 renegotiation to assist in testing more cases.
10156 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10158 * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
10159 --rehandshake option to gnutls-cli to allow connection and immediate
10162 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10164 * lib/ext_safe_renegotiation.c: More carefull copying of data. Check
10165 for the malicious case where a server does initial unsafe
10166 negotiation and proceeds with a safe renegotiation.
10168 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10170 * lib/gnutls_handshake.c: Always allow initial negotiation. Disable
10171 subsequent unsafe renegotiations. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10173 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10175 * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
10176 lib/gnutls_int.h, lib/gnutls_state.c: Safe renegotiation variable
10177 cleanup. No longer clear variables that should stay across
10180 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10182 * lib/crypto-api.c, lib/gnutls_cipher_int.c: Documented the
10183 crypto-api functions and made the API tolerant to NULL IV.
10185 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10187 * lib/gnutls_handshake.c: Added documentation of rehandshake usage
10188 in gnutls if full-duplex capability is required.
10190 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10192 * lib/gnutls_buffers.c: Reduced asserts to reduce unneeded
10195 2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10197 * src/cli.c, src/serv.c: Removed rehandshake initiation capability
10198 from client and transferred it to the echo server. Once the server
10199 receives a string **REHANDSHAKE** will request a rehandshake.
10201 2010-01-19 Steve Dispensa <dispensa@phonefactor.com>
10203 * lib/gnutls_handshake.c: Here is another patch that fixes an
10204 interoperability problem with safe renegotiation and resumption. In
10205 copying forward the safe renegotiation state across resumptions, I
10206 got a little carried away and copied too much data (new connections
10207 should start with empty RI data). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10209 2010-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10211 * lib/ext_oprfi.c, lib/ext_session_ticket.c, lib/gnutls_constate.c,
10212 lib/gnutls_handshake.c, lib/gnutls_int.h: Modified extensions
10213 (session ticket, oprfi) to store internal data in gnutls internal
10214 structure and input data only in the security_parameters extension
10215 structure. Session ticket extension will call the user supplied hello function
10216 on resumption. (the current API to handle that is inexistant. To be revised)
10218 2010-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10220 * lib/ext_session_ticket.c, lib/gnutls_constate.c,
10221 lib/gnutls_int.h, lib/gnutls_session_pack.c: Further cleanup the
10222 extension internal structure. Now if values are not saved and
10223 restored when resumming they will be initialized to zero.
10225 2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10227 * tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
10228 tests/cve-2008-4989.c, tests/dn2.c, tests/finished.c, tests/mini.c,
10229 tests/pkcs12_s2k_pem.c, tests/tlsia.c, tests/x509sign-verify.c:
10230 Tests compile with --enable-gcc-warnings.
10232 2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10234 * lib/ext_safe_renegotiation.h, lib/gnutls_constate.c,
10235 lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
10236 lib/gnutls_state.c, tests/resume.c, tests/simple.c: Specify in
10237 detail what to be copied when resuming. It seems there are
10238 extensions (like safe renegotiation) that do not need to read the
10239 stored values. Moreover this might overcome any bugs by the
10240 extensions that used to store pointers in the extension structure.
10242 2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10244 * lib/ext_safe_renegotiation.c: Initialize the default value to 0.
10245 It seemed to have default value of 0 when non resuming :)
10247 2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10249 * doc/examples/ex-client-tlsia.c, tests/utils.c: Removed warnings.
10251 2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10253 * configure.ac: Added -Wno-int-to-pointer-cast to enable compilation
10254 when enable-gcc-warnings is given.
10256 2010-01-13 Steve Dispensa <dispensa@phonefactor.com>
10258 * lib/gnutls_handshake.c: Here are two more patches. The first adds
10259 support for renegotiation of resumption. Also, I found a bug in my initial implementation - I was incorrectly
10260 sending the SCSV on all connections, not only those using SSLv3, as
10261 should have been the case. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10263 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10265 * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1:
10266 Documentation updates.
10268 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10270 * lib/gnutls_handshake.c: When denying an initial negotiation due to
10271 missing safe renegotiation extension reply with NO_RENEGOTIATION
10274 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10276 * lib/gnutls_extensions.c, lib/gnutls_handshake.c,
10277 lib/includes/gnutls/gnutls.h.in, tests/resume.c: When resuming no
10278 extensions were parsed thus the safe renegotiation extension was
10279 ignored as well causing a false detection of unsafe session.
10280 Corrected by making a special class of extensions called RESUMED.
10281 Those are parsed even when resuming (normally we don't do it to
10282 prevent clients overwriting capabilities and credentials).
10284 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10286 * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
10287 lib/gnutls_alert.c, lib/gnutls_algorithms.c,
10288 lib/gnutls_algorithms.h, lib/gnutls_extensions.c,
10289 lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
10290 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in: Added Steve
10291 Dispensa's patch for safe renegotiation (with artistic changes).
10292 Effectively reverted my previous patch
10293 1a338cbaaeec11d958de8da4d1ae036979fccf3e.
10295 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10297 * THANKS: Updated thanks file.
10299 2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10301 * NEWS, lib/opencdk/sig-check.c, src/certtool.c,
10302 tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
10303 When checking self signature also check the signatures of all
10304 subkeys. Ilari Liusvaara noticed and reported the issue and
10305 provided test vectors as well. certtool --pgp-certificate-info will check self signatures. Added self tests for self-sigs.
10307 2010-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10309 * tests/gc.c: hash_fast -> hmac_fast
10311 2010-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10313 * doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
10314 lib/Makefile.am, lib/ext_safe_renegotiation.c,
10315 lib/ext_safe_renegotiation.h, lib/gnutls_errors.c,
10316 lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
10317 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, src/cli.c,
10318 src/serv.c: Added safe renegotiation patch from Steve Dispensa,
10319 modified to suit gnutls code style and error checking. Modified to
10320 conform to draft-ietf-tls-renegotiation-03.txt. gnutls-cli will search input for **RENEGOTIATION** to perform a
10321 renegotiation and gnutls-serv will perform one if requested.
10323 2010-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10325 * lib/x509/mpi.c: Corrections for --disable-extra-pki configure flag
10326 to work. Patch by Bill Randle.
10328 2010-01-04 Andreas Metzler <ametzler@downhill.at.eu.org>
10330 * ChangeLog, doc/certtool.cfg, doc/gnutls.texi, lib/gnutls_auth.c,
10331 lib/gnutls_priority.c, lib/gnutls_session.c, lib/openpgp/pgp.c,
10332 lib/openpgp/privkey.c: Typo fixes: successful, precedence, preferred
10334 2009-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10336 * lib/cryptodev.c: define EALG_MAX_BLOCK_LEN if not there.
10338 2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10340 * libextra/fipsmd5.c: use C99 initializations
10342 2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10344 * NEWS, lib/Makefile.am, lib/compat.c, lib/crypto-api.c,
10345 lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
10346 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
10347 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
10348 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
10349 lib/libgnutls.map, libextra/fipsmd5.c, src/benchmark.c: Reverted all
10350 previous changes to combine hashes with MAC algorithms. It is now
10351 permissible to register a hash algorithm separately from a MAC.
10353 2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10355 * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
10356 lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
10357 lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
10358 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
10359 lib/gnutls_constate.c, lib/gnutls_constate.h,
10360 lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
10361 lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
10362 lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
10363 lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
10364 lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
10365 lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
10366 lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
10367 lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
10368 lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
10369 lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
10370 lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
10371 lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
10372 Revert "Merged the two internal hash API functions, to simplify and
10373 reduce code." This reverts commit bc3e43d5f121e404aa32212dcfcc5027de807056. Conflicts: lib/crypto.c lib/gnutls_cipher.c lib/gnutls_hash_int.c lib/gnutls_hash_int.h lib/includes/gnutls/crypto.h lib/mac-libgcrypt.c
10375 2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10377 * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
10378 lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Revert
10379 "Added plain MD5 hash check and corrected gnutls_hash_fast() usage
10380 in openssl.c" This reverts commit 54486afbfcf3398846d5c20d3094bdb7d0a43ff2.
10382 2009-12-04 Simon Josefsson <simon@josefsson.org>
10384 * doc/examples/ex-x509-info.c: Improve example of printing cert
10387 2009-12-04 Simon Josefsson <simon@josefsson.org>
10389 * doc/gnutls.texi: Typo fix. Reported by Laurence <lfinsto@gwdg.de> in
10391 <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4036>.
10393 2009-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10395 * lib/compat.c, lib/gnutls_algorithms.h: fixes for compilation.
10397 2009-12-03 Simon Josefsson <simon@josefsson.org>
10399 * lib/gnutls_cert.c: Check return value from
10400 gnutls_x509_crt_get_key_usage.
10402 2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10404 * NEWS, tests/pathlen/ca-no-pathlen.pem,
10405 tests/pathlen/no-ca-or-pathlen.pem: This is a follow-up to commit
10406 3d8da5765133c6ced37bf29b5a07f950b8c26cd7, that fixes some issues
10407 with DSA and RSA certificate encoding. Due to that the shown public
10408 key IDs are different than the ones in previous gnutls versions.
10410 2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10412 * lib/gnutls_cipher.c: reduced calls to gnutls_hash on
10413 encryption/decryption. Only initialize MAC when needed.
10415 2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10417 * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
10418 lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Added
10419 plain MD5 hash check and corrected gnutls_hash_fast() usage in
10420 openssl.c Corrected new hash API bug that prevented usage of plain
10423 2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10425 * NEWS, doc/gnutls.texi, lib/Makefile.am, lib/compat.c,
10426 lib/crypto.c, lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
10427 lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
10428 lib/includes/gnutls/crypto.h, lib/libgnutls.map,
10429 lib/opencdk/read-packet.c, lib/x509/privkey_pkcs8.c,
10430 src/benchmark.c, tests/gc.c: Exported gnutls_cipher_get_block_size()
10431 and all hash functions added to libgnutls.map. Expanded benchmark
10432 with 3DES and ARCFOUR. Corrected test that used non-existing symbol.
10434 2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10436 * lib/m4/hooks.m4: Corrected check for cryptodev. Only enable it if
10437 --enable-cryptodev is specified.
10439 2009-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10441 * lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_hash_int.c,
10442 lib/gnutls_hash_int.h, lib/mac-libgcrypt.c, lib/x509/mpi.c:
10443 Corrected compilation issues.
10445 2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10447 * configure.ac, lib/m4/hooks.m4: Moved cryptodev check to
10448 lib/m4/hooks.m4 and now --enable-cryptodev actually works.
10450 2009-11-30 Simon Josefsson <simon@josefsson.org>
10452 * lib/gnutls_x509.c: Doc fix.
10454 2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10456 * lib/cryptodev.c: corrected old type.
10458 2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10460 * lib/cryptodev.c: Only include cryptodev.h if cryptodev is there.
10462 2009-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10464 * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
10465 lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
10466 lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
10467 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
10468 lib/gnutls_constate.c, lib/gnutls_constate.h,
10469 lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
10470 lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
10471 lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
10472 lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
10473 lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
10474 lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
10475 lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
10476 lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
10477 lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
10478 lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
10479 lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
10480 lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
10481 Merged the two internal hash API functions, to simplify and reduce
10482 code. gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.
10484 2009-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10486 * .gitignore, configure.ac, lib/Makefile.am, lib/crypto-api.c,
10487 lib/crypto.c, lib/cryptodev.c, lib/gnutls_cipher_int.c,
10488 lib/gnutls_cryptodev.h, lib/gnutls_errors.c, lib/gnutls_global.c,
10489 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
10490 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
10491 lib/libgnutls.map, src/Makefile.am, src/benchmark.c: Added cryptodev
10492 support (/dev/crypto). Tested with
10493 http://www.logix.cz/michal/devel/cryptodev/. Added benchmark
10494 utility for AES. Exported API to access encryption algorithms.
10496 2009-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10498 * NEWS: Documented certtool's certificate request generation fix.
10500 2009-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10502 * lib/x509/mpi.c: Corrected two issues that affected certificate
10503 request generation. 1. Null padding is added on integers (found thanks to Wilankar
10504 Trupti <trupti.wilankar@hp.com>) 2. In optional SignatureAlgorithm parameters field for DSA keys the
10505 DSA parameters were added. Those were rejected by verisign. Gnutls
10506 no longer adds those parameters there since other implementations
10507 don't do either and having them does not seem to offer anything
10508 (anyway you need the signer's certificate to verify thus public key
10509 will be available).
10511 2009-11-27 Simon Josefsson <simon@josefsson.org>
10513 * doc/manpages/Makefile.am, tests/key-id/key-id,
10514 tests/nist-pkits/gnutls_test_entry, tests/x509paths/chain: More
10515 fixes of grep -q problem.
10517 2009-11-27 Simon Josefsson <simon@josefsson.org>
10521 2009-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10523 * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
10524 src/certtool.gaa: Allow exporting of Certificate requests to DER
10525 format. Added option --no-crq-extensions to avoid adding extensions
10528 2009-11-23 Simon Josefsson <simon@josefsson.org>
10530 * tests/rfc2253-escape-test: Don't use 'grep -q', to fix portability
10531 to OpenSolaris. Reported by "Dr. David Kirkby" <david.kirkby@onetel.net> in
10533 <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3993>.
10535 2009-11-16 Simon Josefsson <simon@josefsson.org>
10537 * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
10538 libextra/configure.ac: Bump versions.
10540 2009-11-15 Simon Josefsson <simon@josefsson.org>
10542 * doc/guile.texi: Doc fix.
10544 2009-11-15 Simon Josefsson <simon@josefsson.org>
10546 * gl/Makefile.am, gl/intprops.h, gl/m4/sys_stat_h.m4,
10547 gl/m4/unistd_h.m4, gl/sys_stat.in.h, gl/unistd.in.h,
10548 gl/version-etc.c, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
10549 lib/gl/m4/unistd_h.m4, lib/gl/sys_stat.in.h,
10550 lib/gl/tests/intprops.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
10553 2009-11-09 Simon Josefsson <simon@josefsson.org>
10555 * ChangeLog: Generated.
10557 2009-11-09 Simon Josefsson <simon@josefsson.org>
10559 * NEWS: Version 2.9.9.
10561 2009-11-09 Simon Josefsson <simon@josefsson.org>
10563 * build-aux/pmccabe2html, gl/Makefile.am, gl/getpagesize.c,
10564 gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4, gl/tests/test-fseeko.c,
10565 lib/gl/Makefile.am, lib/gl/getpagesize.c, lib/gl/m4/getpagesize.m4,
10566 lib/gl/m4/gnulib-comp.m4, lib/gl/tests/test-fseeko.c: Update gnulib
10569 2009-11-09 Simon Josefsson <simon@josefsson.org>
10573 2009-11-09 Simon Josefsson <simon@josefsson.org>
10575 * src/certtool.c: Cleanup header inclusion.
10577 2009-11-09 Simon Josefsson <simon@josefsson.org>
10583 Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software
10586 Copying and distribution of this file, with or without
10587 modification, are permitted provided the copyright notice
10588 and this notice are preserved.