minor update to the fix.

[gnutls.git] / ChangeLog

2011-09-03  Andreas Metzler <ametzler@downhill.at.eu.org>

        * lib/configure.ac: Add p11-kit-1 to gnutls.pc Requires.private.  If building with PKCS#11 support append p11-kit-1 to gnutls.pc
        Requires.private.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * build-aux/snippet/_Noreturn.h, build-aux/snippet/arg-nonnull.h,
        build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h: added
        snippet

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/crypt-gaa.c: compiled with newer gaa.

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgpself.c: explicitly enable openpgp certtype in tests.

2011-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/configure.ac: do not exit configure if p11-kit is not found.

2011-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_priority.c: OpenPGP certificate type is not
        enabled by default.

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/common.h: removed unneeded headers.

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented updates

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c: Corrected error checking in
        _gnutls_send_int().

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/close-hook.c,
        lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/fd-hook.c,
        lib/gl/fd-hook.h, lib/gl/float.c, lib/gl/float.in.h,
        lib/gl/fseek.c, lib/gl/fseeko.c, lib/gl/ftell.c,
        lib/gl/m4/alloca.m4, lib/gl/m4/asm-underscore.m4,
        lib/gl/m4/byteswap.m4, lib/gl/m4/errno_h.m4,
        lib/gl/m4/extensions.m4, lib/gl/m4/fcntl_h.m4,
        lib/gl/m4/float_h.m4, lib/gl/m4/fpieee.m4, lib/gl/m4/fseek.m4,
        lib/gl/m4/fseeko.m4, lib/gl/m4/ftell.m4, lib/gl/m4/ftello.m4,
        lib/gl/m4/getpagesize.m4, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/include_next.m4, lib/gl/m4/inttypes.m4,
        lib/gl/m4/largefile.m4, lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4,
        lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
        lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/read-file.m4, lib/gl/m4/realloc.m4,
        lib/gl/m4/snprintf.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
        lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
        lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4,
        lib/gl/m4/string_h.m4, lib/gl/m4/strings_h.m4,
        lib/gl/m4/strverscmp.m4, lib/gl/m4/sys_socket_h.m4,
        lib/gl/m4/sys_uio_h.m4, lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vsnprintf.m4, lib/gl/m4/warn-on-use.m4,
        lib/gl/m4/wchar_h.m4, lib/gl/malloc.c, lib/gl/netdb.in.h,
        lib/gl/realloc.c, lib/gl/sockets.c, lib/gl/stddef.in.h,
        lib/gl/stdint.in.h, lib/gl/stdio-write.c, lib/gl/stdio.in.h,
        lib/gl/stdlib.in.h, lib/gl/str-two-way.h, lib/gl/string.in.h,
        lib/gl/strings.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
        lib/gl/sys_uio.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/fcntl.in.h, lib/gl/tests/fpucw.h,
        lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
        lib/gl/tests/inttypes.in.h, lib/gl/tests/macros.h,
        lib/gl/tests/test-fcntl-h.c, lib/gl/tests/test-float.c,
        lib/gl/tests/test-fseek.c, lib/gl/tests/test-fseek.sh,
        lib/gl/tests/test-fseek2.sh, lib/gl/tests/test-fseeko3.c,
        lib/gl/tests/test-fseeko3.sh, lib/gl/tests/test-ftell.c,
        lib/gl/tests/test-ftell.sh, lib/gl/tests/test-ftell2.sh,
        lib/gl/tests/test-ftell3.c, lib/gl/tests/test-intprops.c,
        lib/gl/tests/test-inttypes.c, lib/gl/tests/test-snprintf.c,
        lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_uio.c,
        lib/gl/tests/test-verify.c, lib/gl/tests/test-vsnprintf.c,
        lib/gl/tests/test-wchar.c, lib/gl/time.in.h, lib/gl/unistd.in.h,
        lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h: Added new
        gnulib

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/x509/x509.c: XmppAddr -> UTF8String

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
        lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/gnutls_openpgp.h, lib/openpgp/privkey.c,
        lib/x509/x509.c: gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in gnutls 2.10.x and
        do not require to hold the structures.

2011-08-22  Andreas Metzler <ametzler@debian.org>

        * lib/libgnutls.map: Export export_gnutls_openpgp_privkey_sign_hash.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version.

2011-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, libextra/includes/gnutls/openssl.h: Replaced typedef
        gnutls_connection_end_t from openssl.h with an unsigned int.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fix

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/p11common.c: 
        Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously
        given PIN is wrong.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fix

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Corrected issue when asking multiple times for PIN.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/configure.ac: corrected configure test.

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1: do not escape \#

2011-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/configure.ac: pakchois is no longer used

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/m4/hooks.m4: bumped library version

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: document new config files of p11-kit.

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Prevent from loading twice the same module.

2011-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c: better placement of ifdefs.

2011-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated news

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11common.c: check the output of fgets.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: corrected uninitialized warning.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * README, README-alpha: document p11-kit

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented p11-kit addition.

2011-08-01  Stef Walter <stefw@collabora.co.uk>

        * lib/pkcs11.c: Don't try to do PKCS#11 login if session is already
        logged in.   * It is possible for new PKCS#11 sessions to be logged in if    another logged in session already exists.   * In these cases, don't log in, but detect the condition and    return success.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-08-01  Stef Walter <stefw@collabora.co.uk>

        * lib/pkcs11_privkey.c: When finding private keys fail, return error
        code.   * Previously this would result in an endless loop.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-07  Stef Walter <stefw@collabora.co.uk>

        * configure.ac, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
        Use p11_kit_pin_xxx() functionality when 'pinfile' is in uris.   * This allows other apps to register a handler for a specific
           pinfile and then that application will be able to provide the PIN
           for those URIs.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-09  Stef Walter <stefw@collabora.co.uk>

        * lib/Makefile.am, lib/pkcs11_int.h: Use pkcs11.h specification file
        from p11-kit.   * Remove one included briefly in gnutls.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-09  Stef Walter <stefw@collabora.co.uk>

        * lib/pkcs11.c, src/cli.c, src/p11common.c, src/pkcs11.c,
        tests/suite/mini-eagain2.c: Fix up compiler warnings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-07  Stef Walter <stefw@collabora.co.uk>

        * configure.ac, doc/examples/Makefile.am, lib/Makefile.am,
        lib/auth_cert.c, lib/configure.ac, lib/gnutls_global.c,
        lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
        lib/includes/gnutls/pkcs11.h, lib/pakchois/dlopen.c,
        lib/pakchois/dlopen.h, lib/pakchois/errors.c,
        lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
        lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
        src/Makefile.am, src/certtool-common.c, src/certtool.c, src/cli.c,
        src/p11tool.c, src/serv.c: The attached patch ports gnutls to
        p11-kit.   * p11-kit is added as a dependency. p11-kit itself has no
           dependencies outside of basic libc stuff. The source code for
           p11-kit is available both in git and tarball form.   * If the gnutls dependency on p11-kit is disabled (via a configure    option) then the PKCS#11 support is disabled. This is useful in
           bare bones embedded systems or places where very minimal
           dependencies are limited.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-30  Stef Walter <stefw@collabora.co.uk>

        * src/cli.c: gnutls-cli: Fix uninitialized variable when PKCS#11
        uris in use.   * When PKCS#11 URIs are in use previously tried to free
           uninitialized memory. Initialize to zero.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_str.h, lib/gnutls_x509.c,
        lib/includes/gnutls/x509.h, lib/x509/x509.c, tests/x509cert.c: Added
        GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
        gnutls_x509_crt_list_import.  It checks whether the list to be
        imported is properly sorted.

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c: checking converted to gnutls_cert from pcert.

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey.c: removed unused variable

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/configure.ac, libextra/configure.ac: bumped
        version to 2.12.8

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_errors.c, lib/gnutls_x509.c,
        lib/includes/gnutls/gnutls.h.in: Added
        GNUTLS_E_CERTIFICATE_LIST_UNSORTED.  If a certificate list is loaded
        then verify that it is sorted with order to starts with the subject
        and finished with the trusted root. That way we make sure we don't
        send data that violate the TLS protocol.

2011-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-gaa.c, src/certtool.gaa: corrected typo

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented updates.

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/configure.ac, lib/gnutls.pc.in: only add zlib.pc if found.
        Corrected libs.private in nettle case.

2011-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fixes.

2011-07-25  Andreas Metzler <ametzler@downhill.at.eu.org>

        * lib/gcrypt/pk.c: Replaced all occurences of gcry_sexp_nth_mpi
        (..., 0) with gcry_sexp_nth_mpi (..., GCRYMPI_FMT_USG).

2011-07-25  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

        * lib/gnutls_buffers.c: writev_emu: stop on the first incomplete
        write Just like standard writev, we should only move on to the next block
        if all the previous ones have been successfully written out.
        Otherwise there is a potential for data loss and/or confusing push
        functions.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-29  Petr Písař <petr.pisar@atlas.cz>

        * lib/gnutls_privkey.c: Honor uninitialized private key in
        destructor Fixes bug #107730.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Corrected initialization of key when generating
        request. Reported by Petr Pisar.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_rsa_export.c, lib/x509/privkey.c,
        lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Crippled status of
        gnutls_x509_privkey_t was removed to avoid thread safety issues.

2011-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version.

2011-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11common.c: Limit the number of attempts with the same PIN,
        to avoid attempting again and again with a wrong PIN.

2011-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_write.c: When writing an object with CKA_TRUSTED set
        CKA_PRIVATE explicitly to FALSE, to allow the SO to write it.
        Reported by Rickard Bellgrim.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/Makefile.am: corrected makefile.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated news

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c, src/Makefile.am, src/p11common.c, src/pkcs11.c: 
        Corrections on security officer login.

2011-06-16  Rickard Bellgrim <rickard@opendnssec.org>

        * lib/pkcs11_write.c: The CKA_SUBJECT must be specified for a
        certificate.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/pkcs11.c: When
        setting the TRUSTED flag login as security officer.

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_write.c: write label in PKCS #11 privkey.

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
        lib/pkcs11_write.c: define ck_bool_t to be compatible with PKCS #11
        bool type.

2011-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c, lib/pkcs11_privkey.c: Return error code when an
        object is not found.  Only request for token insertion if the
        expected data is not found.  Based on patch by Stef Walter.

2011-06-06  Stef Walter <stefw@collabora.co.uk>

        * tests/suite/Makefile.am: tests: Build eagain-cli with correct
        libraries  * Add -ldl -lpthread to linker flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-30  Stef Walter <stefw@collabora.co.uk>

        * lib/pkcs11.c: pkcs11: Accept CKR_USER_ALREADY_LOGGED_IN as
        successful result for PAP Login  * When doing CKF_PROTECTED_AUTHENTICATION_PATH login, accept    CKR_USER_ALREADY_LOGGED_IN as a successful result.   * Another code path, or another consumer of the same PKCS#11 module    may have already logged in.   * This is what the non PAP code path already does.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dsa/testdsa: Corrected typo. Reported by Andreas Metzler.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/Makefile.am: regenerated Makefile.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/m4/hooks.m4: corrected .so version number.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: preparing for release.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c, lib/gnutls_sig.c, lib/nettle/pk.c,
        lib/x509/common.h, lib/x509/verify.c: Follow
        http://tools.ietf.org/html/draft-mavrogiannopoulos-tls-dss-00 in DSA
        signature generation.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: updates

2011-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-gtls-app.texi: Added parameter generation section.

2011-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Compatibility text updated.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fix.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Properly restore compression method on
        session resumption. Reported by Dash Shendy.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c, lib/gnutls_db.c, lib/gnutls_global.c,
        lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
        lib/nettle/rnd.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
        lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
        lib/openpgp/gnutls_openpgp.c, lib/system.c, lib/system.h,
        lib/x509/common.c, lib/x509/verify.c: Added
        gnutls_global_set_time_function() that allows overriding the default
        system time() function.

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-programs.texi: updated documentation on PSK.

2011-05-25  Giuseppe Scrivano <gscrivano@gnu.org>

        * doc/cha-programs.texi: PSK examples Hello, I have tried to set up a connection using PSK but I get this error
        message all the time: *** Fatal error: A TLS fatal alert has been received.  *** Received
        alert [40]: Handshake failed *** Handshake has failed GnuTLS error:
        A TLS fatal alert has been received.  I took the examples from the documentation.  the server: gnutls-serv -d 10 --pskpasswd psks.txt  \    --pskhint psk_identity_hint the client: gnutls-cli -p 5556 localhost --pskusername psk_identity \       --pskkey key (where epsk_identity and key are the same as in the psks.txt file) I have also tried to use "--priority +PSK:+DHE-PSK" both for the
        client and for the server without any difference.  Do you have any idea?  What am I missing? As proof that I have read the documentation, I have attached a small
        patch.  Thanks, Giuseppe From 009ccba073016787084a28047b633841d6784e54 Mon Sep 17 00:00:00
        2001 From: Giuseppe Scrivano <gscrivano@gnu.org> Date: Wed, 25 May
        2011 18:28:11 +0200 Subject: [PATCH] Fix example in the
        documentation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c: do not try to write to a socket when no
        data.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_pubkey.c: gnutls_pubkey_get_pk_dsa_raw() and
        gnutls_pubkey_get_pk_rsa_raw add leading zeros to the exported
        values.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: corrected file descriptor leak.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-common.c: corrected bug in load-pubkey.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11common.c: corrected message reporting.

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11common.c: Corrected PIN caching.

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/mpi.c: reduce the repetitions for rabin-miller to a
        sensible value.

2011-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * cfg.mk: updated

2011-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: released

2011-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version

2011-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated

2011-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_str.c, lib/gnutls_str.h, lib/pkcs11.c: Correctly import
        and export pkcs11-urls with ID field set.

2011-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: update on compatibility issues text.

2011-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: doc update in gnutls_pkcs11_init()

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-preface.texi: removed references that produced nothing in
        pdf.

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: restructuring of nodes.

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Added discussion on compatibility issues.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/libgnutls.map: removed merge artifact

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
        lib/x509/crq.c, lib/x509/x509_write.c, tests/crq_key_id.c: Added
        gnutls_x509_crq_verify().

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/manpages/certtool.1, src/Makefile.am,
        src/certtool-common.c, src/certtool-common.h, src/certtool.c,
        src/common.c, src/p11common.c, src/p11common.h, src/pkcs11.c: 
        certtool can now load private keys and public keys from PKCS #11
        tokens (via URLs).

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_import_url() will
        correctly set algorithm of private key.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/Makefile.am, src/certtool.c, src/p11tool.c: No libgnutls-extra
        is required for certtool or p11tool.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/rng-fork.c: Do not use /tmp for temporary file. Just use the
        local (test) directory.

2011-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented guile fix.

2011-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * ChangeLog, NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: added Kalle.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, THANKS, lib/gnutls_str.c, lib/gnutls_str.h,
        lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c: 
        _gnutls_hostname_compare() was incredibly slow when over ten
        wildcards were present. Set a limit on 6 wildcards to avoid any
        denial of service attack. Reported by Kalle Olavi Niemitalo.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_str.c, lib/opencdk/misc.c: Use c_toupper to avoid
        converting characters non in the english ASCII set. Reported by
        Kalle Olavi Niemitalo.

2011-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, tests/Makefile.am: Added
        gnutls_certificate_get_issuer() to allow getting the issuer a
        certificate from the certificate credentials structure.

2011-04-30  Andreas Metzler <ametzler@downhill.at.eu.org>

        * libextra/gnutls_ia.c: Grammar fix: allows *one* to ...  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-04-30  Andreas Metzler <ametzler@downhill.at.eu.org>

        * doc/manpages/p11tool.1: escape dashes in manpage Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-04-28  Ludovic Courtès <ludo@gnu.org>

        * guile/modules/Makefile.am, guile/modules/gnutls/build/tests.scm,
        guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
        guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
        guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
        guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
        guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm: guile:
        Fix tests to match the `exit' behavior introduced in Guile 2.0.1.  This fix makes tests behave correctly wrt. to the Guile bug fix at

        <http://git.sv.gnu.org/cgit/guile.git/commit/?id=e309f3bf9ee910c4772353ca3ff95f6f4ef466b5>.

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls.pc.in: removed pakchois dependency

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/hostname-check.c: Removed incorrect test on IPAddresses (was
        relying on IPaddresses encoded as text)

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * ChangeLog, cfg.mk: updated changelog.

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: released

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: corrected type

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: bumped version

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: document fixes.

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() will
        never compare against IPaddress.  (previous comparison was flawed)

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: corrected

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c, src/cli.c: removed keyid_t types.

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c: Use get_cert_callback() in server side.

2011-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_cert.h,
        lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/openpgp_int.h,
        lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c: 
        Several cleanups and fixes regarding the openpgp_keyid_t.

2011-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: header fixes.

2011-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/m4/hooks.m4: pakchois is always included.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_priority.c: Restored HMAC-MD5 for compatibility.
        Although considered weak, several sites require it for connection.
        It is enabled for "NORMAL" and "PERFORMANCE" priority strings.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cxx.cpp: removed unneeded comment.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Reorganized sections in documentation.

2011-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi, lib/gnutls_buffers.c: Removed text about
        select().

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/Makefile.am, lib/configure.ac: check for libdl that
        pakchois needs.

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/gl/hmac-md5.c, libextra/gl/memxor.c,
        libextra/gl/memxor.h: renamed memxor to gl_memxor.

2011-04-12  Ludovic Courtès <ludo@gnu.org>

        * NEWS, src/certtool-common.c, src/certtool.c, src/p11tool.c,
        tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: 
        Don't include <gcrypt.h> when it's not needed.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fix.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: Do not rely on lowat being set.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in: gnutls_transport_set_global_errno()
        is deprecated.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/eagain-common.h, tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
        tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
        tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c: 
        Combined the safe renegotiation tests with the again-common lib.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgp-certs/testselfsigs: Use --infile in certtool to
        avoid issues with streams in windows.  Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/armor.c: Changes armor.c to be able to handle both LF
        and CRLF inputs (output is still either LF-only or CRLF-only
        depending on the platform). Patch by LRN.  Optimizations in the usage of strlen().

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c, src/crypt.c, src/psk.c, src/serv.c, src/tests.c: Define
        variables within the intended scope (not windows). Based on patch by
        LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/pkcs11.c: 
        Use getpass.h (from gnulib). Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/dlopen.c: Return correct value for dlclose() in
        windows. Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgp-auth.c: Disable openpgp-auth run in windows due to
        lack of socketpair(). Patch by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * cfg.mk: updated

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/configure.ac, lib/m4/hooks.m4, libextra/configure.ac: 
        updated version

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/common.c: more leaks fixed in common.c

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c: Corrected leaks in gnutls_pubkey_t
        deinitialization.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/chainverify.c: disable test in windows.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dh_common.c, lib/gnutls_privkey.c: more fixes.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/mini-x509-rehandshake.c, tests/mini-x509.c: combined more
        tests with eagain-common.h.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/auth_dh_common.c, lib/gnutls_privkey.c,
        lib/gnutls_x509.c, lib/nettle/pk.c, lib/pakchois/pakchois.c,
        lib/pakchois/pakchois.h, lib/pkcs11.c, tests/mini-x509.c: Corrected
        memory leaks.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Do not run the
        test scripts in win32 environment.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, tests/Makefile.am, tests/suite/Makefile.am,
        tests/suite/Makefile.in: Better way of not including the tests/suite
        directory. Based on discussion with LRN and Vincent Torri.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/Makefile.am: added missing file

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c: Initialized ret in _gnutls_writev_emu()

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/x509.h: doc fix.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/system.c: removed unneeded variable.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c: Corrected check for an unknown sign algorithm.
        Patch by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/output.c: Do not use %e in strftime. Use %d instead
        which is identically available in windows as well.  Based on patch
        by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/output.c, tests/certuniqueid.c: Fixed mismatch in size_t
        size. Patch by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c: win32 fixes for set_global_errno(). Based on
        patch by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/benchmark.c: Win32 changes for benchmark. Patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
        tests/pskself.c, tests/resume.c, tests/rng-fork.c, tests/x509dn.c,
        tests/x509self.c: win32 fixes. Patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c: 
        simplified cdk_trim_string() to make it safer to use.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey_pkcs8.c: correctly reset params.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: correctly compare sign algorithm_st.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/Makefile.am, lib/opencdk/context.h,
        lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
        lib/opencdk/verify.c: removed unused code

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/armor.c: null terminate the armored string

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: properly null terminate string.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/common.c, src/pkcs11.c: check PIN size.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/crypt.c: check salt size.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/read-packet.c: more clear bounds checking

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey.c: initialize e and d.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_write.c: deinitialize pks variable only when needed.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/pgpverify.c: Initialize verify.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: initialize session_id_size.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/misc.c, lib/opencdk/opencdk.h: removed unneeded
        function.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c: correctly traverse slots

2011-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Initialize tinfo using the initially available
        information.

2011-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/eagain-common.h, tests/mini-eagain.c, tests/mini.c: The
        mini-* programs were combined. (backported from master branch)

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/Makefile.am: Compile ex-cert-select-pkcs11 as a
        separate program.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/init.c: gcrypt.h is not really needed. Reported by
        David Reiser.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac: documented fix.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_srp.c: Corrected bug in gnutls_srp_verifier() that
        prevented the allocation of a verifier. Reported by Andrew Wiseman.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c, src/crypt.gaa: 
        Added debug option to srptool.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: Documented p11-kit.

2011-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-library.texi: corrected typo

2011-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/m4/hooks.m4: bumped version

2011-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, src/certtool-gaa.c, src/certtool.gaa: Generate certificate
        request with stricter permissions. Reported by Luca Capello.

2011-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgp-certs/testcerts: made more silent.

2011-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Made scripts
        bourne shell compliant and not bash.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/gnutls_ia.c: removed ext_mod_ia definition.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/m4/hooks.m4: bumped version.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented changes.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: e-mail addresses are not directly recognizable.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/stream.c: Corrected access to freed memory location.
        Reported by Vitaly Kruglikov.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: added Mark and Vitaly to THANKS.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/system.c: Corrected windows system_errno() function. Reported
        and patch by Mark Brand.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h: C++ compatibility fix for compat.h.
        Suggested by Mark Brand.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/verify.c: Corrected uninitialized var deinitiation.
        Reported by Vitaly Kruglikov.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/ext_inner_application.h, libextra/gnutls_ia.c: Define
        ext_mod_ia in gnutls_ia.c only.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: eliminate compiler warning. Reported by Andreas
        Metzler.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fix size of
        gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE
        definition.  Reported by Andreas Metzler.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/build-aux/config.rpath: updated

2011-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: fixed version

2011-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * guile/tests/Makefile.am: added missing files.

2011-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac: bumped version

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
        lib/pkcs11.c, lib/x509/crl.c: documentation fixes.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented fix

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dsa/testdsa: Added DSA tests for client certificates as
        well.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_handshake.c,
        lib/gnutls_sig.c, lib/includes/gnutls/abstract.h, lib/x509/verify.c: 
        Simplified signature algorithm selection.

2011-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c: corrected parameter.

2011-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
        lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/x509/privkey.c: 
        Documentation fixes and cleanups.

2011-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c: fixed backport.

2011-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c: ensure addition to application data buffers
        is occuring only after a successful handshake.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/announce.txt: updated

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/announce.txt: updated announce

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: typo

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dsa/testdsa: make gnutls-cli more quiet.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented changes.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, tests/Makefile.am, tests/dsa/Makefile.am,
        tests/dsa/cert.dsa.1024.pem, tests/dsa/cert.dsa.2048.pem,
        tests/dsa/cert.dsa.3072.pem, tests/dsa/dsa.1024.pem,
        tests/dsa/dsa.2048.pem, tests/dsa/dsa.3072.pem, tests/dsa/testdsa,
        tests/suite/Makefile.in: Added test to verify connections with DSA
        keys of various sizes.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_sig.c,
        lib/includes/gnutls/gnutls.h.in: Return a special error code if DSA
        keys with over 1024 are being used with TLS 1.x, x<2.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: warn on generation of DSA keys of over 1024 bits.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: truncate hash size when asking to sign or verify
        DSA with a longer hash.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented changes.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/privkey.c: read correct algorithm when decrypting data
        and use correct number of private parameters.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c, tests/Makefile.am, tests/rng-fork.c: Corrected
        nettle's RNG behavior on fork and added a test case.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented gnutls_pubkey_import_openpgp change.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * guile/tests/openpgp-auth.scm: enabled RSA and removed debugging.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
        lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
        tests/openpgp-auth.c: gnutls_pubkey_t and gnutls_privkey_t can
        import either an openpgp subkey or a master key.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * guile/tests/openpgp-auth.scm, guile/tests/openpgp-elg-pub.asc,
        guile/tests/openpgp-elg-sec.asc, guile/tests/openpgp-keys.scm,
        guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc: split the
        pgp keys to elgamal and dsa.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
        lib/openpgp/pgp.c, lib/openpgp/privkey.c: introduced
        GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: On unknown public key algorithms return
        Unknown name.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c: Read the public key algorithm from the
        selected subkey and not the master key when importing to a
        gnutls_privkey.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/gnutls_openpgp.c, tests/openpgpself.c: Documentation
        fixed. Added fresh keys to test.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgpself.c: Test openpgp authentication with DSA-2048 bit
        keys as well.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/pgp.c: gnutls_openpgp_crt_get_auth_subkey() will no
        longer return an unsupported subkey.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: Corrected verification of DSA-2048 keys.
        Reported by teddy@fukt.bsnet.se.

2011-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Added
        gnutls_transport_set_vec_push_function().

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: Added DSA-SHA256, DSA-SHA224 and
        RSA-SHA224 to the supported signature algorithms list. Suggested by
        teddy@fukt.bsnet.se

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_v2_compat.c: correctly set compression method in SSL V2
        client hello.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c: do not set default record version (i.e. SSL
        3.0) during a re-handshake.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: default behavior is to send SSL3.0 client
        hellos.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_priority.c: corrected ssl3 record version sending in
        client hello.

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/announce.txt: corrected name of
        gnutls_transport_set_vec_push_function

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/Makefile.am: link libgnutls-extra against libgcrypt if
        required. Based on patch by Andreas Metzler
        <ametzler@downhill.at.eu.org>

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/m4/hooks.m4, libextra/Makefile.am: increased the so
        version of libgnutls-openssl.

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated NEWS with Andreas' comments.

2011-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/Makefile.am: updated

2011-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: bumped version.

2011-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/suite/Makefile.in: updated

2011-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c, lib/gnutlsxx.cpp, lib/libgnutls.map: 
        gnutlsxx.cpp for some reason cannot use deprecated functions. Added
        _gnutls_transport_set_lowat() as an internal symbol to be used.

2011-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac: changed for 2.11.7 release.

2011-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac: bumped version.

2011-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in: Deprecated
        gnutls_transport_set_lowat().

2011-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Allow providing no password for PKCS #12 structure
        generation. Reported by Daniel Kahn Gillmor.

2011-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-cfg.c: consistently print all interactive questions
        to stderr. Reported by Daniel Kahn Gillmor.

2011-02-28  Andreas Metzler <ametzler@downhill.at.eu.org>

        * lib/libgnutls.map: fix duplicate symbols in version script These three symbols are listed both in the GNUTLS_2_8 and the
        GNUTLS_2_10 section. binutils uses the first occurence, drop the
        second one.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c: Restrict the signature algorithms we
        advertize to SHA1 and SHA256.

2011-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: updates on -ALL priorities.

2011-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: corrected finished packet check.

2011-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/announce.txt: updated for 2.12

2011-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: Detect fork() in the random number generator and
        reseed.

2011-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: corrected documentation of
        gnutls_transport_set_vec_push_function in NEWS.

2011-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c, lib/gnutls_state.c,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Renamed
        gnutls_transport_set_push_function2() to
        gnutls_transport_set_vec_push_function().

2011-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_session_pack.c: store entities as numbers to avoid
        issues in big-little endian machines.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented gnutls_transport_set_push_function2().

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/compat.h,
        lib/libgnutls.map, lib/x509/crq.c: Remove
        gnutls_x509_crq_get_preferred_hash_algorithm.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/privkey.c: Fix docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Fix deprecated docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crl_write.c: Add deprecated docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Remove dropped functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/libgnutls.map: Drop removed functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_psk_netconf.c: Fix docstring of deprecated function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cert.c: Fix docstring for deprecated functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_pubkey.c: Fix docstring of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * doc/reference/gnutls-docs.sgml: Improve text.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * doc/reference/gnutls-docs.sgml: Fix typo.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_pubkey.c: Fix docstrinf of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/openpgp/privkey.c: Fix docstring of deprecated function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_sig.c: Make it build.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crl.c: Doc fix of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix description.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/crq.c,
        lib/x509/sign.c, tests/x509sign-verify.c: Rename
        gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and
        gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash.  These were added during the 2.11 cycle where we don't promise ABI
        compatibility.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cert.c, lib/gnutls_extensions.c, lib/gnutls_privkey.c,
        lib/x509/privkey.c: Fix docstring of deprecated functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls-crypto-layers.eps: Add doc/gnutls-crypto-layers.eps.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Dist gnutls-crypto-layers.*.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/Makefile.am: Add abstract_int.h.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * lib/Makefile.am: Link with -lnettle too.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Ignore more.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am, doc/cha-programs.texi, lib/gnutls_privkey.c,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/openpgp/pgp.c: Fix syntax-check warnings.

2011-02-20  Simon Josefsson <simon@josefsson.org>

        * GNUmakefile, build-aux/arg-nonnull.h, build-aux/c++defs.h,
        build-aux/config.rpath, build-aux/gendocs.sh,
        build-aux/pmccabe2html, build-aux/update-copyright,
        build-aux/useless-if-before-free, build-aux/vc-list-files,
        build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c, gl/alignof.h,
        gl/alloca.c, gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c,
        gl/bind.c, gl/c-ctype.c, gl/c-ctype.h, gl/close-hook.c,
        gl/close-hook.h, gl/close.c, gl/connect.c, gl/errno.in.h,
        gl/error.c, gl/error.h, gl/fclose.c, gl/float+.h, gl/float.in.h,
        gl/fseeko.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c,
        gl/getdelim.c, gl/getline.c, gl/getpass.c, gl/getpass.h,
        gl/gettext.h, gl/gettime.c, gl/gettimeofday.c, gl/inet_ntop.c,
        gl/inet_pton.c, gl/intprops.h, gl/listen.c, gl/lseek.c,
        gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
        gl/m4/asm-underscore.m4, gl/m4/autobuild.m4, gl/m4/clock_time.m4,
        gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
        gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/fcntl-o.m4,
        gl/m4/fcntl_h.m4, gl/m4/float_h.m4, gl/m4/fseeko.m4,
        gl/m4/ftello.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
        gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
        gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
        gl/m4/hostent.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
        gl/m4/inet_pton.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
        gl/m4/ioctl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
        gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
        gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/memchr.m4,
        gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/multiarch.m4,
        gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/perror.m4,
        gl/m4/pipe.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
        gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
        gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
        gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
        gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
        gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
        gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strerror.m4,
        gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
        gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
        gl/m4/time_h.m4, gl/m4/timespec.m4, gl/m4/ungetc.m4,
        gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
        gl/m4/version-etc.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4,
        gl/m4/wchar_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4,
        gl/m4/xsize.m4, gl/malloc.c, gl/memchr.c, gl/minmax.h,
        gl/netdb.in.h, gl/netinet_in.in.h, gl/perror.c, gl/printf-args.c,
        gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
        gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
        gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
        gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
        gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
        gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
        gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
        gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
        gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
        gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/dummy.c,
        gl/tests/fcntl.in.h, gl/tests/getpagesize.c, gl/tests/init.sh,
        gl/tests/ioctl.c, gl/tests/macros.h, gl/tests/pipe.c,
        gl/tests/signature.h, gl/tests/sys_ioctl.in.h,
        gl/tests/test-alignof.c, gl/tests/test-alloca-opt.c,
        gl/tests/test-arpa_inet.c, gl/tests/test-binary-io.c,
        gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
        gl/tests/test-fcntl-h.c, gl/tests/test-fseeko.c,
        gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
        gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
        gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
        gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c,
        gl/tests/test-lseek.c, gl/tests/test-memchr.c,
        gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
        gl/tests/test-perror.c, gl/tests/test-pipe.c,
        gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
        gl/tests/test-select-stdin.c, gl/tests/test-select.c,
        gl/tests/test-snprintf.c, gl/tests/test-sockets.c,
        gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
        gl/tests/test-stdint.c, gl/tests/test-stdio.c,
        gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
        gl/tests/test-string.c, gl/tests/test-sys_ioctl.c,
        gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
        gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
        gl/tests/test-sys_wait.h, gl/tests/test-time.c,
        gl/tests/test-unistd.c, gl/tests/test-update-copyright.sh,
        gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
        gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
        gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
        gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
        gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/vasnprintf.c,
        gl/vasnprintf.h, gl/verify.h, gl/version-etc-fsf.c,
        gl/version-etc.c, gl/version-etc.h, gl/w32sock.h, gl/wchar.in.h,
        gl/xsize.h, lib/build-aux/arg-nonnull.h, lib/build-aux/c++defs.h,
        lib/build-aux/config.rpath, lib/build-aux/warn-on-use.h,
        lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
        lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
        lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
        lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
        lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/ftello.c,
        lib/gl/gettext.h, lib/gl/lseek.c, lib/gl/m4/00gnulib.m4,
        lib/gl/m4/alloca.m4, lib/gl/m4/asm-underscore.m4,
        lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
        lib/gl/m4/extensions.m4, lib/gl/m4/fcntl-o.m4,
        lib/gl/m4/fcntl_h.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
        lib/gl/m4/ftello.m4, lib/gl/m4/func.m4, lib/gl/m4/getpagesize.m4,
        lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
        lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-common.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/gnulib-tool.m4,
        lib/gl/m4/iconv.m4, lib/gl/m4/include_next.m4,
        lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4, lib/gl/m4/intldir.m4,
        lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
        lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
        lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
        lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
        lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
        lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
        lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
        lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
        lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
        lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
        lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
        lib/gl/m4/socketlib.m4, lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4,
        lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4,
        lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
        lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
        lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
        lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
        lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
        lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
        lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
        lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar_h.m4,
        lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4, lib/gl/m4/xsize.m4,
        lib/gl/malloc.c, lib/gl/memchr.c, lib/gl/memmem.c, lib/gl/minmax.h,
        lib/gl/netdb.in.h, lib/gl/printf-args.c, lib/gl/printf-args.h,
        lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/read-file.c,
        lib/gl/read-file.h, lib/gl/realloc.c, lib/gl/size_max.h,
        lib/gl/snprintf.c, lib/gl/sockets.c, lib/gl/sockets.h,
        lib/gl/stdbool.in.h, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
        lib/gl/stdio-impl.h, lib/gl/stdio-write.c, lib/gl/stdio.in.h,
        lib/gl/stdlib.in.h, lib/gl/str-two-way.h, lib/gl/strcasecmp.c,
        lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/strncasecmp.c,
        lib/gl/strverscmp.c, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
        lib/gl/tests/Makefile.am, lib/gl/tests/binary-io.h,
        lib/gl/tests/dummy.c, lib/gl/tests/fcntl.in.h,
        lib/gl/tests/getpagesize.c, lib/gl/tests/init.sh,
        lib/gl/tests/intprops.h, lib/gl/tests/macros.h,
        lib/gl/tests/signature.h, lib/gl/tests/test-alloca-opt.c,
        lib/gl/tests/test-binary-io.c, lib/gl/tests/test-byteswap.c,
        lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
        lib/gl/tests/test-fcntl-h.c, lib/gl/tests/test-fseeko.c,
        lib/gl/tests/test-ftello.c, lib/gl/tests/test-ftello3.c,
        lib/gl/tests/test-func.c, lib/gl/tests/test-memchr.c,
        lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
        lib/gl/tests/test-snprintf.c, lib/gl/tests/test-sockets.c,
        lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
        lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
        lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
        lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
        lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
        lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-time.c,
        lib/gl/tests/test-unistd.c, lib/gl/tests/test-vasnprintf.c,
        lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
        lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
        lib/gl/tests/zerosize-ptr.h, lib/gl/time.in.h, lib/gl/time_r.c,
        lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/vasnprintf.h,
        lib/gl/vasprintf.c, lib/gl/verify.h, lib/gl/vsnprintf.c,
        lib/gl/w32sock.h, lib/gl/wchar.in.h, lib/gl/xsize.h,
        libextra/build-aux/config.rpath, libextra/gl/gnulib.mk,
        libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
        libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
        libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
        libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
        libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
        libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
        libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
        libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
        maint.mk: Update gnulib files.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1
        as hash. That is we reverted to previous gnutls behavior. That
        violates DSS but all implementations handle it like that.

2011-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: reorganization of ciphersuite discussion.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: Allow using the minus "-" in the -ALL
        priority strings.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: The safe renegotiation ciphersuite is not
        required to be registered.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dhe_psk.c: Corrected bug in DHE-PSK in freeing
        username/key.

2011-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_extensions.c, lib/gnutls_sig.c: Corrected
        signature generation and verification in the Certificate Verify
        message when in TLS 1.2. Reported by Todd A. Ouska.

2011-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_state.c: removed duplicate assignments.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented DHE-PSK fix.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutlsxx.cpp: deprecated the old priority functions in C++
        API.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_psk.c: fix in PSK.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
        src/common.c, src/common.h, src/serv-gaa.c, src/serv-gaa.h,
        src/serv.c, src/serv.gaa: Removed deprecated option such as
        --protocols, ciphers etc.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe_psk.c,
        lib/auth_psk.c, lib/auth_psk.h: Callback function is being called in
        both PSK-DHE and PSK.  Using the callback function will not
        overwrite the credentials, which were wrongly being overwritten
        using the retrieved username/key.  The credentials structure is now
        accessed for reading only, as it should have been.  (backported)

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/gnutls_openssl.c, libextra/includes/gnutls/openssl.h: 
        updated openssl layer to new priority functions (untested).

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: removed unused variable.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_sig.c: Allow DSA2 even in protocols before TLS
        1.2.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_pk.c,
        lib/gnutls_sig.c: In TLS 1.2 under DSS use the hash algorithm
        required by DSS.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/anonself.c, tests/dhepskself.c, tests/mini-eagain.c,
        tests/mini.c, tests/openpgp-auth.c, tests/pskself.c, tests/resume.c: 
        Modernized the test applications that now use the
        gnutls_priority_set_direct().

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c: corrected bug in reading signature algorithms
        for including in the signature algo extension.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: SRP and PSK are no longer set on the
        default priorities. They have to be explicitly set.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-programs.texi: Added documentation on p11tool.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: removed GCM mode from documentation.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi, doc/cha-library.texi,
        doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
        lib/gnutls_priority.c, src/common.c: Moved documentation of priority
        strings to manual and removed information from manpages and function
        pages that now reference the manual section.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
        deprecated the old set_priority functions.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
        lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Several updates in
        signature algorithms parsing and sending to avoid sending invalid
        signature algorithms.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_record.c: Corrected return message from
        check_recv_type().

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_hash_int.c: check the error of hash set_key.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
        doc/examples/ex-client-tlsia.c, libextra/includes/gnutls/extra.h,
        tests/Makefile.am, tests/tlsia.c: Removed documentation and tests
        related to TLS/IA.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_int.h: Added IV to max_record_overhead.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/includes/gnutls/extra.h: Deprecated the Inner Application
        extension.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
        gnutls_certificate_verify_peers is deprecated.

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gnutls.pc.in, lib/m4/hooks.m4: Add the nettle
        libs into gnutls.pc.

2011-02-05  Andreas Metzler <ametzler@downhill.at.eu.org>

        * lib/configure.ac, lib/gnutls.pc.in, lib/m4/hooks.m4: [PATCH 1/4]
        adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to
        AC_LIB_HAVE_LINKFLAGS [PATCH 2/4] pkg-config: Move libtasn1 from
        Libs.private to Requires.private since libtasn1 provides a .pc file.
        [PATCH 3/4] pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private.
        This library only contains gnutls itself nowadays, which is in Libs
        already.  [PATCH 4/4] pkg-config: If gnutls is built with zlib
        support list zlib in Requires.private.

2011-02-04  Simon Josefsson <simon@josefsson.org>

        * doc/cha-ciphersuites.texi, doc/signatures.texi: Fix MD2
        documentation.  Suggested by "brian m. carlson" <sandals@crustytoothpaste.net> in
        debian bug #464625.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/README.CODING_STYLE: updated coding style.

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in: Deprecated gnutls_certificate_get_*
        functions.

2011-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-bib.texi: Updated references of rfc5081 to rfc6091.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/x509paths/chain: better output in chain output.

2011-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/x509.h, lib/x509/crl.c,
        lib/x509/verify.c, lib/x509/x509.c: exported
        gnutls_x509_crl_get_raw_issuer_dn()

2011-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/x509.c: corrected typos

2011-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c: CKR_CRYPTOKI_ALREADY_INITIALIZED is not
        treated as an error, and Finalize is not called in that case.

2011-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
        lib/openpgp/privkey.c: Reverted removal of
        gnutls_openpgp_privkey_sign_hash() to retain compatibility with
        2.10.x. That function is now deprecated instead.

2011-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c: Added checks before importing keys and
        updated documentation.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/suite/Makefile.in: updated Makefile.in

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-crq.c, lib/configure.ac,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/x509.h, src/certtool.c, tests/crq_key_id.c: 
        fixes in internal build with the new deprecated functions. We allow
        them to be used since they are inter-dependent.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/x509_int.h: replaced old gnutls_pk_algorithm.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h: depends on gnutls/x509.h to compile.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/x509/crl_write.c: deprecated gnutls_x509_crl_sign(),
        gnutls_x509_crl_sign2() and
        gnutls_x509_crq_get_preferred_hash_algorithm().

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/x509/crq.c: Deprecated gnutls_x509_crq_sign2() and
        gnutls_x509_crq_sign() in favor for gnutls_x509_crq_privkey_sign().

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/libgnutls.map: minor fixes.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/libgnutls.map, lib/x509/privkey.c, lib/x509/x509.c,
        src/certtool.c, tests/cve-2009-1415.c, tests/x509sign-verify.c: 
        gnutls_x509_crt_verify_hash: DEPRECATED gnutls_x509_crt_verify_data:
        DEPRECATED gnutls_x509_crt_get_verify_algorithm: DEPRECATED
        gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED Removed the
        new gnutls_x509_privkey_sign_data2() and
        gnutls_x509_privkey_sign_hash2().  That functionality will be only in the abstract.h pubkey and privkey
        structures, to avoid duplication for every certificate type.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/serv.c: Simplified macro to snprintf() in order to prevent
        issues caused when snprintf() is a macro itself. Reported and
        initial patch by Camillo Lugaresi.

2011-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/suite/Makefile.in: Revert "Remove, it is generated." This reverts commit de3a601e502b24f047412a161085f7fbd898b3f3 because
        this file is not automatically generated (not included in top
        Makefile.am).

2011-01-02  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4: Specify minimum libgcrypt version.

2010-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-internals.texi: Added discussion on crypto backend for
        crypto libraries and /dev/crypto.

2010-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/x509/crq.c, lib/x509/privkey.c, lib/x509/sign.c: Renamed
        gnutls_privkey_sign_data() to  gnutls_privkey_sign_data2() to match
        the similar function gnutls_x509_privkey_sign_data2().
        gnutls_x509_privkey_sign_data() was deprecated.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_str.c: Extra sanity check.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_srp_passwd.c: Use snprintf() to print an integer.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/output.c: Use snprintf() to print IPs. There was a check
        just before that, but be safe, just in case.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-auth.texi: Use SRP for password authentication.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-auth.texi, lib/gnutls_cert.c, lib/gnutls_extensions.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_state.c,
        lib/includes/gnutls/compat.h, lib/x509/privkey.c: Do not include
        deprecated functions to library documentation.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
        lib/x509/privkey.c: gnutls_x509_privkey_verify_data() was
        deprecated.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c: Documented key usage of pubkey.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c: Set public key bits on all import functions.
        Issue reported by Murray Kucheawy.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
        gnutls_pkcs11_privkey_sign_data(),
        gnutls_pkcs11_privkey_sign_hash2() and
        gnutls_pkcs11_privkey_decrypt_data() were removed. The abstract.h
        functions should be used instead.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/openpgp.h,
        lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
        lib/openpgp/privkey.c: Removed the newly added functions:
        gnutls_openpgp_privkey_sign_hash2(),
        gnutls_openpgp_privkey_sign_data2(),
        gnutls_openpgp_crt_verify_hash() That way the operations in
        abstract.h should be used to get the same functionality, and API
        will be kept simple and easier to maintain. The corresponding
        gnutls_x509_* are kept for backwards compatibility.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: Do not be strict on RSA hash algorithm selection
        for signatures.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_cert.h, lib/gnutls_sig.c, lib/gnutls_x509.c: Removed
        unneeded definitions, and more careful deinitializations in
        parse_der_cert_mem().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/pathlen/ca-no-pathlen.pem,
        tests/pathlen/no-ca-or-pathlen.pem: updated certificates to account
        for extra null byte added in negative numbers.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/cve-2009-1415.c: Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c: Corrected bug in gnutls_privkey_sign_data().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: some fixes in pk_prepare_hash().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_pubkey.c, lib/openpgp/pgp.c, lib/x509/privkey.c,
        lib/x509/verify.c, lib/x509/x509.c, tests/x509sign-verify.c: The
        verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on
        signature verification error.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11tool-gaa.c, src/p11tool.gaa: The default input format for
        p11tool is PEM.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c: importing a pubkey from raw params will set
        the bits field correctly.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented the addtion of gnutls_pubkey_import_privkey() and
        gnutls_pubkey_verify_data()

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
        lib/libgnutls.map, lib/x509/verify.c, tests/x509sign-verify.c: Added
        gnutls_pubkey_verify_data and test vectors.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/errcodes.c, doc/examples/ex-alert.c,
        doc/examples/ex-cert-select-pkcs11.c,
        doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
        doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
        doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
        doc/examples/ex-client2.c, doc/examples/ex-crq.c,
        doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
        doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
        doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
        doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
        doc/examples/examples.h, doc/examples/tcp.c, doc/printlist.c,
        guile/src/core.c, guile/src/extra.c, guile/src/utils.h,
        lib/abstract_int.h, lib/auth_anon.c, lib/auth_cert.c,
        lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
        lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c,
        lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
        lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
        lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
        lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
        lib/cryptodev.c, lib/debug.c, lib/ext_cert_type.c,
        lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/gcrypt/cipher.c, lib/gcrypt/init.c,
        lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
        lib/gnutls_alert.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
        lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
        lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
        lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
        lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
        lib/gnutls_compress.h, lib/gnutls_constate.c,
        lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
        lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
        lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
        lib/gnutls_extensions.c, lib/gnutls_extensions.h,
        lib/gnutls_global.c, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
        lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
        lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
        lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
        lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
        lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
        lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
        lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
        lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
        lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
        lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
        lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
        lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
        lib/includes/gnutls/x509.h, lib/locks.c, lib/nettle/cipher.c,
        lib/nettle/egd.c, lib/nettle/mpi.c, lib/nettle/pk.c,
        lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h,
        lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
        lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
        lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
        lib/opencdk/misc.c, lib/opencdk/new-packet.c,
        lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
        lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c,
        lib/opencdk/stream.h, lib/opencdk/verify.c,
        lib/opencdk/write-packet.c, lib/openpgp/compat.c,
        lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
        lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
        lib/openpgp/privkey.c, lib/pakchois/pakchois.c,
        lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
        lib/pkcs11_write.c, lib/random.c, lib/system.c, lib/system.h,
        lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
        lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
        lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
        lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
        lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
        lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
        lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
        lib/x509_b64.c, lib/x509_b64.h, libextra/ext_inner_application.c,
        libextra/ext_inner_application.h, libextra/gnutls_extra.c,
        libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
        libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, libextra/openssl_compat.c,
        libextra/openssl_compat.h, maint.mk, src/benchmark.c,
        src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c,
        src/certtool-common.h, src/certtool.c, src/cli.c, src/common.c,
        src/common.h, src/crypt.c, src/p11tool.c, src/p11tool.h,
        src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
        src/tests.h, src/tls_test.c, tests/anonself.c,
        tests/certificate_set_x509_crl.c, tests/chainverify.c,
        tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
        tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/gc.c,
        tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
        tests/mini-x509.c, tests/mini.c, tests/mpi.c,
        tests/nul-in-x509-names.c, tests/openpgp-auth.c,
        tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c,
        tests/openssl.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
        tests/resume.c, tests/safe-renegotiation/srn0.c,
        tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
        tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
        tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
        tests/simple.c, tests/tlsia.c, tests/utils.c, tests/utils.h,
        tests/x509_altname.c, tests/x509_test.c, tests/x509dn.c,
        tests/x509self.c, tests/x509sign-verify.c: Indented code. Use same
        indentation but with -nut to avoid usage of tabs. In several editors
        tabs can be configured not to be 8 spaces and this produces
        artifacts with the current indentation that is a mixture of tabs and
        spaces.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c: _gnutls_privkey_get_public_mpis() handles
        openpgp keys.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
        lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
        gnutls_pubkey_import_privkey(), that will copy the public key from a
        gnutls_privkey_t structure.

2010-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/libgnutls.map: Do not export the non-existant symbols
        gnutls_pkcs11_privkey_sign_hash and gnutls_privkey_sign_hash.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented new functions

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Added new functions.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/libgnutls.map: Added new functions.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h: 
        de-deprecated gnutls_x509_crt_verify_hash()

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
        lib/openpgp/pgp.c, tests/x509sign-verify.c: Added
        gnutls_openpgp_crt_verify_hash().

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: added
        gnutls_privkey_sign_hash2()

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
        lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c: 
        Simplified preparation of signing code.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
        lib/gnutls_sig.h, lib/openpgp/gnutls_openpgp.h,
        lib/openpgp/privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
        lib/x509/Makefile.am, lib/x509/privkey.c, lib/x509/sign.c,
        lib/x509/sign.h: deprecated x509/sign.h and moved functionality of
        it in gnutls_sig.h.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/sign.c: pk_hash_data() will fail unless DSA or RSA are
        specified.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey.c: better comments

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c: 
        reorganization of the privkey_ functions().

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map,
        lib/openpgp/gnutls_openpgp.c, lib/x509/privkey.c: Introduced
        gnutls_*_privkey_sign_hash2() that is a high level function to
        produce signatures.

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
        lib/x509/sign.c, lib/x509/sign.h: Separated the sign_data functions
        to a hashing phase, a preparing phase, and the actual signing.

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented deprecated functions.

2010-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs11.h: All the sign hash functions were
        deprecated.

2010-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h: 
        gnutls_x509_privkey_sign_hash() is dangerous and was deprecated.
        Added some text explaining why some functions were deprecated.

2010-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented previous update.

2010-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey.c, lib/x509/x509.c: export_raw() functions now
        add leading zero in mpis.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/crypto.h: C++ fixes, tiny patch from "Brendan
        Doherty" <brendand@gentrack.com>.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/memchr.m4,
        gl/m4/printf.m4, gl/m4/stdint.m4, lib/gl/m4/fcntl-o.m4,
        lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/memchr.m4,
        lib/gl/m4/memmem.m4, lib/gl/m4/printf.m4, lib/gl/m4/stdint.m4: 
        Update gnulib files.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2010-12-07  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Don't fail on 'make distcheck'.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.11.6.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_str.c: Indent.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented SSL 3.0 record version change.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
        SSL3_RECORD_VERSION priority option is now the default. That is in
        order to not confuse non TLS 1.2 compliant implementations that
        don't like a TLS 1.2 record.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_str.c: simplified escape and unescape.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: Added Michael.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
        lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
        src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
        src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
        tests/openpgp-auth.c: Indent code.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * gl/override/top/maint.mk.diff: Remove.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Update.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
        src/p11tool.gaa: Fix syntax-check nits.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * .x-sc_bindtextdomain: Ignore more.

2010-12-06  Simon Josefsson <simon@josefsson.org>

        * GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
        build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
        gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
        gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
        gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
        gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
        gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
        gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
        gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
        gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
        gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
        gl/tests/Makefile.am, gl/tests/init.sh,
        gl/tests/test-select-stdin.c, gl/tests/test-select.c,
        gl/tests/test-update-copyright.sh, gl/tests/verify.h, gl/time.in.h,
        gl/unistd.in.h, gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h,
        lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
        lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
        lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
        lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
        lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
        lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
        lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
        lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
        lib/gl/tests/verify.h, lib/gl/time.in.h, lib/gl/unistd.in.h,
        lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h,
        libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/Makefile.am: Temporarily remove gendh test. It takes
        extremely long time under valgrind.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
        lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
        when writing parameters for RSA signatures. This makes us comply
        with RFC3279. Reported by Michael Rommel.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
        Tomas Mraz.  The gnutls-serv uses fixed allocated buffer for the response which
        can be pretty long if a client certificate is presented to it and
        the http header is large. This causes buffer overflow and heap
        corruption which then leads to random segfaults or aborts.  It was reported originally here:
        https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to
        snprintf so the buffer is never overflowed.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: increased revision

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/Makefile.am: Added p11tool.h

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: released 2.11.5

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-internals.texi: escaped chars.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-internals.texi: Updated extension writing code. Still not
        clear enough.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: PKCS #11 fixes

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
        URLs

2010-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/pkcs11.c: Prefix mechanism number with 0x.

2010-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
        SHA224.

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
        present.  Moved check to correct config and included resource.h
        header.

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: More details on the text

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Corrected copyright statement

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: Corrected copyright header. Added Niels.

2010-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
        lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c: 
        Reverted default behavior for verification and introduced
        GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT.  Thus by default V1
        trusted CAs are allowed, unless the new flag is specified.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Typo.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * tests/suite/Makefile.in: Remove, it is generated.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * README: No space at eol.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Ignore tests/suite for syntax-checks, not our code.

2010-11-25  Simon Josefsson <simon@josefsson.org>

        * README: Recommend git format-patch rather than git diff.

2010-11-24  Jeffrey Walton <noloader@gmail.com>

        * README: Attached is a proposed modification to the README file,
        including recent comments by Simon.

2010-11-23  Simon Josefsson <simon@josefsson.org>

        * guile/src/Makefile.am: Fix dependencies, fixes parallel builds.  Tiny patch from Graham Gower <graham.gower@gmail.com>.

2010-11-19  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Remove file.

2010-11-19  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, tests/suite/Makefile.in: Create Makefile in
        tests/suite/

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
        tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
        password and use a key only.

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/credentials/gnutls-http-serv: correctly set psk params.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: added info

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
        (add leading zero). Reported by Jeffrey Walton.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/mpi.c: cleanups

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-auth.texi, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
        method from netconf. The published RFC does not include this method
        and it is not known whether it has been used at all in practice. No
        need to support it.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
        and VERS-TLS-ALL priority strings.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c: Removed redundant error check. Reported by
        Nicolas Kaiser.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
        src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
        src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
        --list-mechanisms option to p11tool. Lists all mechanisms supported
        by a token.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
        for p11tool.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
        doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
        name.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
        to --export.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
        src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
        --help of p11tool.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to internal representation.  * When generating secret keys include a generic key type and a
        random ID.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: Added
        option --no-detailed-url to p11tool. More detailed url is the
        default now.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
        lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_secret.c, lib/pkcs11_write.c, src/pkcs11.c: Added
        gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to
        enable manipulating tokens purely from PKCS #11.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/README.gaa: Removed README.gaa.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore, src/Makefile.am, src/certtool-common.c,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa, src/p11tool-gaa.c,
        src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
        src/pkcs11.c: Introduced p11tool to separate PKCS #11 functionality
        from certtool.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/Makefile.am, tests/finished.c: Removed check on deprecated
        feature (finished).

2010-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
        Deprecated old functions.

2010-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: use @code for SAFE_RENEGOTIATION string.

2010-06-07  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: Doc fix.

2010-10-16  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Add.

2010-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/params.dh,
        tests/safe-renegotiation/testsrn, tests/suite/Makefile.am,
        tests/suite/README, tests/suite/eagain,
        tests/suite/ecore/eina_config.h,
        tests/suite/ecore/src/include/Eina.h,
        tests/suite/ecore/src/include/eina_accessor.h,
        tests/suite/ecore/src/include/eina_array.h,
        tests/suite/ecore/src/include/eina_benchmark.h,
        tests/suite/ecore/src/include/eina_binshare.h,
        tests/suite/ecore/src/include/eina_config.h,
        tests/suite/ecore/src/include/eina_convert.h,
        tests/suite/ecore/src/include/eina_counter.h,
        tests/suite/ecore/src/include/eina_cpu.h,
        tests/suite/ecore/src/include/eina_error.h,
        tests/suite/ecore/src/include/eina_file.h,
        tests/suite/ecore/src/include/eina_fp.h,
        tests/suite/ecore/src/include/eina_hamster.h,
        tests/suite/ecore/src/include/eina_hash.h,
        tests/suite/ecore/src/include/eina_inline_array.x,
        tests/suite/ecore/src/include/eina_inline_f16p16.x,
        tests/suite/ecore/src/include/eina_inline_f32p32.x,
        tests/suite/ecore/src/include/eina_inline_f8p24.x,
        tests/suite/ecore/src/include/eina_inline_fp.x,
        tests/suite/ecore/src/include/eina_inline_hash.x,
        tests/suite/ecore/src/include/eina_inline_list.x,
        tests/suite/ecore/src/include/eina_inline_log.x,
        tests/suite/ecore/src/include/eina_inline_mempool.x,
        tests/suite/ecore/src/include/eina_inline_rbtree.x,
        tests/suite/ecore/src/include/eina_inline_rectangle.x,
        tests/suite/ecore/src/include/eina_inline_str.x,
        tests/suite/ecore/src/include/eina_inline_stringshare.x,
        tests/suite/ecore/src/include/eina_inline_tiler.x,
        tests/suite/ecore/src/include/eina_inline_trash.x,
        tests/suite/ecore/src/include/eina_inline_ustringshare.x,
        tests/suite/ecore/src/include/eina_inlist.h,
        tests/suite/ecore/src/include/eina_iterator.h,
        tests/suite/ecore/src/include/eina_lalloc.h,
        tests/suite/ecore/src/include/eina_list.h,
        tests/suite/ecore/src/include/eina_log.h,
        tests/suite/ecore/src/include/eina_magic.h,
        tests/suite/ecore/src/include/eina_main.h,
        tests/suite/ecore/src/include/eina_matrixsparse.h,
        tests/suite/ecore/src/include/eina_mempool.h,
        tests/suite/ecore/src/include/eina_module.h,
        tests/suite/ecore/src/include/eina_quadtree.h,
        tests/suite/ecore/src/include/eina_rbtree.h,
        tests/suite/ecore/src/include/eina_rectangle.h,
        tests/suite/ecore/src/include/eina_safety_checks.h,
        tests/suite/ecore/src/include/eina_sched.h,
        tests/suite/ecore/src/include/eina_str.h,
        tests/suite/ecore/src/include/eina_strbuf.h,
        tests/suite/ecore/src/include/eina_stringshare.h,
        tests/suite/ecore/src/include/eina_tiler.h,
        tests/suite/ecore/src/include/eina_trash.h,
        tests/suite/ecore/src/include/eina_types.h,
        tests/suite/ecore/src/include/eina_unicode.h,
        tests/suite/ecore/src/include/eina_ustrbuf.h,
        tests/suite/ecore/src/include/eina_ustringshare.h,
        tests/suite/ecore/src/lib/Ecore.h,
        tests/suite/ecore/src/lib/Ecore_Getopt.h,
        tests/suite/ecore/src/lib/ecore.c,
        tests/suite/ecore/src/lib/ecore_anim.c,
        tests/suite/ecore/src/lib/ecore_app.c,
        tests/suite/ecore/src/lib/ecore_events.c,
        tests/suite/ecore/src/lib/ecore_exe.c,
        tests/suite/ecore/src/lib/ecore_getopt.c,
        tests/suite/ecore/src/lib/ecore_glib.c,
        tests/suite/ecore/src/lib/ecore_idle_enterer.c,
        tests/suite/ecore/src/lib/ecore_idle_exiter.c,
        tests/suite/ecore/src/lib/ecore_idler.c,
        tests/suite/ecore/src/lib/ecore_job.c,
        tests/suite/ecore/src/lib/ecore_main.c,
        tests/suite/ecore/src/lib/ecore_pipe.c,
        tests/suite/ecore/src/lib/ecore_poll.c,
        tests/suite/ecore/src/lib/ecore_private.h,
        tests/suite/ecore/src/lib/ecore_signal.c,
        tests/suite/ecore/src/lib/ecore_thread.c,
        tests/suite/ecore/src/lib/ecore_time.c,
        tests/suite/ecore/src/lib/ecore_timer.c,
        tests/suite/ecore/src/lib/eina_accessor.c,
        tests/suite/ecore/src/lib/eina_array.c,
        tests/suite/ecore/src/lib/eina_benchmark.c,
        tests/suite/ecore/src/lib/eina_binshare.c,
        tests/suite/ecore/src/lib/eina_chained_mempool.c,
        tests/suite/ecore/src/lib/eina_convert.c,
        tests/suite/ecore/src/lib/eina_counter.c,
        tests/suite/ecore/src/lib/eina_cpu.c,
        tests/suite/ecore/src/lib/eina_error.c,
        tests/suite/ecore/src/lib/eina_file.c,
        tests/suite/ecore/src/lib/eina_fp.c,
        tests/suite/ecore/src/lib/eina_hamster.c,
        tests/suite/ecore/src/lib/eina_hash.c,
        tests/suite/ecore/src/lib/eina_inlist.c,
        tests/suite/ecore/src/lib/eina_iterator.c,
        tests/suite/ecore/src/lib/eina_lalloc.c,
        tests/suite/ecore/src/lib/eina_list.c,
        tests/suite/ecore/src/lib/eina_log.c,
        tests/suite/ecore/src/lib/eina_magic.c,
        tests/suite/ecore/src/lib/eina_main.c,
        tests/suite/ecore/src/lib/eina_matrixsparse.c,
        tests/suite/ecore/src/lib/eina_mempool.c,
        tests/suite/ecore/src/lib/eina_module.c,
        tests/suite/ecore/src/lib/eina_private.h,
        tests/suite/ecore/src/lib/eina_quadtree.c,
        tests/suite/ecore/src/lib/eina_rbtree.c,
        tests/suite/ecore/src/lib/eina_rectangle.c,
        tests/suite/ecore/src/lib/eina_safety_checks.c,
        tests/suite/ecore/src/lib/eina_sched.c,
        tests/suite/ecore/src/lib/eina_share_common.c,
        tests/suite/ecore/src/lib/eina_share_common.h,
        tests/suite/ecore/src/lib/eina_str.c,
        tests/suite/ecore/src/lib/eina_strbuf.c,
        tests/suite/ecore/src/lib/eina_strbuf_common.c,
        tests/suite/ecore/src/lib/eina_strbuf_common.h,
        tests/suite/ecore/src/lib/eina_strbuf_template_c.x,
        tests/suite/ecore/src/lib/eina_stringshare.c,
        tests/suite/ecore/src/lib/eina_tiler.c,
        tests/suite/ecore/src/lib/eina_unicode.c,
        tests/suite/ecore/src/lib/eina_ustrbuf.c,
        tests/suite/ecore/src/lib/eina_ustringshare.c,
        tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
        tests/suite/params.dh, tests/suite/testsrn: Added tests/suite which
        contains tests to be executed during development time and will not
        be distributed (not included in make dist).  Added "ecore" and a new
        mini-eagain to test EAGAIN behavior.

2010-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: updated .gitignore.

2010-10-16  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/common.c: gnutls-cli: Print channel binding only in
        verbose mode.  Before it printed it after the 'Compression:' output, thus breaking
        Emacs starttls.el string searches.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.11.4.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Rename new symbol prefix after next stable
        branch instead of development branch.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/cha-bib.texi, doc/cha-gtls-app.texi: Document channel
        binding API.

2010-10-15  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
        src/common.c: Implement RFC 5929 tls-unique channel binding.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/manpages/Makefile.am, lib/gnutls_errors.c,
        lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map: Add gnutls_session_channel_binding API.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/gendh.c: Add self test gendh to check DH
        generation.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/openpgp-auth.c: Fix compiler warnings.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * guile/tests/Makefile.am, guile/tests/anonymous-auth.scm,
        guile/tests/dh-parameters.pem, guile/tests/openpgp-auth.scm,
        guile/tests/pkcs-import-export.scm,
        guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
        Don't generate DH primes in Guile self checks (for speed).

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/userid/userid: Cleanup, fixing distcheck.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/openpgp-auth.c: Make it work with srcdir != objdir.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * doc/reference/gnutls-docs.sgml: Improve GTK-DOC manual.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * .x-sc_two_space_separator_in_usage, lib/cryptodev.c,
        lib/m4/hooks.m4, lib/pakchois/pakchois11.h: Fix syntax-check
        warning.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh, build-aux/pmccabe2html, doc/fdl-1.3.texi,
        gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/float.in.h,
        gl/ftello.c, gl/getaddrinfo.c, gl/m4/errno_h.m4, gl/m4/error.m4,
        gl/m4/float_h.m4, gl/m4/ftello.m4, gl/m4/getpagesize.m4,
        gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
        gl/m4/include_next.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
        gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lseek.m4,
        gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/printf.m4,
        gl/m4/realloc.m4, gl/m4/servent.m4, gl/m4/size_max.m4,
        gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
        gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
        gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdlib_h.m4,
        gl/m4/time_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/malloc.c,
        gl/netdb.in.h, gl/netinet_in.in.h, gl/read-file.c, gl/realloc.c,
        gl/select.c, gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h,
        gl/stdio.in.h, gl/stdlib.in.h, gl/strerror.c, gl/string.in.h,
        gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
        gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
        gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/sys_ioctl.in.h,
        gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
        gl/tests/test-ftello.c, gl/tests/test-ftello.sh,
        gl/tests/test-ftello2.sh, gl/tests/test-ftello3.c,
        gl/tests/test-getaddrinfo.c, gl/tests/test-memchr.c,
        gl/tests/test-netdb.c, gl/tests/test-read-file.c,
        gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
        gl/tests/test-stdlib.c, gl/tests/test-sys_socket.c,
        gl/tests/test-sys_wait.h, gl/tests/test-update-copyright.sh,
        gl/tests/test-vc-list-files-cvs.sh,
        gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
        gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/wchar.in.h,
        lib/build-aux/config.rpath, lib/gl/Makefile.am, lib/gl/errno.in.h,
        lib/gl/float.in.h, lib/gl/ftello.c, lib/gl/m4/codeset.m4,
        lib/gl/m4/errno_h.m4, lib/gl/m4/fcntl-o.m4, lib/gl/m4/float_h.m4,
        lib/gl/m4/ftello.m4, lib/gl/m4/getpagesize.m4,
        lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4,
        lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
        lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
        lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
        lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
        lib/gl/m4/ld-version-script.m4, lib/gl/m4/lib-ld.m4,
        lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4, lib/gl/m4/lseek.m4,
        lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4,
        lib/gl/m4/minmax.m4, lib/gl/m4/printf-posix.m4,
        lib/gl/m4/printf.m4, lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4,
        lib/gl/m4/size_max.m4, lib/gl/m4/socketlib.m4,
        lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
        lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4,
        lib/gl/m4/stdlib_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
        lib/gl/m4/visibility.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
        lib/gl/malloc.c, lib/gl/netdb.in.h, lib/gl/read-file.c,
        lib/gl/realloc.c, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
        lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
        lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/sys_socket.in.h,
        lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/binary-io.h, lib/gl/tests/getpagesize.c,
        lib/gl/tests/init.sh, lib/gl/tests/test-binary-io.c,
        lib/gl/tests/test-binary-io.sh, lib/gl/tests/test-ftello.c,
        lib/gl/tests/test-ftello.sh, lib/gl/tests/test-ftello2.sh,
        lib/gl/tests/test-ftello3.c, lib/gl/tests/test-memchr.c,
        lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
        lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
        lib/gl/tests/test-stdlib.c, lib/gl/tests/test-sys_socket.c,
        lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-verify.c,
        lib/gl/time.in.h, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
        libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
        libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/ld-version-script.m4,
        libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4, maint.mk: 
        Update gnulib files.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Don't assume chmod +x on gendocs.sh.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Use gnulib --add-import.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Sort and update.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * lib/po/nl.po.in: Sync with TP.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.11.3.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2010-10-14  Simon Josefsson <simon@josefsson.org>

        * doc/errcodes.c, doc/examples/ex-alert.c,
        doc/examples/ex-cert-select-pkcs11.c,
        doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
        doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
        doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
        doc/examples/ex-client2.c, doc/examples/ex-crq.c,
        doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
        doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
        doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
        doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
        doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
        guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
        guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
        lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
        lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
        lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
        lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
        lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_server_name.h, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
        lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
        lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
        lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
        lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
        lib/gnutls_compress.h, lib/gnutls_constate.c,
        lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
        lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
        lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
        lib/gnutls_handshake.c, lib/gnutls_handshake.h,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
        lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
        lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
        lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
        lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
        lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
        lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
        lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
        lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
        lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
        lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
        lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
        lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
        lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
        lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
        lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
        lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
        lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
        lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
        lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
        lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
        lib/pakchois/dlopen.h, lib/pakchois/errors.c,
        lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
        lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
        lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
        lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
        lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
        lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
        lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
        lib/x509/x509_write.c, lib/x509_b64.c,
        libextra/ext_inner_application.c, libextra/ext_inner_application.h,
        libextra/gnutls_extra.c, libextra/gnutls_ia.c,
        libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
        src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
        src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
        src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
        tests/anonself.c, tests/certder.c,
        tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
        tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
        tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
        tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
        tests/finished.c, tests/gc.c, tests/hostname-check.c,
        tests/init_roundtrip.c, tests/mini-eagain.c,
        tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
        tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
        tests/nul-in-x509-names.c, tests/openpgp-auth.c,
        tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
        tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
        tests/resume.c, tests/safe-renegotiation/srn0.c,
        tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
        tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
        tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
        tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
        tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
        tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
        2.2.11).

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/m4/hooks.m4: bumped version

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Revert "Applied last patch of Micah Anderson on
        IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f.

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/fipsmd5.c: removed unneeded code.

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Applied last patch of Micah Anderson on IKE
        status.

2010-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Applied patch on IKE extension by Micah Anderson

2010-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
        lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
        code to support the linux cryptodev extensions.  Removed the clone()
        capability from HMAC. It was never used and having it prevents using
        it with hardware accelerators that might not have this capability.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: Added Micah

2010-10-01  Simon Josefsson <simon@josefsson.org>

        * doc/cha-cert-auth.texi, doc/cha-internals.texi,
        doc/cha-library.texi, lib/ext_safe_renegotiation.c,
        lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
        lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
        lib/system.c, lib/system.h, libextra/ext_inner_application.c,
        src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
        syntax-check errors.

2010-10-01  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/pkcs11.h: Fix compiler warnings.

2010-10-01  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/manpages/Makefile.am: Mention new APIs.

2010-09-30  Simon Josefsson <simon@josefsson.org>

        * tests/openpgp-certs/testselfsigs: Avoid bashism.  Reported by m.drochner@fz-juelich.de in
        <http://savannah.gnu.org/support/?107449>.

2010-09-30  Simon Josefsson <simon@josefsson.org>

        * lib/crypto-api.c: Don't return from void functions.  Reported by Dagobert Michelsen <dam@opencsw.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.

2010-09-30  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.

2010-09-30  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/x509.h: Remove spurious comma.

2010-09-30  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
        pkcs8-decode test work on Windows.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c: treat absence of parameters the same as
        having them disabled.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/resume.c: Corrected behavior on failure (don't crash).

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
        when restoring extensions during session resumtion.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_extensions.c: Use more informative logging for
        extensions.

2010-09-29  Micah Anderson <micah@riseup.net>

        * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
        lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
        src/certtool-cfg.h, src/certtool.c: Add new extended key usage
        ipsecIKE According to RFC 4945 § 5.1.3.12 section title
        "ExtendedKeyUsage"[0] the following extended key usage has been
        added:  ... this document defines an ExtendedKeyUsage keyPurposeID that MAY
           be used to limit a certificate's use:    id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 }    where id-kp is defined in RFC 3280 [5].  If a certificate is
           intended to be used with both IKE and other applications, and one
           of the other applications requires use of an EKU value, then such
           certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or    anyExtendedKeyUsage [5], as well as the keyPurposeID values    associated with the other applications.  Similarly, if a CA
           issues multiple otherwise-similar certificates for multiple
           applications including IKE, and it is intended that the IKE
           certificate NOT be used with another application, the IKE
           certificate MAY contain an EKU extension listing a keyPurposeID of
           id-kp-ipsecIKE to discourage its use with the other application.
           Recall, however, that EKU extensions in certificates meant for use
        in IKE are NOT RECOMMENDED.     Conforming IKE implementations are not required to support EKU.
           If a critical EKU extension appears in a certificate and EKU is
           not supported by the implementation, then RFC 3280 requires that the    certificate be rejected.  Implementations that do support EKU
           MUST support the following logic for certificate validation:    o  If no EKU extension, continue.     o  If EKU present AND contains either id-kp-ipsecIKE or       anyExtendedKeyUsage, continue.     o  Otherwise, reject cert.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
        was renamed to --p11-*.

2010-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c: Added some comments and removed unused
        code.

2010-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
        session tickets.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/TODO: cleanup of TODO list. Removed very old entries, entries
        already fixed and added new ones.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
        lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
        priorities moved to crypto.c

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c: changed the fatality level of some errors.

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
        Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
        handshake. If the check_fatal flag is set then
        GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: fflush stdout and stderr before the call to setbuf.
        This fixes issue in solaris where lines dissappeared from output.
        Reported and suggested fix by Knut Anders Hatlen.

2010-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented change

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
        importing DSA keys are RSA ones.

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: updated revision

2010-09-18  Ludovic Courtès <ludo@gnu.org>

        * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
        OpenPGP authentication unit test.  * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'.    (TESTS_ENVIRONMENT): Add `srcdir'.  * tests/openpgp-auth.c: New file.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/ext_session_ticket.c, lib/gnutls_alert.c,
        lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
        lib/gnutls_compress.c, lib/gnutls_compress.h,
        lib/gnutls_constate.c, lib/gnutls_constate.h,
        lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
        lib/gnutls_record.c, lib/gnutls_record.h,
        lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c: 
        Explicit symmetric cipher state versionning.  This introduces the concept of a "cipher epoch". The epoch number is
        the number of successful handshakes and is incremented by one each
        time. This concept is native to DTLS and this patch makes the
        symmetric cipher state explicit for TLS in preparation for DTLS.
        This concept was implicit in plain TLS and ChangeCipherSpec messages
        triggered a "pending state copy". Now, we the current epoch number
        is simply incremented to the parameters negotiated by the handshake.  The main side effects of this patch is a slightly more abstract
        internal API and, in some cases, simpler code. The session blob
        format is also changed a bit since this patch avoids storing
        information that is now redundant. If this breaks library users'
        expectations, this side effect can be negated.  The cipher_specs structure has been removed. The conn_state has
        become record_state_st. Only symmetric cipher information is
        versioned. Things such as key exchange algorithm and the master
        secret are not versioned and their handling is unchanged.  I have tested this patch as much as I could. It introduces no test
        suite regressions on my x64 Debian GNU/Linux system.  Do not hesitate to point out shortcomings or suggest changes. Since
        this is a big diff, I am expecting this to be an iterative process.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_errors.h: Add gnutls_assert_val idiom.   This warrants being made in an inline function or macro since it is  used throughout the code. This converts 4 line repetitive blocks
         into 1 line.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * AUTHORS, NEWS, configure.ac: updated for 2.11.1

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
        #11 URLs.  1st level: Token level. Object is unique up to token.
        2nd level: Object is unique up to token and module used to access
        it.  3rd level: Object is unique up to token and module and version
        of module used to access it.

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented changes.

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
        tabs are being skipped.

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
        _gnutls_read_buffered.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
        lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
        _gnutls_io_read_buffered use mbuffers.  This will be needed by the DTLS code to make sure reads are stored
        in segments that correspond to datagram boundaries.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_int.h: Parenthesize size calculations.  This is standard practice and the DTLS code got bit by this.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
        mbuffer_linearize.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation.  maximum_size is the maximum size of the payload, not including
        overhead.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
        a meaningful error code.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
        API.  After a year of not hacking GnuTLS, I needed to look at the code to
        know how mbuffers work. This will make it much easier for anybody
        not familiar with this code.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
        Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated NEWS.

2010-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
        src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
        src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
        conform to draft-pechanec-pkcs11uri-02.  Now in the URL the pkcs11
        provider library (module) can be specified thus restricting objects
        within a single provider.

2010-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
        lib/gnutls_record.c: When the %COMPAT flag is specified, larger
        records that would otherwise violate the TLS spec, are accepted.

2010-08-28  Brad Hards <bradh@frogmouth.net>

        * src/certtool.c, src/pkcs11.c: Show which option is the default for
        command line tools.  We use "y/N" is most places - this just adapts two places that use
        "Y/N" to match the behavior of read_yesno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/x509.c: prevent a memory leak in the unique_id functions.

2010-08-20  Brad Hards <bradh@frogmouth.net>

        * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
        lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
        identified in a previous mail, I've added support for accessing /
        displaying the subjectUniqueID and issuerUniqueID fields within an
        X.509 certificate. This is provided (along with a test case) in the
        attached patch.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_int.h: By default lowat is set to zero.

2010-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Revert "When scanning for terminator character for
        PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: Added Sjoerd.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: oldstate var removed.

2010-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
        every two attempts. That is to remove probabilities.

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

        * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
        data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294.
        gnutls_record_send needs to return the amount of user-data we sent,
        so we need to keep this information somewhere to return it when we
        succeed in sending that data.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

        * lib/gnutls_handshake.c: Check whether the error is fatal in more
        cases When stressing the async API of gnutls a lot of internal errors are
        hit as IMED_RET clears the handshake hash buffers as a result of
        -EAGAIN even though it would never be re-initialized at that point,
        but is still needed in later stages.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

        * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
        the handshake buffer A seperate state is needed between flushing the handshake buffers
        and sending the chipher spec change otherwise it's impossible to
        determine whether _gnutls_send_change_cipher_spec is called for the
        first time or again.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-01  Simon Josefsson <simon@josefsson.org>

        * lib/nettle/mpi.c: Fix warning.

2010-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
        no longer marked as unsupported.

2010-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
        lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
        lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
        SHA-224/384/512 and support for DSA2 when using nettle.

2010-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: When scanning for terminator character for PKCS #11
        URLs ignore escaped \;.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
        ciphersuites.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c: When signature algorithms extension is not
        received allow SHA1 and SHA256.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL

2010-07-25  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Avoid fixed size buffers (now handles the big >100
        SAN cert).

2010-07-25  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-07-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Re-add old NEWS entries.

2010-07-25  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_buffers.c: Doc fix.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
        success.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c: 
        gnutls_x509_privkey_import() will fallback to
        gnutls_x509_privkey_import_pkcs8() without a password, if it is
        unable to decode the key.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c: 
        Added GNUTLS_PK_DH to differentiate in the generation of parameters
        with PK_DSA that requires special treatment.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
        levels.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
        certificates.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
        normal and reporting them as low.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
        lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
        lib/x509/privkey.c, src/certtool.c,
        tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
        parameters to key sizes matching (via a single table). Added
        functions to return the security parameter of a private key.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Simplified documentation.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/mpi.c: Follow ECRYPT II recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
        lib/gnutls_algorithms.c: Updated documentation and
        gnutls_pk_params_t mappings to ECRYPT II recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
        yearly report (2009-2010) recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * gtk-doc.make: ignore html errors otherwise make dist doesn't work.

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: updated NEWS

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa: Added option for certtool to print
        certificate public key.

2010-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
        RSA. Some microsoft products were using it. Reported by Mads
        Kiilerich.

2010-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.

2010-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
        Will stay there until it is moved to nettle itself.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/system.h: fixed

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
        lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
        is used if /dev/urandom is not present.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
        lowat behavior. Documented that it will be deprecated in later
        versions.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
        instead print LF only.

2010-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
        lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
        lib/system.h: system specific functions were moved to system.c

2010-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
        lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
        lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
        lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
        using writev(). This takes advantage of the new buffering layer and
        allows queuing of packets and flushing them. This is currently used
        for handshake messages only. Performance-wise the difference of
        packing several TLS records in a single write doesn't seem to offer
        anything over ethernet (that my tests were on). Probably on links
        with higher latency there would be a benefit.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-gtls-app.texi: Removed old reference.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
        doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
        demonstrating the verification procedure.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
        doc/examples/ex-serv-export.c: Example with export ciphersuites was
        removed.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pubkey.c: corrected typo

2010-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
        fastest choice.

2010-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-cfg.c: Do not crash if input is redirected from
        /dev/null.

2010-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa: 
        Changed the default pkcs-cipher to AES-128. Allowed specifying the
        3des-pkcs12 cipher with the --pkcs-cipher option.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/benchmark.c: Use double to count bytes.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: Added a windows version of the RNG.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: Corrected locking usage in nettle's random
        subsystem.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
        lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h: 
        Fixed to compile under mingw32.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
        lib/pakchois/pakchois.c: Locks were converted to be in align with
        posix locks to easier wrap around them.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
        lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
        pakchois will use gnutls locks and will use a portable dlopen() to
        allow compilation in win32 (untested).

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/x509/Makefile.am: Added missing files

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c, lib/gnutls_cipher_int.c,
        lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
        lib/libgnutls.map: Allow encryption and decryption that are not
        in-place only.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/benchmark.c: Print values in a human-readable format and do
        the calculations in fixed time to prevent stalling in slow systems.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: corrected library version

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c,
        lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
        callback function in common.c will cache PIN if requested for second
        time.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
        lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
        lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
        PIN callback. The new approach will be to provide enough information
        for the callback to save the PIN itself.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/init.c: removed unneeded function.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/locks.c: Do not allow setting NULL lock functions

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/rnd.c: corrected lock usage.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: bumped library version

2010-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/Makefile.am: Include abstract.h in releases.

2010-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c: Correctly deinitialize crypto API handles.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
        HANDSHAKE_MAC_TYPE_12.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
        code. Locking functions always exist but are dummies if no locks
        have been set.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
        lib/gnutls_global.c, lib/gnutls_global.h,
        lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
        lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c: 
        Initialization of crypto libraries moved outside main gnutls code.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
        lib/locks.c, lib/locks.h: Moved locking code to special file.

2010-06-29  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.

2010-06-29  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c: 
        When copying a private key the sensitive flag can be set or not.
        This allows copying private keys that can be exported.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
        src/pkcs11.c: Combined object flags. No implicit login any more.
        Login has to be specified with a flag on every call that could use
        it.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
        code.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
        lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
        flags when importing objects from PKCS11 URLs. The only flag
        supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
        before accessing object on a token. The reason is that some tokens
        do not allow access of any data without login.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/tests.c: Added AES-128 to block ciphers.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_session_pack.c: Corrected writing and reading order of
        security parameters.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
        lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
        lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
        allow setting alternative locking procedures. By default the system
        available locking is used. In *NIX pthreads are used and in windows
        the critical section API.  As a side effect this change avoids any API dependance on libgcrypt
        even if threads are used.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
        was checking whether verification using a trusted insecurely signed
        self signed certificate will fail against a chain that has this as
        intermediate. However this test should have succeeded since the
        insecure certificate is trusted.  This isn't the purpose of this test however. It should have checked
        whether using the same certificate as trusted and to be verified and
        the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/chainverify.c: Fail on error.

2010-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: When generating private key allow usage of
        --pkcs-cipher flag.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
        lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h: 
        MAX_SRP_USERNAME -> MAX_USERNAME_SIZE

2010-06-24  Simon Josefsson <simon@josefsson.org>

        * README-alpha: We also require GNU make.

2010-06-24  Simon Josefsson <simon@josefsson.org>

        * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
        silent build rules.  Suggested by Vincent Torri <vincent.torri@gmail.com> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
        functions.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am: removed OPRFI from makefile.

2010-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: When verifying certificates use the same
        algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
        we were shortening certificate list if the flag was not set by the
        size of the first certificate found in the trusted list, and keep
        the list intact otherwise. Now we shorten the list in the latter
        case as well, except for the first certificate.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Added news entry for EV-certificates.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
        Added test to check whether the %COMPAT option is required for this
        server.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
        the new session packing code. Saving absolute positions in buffers
        is no longer done. Now we store only and offset to allow
        reallocating the buffer and still do the correct reference.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
        lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
        code that relate to SSL 3.0.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac: version is 2.11.0

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Some updates on renegotiation text

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
        topic. I don't think they should be in the documentation.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Corrected example with %COMPAT.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
        discussion.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: corrected text on AES

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Only save PIN if login was successful.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
        Metzler

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/benchmark.c: Allow setting debug level via cmd.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c: Explicitely terminate cryptodev sessions.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
        longer needed "active" variable.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented some of the changes

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
        internal hash/hmac and cipher functions.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
        Certtool has now the --pkcs11-list-privkeya option.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_privkey.c: Send correct token name to callback.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
        lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
        lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
        actual errors.

2010-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c: 
        Added option to the PKCS11 PIN callback to save PIN if the token is
        being used with a single pkcs11_privkey structure.

2010-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_privkey.c: For Private key operations new sessions are
        opened when are needed. This makes the usage of the PKCS11 API
        thread safe. The only drawback is the requirement to enter PIN on
        every operation.

2010-06-15  Simon Josefsson <simon@josefsson.org>

        * src/cli.c: gnutls-cli: Make --starttls work again.  Problem introduced in patch to use read() instead of fgets()
        committed on 2010-01-27.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c, tests/sha2/key-ca-dsa.pem,
        tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa: 
        Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
        for DSA.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: Do not warn multiple times for the deprecation of
        --bits.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
        lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
        lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
        mbuffers is now cheaper by avoiding realloc, at the cost of
        requiring to specify a maximum mbuffer size at creation.

2010-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c: Removed unused functions.

2010-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
        length with the maximum extension data length.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
        lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
        lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_server_name.h, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
        lib/gnutls_constate.c, lib/gnutls_extensions.c,
        lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
        lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
        lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
        lib/x509/dn.c, libextra/ext_inner_application.c,
        libextra/ext_inner_application.h, libextra/gnutls_extra.c,
        libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
        tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
        packing of data for session storage. Extensions use the internal API
        to store/retrieve during resumption.  Removed OPRFI since it was never standardized and was never actually
        included in gnutls since it was in inactive ifdef. This was instead
        of rewriting it to use the new API.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
        lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
        lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
        simplified and integrated with the buffer to avoid having two named
        for the same thing.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c: Properly handle fork() case.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
        fips mode once gnutls_global_init_extra() is called.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/tests.c: corrected tests.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c: 
        Added new calls to pakchois to open an absolute filename.

2010-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h: Removed several comments that
        pointed to Alon's implementation comments. We use inline C comments
        to generate documentation (not doxygen).

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/ext_session_ticket.c,
        lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
        lib/gnutls_buffers.h, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
        lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
        fixes for the rebase.

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * AUTHORS: Added Jonathan.

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c: Provider unref must be done after all
        sessions have been closed.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am: Several fixes for the broken rebase.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-intro-tls.texi: Merged with master.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
        lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
        (a bit more) agnostic on their internal structure.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: Corrected prefered hash algorithm return value
        on RSA.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
        libgcrypt.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: Ignore more files.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/sha2/sha2-dsa: Remove the correct file

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
        files.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
        lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
        lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
        get_preferred_hash_algorithm() functions have now an extra argument
        to indicate whether it is mandatory to use this algorithm.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
        lib/libgnutls.map, lib/x509/crq.c: Added
        gnutls_x509_crq_get_preferred_hash_algorithm().

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
        lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
        gnutls_pubkey_get_preferred_hash_algorithm() and
        gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
        the hash algorithm to use during signing. This is needed in the case
        of DSA that uses specific versions of SHA depending on the size of
        the parameters.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
        lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
        lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
        lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c: 
        Several fixes after big rebase.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
        SHA256 as well.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/mpi.c: Print debugging information on error.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
        lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
        lib/opencdk/sig-check.c, lib/opencdk/verify.c,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
        lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
        lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
        Except for SHA-224/384/512 nettle seems to be fully working now.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c: use --sec-param to generate privkey.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgpself.c: reduced log level to a sane one

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/pathlen/ca-no-pathlen.pem,
        tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
        --print-certificate-info

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/sha2/sha2: Print information on failure.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
        available.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
        tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
        something fails

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_global.c: Fixup to compile with nettle

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
        in debugging.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/pkcs12_encode.c: Added debugging

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
        TLS.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix_asn1_tab.c: removed more stuff.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
        incorporated.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
        more.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dn2.c: Corrected to support new EV_ values.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: 
        avoid calling gcrypt directly.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
        lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
        tests/mini-eagain.c: exported gnutls_rnd().

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
        recognition of DN elements is now self contained. It does not need
        entries in pkix.asn.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
        support for EV certificate attributes.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
        AES.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_dh_primes.c: documentation updates

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
        dh-params also used --sec-param.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/mpi.c: Document that the generator is the generator of
        the subgroup and not the group.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: Corrected certificate callback.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
        lib/nettle/cipher.c: More AES stuff (still doesn't work).

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: Correction in RSA encryption.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/cipher.c: Fixed issue with AES.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
        lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa: Added
        gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
        private keys using a human understandable scale.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
        lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: Always use included pakchois.

2010-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
        page.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: make example more compact by removing
        error checking.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
        reference to PKCS #11.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/credentials/x509-server-dsa.pem,
        doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
        lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
        level of several messages.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
        values in key.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
        keys on import. Nettle uses more values than gcrypt does from RSA
        decryption and it seemed that some values in our stored private keys
        were messy (generated by very old gnutls).

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
        lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
        internal API. The only question that remains now is how to handle
        the gnutls_pkcs11_privkey_t. Currently it opens a session and
        maintains a handle to the object. This will require locks to be
        added on operations. Alternatively new sessions may be opened for
        each operation performed. This is guarranteed by PKCS #11 to be
        thread safe but will of course require to ask for the PIN again.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pakchois/pakchois.c: Removed debugging print.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
        lib/pakchois/errors.c, lib/pakchois/pakchois.c,
        lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
        pakchois library (to open arbitrary pkcs11 modules).  Current gnutls
        works only with this one.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/cha-gtls-app.texi: Added missing file.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/TODO: Removed finished items.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11_write.c: Noted that there things to be done.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
        abstract types.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
        lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c: 
        Common code for calculation of RSA exp1 and exp2. Also update the
        openpgp code to calculate those values.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c: 
        More fixes.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c: 
        Corrected nicely hidden bug that caused accesses to uninitialized
        variables if the gcry_mpi_print() functions were pessimists and
        returned more size than actually needed for the print.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gcrypt/pk.c: Added some sanity checks.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
        doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
        doc/cha-copying.texi, doc/cha-functions.texi,
        doc/cha-internals.texi, doc/cha-intro-tls.texi,
        doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
        doc/cha-tls-app.texi, doc/gnutls.texi,
        lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: 
        Documentation updates. Separated big gnutls.texi to chapter to allow
        easier maintainance.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
        lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
        lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c: 
        Added support to copy certificates and private keys to tokens.  New
        functions: gnutls_pkcs11_copy_x509_crt()
        gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys
        to tokens. Deleting an object has issues (segfault) but it seems to
        be related with libopensc and its pkcs11 API.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
        gnutls_pubkey_get_verify_algorithm().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
        gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
        gnutls_pkcs11_obj_export().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Tried to document recent changes.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
        src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
        gnutls_pubkey_t abstract type to handle public keys. It can
        currently import/export public keys from existing certificate types
        as well as from PKCS #11 URL. This allows generating a certificate
        or certificate request from a given public key (currently one could
        only generate them from a given private key).  PKCS#11 API augmented to allow reading arbitrary objects instead of
        just certificates.  Certtool updated to list those objects.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
        between hardware and soft tokens.

2010-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am: Added support for libnettle backend. This uses
        gmp for big number operations.  It is not currently completed. It
        lacks RSA blinding as well as optimizations.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/sign.c: Corrected bug in DSA signature generation.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
        and requests with an abstract key and thus with a PKCS #11 key as
        well.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
        #11 URL. It can read gnome-keyring's certificates and use them in
        the trusted list.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c: Corrections in openpgp private key usage.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/x509self.c: Updated self tests and examples to avoid using
        deprecated functions such as
        gnutls_certificate_server_set_retrieve_function and the sign
        callback.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
        documentation for most of the new functions.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Documented that it was initially based on neon
        pkcs11 and got ideas from pkcs11-helper library.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Corrections to properly handle token removal and
        insert.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
        lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
        gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
        abstract private key type that can be used to sign/encrypt any
        private key of pkcs11,x509 or openpgp types. Added support for
        PKCS11 in gnutls-cli/gnutls-serv.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool.c, src/pkcs11.c: Added several helper functions, to
        allow printing of tokens.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
        src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
        from PKCS #11 tokens.  Added ability to list trusted certificates,
        or only certificates with a corresponding private key or just all.

2010-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
        lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
        Certtool can now print lists of certificates available in system.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
        lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
        lib/x509/x509.c, lib/x509/x509_int.h: Added
        gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, configure.ac, lib/gnutls_pubkey.c,
        lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
        lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
        src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
        gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
        gnutls_pkcs11_obj_export().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: Ignore files that should be ignored.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
        recent changes.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
        lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
        lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
        lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
        gnutls_pubkey_t abstract type to handle public keys. It can
        currently import/export public keys from existing certificate types
        as well as from PKCS #11 URL. This allows generating a certificate
        or certificate request from a given public key (currently one could
        only generate them from a given private key).  PKCS#11 API augmented to allow reading arbitrary objects instead of
        just certificates.  Certtool updated to list those objects.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
        gnutls_pkcs11_token_get_flags() to distinguish between hardware and
        soft tokens.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
        symbols from C++ library. This library doesn't contain any internal
        symbols anyway and there is no reason to mess with the C++ ABI that
        hasn't got the problems of C.

2010-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, doc/examples/ex-serv-export.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
        lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
        lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
        lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
        lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
        lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
        lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
        lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
        lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
        src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
        support for libnettle backend. This uses gmp for big number
        operations.  It is not currently completed. It lacks RSA blinding as
        well as optimizations.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
        src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
        gnutls-cli and gnutls-serv can accept a PKCS #11 URL.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/sign.c: Corrected bug in DSA signature generation.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
        lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
        lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
        lib/x509/x509_write.c: Added operations to sign CRLs, certificates
        and requests with an abstract key and thus with a PKCS #11 key as
        well.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
        lib/gnutls_sig.h, lib/gnutls_x509.h,
        lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
        lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c: 
        The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
        gnome-keyring's certificates and use them in the trusted list.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Documented that gnutls_global_init calls
        gnutls_pkcs11_init.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: Only send termination request to avoid stalling on
        servers that do not reply.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h: 
        Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
        works even when resuming a session.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
        doc/gnutls.texi: Added initial example.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: 
        Corrections in openpgp private key usage.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-cert-select.c, tests/Makefile.am,
        tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
        self tests and examples to avoid using deprecated functions such as
        gnutls_certificate_server_set_retrieve_function and the sign
        callback.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
        the new callback function.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
        lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
        documentation for most of the new functions.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkcs11.c: Documented that it was initially based on neon
        pkcs11 and got ideas from pkcs11-helper library.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
        lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
        properly handle token removal and insert.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
        Deprecated the sign callback.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
        lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
        lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
        lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
        lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
        lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
        lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
        lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
        lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
        lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
        src/common.h, src/pkcs11.c, src/serv.c: Added
        gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
        abstract private key type that can be used to sign/encrypt any
        private key of pkcs11,x509 or openpgp types. Added support for
        PKCS11 in gnutls-cli/gnutls-serv.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: ignore unrelated to gnutls files.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
        src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
        functions, to allow printing of tokens.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_errors.c, lib/gnutls_str.c,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
        lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
        src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c: 
        Added ability to export certificates from PKCS #11 tokens.  Added
        ability to list trusted certificates, or only certificates with a
        corresponding private key or just all.

2010-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
        lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
        lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
        lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
        lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
        lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
        lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
        src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
        src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
        Certtool can now print lists of certificates available in system.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: Optimized the check_if_same().

2010-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h: 
        Added a forgoten by god OID for RSA. Warn using the actual OID on
        unknown public key algorithms.

2009-12-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
        API.

2009-08-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
        lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
        handshake synthesis.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
        lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
        mbuffer_st.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
        lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
        Simplify handshake send buffer logic.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Fix interrupted write braino.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c: Avoid pointer warning.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
        lib/gnutls_mbuffers.h: Remove now useless
        _gnutls_mbuffer_enqueue{,copy} functions.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
        lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
        with mbuffer_st structure as suggested by Nikos.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
        allocation by the caller.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: GNUify some missed GNUification.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Harmonize read and write function names.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
        less lines.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer.  Once again, I got bit by this pretty hard.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_record.c: Use a datum for ciphered data in
        _gnutls_send_int.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.h: Remove the prototype for the non-existant
        function _gnutls_io_write_buffered2.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
        internals.record_send_buffer mess.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Remove yet another !@#$% instance of
        redundant hexadecimal dumping.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: 
        Modify slightly the contract of _gnutls_io_write_buffered as
        suggested by Nikos Mavrogiannopoulos.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
        lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
        by value.

2009-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
        handshake data were received during a session. It now stores them
        for future use by a gnutls_handshake(). Reported by Peter
        Hendrickson <pdh@wiredyne.com>.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
        _gnutls_io_write_flush with mbuffers.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
        internals.record_send_buffer to a mbuffer.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Extract a simple_write function from
        _gnutls_io_write_buffered.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_buffers.c: Add dump_bytes function.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
        lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
        mbuffer operations.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_algorithms.c: Do not rely on version ordering; use
        switch..case instead.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_state.c: Remove hardcoded version check in
        gnutls_state.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_cipher.c: Remove hardcoded version checks in
        gnutls_cipher.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_handshake.c: Remove hardcoded version checks in
        gnutls_handshake.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_algorithms.c: Add version check function for selectable
        signature/hash certificate algorithms.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_algorithms.c: Add version check functions for
        non-minimal padding.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
        check function for explicit IV.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/gnutls_algorithms.h: Add version check functions for
        selectable PRF and extension handling.

2010-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
        doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
        lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
        lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
        tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn: 
        Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the
        most secure and recommended option for clients. However this will
        prevent from connecting to legacy servers.  %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and
        servers not supporting the safe renegotiation extension. (this is
        the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones.

2010-05-31  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Minor fix.

2010-05-31  Simon Josefsson <simon@josefsson.org>

        * GNUmakefile, maint.mk: Update gnulib files.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/gnutls.texi: Documented the defaults.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
        updates.

2010-05-28  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Update.

2010-05-28  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/README: Add.

2010-05-28  Simon Josefsson <simon@josefsson.org>

        * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
        build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
        configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
        gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
        gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
        gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
        gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
        gl/tests/test-vc-list-files-cvs.sh,
        gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
        gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
        gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
        lib/build-aux/c++defs.h, lib/gl/Makefile.am,
        lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
        lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
        lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
        lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
        lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
        lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
        lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
        lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
        libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
        gnulib files, use valgrind-tests module, fix syntax-check problems.

2010-05-28  Simon Josefsson <simon@josefsson.org>

        * doc/announce.txt: Doc fix.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
        lib/x509/verify.c: Use correct hashing algorithms for DSA with q
        over 160 bits.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: Better checks in loops.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crl.c: Doc fix.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
        GTK-DOC PDF file.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Also build PDF manual.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Fix node/section usage.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/srn5.c: Fix self test.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_handshake.c: Readd lost fix from Nikos.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
        libextra/openssl_compat.c: Doc fixes.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509.c: Doc fix.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
        doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
        doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
        doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
        doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
        doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
        guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
        guile/modules/gnutls/build/priorities.scm,
        guile/modules/gnutls/build/smobs.scm,
        guile/modules/gnutls/build/utils.scm,
        guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
        guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
        guile/src/extra.c, guile/src/make-enum-header.scm,
        guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
        guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
        guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
        guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
        guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
        guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
        guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
        guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
        lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
        lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
        lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
        lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
        lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
        lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
        lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
        lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
        lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
        lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
        lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_server_name.h, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
        lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
        lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
        lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
        lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
        lib/gnutls_compress.c, lib/gnutls_compress.h,
        lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
        lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
        lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
        lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
        lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
        lib/gnutls_handshake.c, lib/gnutls_handshake.h,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
        lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
        lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
        lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
        lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
        lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
        lib/gnutls_record.h, lib/gnutls_rsa_export.c,
        lib/gnutls_rsa_export.h, lib/gnutls_session.c,
        lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
        lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
        lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
        lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
        lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
        lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
        lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
        lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
        lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
        lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
        lib/openpgp/Makefile.am, lib/openpgp/compat.c,
        lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
        lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
        lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
        lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
        lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
        lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
        lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
        lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
        lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
        lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
        libextra/configure.ac, libextra/ext_inner_application.c,
        libextra/ext_inner_application.h, libextra/fipsmd5.c,
        libextra/gl/Makefile.am, libextra/gnutls_extra.c,
        libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
        libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
        libextra/m4/hooks.m4, libextra/openssl_compat.c,
        libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
        src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
        src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
        src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
        tests/certder.c, tests/certificate_set_x509_crl.c,
        tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
        tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
        tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
        tests/finished.c, tests/gc.c, tests/hostname-check.c,
        tests/init_roundtrip.c, tests/key-id/Makefile.am,
        tests/key-id/key-id, tests/mini-eagain.c,
        tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
        tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
        tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
        tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
        tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
        tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
        tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
        tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
        tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
        tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
        tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
        tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
        tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
        tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
        tests/rsa-md5-collision/Makefile.am,
        tests/rsa-md5-collision/rsa-md5-collision,
        tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
        tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
        tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
        tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
        tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
        tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
        tests/userid/userid, tests/utils.c, tests/utils.h,
        tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
        tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
        Change GNUTLS into GnuTLS.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
        doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
        doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
        doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
        lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
        src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
        src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
        parsing of ciphersuite or extensions when safe renegotiation is
        disabled.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn5.c: Add test of self renegotiation
        APIs.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c: 
        Add more rengotiation self tests.

2010-05-22  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c: 
        Add more safe renegotiation self test.

2010-05-21  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/announce.txt, doc/gnutls.texi,
        doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
        tests/safe-renegotiation/srn2.c: Remove
        gnutls_safe_negotiation_set_initial and
        gnutls_safe_renegotiation_set.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: Documented behavioral change.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
        differentiate the behavior of server and client with regards to safe
        renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
        UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
        This (as well as the safe_renegotiation_set flag) has to be removed
        once safe renegotiation is default in both server and client side.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
        renegotiation if the priority_* functions are not called.

2010-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
        Adams.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c: 
        tests: Add srn3 to test inverse of what srn1 is testing.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn2.c: tests: Add another safe
        renegotiation self tests.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/srn1.c: Also test
        gnutls_safe_renegotiation_status API.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
        renegotiation extension.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
        X.509 rehandshake test.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/mini-x509.c: Protect against infloops.

2010-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
        self-test.

2010-04-30  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Improve text, based on suggestions from Tomas
        Hoger <thoger@redhat.com>.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_handshake.c: Fix typo.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_handshake.c: Improve renegotiation debug messages.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * doc/announce.txt: Add.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Add.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Add section on safe renegotiation.

2010-04-29  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_record.c: Remove debug code.

2010-04-25  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Mention shared library map file and GTK-DOC
        guidelines.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * doc/announce.txt: Update URL.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Update my OpenPGP key.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * doc/announce.txt: Update my key.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Remove.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add 2.8.x NEWS entries.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * libextra/configure.ac: Also bump libgnutls-extra version.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
        versions.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh: Chmod +x.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2010-04-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.10.

2010-04-21  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
        lib/minitasn1/decoding.c, lib/minitasn1/element.h,
        lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h,
        lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
        lib/minitasn1/structure.h, lib/minitasn1/version.c: Upgrade to
        libtasn1 version 2.6.

2010-04-21  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
        gl/m4/netdb_h.m4, gl/stdbool.in.h, gl/tests/test-lseek.sh,
        gl/tests/test-select-in.sh, gl/tests/test-stdbool.c,
        gl/tests/test-stdint.c, lib/gl/Makefile.am, lib/gl/m4/netdb_h.m4,
        lib/gl/m4/visibility.m4, lib/gl/stdbool.in.h,
        lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stdint.c,
        lib/gl/tests/test-vasprintf.c, maint.mk: Update gnulib files.

2010-04-21  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Structure fork check together.

2010-04-15  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: Fix compiler warning.

2010-04-15  Simon Josefsson <simon@josefsson.org>

        * gl/override/top/maint.mk.diff, libextra/gl/hmac-md5.c,
        libextra/gl/md5.c, maint.mk: Update gnulib files.

2010-04-15  Simon Josefsson <simon@josefsson.org>

        * lib/crypto-api.c, lib/gnutls_priority.c: Indent code.

2010-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c, lib/includes/gnutls/crypto.h: Use size_t instead
        of int for input variables that represent sizes.

2010-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: Free the priority structure on error.
        Reported by Paul Aurich.

2010-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: The string is colon separated. Reported by
        Paul Aurich.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Fix indent bug.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, doc/examples/examples.h, guile/src/errors.h,
        guile/src/utils.h, lib/auth_cert.h, lib/auth_dh_common.h,
        lib/crypto.h, lib/ext_oprfi.h, lib/ext_safe_renegotiation.h,
        lib/ext_session_ticket.h, lib/ext_signature.h,
        lib/gnutls_algorithms.h, lib/gnutls_cipher_int.h,
        lib/gnutls_compress.h, lib/gnutls_cryptodev.h, lib/gnutls_errors.h,
        lib/gnutls_extensions.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
        lib/gnutls_mpi.h, lib/gnutls_pk.h, lib/gnutls_sig.h,
        lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
        lib/gnutls_supplemental.h, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
        lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/keydb.h,
        lib/opencdk/main.h, lib/opencdk/opencdk.h, lib/opencdk/packet.h,
        lib/opencdk/stream.h, lib/opencdk/types.h,
        lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
        lib/x509/pbkdf2-sha1.h, lib/x509/x509_int.h,
        libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, src/certtool-cfg.h,
        src/certtool-common.h, src/common.h: More indentation.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-client-tlsia.c, doc/examples/ex-verify.c,
        doc/examples/ex-x509-info.c, lib/auth_cert.c, lib/auth_rsa.c,
        lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_oprfi.c,
        lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
        lib/ext_session_ticket.c, lib/ext_signature.c,
        lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
        lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
        lib/gnutls_constate.c, lib/gnutls_extensions.c,
        lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
        lib/gnutls_priority.c, lib/gnutls_record.c,
        lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
        lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
        lib/minitasn1/decoding.c, lib/opencdk/read-packet.c,
        lib/opencdk/sig-check.c, lib/x509/pkcs12.c, lib/x509/verify.c,
        libextra/gl/hmac-md5.c, libextra/gl/md5.c, src/benchmark.c,
        src/certtool.c, src/cli.c, src/serv.c, src/tests.c, src/tls_test.c,
        tests/anonself.c, tests/certder.c, tests/chainverify.c,
        tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
        tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/finished.c,
        tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
        tests/mini-eagain.c, tests/mini.c, tests/netconf-psk.c,
        tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
        tests/openpgpself.c, tests/parse_ca.c, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
        tests/resume.c, tests/set_pkcs12_cred.c, tests/simple.c,
        tests/tlsia.c, tests/utils.c, tests/x509_altname.c, tests/x509dn.c,
        tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
        Indent code.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/crypto-api.c, lib/ext_safe_renegotiation.c,
        lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/libgnutls.map,
        lib/x509/x509.c: Export new ABIs.  Doc fixes for new APIs.

2010-04-14  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/Makefile.am: Disable self-test
        temporarily until we make it work cross-platform.

2010-04-13  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/ext_safe_renegotiation.c, lib/gnutls_algorithms.c,
        lib/includes/gnutls/gnutls.h.in: Doc fixes.

2010-04-13  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am, src/certtool-gaa.c: Generated.

2010-04-13  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Ignore c++defs.h.

2010-04-13  Simon Josefsson <simon@josefsson.org>

        * .x-sc_prohibit_empty_lines_at_EOF, GNUmakefile,
        build-aux/c++defs.h, build-aux/warn-on-use.h, doc/certtool.cfg,
        doc/credentials/gnutls-http-serv, doc/credentials/params.pem,
        doc/credentials/x509/Makefile.am, doc/credentials/x509/cert.pem,
        doc/credentials/x509/clicert-dsa.pem, gl/Makefile.am, gl/fseeko.c,
        gl/m4/fseeko.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
        gl/m4/lib-link.m4, gl/m4/memchr.m4, gl/m4/stdio_h.m4,
        gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/time_h.m4,
        gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/stdio-impl.h,
        gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
        gl/sys_stat.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
        gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
        gl/tests/test-vasnprintf.c, gl/time.in.h, gl/unistd.in.h,
        gl/vasnprintf.c, gl/wchar.in.h, guile/modules/gnutls/extra.scm,
        guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
        lib/build-aux/c++defs.h, lib/build-aux/warn-on-use.h,
        lib/ext_cert_type.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
        lib/gl/m4/fseeko.m4, lib/gl/m4/gnulib-common.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/lib-link.m4,
        lib/gl/m4/memchr.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
        lib/gl/m4/string_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
        lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/stdio-impl.h, lib/gl/stdio.in.h,
        lib/gl/stdlib.in.h, lib/gl/string.in.h, lib/gl/sys_socket.in.h,
        lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/test-vasnprintf.c, lib/gl/time.in.h, lib/gl/time_r.c,
        lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
        lib/minitasn1/Makefile.am, lib/minitasn1/README,
        lib/opencdk/keydb.h, lib/opencdk/packet.h,
        libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
        libextra/gl/m4/lib-link.m4, maint.mk, src/certtool.gaa,
        src/cfg/Makefile.am, src/crypt.gaa, src/tls_test.gaa,
        tests/key-id/ca-gnutls-keyid.pem, tests/key-id/ca-no-keyid.pem,
        tests/key-id/ca-weird-keyid.pem,
        tests/pkcs1-padding/pkcs1-pad-broken.pem,
        tests/pkcs1-padding/pkcs1-pad-broken2.pem,
        tests/pkcs1-padding/pkcs1-pad-broken3.pem,
        tests/pkcs1-padding/pkcs1-pad-ok.pem,
        tests/pkcs1-padding/pkcs1-pad-ok2.pem,
        tests/safe-renegotiation/Makefile.am, tests/test25.pem: Update
        gnulib files, fix syntax-check warnings.

2010-03-31  Simon Josefsson <simon@josefsson.org>

        * .gitignore, gl/m4/wchar_h.m4, lib/gl/m4/wchar_h.m4: Add forgotten
        gnulib files, and fix .gitignore.

2010-03-31  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-03-31  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS, lib/po/it.po.in, lib/po/nl.po.in: Sync with TP.

2010-03-31  Simon Josefsson <simon@josefsson.org>

        * .x-sc_program_name, .x-sc_the_the, cfg.mk,
        lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
        lib/m4/hooks.m4, lib/opencdk/sig-check.c, src/certtool.c,
        src/serv.c, tests/dn.c, tests/mini.c: Update gnulib files.  Fix
        syntax-check warnings.

2010-03-31  Simon Josefsson <simon@josefsson.org>

        * build-aux/c++defs.h, build-aux/vc-list-files,
        build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c,
        gl/arpa_inet.in.h, gl/bind.c, gl/connect.c, gl/getaddrinfo.c,
        gl/gettext.h, gl/gettimeofday.c, gl/m4/arpa_inet_h.m4,
        gl/m4/getaddrinfo.m4, gl/m4/gettimeofday.m4,
        gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
        gl/m4/inet_pton.m4, gl/m4/lseek.m4, gl/m4/netdb_h.m4,
        gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
        gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
        gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
        gl/m4/time_h.m4, gl/m4/unistd_h.m4, gl/m4/warn-on-use.m4,
        gl/m4/wchar.m4, gl/netdb.in.h, gl/netinet_in.in.h, gl/recv.c,
        gl/select.c, gl/send.c, gl/stdint.in.h, gl/stdio.in.h,
        gl/stdlib.in.h, gl/string.in.h, gl/sys_select.in.h,
        gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
        gl/tests/Makefile.am, gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
        gl/tests/test-vc-list-files-git.sh, gl/time.in.h, gl/unistd.in.h,
        gl/wchar.in.h, lib/build-aux/c++defs.h,
        lib/build-aux/warn-on-use.h, lib/gl/Makefile.am, lib/gl/gettext.h,
        lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/intldir.m4, lib/gl/m4/lseek.m4, lib/gl/m4/netdb_h.m4,
        lib/gl/m4/printf-posix.m4, lib/gl/m4/stddef_h.m4,
        lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/string_h.m4,
        lib/gl/m4/strings_h.m4, lib/gl/m4/sys_socket_h.m4,
        lib/gl/m4/sys_stat_h.m4, lib/gl/m4/time_h.m4,
        lib/gl/m4/unistd_h.m4, lib/gl/m4/visibility.m4,
        lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar.m4, lib/gl/netdb.in.h,
        lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
        lib/gl/string.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
        lib/gl/tests/Makefile.am, lib/gl/time.in.h, lib/gl/unistd.in.h,
        lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
        libextra/gl/m4/gnulib-comp.m4, maint.mk: Update gnulib files.

2010-03-30  Simon Josefsson <simon@josefsson.org>

        * m4/valgrind.m4: Check for what we use.  Bump serial.

2010-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * m4/valgrind.m4, tests/Makefile.am: Valgrind -q is now set by the
        valgrind detection script to avoid issue when running tests without
        valgrind.

2010-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_cert.c: increased small value for certificates. Typical
        certificates are much longer than that.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, tests/Makefile.am, tests/anonself.c,
        tests/certder.c, tests/chainverify.c, tests/crq_apis.c,
        tests/crq_key_id.c, tests/cve-2009-1415.c, tests/dhepskself.c,
        tests/dn.c, tests/dn2.c, tests/finished.c, tests/gc.c,
        tests/hostname-check.c, tests/init_roundtrip.c,
        tests/mini-eagain.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
        tests/netconf-psk.c, tests/nul-in-x509-names.c,
        tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
        tests/parse_ca.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
        tests/pskself.c, tests/resume.c, tests/set_pkcs12_cred.c,
        tests/sha2/sha2, tests/simple.c, tests/tlsia.c,
        tests/x509_altname.c, tests/x509dn.c, tests/x509self.c,
        tests/x509sign-verify.c, tests/x509signself.c: Reduced several
        unneeded messages during the make check procedure.  Verbose messages
        can be obtained with --verbose.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/Makefile.am: use mv -f to avoid interactiveness.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dn2.c: Modified to account for postalcode.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: added news entry for postalcode.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
        lib/x509/common.c: Display postalCode and Name X.509 DN attributes
        correctly.  Based on patch by Pavan Konjarla.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/includes/gnutls/gnutls.h.in, src/serv-gaa.c, src/serv.gaa: Each
        ciphersuite is now tight with a minimum TLS version and a maximum
        one. It is valid if it is between (and including) those. This was
        added to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not
        available with TLS 1.1. Reported by Adrian F. Dimcev.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: Ignore more files.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_alert.c,
        lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, src/cli.c: Added
        gnutls_certificate_set_verify_function() to allow checking
        (verifying) certificate before the handshake is completed.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-rfc2818.c, doc/examples/ex-verify.c: Use the flags
        for expiration instead of getting the time of each certificate.

2010-03-17  Simon Josefsson <simon@josefsson.org>

        * README-alpha: Mention datefudge.

2010-03-17  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs1-padding/pkcs1-pad: Skip test if datefudge is not
        available.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_priority.c: INITIAL_SAFE_RENEGOTIATION implies
        SAFE_RENEGOTIATION.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/gnutls.h.in: Added missing prototype.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/safe-renegotiation/testsrn: made SAFE_RENEGOTIATION flags
        explicit.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c, src/certtool.c: gnutls_x509_crt_verify() and
        gnutls_x509_crt_list_verify() behave identically.  That means that
        gnutls_x509_crt_verify() will now check dates as well.  Certool --verify-chain will use the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
        flag to gnutls_x509_crt_verify() to force verification even if
        certificates are the same.  The only exception is at the final
        certificate (self-checking) where the extra flag
        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is specified to allow for v1 CA
        certificates.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/common.c: Handle dates before 1-1-1970 (handle as being
        equal to 1-1-1970).

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/pkcs1-padding/pkcs1-pad: Fail if required programs are not
        found.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
        lib/ext_safe_renegotiation.c, lib/gnutls_priority.c,
        lib/gnutls_record.c: Safe renegotiation is not enabled by default in
        client side.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1, lib/gnutls_priority.c: better
        documentation for %INITIAL_SAFE_RENEGOTIATION

2010-03-15  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2010-03-15  Simon Josefsson <simon@josefsson.org>

        * tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs: 
        Rewrite tests/openpgp-certs/testselfsigs portably for Solaris.  Fix
        EXTRA_DIST.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/safe-renegotiation/testsrn: localhost -> 127.0.0.1 to work
        in places where localhost does not resolve.

2010-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: Extended time
        verification to trusted certificate list as well. Introduced the
        flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the
        trusted certificate list verification.

2010-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/tests.c, src/tests.h, src/tls_test.c: Added tests for safe
        renegotiation. Removed old tests for obsolete features (lzo) and
        tests that were not actually working (srp).

2010-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
        lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in,
        tests/safe-renegotiation/testsrn: Extension generation in SSL 3.0
        (as a reply to SCSV) is not using common code with normal extension
        generation. Solve issue reported by Tomas Mraz that caused SSL 3.0
        renegotiation fail.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: Removed artificial constrained that prevented
        end-user certificates, being added to the trusted list, treated as
        trusted. Suggestion and patch by Tomas Mraz.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1: Documented that
        initial_safe_renegotiation is the default.

2010-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/serv.c: gnutls-serv will terminate connection on rehandshake
        errors.

2010-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
        lib/includes/gnutls/gnutls.h.in: Avoid sending alerts during
        handshake. Alerts might be interrupted and return a non-fatal error
        which will propagate and in many cases it shouldn't.  Avoid sending no renegotiation alert when a client connects to an
        unsafe server. Thanks to Tomas Hoger for the report.

2010-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: On handshake error send appropriate alert and terminate
        stream.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * doc/reference/gnutls-docs.sgml: Add id's to chapters.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Update.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * lib/po/zh_CN.po: Remove.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Fix -lrt usage.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * src/benchmark.c: Use gnulib gettime module.  Indent.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * lib/po/zh_CN.po: Add.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * lib/gl/netdb.in.h: Update gnulib files.

2010-02-18  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/gettime.c, gl/gettimeofday.c,
        gl/m4/clock_time.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-comp.m4, gl/m4/timespec.m4, gl/netdb.in.h,
        gl/tests/Makefile.am, gl/tests/gettimeofday.c, gl/timespec.h: Update
        gnulib files.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/cryptodev.c: Indent.  Don't include fcntl.h and sys/ioctl.h on
        (for example) Windows.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/testsrn: Fix objdir != srcdir.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * tests/safe-renegotiation/testsrn: Drop bashism.  Make it work on
        Windows.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml,
        lib/ext_safe_renegotiation.c, lib/ext_signature.c,
        lib/gnutls_supplemental.c: More GTK-DOC fixes.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_db.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/openpgp/gnutls_openpgp.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Fix enum doc.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: More enum docs.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/crypto.h: More enum documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * libextra/gnutls_ia.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/x509.h: More enum documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * libextra/includes/gnutls/extra.h: Document more.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/openpgp.h: Document more.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/pkcs12.h: Document enum.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: More enum.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Fix typo.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: More GTK-DOC documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Improve GTK-DOC coverage.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/crypto.h: Fix comments, for GTK-DOC.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Ignore more headers.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crl.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/crypto.h: Fix for GTK-DOC parse breakage.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Ignore gnutlsxx.h too, GTK-DOC doesn't
        handle C++.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Need crypto.h too.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Improve header ignores.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/errors.c,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/structure.c: Upgrade to libtasn1 2.5 snapshot, for
        GTK-DOC comments.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/openpgp.h: Another GTK-DOC fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c,
        lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
        lib/ext_signature.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
        lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
        lib/gnutls_cert.c, lib/gnutls_compress.c, lib/gnutls_db.c,
        lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
        lib/gnutls_extensions.c, lib/gnutls_global.c,
        lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_priority.c,
        lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
        lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_srp.c,
        lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
        lib/gnutls_x509.c, lib/includes/gnutls/crypto.h,
        lib/opencdk/stream.c, lib/openpgp/compat.c, lib/openpgp/extras.c,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
        lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
        lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
        lib/x509/crq.c, lib/x509/dn.c, lib/x509/output.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
        lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_write.c, lib/x509_b64.c, libextra/gnutls_extra.c,
        libextra/gnutls_ia.c, libextra/openssl_compat.c: Fix GTK-DOC syntax.
        Unfortunately this looses some information.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/auth_srp_sb64.c, lib/crypto-api.c,
        lib/ext_safe_renegotiation.c, lib/gnutls_anon_cred.c,
        lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_db.c,
        lib/gnutls_dh.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
        lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
        lib/gnutls_session.c, lib/gnutls_srp.c, lib/gnutls_state.c,
        lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
        lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
        libextra/openssl_compat.c: Align indentation of GTK-DOC comments.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * lib/po/vi.po.in: Sync with TP.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * doc/examples/Makefile.am: Silence gnulib warning about fseek.

2010-02-17  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh, build-aux/gnupload, gl/Makefile.am,
        gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gettimeofday.m4,
        gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/sys_time_h.m4,
        gl/netdb.in.h, gl/stdio.in.h, gl/sys_time.in.h,
        gl/tests/test-getdelim.c, gl/tests/test-getline.c,
        gl/tests/test-gettimeofday.c, lib/gl/Makefile.am,
        lib/gl/m4/stdio_h.m4, lib/gl/netdb.in.h, lib/gl/stdio.in.h,
        maint.mk: Update gnulib files.

2010-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_session_pack.c: Corrected calculation of session data
        for PSK ciphersuites. Solves issue #107256 reported by Wolfgang
        Glas.

2010-02-03  Simon Josefsson <simon@josefsson.org>

        * doc/ANNOUNCE: Add announcement message.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS, lib/po/cs.po.in, lib/po/de.po.in,
        lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
        lib/po/sv.po.in, lib/po/zh_CN.po.in: Sync with TP.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload, doc/gendocs_template,
        gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
        gl/tests/test-read-file.c, gl/tests/test-sockets.c,
        lib/gl/tests/test-memchr.c, lib/gl/tests/test-read-file.c,
        lib/gl/tests/test-sockets.c: Update gnulib files.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Add.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/errors.c,
        lib/minitasn1/gstr.c, lib/minitasn1/int.h,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/structure.c: Use libtasn1 v2.4.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls.pc.in: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * .clcopying: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * tests/key-id/README, tests/libgcrypt.supp,
        tests/rsa-md5-collision/Makefile.am,
        tests/rsa-md5-collision/README, tests/rsa-md5-collision/mbox,
        tests/userid/userid.pem: License fix.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * ChangeLog, cfg.mk, configure.ac, doc/Makefile.am,
        doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
        doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
        doc/gendocs_template, doc/manpages/Makefile.am, doc/printlist.c,
        gl/gnulib.mk, gl/m4/onceonly_2_57.m4, gl/tests/gnulib.mk,
        guile/Makefile.am, guile/modules/Makefile.am,
        guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
        guile/modules/gnutls/build/priorities.scm,
        guile/modules/gnutls/build/smobs.scm,
        guile/modules/gnutls/build/utils.scm,
        guile/modules/gnutls/extra.scm,
        guile/modules/system/documentation/c-snarf.scm,
        guile/modules/system/documentation/output.scm,
        guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
        guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
        guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
        guile/src/make-session-priorities.scm,
        guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
        guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
        guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
        guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
        guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
        guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
        guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
        lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
        lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
        lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
        lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
        lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
        lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
        lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
        lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
        lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
        lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
        lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_server_name.h, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
        lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
        lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
        lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
        lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
        lib/gnutls_compress.h, lib/gnutls_constate.c,
        lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
        lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
        lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
        lib/gnutls_extensions.c, lib/gnutls_extensions.h,
        lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
        lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
        lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
        lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
        lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
        lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
        lib/gnutls_session.c, lib/gnutls_session_pack.c,
        lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
        lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
        lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
        lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
        lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
        lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
        lib/m4/hooks.m4, lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
        lib/minitasn1/gstr.c, lib/minitasn1/int.h,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
        lib/opencdk/Makefile.am, lib/opencdk/armor.c,
        lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
        lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
        lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
        lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
        lib/opencdk/packet.h, lib/opencdk/pubkey.c,
        lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c,
        lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
        lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
        lib/openpgp/compat.c, lib/openpgp/extras.c,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
        lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
        lib/pk-libgcrypt.c, lib/po/cs.po.in, lib/po/de.po.in,
        lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
        lib/po/sv.po.in, lib/random.c, lib/random.h, lib/rnd-libgcrypt.c,
        lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
        lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
        lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
        lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
        lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
        lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
        lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
        lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
        libextra/configure.ac, libextra/ext_inner_application.c,
        libextra/ext_inner_application.h, libextra/fipsmd5.c,
        libextra/gl/Makefile.am, libextra/gnutls-extra.pc.in,
        libextra/gnutls_extra.c, libextra/gnutls_ia.c,
        libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
        libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
        libextra/m4/hooks.m4, libextra/openssl_compat.c,
        libextra/openssl_compat.h, m4/guile.m4, m4/valgrind.m4,
        src/Makefile.am, src/common.c, src/serv.c, tests/Makefile.am,
        tests/anonself.c, tests/certder.c,
        tests/certificate_set_x509_crl.c, tests/chainverify.c,
        tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
        tests/cve-2008-4989.c, tests/cve-2009-1415.c,
        tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
        tests/finished.c, tests/gc.c, tests/hostname-check.c,
        tests/init_roundtrip.c, tests/key-id/Makefile.am,
        tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
        tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
        tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
        tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
        tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
        tests/openpgp-certs/Makefile.am, tests/openpgp-keyring.c,
        tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
        tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
        tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
        tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
        tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
        tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
        tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
        tests/rsa-md5-collision/Makefile.am,
        tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
        tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
        tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
        tests/userid/userid, tests/utils.c, tests/utils.h,
        tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
        tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
        Update copyright years.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * Makefile.am: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * README: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * README-alpha: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/cli.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/crypt.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/tls_test.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/tests.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/psk.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/prime.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/certtool-cfg.c: Fix copyright/license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * src/benchmark.c: Indent and fix copyright notices.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload, gl/tests/test-gettimeofday.c,
        gl/tests/test-memchr.c, gl/tests/test-read-file.c,
        gl/tests/test-sockets.c, lib/gl/tests/test-memchr.c,
        lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c: Update
        gnulib files.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * ChangeLog, ChangeLog.1, THANKS, build-aux/gnupload, cfg.mk,
        doc/Makefile.am, doc/credentials/Makefile.am,
        doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
        doc/extract-guile-c-doc.scm, doc/manpages/Makefile.am,
        doc/printlist.c, gl/tests/test-gettimeofday.c,
        gl/tests/test-memchr.c, gl/tests/test-read-file.c,
        gl/tests/test-sockets.c, guile/Makefile.am,
        guile/modules/Makefile.am, guile/modules/gnutls.scm,
        guile/modules/gnutls/build/enums.scm,
        guile/modules/gnutls/build/priorities.scm,
        guile/modules/gnutls/build/smobs.scm,
        guile/modules/gnutls/build/utils.scm,
        guile/modules/gnutls/extra.scm,
        guile/modules/system/documentation/c-snarf.scm,
        guile/modules/system/documentation/output.scm,
        guile/pre-inst-guile.in, guile/src/errors.h,
        guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
        guile/src/make-session-priorities.scm,
        guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
        guile/src/utils.h, guile/tests/anonymous-auth.scm,
        guile/tests/errors.scm, guile/tests/openpgp-auth.scm,
        guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
        guile/tests/pkcs-import-export.scm,
        guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
        guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
        lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
        lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
        lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
        lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
        lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
        lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
        lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/crypto-api.c,
        lib/crypto.c, lib/crypto.h, lib/cryptodev.c, lib/debug.c,
        lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
        lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
        lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
        lib/ext_server_name.h, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
        lib/ext_srp.c, lib/ext_srp.h, lib/gl/tests/test-memchr.c,
        lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c,
        lib/gnutls_alert.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
        lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
        lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
        lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
        lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
        lib/gnutls_compress.h, lib/gnutls_constate.c,
        lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
        lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
        lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
        lib/gnutls_extensions.c, lib/gnutls_extensions.h,
        lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
        lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
        lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
        lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
        lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
        lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
        lib/gnutls_session.c, lib/gnutls_session_pack.c,
        lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
        lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
        lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
        lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
        lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
        lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
        lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
        lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
        lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/gstr.c,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
        lib/opencdk/Makefile.am, lib/opencdk/hash.c,
        lib/openpgp/Makefile.am, lib/openpgp/compat.c,
        lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
        lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
        lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
        lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
        lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
        lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
        lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
        lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
        lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
        libextra/ext_inner_application.c, libextra/ext_inner_application.h,
        libextra/fipsmd5.c, libextra/gl/Makefile.am,
        libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
        libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
        libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
        libextra/openssl_compat.c, libextra/openssl_compat.h,
        src/Makefile.am, src/benchmark.c, src/certtool-cfg.c,
        src/certtool.c, src/common.c, src/crypt.c, src/prime.c, src/psk.c,
        src/serv.c, src/tests.c, src/tls_test.c, tests/Makefile.am,
        tests/anonself.c, tests/certder.c, tests/chainverify.c,
        tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
        tests/cve-2008-4989.c, tests/cve-2009-1415.c,
        tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
        tests/finished.c, tests/gc.c, tests/hostname-check.c,
        tests/init_roundtrip.c, tests/key-id/Makefile.am,
        tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
        tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
        tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
        tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
        tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
        tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
        tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
        tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
        tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
        tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
        tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
        tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
        tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
        tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
        tests/rsa-md5-collision/Makefile.am,
        tests/rsa-md5-collision/rsa-md5-collision,
        tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
        tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
        tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
        tests/userid/userid, tests/utils.c, tests/utils.h,
        tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
        tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: Fix
        FSF copyright notices.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * THANKS, doc/gnutls.texi: doc: Fix pkg-config recommendation.  Reported by Claudio Saavedra <csaavedra@igalia.com> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4095>.

2010-01-27  Simon Josefsson <simon@josefsson.org>

        * NEWS, THANKS, src/cli.c: gnutls-cli: Handle reading binary data
        from server.  Reported by and tiny patch from Vitaly Mayatskikh
        <v.mayatskih@gmail.com> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * build-aux/update-copyright, gl/Makefile.am,
        gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
        gl/tests/test-update-copyright.sh: Update gnulib files.

2010-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
        tests/safe-renegotiation/testsrn: Added copyright notices!

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/manpages/Makefile.am: Generated.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Improve.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Ignore more.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * .gitignore, lib/gl/m4/warn-on-use.m4: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * gl/m4/warn-on-use.m4, lib/build-aux/arg-nonnull.h,
        lib/build-aux/warn-on-use.h: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Fix.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * lib/gl/tests/macros.h, lib/gl/tests/signature.h: Update gnulib
        files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Fix

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * gl/tests/macros.h, gl/tests/signature.h,
        gl/tests/test-sys_ioctl.c: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

        * GNUmakefile, build-aux/arg-nonnull.h, build-aux/config.rpath,
        build-aux/gendocs.sh, build-aux/gnupload, build-aux/link-warning.h,
        build-aux/pmccabe2html, build-aux/useless-if-before-free,
        build-aux/vc-list-files, build-aux/warn-on-use.h, gl/Makefile.am,
        gl/accept.c, gl/alignof.h, gl/alloca.c, gl/alloca.in.h,
        gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c, gl/c-ctype.c,
        gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h, gl/close.c,
        gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fclose.c,
        gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/gai_strerror.c,
        gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c,
        gl/getpass.h, gl/gettext.h, gl/inet_ntop.c, gl/inet_pton.c,
        gl/intprops.h, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
        gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/autobuild.m4,
        gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
        gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/float_h.m4,
        gl/m4/fseeko.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
        gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gettimeofday.m4,
        gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
        gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
        gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
        gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4,
        gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
        gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
        gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
        gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
        gl/m4/perror.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
        gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
        gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
        gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
        gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
        gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
        gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
        gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
        gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
        gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
        gl/m4/version-etc.m4, gl/m4/warnings.m4, gl/m4/wchar.m4,
        gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/memchr.c,
        gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
        gl/override/lib/gettext.h.diff, gl/perror.c, gl/printf-args.c,
        gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
        gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
        gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
        gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
        gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
        gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
        gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
        gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
        gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
        gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/gettimeofday.c,
        gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h, gl/tests/test-alignof.c,
        gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
        gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
        gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
        gl/tests/test-getdelim.c, gl/tests/test-getline.c,
        gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
        gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
        gl/tests/test-memchr.c, gl/tests/test-netdb.c,
        gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
        gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
        gl/tests/test-select-stdin.c, gl/tests/test-select.c,
        gl/tests/test-snprintf.c, gl/tests/test-stdbool.c,
        gl/tests/test-stddef.c, gl/tests/test-stdint.c,
        gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
        gl/tests/test-strerror.c, gl/tests/test-string.c,
        gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
        gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
        gl/tests/test-time.c, gl/tests/test-unistd.c,
        gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
        gl/tests/test-vc-list-files-git.sh, gl/tests/test-version-etc.c,
        gl/tests/test-version-etc.sh, gl/tests/test-wchar.c,
        gl/tests/verify.h, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
        gl/time.in.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h,
        gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
        gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
        lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
        lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
        lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
        lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
        lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
        lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
        lib/gl/lseek.c, lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
        lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
        lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
        lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
        lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
        lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
        lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
        lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
        lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
        lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
        lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
        lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
        lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
        lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
        lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
        lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
        lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
        lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
        lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
        lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
        lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
        lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
        lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
        lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
        lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
        lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
        lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
        lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memmem.c,
        lib/gl/minmax.h, lib/gl/netdb.in.h,
        lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
        lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
        lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
        lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
        lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
        lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
        lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
        lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
        lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
        lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/dummy.c, lib/gl/tests/intprops.h,
        lib/gl/tests/test-alloca-opt.c, lib/gl/tests/test-byteswap.c,
        lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
        lib/gl/tests/test-fseeko.c, lib/gl/tests/test-func.c,
        lib/gl/tests/test-memchr.c, lib/gl/tests/test-netdb.c,
        lib/gl/tests/test-read-file.c, lib/gl/tests/test-snprintf.c,
        lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
        lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
        lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
        lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
        lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
        lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
        lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
        lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
        lib/gl/tests/verify.h, lib/gl/tests/zerosize-ptr.h,
        lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
        lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
        lib/gl/vsnprintf.c, lib/gl/w32sock.h, lib/gl/wchar.in.h,
        lib/gl/xsize.h, libextra/build-aux/config.rpath,
        libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
        libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
        libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
        libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
        libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
        libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
        libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
        libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
        maint.mk: Update gnulib files.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented addition of new priority strings.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented Steve Dispensa's patch addition.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/safe-renegotiation/testsrn: Added tests for new behaviour of
        client.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Revert "Always allow initial negotiation.
        Disable subsequent unsafe renegotiations." This reverts commit
        1e4981cfbec360a19cfb7470ce96093aaa95b32e.  Ah, this was to twart the attack (description by Daniel Kahn
        Gilmor): The problem, as i understand it, is that the client is
        incapable of telling whether the plaintext prefix injection attack
        has already happened.  I don't think disabling renegotiation for the
        session resolves the problem.  For a server which does not announce and enforce safe renegotiation,
        what the client sees as an initial connection may unknowingly
        actually be renegotiating an existing session that was started by an
        attacker.  The concern isn't that the (legitimate) client will have their
        session re-negotiated by an attacker; it's that the MITM attacker
        can trick the server into viewing the client's initial
        authentication as a re-negotiation of a TLS session already
        underway.  for servers which do odd things like apply the credentials of the
        post-renegotiation client to the traffic that happened before the
        renegotiation (e.g. HTTPS, with client-side certificates required
        only for certain subdirectories), a safe-renegotiation-aware client
        *should* refuse to connect to servers which do not announce safe
        renegotiation if they want to resist this attack.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac: Added safe-renegotiation subdir.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
        lib/gnutls_int.h, lib/gnutls_priority.c, tests/Makefile.am,
        tests/safe-renegotiation/Makefile.am,
        tests/safe-renegotiation/params.dh,
        tests/safe-renegotiation/testsrn: Added safe renegotiation test
        cases. Added priority string option to completely disable
        renegotiation to assist in testing more cases.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
        --rehandshake option to gnutls-cli to allow connection and immediate
        rehandshake.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c: More carefull copying of data. Check
        for the malicious case where a server does initial unsafe
        negotiation and proceeds with a safe renegotiation.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Always allow initial negotiation. Disable
        subsequent unsafe renegotiations.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
        lib/gnutls_int.h, lib/gnutls_state.c: Safe renegotiation variable
        cleanup. No longer clear variables that should stay across
        rehandshakes.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c, lib/gnutls_cipher_int.c: Documented the
        crypto-api functions and made the API tolerant to NULL IV.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Added documentation of rehandshake usage
        in gnutls if full-duplex capability is required.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c: Reduced asserts to reduce unneeded
        printings.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c, src/serv.c: Removed rehandshake initiation capability
        from client and transferred it to the echo server. Once the server
        receives a string **REHANDSHAKE** will request a rehandshake.

2010-01-19  Steve Dispensa <dispensa@phonefactor.com>

        * lib/gnutls_handshake.c: Here is another patch that fixes an
        interoperability problem with safe renegotiation and resumption. In
        copying forward the safe renegotiation state across resumptions, I
        got a little carried away and copied too much data (new connections
        should start with empty RI data).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_oprfi.c, lib/ext_session_ticket.c, lib/gnutls_constate.c,
        lib/gnutls_handshake.c, lib/gnutls_int.h: Modified extensions
        (session ticket, oprfi) to store internal data in gnutls internal
        structure and input data only in the security_parameters extension
        structure.  Session ticket extension will call the user supplied hello function
        on resumption.  (the current API to handle that is inexistant. To be revised)

2010-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_session_ticket.c, lib/gnutls_constate.c,
        lib/gnutls_int.h, lib/gnutls_session_pack.c: Further cleanup the
        extension internal structure. Now if values are not saved and
        restored when resumming they will be initialized to zero.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
        tests/cve-2008-4989.c, tests/dn2.c, tests/finished.c, tests/mini.c,
        tests/pkcs12_s2k_pem.c, tests/tlsia.c, tests/x509sign-verify.c: 
        Tests compile with --enable-gcc-warnings.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.h, lib/gnutls_constate.c,
        lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_state.c, tests/resume.c, tests/simple.c: Specify in
        detail what to be copied when resuming. It seems there are
        extensions (like safe renegotiation) that do not need to read the
        stored values. Moreover this might overcome any bugs by the
        extensions that used to store pointers in the extension structure.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c: Initialize the default value to 0.
        It seemed to have default value of 0 when non resuming :)

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-client-tlsia.c, tests/utils.c: Removed warnings.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac: Added -Wno-int-to-pointer-cast to enable compilation
        when enable-gcc-warnings is given.

2010-01-13  Steve Dispensa <dispensa@phonefactor.com>

        * lib/gnutls_handshake.c: Here are two more patches. The first adds
        support for renegotiation of resumption.  Also, I found a bug in my initial implementation - I was incorrectly
        sending the SCSV on all connections, not only those using SSLv3, as
        should have been the case.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: 
        Documentation updates.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: When denying an initial negotiation due to
        missing safe renegotiation extension reply with NO_RENEGOTIATION
        alert.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_extensions.c, lib/gnutls_handshake.c,
        lib/includes/gnutls/gnutls.h.in, tests/resume.c: When resuming no
        extensions were parsed thus the safe renegotiation extension was
        ignored as well causing a false detection of unsafe session.
        Corrected by making a special class of extensions called RESUMED.
        Those are parsed even when resuming (normally we don't do it to
        prevent clients overwriting capabilities and credentials).

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
        lib/gnutls_alert.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_extensions.c,
        lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in: Added Steve
        Dispensa's patch for safe renegotiation (with artistic changes).
        Effectively reverted my previous patch
        1a338cbaaeec11d958de8da4d1ae036979fccf3e.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: Updated thanks file.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/opencdk/sig-check.c, src/certtool.c,
        tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs: 
        When checking self signature also check the signatures of all
        subkeys.  Ilari Liusvaara noticed and reported the issue and
        provided test vectors as well.  certtool --pgp-certificate-info will check self signatures.  Added self tests for self-sigs.

2010-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/gc.c: hash_fast -> hmac_fast

2010-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
        lib/Makefile.am, lib/ext_safe_renegotiation.c,
        lib/ext_safe_renegotiation.h, lib/gnutls_errors.c,
        lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, src/cli.c,
        src/serv.c: Added safe renegotiation patch from Steve Dispensa,
        modified to suit gnutls code style and error checking. Modified to
        conform to draft-ietf-tls-renegotiation-03.txt.  gnutls-cli will search input for **RENEGOTIATION** to perform a
        renegotiation and gnutls-serv will perform one if requested.

2010-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/mpi.c: Corrections for --disable-extra-pki configure flag
        to work. Patch by Bill Randle.

2010-01-04  Andreas Metzler <ametzler@downhill.at.eu.org>

        * ChangeLog, doc/certtool.cfg, doc/gnutls.texi, lib/gnutls_auth.c,
        lib/gnutls_priority.c, lib/gnutls_session.c, lib/openpgp/pgp.c,
        lib/openpgp/privkey.c: Typo fixes: successful, precedence, preferred

2009-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c: define EALG_MAX_BLOCK_LEN if not there.

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * libextra/fipsmd5.c: use C99 initializations

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/Makefile.am, lib/compat.c, lib/crypto-api.c,
        lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
        lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, libextra/fipsmd5.c, src/benchmark.c: Reverted all
        previous changes to combine hashes with MAC algorithms.  It is now
        permissible to register a hash algorithm separately from a MAC.

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
        lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
        lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
        lib/gnutls_constate.c, lib/gnutls_constate.h,
        lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
        lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
        lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
        lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
        lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
        lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
        lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c: 
        Revert "Merged the two internal hash API functions, to simplify and
        reduce code." This reverts commit bc3e43d5f121e404aa32212dcfcc5027de807056.  Conflicts:         lib/crypto.c    lib/gnutls_cipher.c     lib/gnutls_hash_int.c   lib/gnutls_hash_int.h   lib/includes/gnutls/crypto.h    lib/mac-libgcrypt.c

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
        lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Revert
        "Added plain MD5 hash check and corrected gnutls_hash_fast() usage
        in openssl.c" This reverts commit 54486afbfcf3398846d5c20d3094bdb7d0a43ff2.

2009-12-04  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-x509-info.c: Improve example of printing cert
        info.

2009-12-04  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Typo fix.  Reported by Laurence <lfinsto@gwdg.de> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4036>.

2009-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/compat.c, lib/gnutls_algorithms.h: fixes for compilation.

2009-12-03  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cert.c: Check return value from
        gnutls_x509_crt_get_key_usage.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, tests/pathlen/ca-no-pathlen.pem,
        tests/pathlen/no-ca-or-pathlen.pem: This is a follow-up to commit
        3d8da5765133c6ced37bf29b5a07f950b8c26cd7, that fixes some issues
        with DSA and RSA certificate encoding. Due to that the shown public
        key IDs are different than the ones in previous gnutls versions.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_cipher.c: reduced calls to gnutls_hash on
        encryption/decryption. Only initialize MAC when needed.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
        lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Added
        plain MD5 hash check and corrected gnutls_hash_fast() usage in
        openssl.c Corrected new hash API bug that prevented usage of plain
        hash functions.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/gnutls.texi, lib/Makefile.am, lib/compat.c,
        lib/crypto.c, lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
        lib/includes/gnutls/crypto.h, lib/libgnutls.map,
        lib/opencdk/read-packet.c, lib/x509/privkey_pkcs8.c,
        src/benchmark.c, tests/gc.c: Exported gnutls_cipher_get_block_size()
        and all hash functions added to libgnutls.map.  Expanded benchmark
        with 3DES and ARCFOUR. Corrected test that used non-existing symbol.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/m4/hooks.m4: Corrected check for cryptodev. Only enable it if
        --enable-cryptodev is specified.

2009-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/mac-libgcrypt.c, lib/x509/mpi.c: 
        Corrected compilation issues.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * configure.ac, lib/m4/hooks.m4: Moved cryptodev check to
        lib/m4/hooks.m4 and now --enable-cryptodev actually works.

2009-11-30  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_x509.c: Doc fix.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c: corrected old type.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/cryptodev.c: Only include cryptodev.h if cryptodev is there.

2009-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
        lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
        lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
        lib/gnutls_constate.c, lib/gnutls_constate.h,
        lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
        lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
        lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
        lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
        lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
        lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
        lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
        lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
        lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c: 
        Merged the two internal hash API functions, to simplify and reduce
        code.  gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.

2009-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore, configure.ac, lib/Makefile.am, lib/crypto-api.c,
        lib/crypto.c, lib/cryptodev.c, lib/gnutls_cipher_int.c,
        lib/gnutls_cryptodev.h, lib/gnutls_errors.c, lib/gnutls_global.c,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
        lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
        lib/libgnutls.map, src/Makefile.am, src/benchmark.c: Added cryptodev
        support (/dev/crypto). Tested with
        http://www.logix.cz/michal/devel/cryptodev/.  Added benchmark
        utility for AES. Exported API to access encryption algorithms.

2009-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented certtool's certificate request generation fix.

2009-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/mpi.c: Corrected two issues that affected certificate
        request generation.  1. Null padding is added on integers (found thanks to Wilankar
        Trupti <trupti.wilankar@hp.com>) 2. In optional SignatureAlgorithm parameters field for DSA keys the
        DSA parameters were added. Those were rejected by verisign. Gnutls
        no longer adds those parameters there since other implementations
        don't do either and having them does not seem to offer anything
        (anyway you need the signer's certificate to verify thus public key
        will be available).

2009-11-27  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am, tests/key-id/key-id,
        tests/nist-pkits/gnutls_test_entry, tests/x509paths/chain: More
        fixes of grep -q problem.

2009-11-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
        src/certtool.gaa: Allow exporting of Certificate requests to DER
        format.  Added option --no-crq-extensions to avoid adding extensions
        to a request.

2009-11-23  Simon Josefsson <simon@josefsson.org>

        * tests/rfc2253-escape-test: Don't use 'grep -q', to fix portability
        to OpenSolaris.  Reported by "Dr. David Kirkby" <david.kirkby@onetel.net> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3993>.

2009-11-16  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-11-15  Simon Josefsson <simon@josefsson.org>

        * doc/guile.texi: Doc fix.

2009-11-15  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/intprops.h, gl/m4/sys_stat_h.m4,
        gl/m4/unistd_h.m4, gl/sys_stat.in.h, gl/unistd.in.h,
        gl/version-etc.c, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
        lib/gl/m4/unistd_h.m4, lib/gl/sys_stat.in.h,
        lib/gl/tests/intprops.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
        files.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.9.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * build-aux/pmccabe2html, gl/Makefile.am, gl/getpagesize.c,
        gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4, gl/tests/test-fseeko.c,
        lib/gl/Makefile.am, lib/gl/getpagesize.c, lib/gl/m4/getpagesize.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/tests/test-fseeko.c: Update gnulib
        files.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c: Cleanup header inclusion.

2009-11-09  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_algorithms.c: More dead code removed. Based on
        suggestions by Steve Grubb and Tomaz Mraz

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * configure.ac, m4/valgrind.m4: Fix --disable-valgrind-tests.

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * gl/tests/Makefile.am: Update gnulib files.

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, maint.mk: Update
        gnulib files.

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Link to libgcrypt explicitly when libgcrypt
        functions are used.

2009-11-06  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c, src/serv.c: Fix libgcrypt usage.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Simplified code which was based on older
        version of internal structures.  Based on observations by Steve
        Grubb and Tomas Mraz.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Corrected bug fix author.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented previous commit.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_sig.c,
        libextra/gnutls_openssl.c, src/certtool.c, src/cfg/cfg+.c,
        src/cfg/platon/str/strdyn.c, src/serv.c: Cleanups and several bug
        fixes found by Tomas Mraz.  "I've patched the following problems in the code found by review of
        gnutls-2.8.5 code done by Steve Grubb.  See the patch attached.  The gnutls_constate.c bug might be potentially serious so I've
        decided to mail it to you directly, not to the public mailing list.  The auth_cert.c change is just cleanup of the code.  In gnutls_openssl.c I've just fixed the potential crasher, correct
        fix would require using asprintf or precomputed length of the buffer
        to allocate a memory.  The certtool.c change is again just a cleanup."

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.8.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/gl/tests/test-func.c: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
        gl/tests/Makefile.am, gl/tests/test-inet_ntop.c,
        gl/tests/test-inet_pton.c, gl/tests/test-sys_socket.c,
        lib/gl/tests/test-func.c, lib/gl/tests/test-sys_socket.c,
        libextra/gl/md5.c: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4: Make sure libgcrypt's dependency on libgpg-error
        is known.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
        doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
        doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
        doc/examples/ex-serv1.c, guile/src/core.c, lib/auth_cert.c,
        lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp.c,
        lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_cert_type.c,
        lib/ext_server_name.c, lib/ext_session_ticket.c,
        lib/ext_signature.c, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
        lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
        lib/gnutls_extensions.c, lib/gnutls_handshake.c,
        lib/gnutls_hash_int.c, lib/gnutls_mpi.c, lib/gnutls_priority.c,
        lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
        lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_str.c,
        lib/gnutls_supplemental.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
        lib/minitasn1/decoding.c, lib/opencdk/armor.c, lib/opencdk/keydb.c,
        lib/opencdk/literal.c, lib/opencdk/misc.c,
        lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c,
        lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/output.c, lib/openpgp/pgp.c, lib/x509/crq.c,
        lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
        lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509_write.c,
        libextra/gl/md5.c, libextra/gnutls_openssl.c, src/certtool-cfg.c,
        src/cli.c, src/common.c, src/crypt.c, src/psk.c, src/serv.c,
        tests/anonself.c, tests/chainverify.c, tests/crq_apis.c,
        tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/dhepskself.c,
        tests/dn2.c, tests/finished.c, tests/hostname-check.c,
        tests/mini-eagain.c, tests/mini.c, tests/nul-in-x509-names.c,
        tests/openpgpself.c, tests/oprfi.c, tests/pkcs12_encode.c,
        tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
        tests/resume.c, tests/tlsia.c, tests/x509_altname.c,
        tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c,
        tests/x509signself.c: Indent code.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-cert-select.c, src/cli.c: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/manpages/Makefile.am, lib/ext_signature.c,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Fix NEWS blurb.
        Shorten new API name.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/ext_signature.c: Doc fix, add Since tag.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/ext_signature.c: Indent code.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4: Fix compile error.  Tiny patch by Brad Hards <bradh@frogmouth.net> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3943>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/ext_signature.c: Fix compile errors.  Tiny patch from Brad Hards <bradh@frogmouth.net> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3942>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/auth_cert.c: Fix compile errors.  Tiny patch from Brad Hards <bradh@frogmouth.net> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3941>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/stdlib_h.m4, gl/stdlib.in.h,
        gl/tests/test-getaddrinfo.c, lib/gl/Makefile.am,
        lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-11-05  Simon Josefsson <simon@josefsson.org>

        * lib/po/vi.po.in: Sync with TP.

2009-11-03  Simon Josefsson <simon@josefsson.org>

        * doc/examples/Makefile.am, src/Makefile.am, tests/Makefile.am: Use
        INET_NTOP_LIB and INET_PTON_LIB.

2009-11-03  Simon Josefsson <simon@josefsson.org>

        * build-aux/pmccabe2html, build-aux/useless-if-before-free,
        gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
        gl/m4/inet_pton.m4, gl/m4/pmccabe2html.m4, gl/m4/ungetc.m4,
        gl/sockets.c, gl/stdio.in.h, gl/sys_stat.in.h,
        gl/tests/test-arpa_inet.c, gl/tests/test-getaddrinfo.c,
        gl/tests/test-getdelim.c, gl/tests/test-getline.c,
        gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
        gl/tests/test-netinet_in.c, gl/tests/test-select-stdin.c,
        gl/tests/test-select.c, gl/tests/test-sockets.c,
        gl/tests/test-stddef.c, gl/tests/test-stdint.c,
        gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
        gl/tests/test-strerror.c, gl/tests/test-string.c,
        gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
        gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
        gl/tests/test-time.c, gl/tests/test-unistd.c,
        gl/tests/test-version-etc.c, gl/tests/test-wchar.c,
        lib/gl/m4/fseeko.m4, lib/gl/m4/ungetc.m4, lib/gl/sockets.c,
        lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
        lib/gl/tests/test-memchr.c, lib/gl/tests/test-sockets.c,
        lib/gl/tests/test-stddef.c, lib/gl/tests/test-stdint.c,
        lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
        lib/gl/tests/test-string.c, lib/gl/tests/test-strverscmp.c,
        lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
        lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
        lib/gl/tests/test-wchar.c, libextra/gl/md5.c, maint.mk: Update
        gnulib files.

2009-11-02  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-11-02  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix time bomb in chainverify self-test.  Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented change for certificate retrieval callbacks.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * src/cli.c: do not use gnutls_x509_crt_get_signature_algorithm() on
        null certificates.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c: Do not check signature algorithms for certificate
        selection when using openpgp certificates.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/gnutls-cli.1: Avoid code duplication by using all the
        functions defined in gnutls_algorithms to map from TLS 1.2 signature
        algorithm numbers to gnutls signature algorithms.  Added minimal documentation for SIGN-* in gnutls-cli priority
        strings.  Corrected bug in signature algorithm extension generation.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
        lib/ext_signature.h, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_int.h, lib/gnutls_sig.c: Avoid
        code duplication by using all the functions defined in
        gnutls_algorithms to map from TLS 1.2 signature algorithm numbers to
        gnutls signature algorithms.  Added minimal documentation for SIGN-* in gnutls-cli priority
        strings.  Corrected bug in signature algorithm extension generation.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
        lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Rationalized
        function names for signature generation and verification during
        handshake.  _gnutls_tls_sign_hdata ->
        _gnutls_handshake_sign_cert_vrfy _gnutls_verify_sig_hdata ->
        _gnutls_handshake_verify_cert_vrfy _gnutls_tls_sign_params ->
        _gnutls_handshake_sign_data _gnutls_verify_sig_params ->
        _gnutls_handshake_verify_data

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_signature.c: Do not output error if a server replies with
        a SignatureAlgorithms extension.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dn2.c, tests/pathlen/ca-no-pathlen.pem: RSA_SHA -> RSA_SHA1

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: Documented memory leak fix.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, doc/examples/ex-cert-select.c, doc/gnutls.texi,
        lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
        lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_alert.c,
        lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_state.h,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Final
        touch on signature algorithms in TLS 1.2 support. Added function
        gnutls_session_sign_algorithm_get_requested() for callbacks to be
        able to verify they return a correct certificate as well as
        documentation for its usage.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/Makefile.am, lib/auth_cert.c, lib/auth_cert.h,
        lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
        lib/gnutls_errors.c, lib/gnutls_extensions.c,
        lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
        lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
        lib/gnutls_state.h, lib/gnutls_x509.c,
        lib/includes/gnutls/gnutls.h.in, lib/openpgp/gnutls_openpgp.c: 
        Improved TLS 1.2 support. Added support for the SignatureAlgorithm
        extension as well for the SignatureAlgorithm in certificate request.  Limitation for TLS 1.2 clients:  Only SHA1 or SHA256 are supported for generating signatures in
        certificate verify message. That is to avoid storing all handshake
        messages in memory. To be reconsidered in the future.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_global.c: fixes in order to compile with -Werror

2009-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_cert_type.c, lib/gnutls_cipher.c: remove unnessesary
        warning.

2009-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/ext_cert_type.c: correctly check extension size.

2009-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/gnutls_handshake.c: When resuming a session do not
        overwrite the initial session data with resumed session data.
        Discovered on discussion at help-gnutls with Sebastien Decugis.

2009-10-26  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cipher.c, lib/gnutls_handshake.c, src/certtool.c: Fix
        code style so it compiles with gcc 4.4 with warnings.

2009-10-26  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/sys_stat.in.h,
        lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h: 
        Update gnulib files.

2009-10-26  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Drop unknown mini-hfail.

2009-10-26  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-10-25  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_handshake.c: Enable ClientHello to carry arbitrary
        length extension data.

2009-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/pkcs12.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
        lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_int.h,
        src/certtool.c: Added GNUTLS_BAG_SECRET that adds support for
        storing a randomly generated key into a PKCS-12 structure. This is a
        gnutls extension, since PKCS-12 does not specify what should be in
        the secret bag. What we do is store the key as OCTET string and
        specify an OID of the PKCS-9 random nonce.

2009-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/x509/privkey_pkcs8.c: Corrected warnings in picky
        compilers and rearanged code.

2009-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/manpages/certtool.1, lib/cipher-libgcrypt.c,
        lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
        lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
        lib/x509/x509_int.h, src/certtool-gaa.c, src/certtool-gaa.h,
        src/certtool.c, src/certtool.gaa: Added support for the AES family
        of ciphers in the PKCS8 and 12 encryption options.

2009-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: Do not print auto-generated files.

2009-10-23  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-10-23  Simon Josefsson <simon@josefsson.org>

        * lib/gnutlsxx.cpp: Fix forgotten braces.  Reported by Jason Pettiss <jpettiss@yahoo.com>.

2009-10-23  Simon Josefsson <simon@josefsson.org>

        * lib/gnutlsxx.cpp: Indent code.

2009-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
        lib/gnutls_handshake.c, lib/gnutls_handshake.h,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
        lib/gnutls_sig.c, lib/gnutls_state.c: 1. Fix for memory leaks on interrupted handshake.  2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes
        if the server will select a different than 1.2 protocol.  3. In TLS 1.2 when a certificate request is sent, support is not
        complete. In that case abort the handshake. By checking TLS 1.2 it
        seems that the algorithms to be used for the signature in the
        certificate verify message are negotiated not at the client/server
        hello messages but rather selected by the server at the certificate
        request. This might not look as bad, but since in this message we
        have to sign all previous handshake messages, it forces us to keep
        all the handshake messages into a buffer until this point... I don't
        know who proposed this change to the TLS WG, but it seems it wasn't
        really thought of.

2009-10-20  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix expired cert.

2009-10-16  Simon Josefsson <simon@josefsson.org>

        * src/cli.c: Make sure we use libgcrypt correctly.

2009-10-15  Simon Josefsson <simon@josefsson.org>

        * gl/m4/time_h.m4: Update gnulib files.

2009-10-15  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/sys_stat_h.m4,
        gl/sys_stat.in.h, gl/tests/Makefile.am, gl/tests/test-sys_stat.c,
        gl/tests/test-time.c, gl/time.in.h, gl/unistd.in.h,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h,
        lib/gl/tests/test-sys_stat.c, lib/gl/unistd.in.h: Update gnulib
        files.

2009-10-15  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutlsxx.map: Export C++ symbol visibility.  Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * lib/pkix_asn1_tab.c: Regenerate.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs12_encode.c: Fix MAC password.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs12_encode.c: Use better friendly names.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/pkcs12_encode.c: Add self test to test
        PKCS#12 functions.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * lib/pkix.asn: Work around 'Cannot find OID: 1.2.840.113549.1.9.21'
        PKCS#12 problem.  Reported by Michael Welsh Duggan <mwd@cert.org> in
        <http://permalink.gmane.org/gmane.network.gnutls.general/1786>.

2009-10-14  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Mention that sometimes CA certs needs to be
        included in PKCS#12 files.  Reported by Ivars Suba <Ivars.Suba@bank.lv>.

2009-10-07  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: After setting priorities using new API,
        update current TLS version.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.7.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4,
        gl/m4/unistd_h.m4, gl/progname.c, gl/stdio.in.h, gl/unistd.in.h,
        lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/stdio.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
        files.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutlsxx.map: Fix symbol export rules.  Tiny patch by Boyan Kasarov <bkasarov@gmail.com>.

2009-10-06  Simon Josefsson <simon@josefsson.org>

        * lib/gnutlsxx.cpp: Include config.h.  Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

2009-10-01  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_sig.c: Reserve enough room for hash buffers.  This fixes x509self self-test.

2009-09-30  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
        gl/tests/Makefile.am, gl/unistd.in.h, lib/gl/Makefile.am,
        lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/tests/Makefile.am, lib/gl/unistd.in.h: Update gnulib files.

2009-09-30  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-09-30  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: Attempt to negotiate TLS 1.2 by default.

2009-09-30  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-09-30  Simon Josefsson <simon@josefsson.org>

        * lib/auth_cert.c: Fix comment.

2009-09-30  Daiki Ueno <ueno@unixuser.org>

        * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
        lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Fix
        server-side TLS 1.2 support.

2009-09-30  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_sig.c: Calculate DER-encoded DigestInfo on-the-fly
        rather than hard code it.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

        * configure.ac, guile/src/core.c: guile: Adjust for Guile 1.9.3+.  * guile/src/core.c (mark_session_record_port,
          free_session_record_port): Conditionalize on `SCM_MAJOR_VERSION == 1
          && SCM_MINOR_VERSION <= 8'.  (scm_init_gnutls_session_record_port_type): Adjust accordingly.    (make_session_record_port): Use `scm_gc_malloc_pointerless ()'
          when available.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

        * guile/src/core.c: guile: Syntactic nitpicking.  * guile/src/core.c (SCM_GNUTLS_MAKE_SESSION_DATA,   SCM_GNUTLS_SET_SESSION_RECORD_PORT): Remove extraneous semicolon.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

        * guile/src/core.c: guile: Use Guile's malloc routines.  * guile/src/core.c (scm_init_gnutls): Use Guile's malloc routines.

2009-09-23  Simon Josefsson <simon@josefsson.org>

        * lib/ext_server_name.c: Clarify gnutls_server_name_set usage.  Reported by Daniel Black <daniel@cacert.org> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3878>.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

        * guile/src/core.c: Fix integer/pointer cast warnings in the Guile
        bindings on x86_64.  * guile/src/core.c (do_fill_port, fill_session_record_port_input,   scm_gnutls_set_session_transport_fd_x): Make sure pointer/integer
          casts use integers of the right size.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

        * guile/src/extra.c: Update Guile bindings to the current OpenPGP
        API.  * guile/src/extra.c (scm_gnutls_openpgp_certificate_id,   scm_gnutls_openpgp_certificate_id_x): Use   the newer `gnutls_openpgp_crt_get_key_id ()'.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

        * doc/Makefile.am, guile/src/Makefile.am, guile/tests/Makefile.am: 
        Turn off auto-compilation when using Guile 1.9+.  * guile/src/Makefile.am (GUILE_FOR_BUILD): Turn off auto-compilation   with Guile 1.9+.  * guile/tests/Makefile.am (TESTS_ENVIRONMENT): Likewise.  * doc/Makefile.am (GUILE_FOR_BUILD): Likewise.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

        * guile/src/core.c, guile/src/errors.c, guile/src/extra.c,
        guile/src/utils.c, guile/src/utils.h: Fix inclusion of <config.h> in
        Guile bindings.  * guile/src/core.c, guile/src/errors.c, guile/src/extra.c,   guile/src/utils.c: Include <config.h> first, as suggested by Simon   Josefsson.  * guile/src/utils.h: Don't include <config.h>.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * gl/unistd.in.h, lib/gl/unistd.in.h: Update gnulib files.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh: Chmod.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.6.

2009-09-22  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/getdelim.m4, gl/m4/stdio_h.m4,
        gl/m4/stdlib_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
        gl/stdio.in.h, gl/stdlib.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
        lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
        lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
        lib/gl/stdlib.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
        maint.mk: Update gnulib files.

2009-09-13  Brad Hards <bradh@frogmouth.net>

        * lib/x509/x509.c: Add forgotten documentation bits for issuer
        altname Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-11  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
        gl/m4/readline.m4, gl/m4/select.m4, gl/m4/sockets.m4,
        gl/m4/socklen.m4, gl/m4/sockpfaf.m4, lib/gl/m4/sockets.m4,
        lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4, lib/gl/m4/time_r.m4: 
        Update gnulib files.

2009-09-11  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cipher.c: Add debug message.  Tiny patch from Miroslav
        Kratochvil <exa.exa@gmail.com> in
        <http://thread.gmane.org/gmane.network.gnutls.general/1758>.

2009-09-11  Daiki Ueno <ueno@unixuser.org>

        * lib/Makefile.am: Fix out-of-tree build.  Fix out-of-tree build; gnutls.h is generated in the build tree.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/m4/hooks.m4: Enable Camellia by default.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.5.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Bump version.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/stdio_h.m4, gl/m4/string_h.m4,
        gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/stdio.in.h,
        gl/string.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
        lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/string_h.m4,
        lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
        lib/gl/string.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
        maint.mk: Update gnulib files.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Add.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4: Bump library version for new APIs.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c, lib/x509/x509.c: Indent.

2009-09-10  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Move the new ABIs to the GNUTLS_2_10 section.

2009-09-09  Brad Hards <bradh@frogmouth.net>

        * doc/manpages/Makefile.am, lib/includes/gnutls/x509.h,
        lib/libgnutls.map, lib/x509/output.c, lib/x509/x509.c,
        tests/Makefile.am, tests/x509_altname.c: Add X509 Issuer Altname
        functions Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-07  Simon Josefsson <simon@josefsson.org>

        * tests/key-id/key-id: Don't use ! to negate exit status.  Reported
        by "Tom G. Christensen" <tgc@jupiterrise.com> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3861>.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/close.c, gl/inet_ntop.c, gl/inet_pton.c,
        gl/m4/sys_stat_h.m4, gl/sys_stat.in.h, gl/tests/Makefile.am,
        gl/unistd.in.h, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
        lib/gl/sys_stat.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
        files.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/configure.ac, lib/m4/hooks.m4, libextra/configure.ac: 
        Bump versions.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Commit cyclo/ dir too.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.4.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Build when OpenPGP is disabled.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix!

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Typo.

2009-09-03  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Ugly hack for autobuilder.

2009-09-01  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-09-01  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: Use SHA256 as MAC by default.

2009-09-01  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-09-01  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_algorithms.c: Add SHA-2 cipher suites.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-01  Daiki Ueno <ueno@unixuser.org>

        * lib/debug.c: Print NewSessionTicket handshake.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509.c: Handle XMPP SANs properly.  Reported by Howard
        Chu <hyc@symas.com> in <https://savannah.gnu.org/support/?106975>.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * lib/auth_dhe.c: Need another header.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * AUTHORS, NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_algorithms.c: Add comment explaining where magic values
        come from.

2009-08-31  Daiki Ueno <ueno@unixuser.org>

        * lib/auth_cert.c: Fix parsing Certificate Request for TLS 1.2.  Fix the logic to skip supported_signature_algorithms in Certificate
        Request.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_state.c: Use
        SHA256 for PRF if TLS 1.2.  Use SHA256 for the basis of PRF, and for the hash over handshake
        messages.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

        * lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp_rsa.c,
        lib/gnutls_sig.c, lib/gnutls_sig.h: Respect TLS signature algorithm
        in server KX.  Verify signature of DH parameters in Server Key Exchange with the
        embedded signature algorithm.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

        * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
        lib/gnutls_int.h: Add functions for TLS signature algorithm.  Add functions to convert TLS signature algorithm from/to constants
        defined by GnuTLS.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * src/serv.c: Remove dead store in listen_socket().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * lib/gnutls_buffers.c: Remove dead store in
        _gnutls_io_write_buffered().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/x509.c: Remove dead store in
        gnutls_x509_crt_list_import().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/auth_srp_passwd.c: Remove dead store in pwd_put_values().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * src/certtool.c: Remove dead store in pkcs12_info().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * lib/auth_cert.c: Remove write-only variable info in
        _gnutls_proc_cert_cert_req().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * lib/auth_rsa_export.c: Remove write-only variable info in
        gen_rsa_export_server_kx().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * src/cfg/shared.c: Remove write-only variable sep_ar_idx in
        split_multi_arg().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/pkcs12.c: Remove write-only variable tmp_size in
        _pkcs12_decode_safe_content().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-29  Fabian Keil <fk@fabiankeil.de>

        * THANKS: Remove duplicates. Two exact ones and a pretty close one.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

        * lib/auth_srp_passwd.c: Mark what looks like a bug in in
        _gnutls_srp_pwd_read_entry() Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * src/crypt.c: In main(), rename salt to salt_size and don't bother
        reading info.salt which we don't use anyway.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

        * lib/opencdk/misc.c: (cdk_strlist_next): Handle NULL root value better.  Based on report
        by Fabian Keil <fk@fabiankeil.de>.

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/output.c: In print_extensions(), declare the *_idx
        variables as int instead of size_t.  While it shouldn't make a difference, it makes more sense to me.
        It's also consistent with (at least) print_crl().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/output.c: In print_extensions(), initialize *_idx
        variables once before entering the for loop instead of each run.  Otherwise checking them is pointless as they always will be zero.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/output.c: In print_crq(), initialize challenge and
        extensions once before entering the for loop instead of each run.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

        * lib/x509/output.c: In print_crl(), initialize aki_idx and crl_nr
        once before entering the for loop instead of each run.  Otherwise the "error: more than one AKI extension\n" and "error:
        more than one CRL number\n" checks want work.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * tests/x509dn.c: Likewise.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * tests/x509dn.c: Don't use deprecated type.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Overwrite gettext's size_max.m4 to make sure we use one
        that works.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdlib_h.m4,
        gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4, gl/progname.c,
        gl/stdlib.in.h, gl/sys_socket.in.h, gl/tests/Makefile.am,
        gl/unistd.in.h, gl/vasnprintf.c, lib/gl/Makefile.am,
        lib/gl/m4/stdlib_h.m4, lib/gl/m4/sys_socket_h.m4,
        lib/gl/m4/unistd_h.m4, lib/gl/stdlib.in.h, lib/gl/sys_socket.in.h,
        lib/gl/tests/test-func.c, lib/gl/unistd.in.h, lib/gl/vasnprintf.c,
        libextra/gl/override/lib/md5.c.diff: Update gnulib files.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/gnutls_handshake.c,
        lib/gnutls_handshake.h, lib/gnutls_str.h, lib/opencdk/Makefile.am,
        lib/x509/privkey_pkcs8.c, libextra/configure.ac: Fix use of
        deprecated types, for now and the future.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Fix gnutls_datum usage.

2009-08-28  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_buffers.c, lib/gnutls_pk.c, lib/gnutls_str.c,
        lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
        lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
        lib/x509/common.c, lib/x509/extensions.c, lib/x509/mpi.c,
        lib/x509/privkey_pkcs8.c, lib/x509/x509_write.c, src/certtool.c,
        tests/openpgp_test.c, tests/resume.c, tests/x509_test.c,
        tests/x509dn.c, tests/x509sign-verify.c: Fix deprecated usage of
        gnutls_datum.

2009-08-27  Dan Fandrich <dan@coneharvesters.com>

        * lib/opencdk/new-packet.c, lib/opencdk/packet.h,
        lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
        lib/opencdk/stream.c, lib/opencdk/stream.h, lib/opencdk/verify.c,
        lib/x509/crq.c: Fix compiler warning bugs for OpenWatcom.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Daiki Ueno <ueno@unixuser.org>

        * tests/resume.c: Fix double-free Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Simon Josefsson <simon@josefsson.org>

        * .gitattributes: Disable whitespace for file that need it.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Add check of OpenPGP cert too.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * libextra/gl/override/lib/md5.c.diff: Work around whitespace commit
        hook.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/stdio_h.m4, gl/select.c, gl/stdio.in.h,
        lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/stdio.in.h,
        maint.mk: Update gnulib files.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
        libextra/gl/md5.c, libextra/gl/override/lib/md5.c.diff: Reduce stack
        usage and remove code.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_int.h: Remove unused constant.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_errors.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * lib/openpgp/pgp.c: Fix OpenPGP hostname comparison.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * lib/openpgp/output.c, lib/openpgp/pgp.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

        * .x-sc_m4_quote_check, lib/gnutls_sig.c,
        lib/opencdk/write-packet.c: Fix syntax-check nits.

2009-08-20  Daiki Ueno <ueno@unixuser.org>

        * lib/libgnutls.map, lib/opencdk/keydb.c, tests/dn2.c, tests/mpi.c,
        tests/resume.c: Fix memleaks.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Fix references.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Also commit devel/ web pages.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Fix ChangeLog.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.3.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * lib/ext_session_ticket.c: Typo.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_sig.c: Need gnutls_algorithms.h for prototypes.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Add.

2009-08-18  Jonathan Bastien-Filiatrault <joe@x2a.org>

        * lib/auth_cert.c, lib/gnutls_algorithms.c,
        lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
        lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_state.c: 
        Replace explicit version checks with feature checks Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Reformat paragraphs.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am, src/cli-gaa.c, src/cli-gaa.h,
        src/serv-gaa.c, src/serv-gaa.h: Generated.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Typo.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Add cross reference.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Add.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * doc/reference/gnutls-docs.sgml, lib/ext_session_ticket.c: Fix
        GTK-DOC output.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Fix namespace of new APIs.

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * lib/ext_session_ticket.c, lib/gnutls_extensions.c,
        lib/gnutls_session_pack.c: Fix whitespace.

2009-08-19  Daiki Ueno <ueno@unixuser.org>

        * doc/TODO, lib/Makefile.am, lib/ext_session_ticket.c,
        lib/ext_session_ticket.h, lib/gnutls_constate.c,
        lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
        lib/gnutls_session_pack.c, lib/gnutls_state.c,
        lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
        lib/m4/hooks.m4, src/cli.c, src/cli.gaa, src/serv.c, src/serv.gaa,
        tests/resume.c: session ticket support Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix indent rule.

2009-08-19  Daiki Ueno <ueno@unixuser.org>

        * doc/gnutls.texi: internals doc update Hi, When I wrote SessionTicket extension I referred to the manual node
        "Adding a New TLS Extension", and noticed that it is not up to date.
        So, here is a patch.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-18  Simon Josefsson <simon@josefsson.org>

        * gl/stdio.in.h, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memmove.m4, lib/gl/memmove.c,
        lib/gl/stdio.in.h, maint.mk: Update gnulib files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

        * gl/m4/stddef_h.m4, lib/gl/m4/stddef_h.m4: Update gnulib files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Don't ignore gl/ files!

2009-08-15  Simon Josefsson <simon@josefsson.org>

        * gl/tests/test-stddef.c, lib/gl/tests/test-stddef.c: Update gnulib
        files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/wchar.m4,
        gl/stddef.in.h, gl/stdlib.in.h, gl/string.in.h,
        gl/tests/Makefile.am, gl/tests/test-stdio.c,
        gl/tests/test-stdlib.c, gl/tests/test-string.c,
        gl/tests/test-unistd.c, gl/tests/test-wchar.c, gl/unistd.in.h,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/wchar.m4,
        lib/gl/stddef.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
        lib/gl/tests/Makefile.am, lib/gl/tests/test-stdio.c,
        lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
        lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
        lib/gl/tests/test-wchar.c, lib/gl/time.in.h, lib/gl/unistd.in.h,
        maint.mk: Update gnulib files.

2009-08-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-08-14  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-08-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.2.

2009-08-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add 2.8.3 entry.

2009-08-14  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/close.m4, gl/m4/fclose.m4,
        gl/m4/gnulib-comp.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_socket_h.m4,
        gl/m4/unistd_h.m4, gl/tests/Makefile.am, gl/tests/sys_ioctl.in.h,
        gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
        gl/tests/test-string.c, gl/tests/test-unistd.c,
        gl/tests/test-version-etc.sh, gl/unistd.in.h, gl/vasnprintf.c,
        lib/gl/Makefile.am, lib/gl/m4/sys_socket_h.m4,
        lib/gl/m4/threadlib.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
        lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
        lib/gl/unistd.in.h, lib/gl/vasnprintf.c: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * gl/tests/test-version-etc.sh: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * gl/tests/test-version-etc.sh: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Don't generate gzip archives.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_int.h,
        lib/io_debug.h: Remove io_debug.h stuff, it is superseded by
        self-tests like mini-eagain.c.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509.c: (gnutls_x509_crt_import): Re-initialize the ASN.1 structure.  If this is not done here, the next certificate loading may fail
        because asn1_der_decoding modified the ASN.1 structure.  Triggered
        by the hostname-check self-test.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Revert "Always build vc checkouts with debugging." This reverts commit b68235be4d1ff7739456e0c5d8c28c6e96e15a14.  It
        breaks because -Wdisabled-optimizations will cause an error when
        optimizations are disabled.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Always build vc checkouts with debugging.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Fix.

2009-08-13  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Add another SAN/CN collision test.
        Reported by Daniel Stenberg <daniel@haxx.se> in
        <http://permalink.gmane.org/gmane.network.gnutls.general/1735>.

2009-08-12  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Fix logic.

2009-08-12  Simon Josefsson <simon@josefsson.org>

        * tests/hostname-check.c: Test when SAN and CN differs.  Inspired by
        report by Daniel Stenberg <daniel@haxx.se> in
        <http://permalink.gmane.org/gmane.network.gnutls.general/1734>.

2009-08-12  Simon Josefsson <simon@josefsson.org>

        * libextra/Makefile.am, libextra/gl/m4/sockets.m4: Use include
        instead of copy.

2009-08-12  Simon Josefsson <simon@josefsson.org>

        * libextra/gl/m4/sockets.m4: Add, needed for -lws2_32 in libextra.

2009-08-12  Simon Josefsson <simon@josefsson.org>

        * libextra/m4/hooks.m4: Add.

2009-08-11  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_algorithms.c: Doc fix.

2009-08-11  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c,
        lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_psk.c,
        lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_x509.c,
        lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
        libextra/gnutls_ia.c: Fix typos in documentation.  Reported by Daiki
        Ueno <ueno> in <https://savannah.gnu.org/support/?106969>.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * gl/m4/gnulib-comp.m4, gl/m4/sys_select_h.m4, gl/stdio-write.c,
        gl/sys_select.in.h, gl/tests/gettimeofday.c,
        gl/tests/test-sys_select.c, gl/tests/test-version-etc.sh,
        lib/gl/m4/gnulib-comp.m4, lib/gl/stdio-write.c, maint.mk: Update
        gnulib files.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * libextra/Makefile.am: Need to add LIBSOCKET because we link to
        ../lib's gnulib library, for mingw.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * lib/po/cs.po.in, lib/po/fr.po.in, lib/po/nl.po.in,
        lib/po/pl.po.in, lib/po/sv.po.in: Sync with TP.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add 2.8.x news entries.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix usage.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Copy cyclomatic code complexity charts too.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c: Look only for latest _required_
        libgcrypt/libtasn1 version.  Reported by Marco d'Itri <md@linux.it> via Andreas Metzler
        <ametzler@downhill.at.eu.org> as Debian BTS #540449.

2009-08-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * : commit c529f792e4c899080eb1f6e104c8552fa0770356 Author: Nikos
        Mavrogiannopoulos <nmav@gnutls.org> Date:   Sat Aug 8 09:06:57 2009
        +0300

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Check for NUL in SANs and replace accordingly.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/hostname-check.README,
        tests/hostname-check.c: Move comment into source.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Refuse to return DNs with embedded NULs which
        breaks other code.  Problem published by Dan Kaminsky and Moxie Marlinspike at
        BlackHat09.

2009-08-07  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Revert everything since last release, to allow
        minimal patch to be applied.

2009-08-06  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Fix invocation of rfc2253-escape-test.  Reported by Brad Hards <bradh@frogmouth.net> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3750>.

2009-08-06  Simon Josefsson <simon@josefsson.org>

        * build-aux/vc-list-files, gl/Makefile.am, gl/error.c, gl/fseeko.c,
        gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4, gl/m4/stdio_h.m4,
        gl/m4/unistd_h.m4, gl/socket.c, gl/sockets.c, gl/stdio.in.h,
        gl/tests/Makefile.am, gl/tests/test-select.c,
        gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
        gl/tests/test-string.c, gl/tests/test-unistd.c,
        gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
        gl/unistd.in.h, gl/version-etc.c, gl/version-etc.h,
        lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/iconv.m4,
        lib/gl/m4/lib-link.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/time_h.m4,
        lib/gl/m4/unistd_h.m4, lib/gl/sockets.c, lib/gl/stdio.in.h,
        lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
        lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
        lib/gl/time.in.h, lib/gl/unistd.in.h, libextra/gl/m4/lib-link.m4,
        libextra/gl/md5.h, maint.mk: Update gnulib files.

2009-08-05  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/rfc2253-escape-test: Add self-test of RFC
        2253 escaping.

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Simplify and fix mem leak.

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Don't use fixed size buffer for strings.

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * tests/nul-in-x509-names.c: Exit with failure on failure.

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * tests/nul-in-x509-names.c: Fix output.

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_str.c: Cleanup code.

2009-08-04  Tomas Hoger <thoger@redhat.com>

        * lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
        lib/x509/rfc2818_hostname.c: GnuTLS vs. NULL chars in CNs Check cert name size in _gnutls_hostname_compare()     This is needed to protect against NULL (\0) characters embedded
            in X509 certificates' CNs or subjectAltNames, that can be used
            to fool SSL certificate verification as was demonstrated by Moxie
        Marlinspike on BH USA 2009:
        http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#MarlinspikeSigned-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-04  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/nul-in-x509-names.c: Add self-test for
        NUL in X.509 CN/SAN problem.

2009-08-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Fix typo.

2009-08-03  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix expected output, a cert have expired.

2009-08-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: Fix crash.

2009-08-03  Simon Josefsson <simon@josefsson.org>

        * tests/mini-eagain.c: Make it build.

2009-07-29  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Drop .c and sort.

2009-07-29  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/errors.c, lib/minitasn1/libtasn1.h: Use
        libtasn1 v2.3.

2009-07-29  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * : commit c02e9f1459330119d2947a4e46fb60c0e12fa32d Author: Nikos
        Mavrogiannopoulos <nmav@gnutls.org> Date:   Sun Jul 26 15:22:06 2009
        +0300

2009-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/common.c: do not allow null character in DN.

2009-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: updated files to be ignored.

2009-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/dn.c: Typo fix in test output. Patch by Brad Hards
        <bradh@frogmouth.net>

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * THANKS: Removed duplicate entry of Daniel and added Fabian, Brad
        and Daiki.

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
        doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
        doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
        lib/auth_cert.c, lib/gnutls_buffers.c, lib/gnutls_mpi.c,
        lib/gnutls_pk.c, lib/gnutls_sig.c, lib/opencdk/stream.c,
        lib/opencdk/write-packet.c, lib/openpgp/pgp.c,
        lib/openpgp/privkey.c, lib/x509/privkey_pkcs8.c, src/certtool.c,
        src/psk.c: Several bug fixes by Fabian Keil (some were modified by
        me).

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * tests/mini-eagain.c: reduced transferred data size.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_srp.c, lib/gnutls_buffers.c, lib/gnutls_errors.c,
        lib/gnutls_record.c, lib/gnutls_supplemental.c,
        lib/opencdk/armor.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
        lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
        lib/opencdk/stream.c, src/certtool-cfg.c, tests/chainverify.c: Added
        casts to reduce warnings (based on report by Brad Hards).

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * .gitignore: Added more stuff to have a clean status.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * README-alpha: Documentation corrections by Brad Hards.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/crq.c: size_t and unsigned int fixes.

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_str.c: There are cases where those buffers might
        overlap

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_handshake.c: Patch by Tim Kosse: "If
        _gnutls_send_finished fails with GNUTLS_E_AGAIN or GNUTLS_E_AGAIN it
        eventually gets called a second time.  It however does not call _gnutls_send_handshake with a NULL pointer
        on repeated calls, ultimately leading to an internal error in
        _gnutls_handshake_io_send_int."

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/auth_cert.h, lib/gnutls_ui.c: Corrected
        gnutls_certificate_client_get_request_status(). Based on observation
        by Peter Hendrickson <pdh@wiredyne.com>.

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/gnutls_buffers.c, tests/Makefile.am, tests/mini-eagain.c: 
        Added bug fix that allows gnutls_record_recv/send resuming from
        previously interrupted actions. Patch by from Tim Kosse
        <tim.kosse@filezilla-project.org>.  Added a self test to check those functions in handling interrupted
        states.

2009-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * : commit 21a7186bf83084a2bc85bbb7ddb600ccd070f1c2 Author: Simon
        Josefsson <simon@josefsson.org> Date:   Tue Jun 23 23:04:51 2009
        +0200

2009-06-23  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_errors.c: Doc fix.

2009-06-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-06-22  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/dn2.c: Add self-test of off-by-one size
        error.

2009-06-22  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-06-22  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-22  Simon Josefsson <simon@josefsson.org>

        * lib/x509/dn.c: Fix off-by-one size computation that leads to
        truncated strings.  Reported by Tim Kosse
        <tim.kosse@filezilla-project.org> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

2009-06-18  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/errno.in.h, gl/getpagesize.c,
        gl/m4/errno_h.m4, gl/m4/gnulib-comp.m4, gl/m4/memchr.m4,
        gl/m4/string_h.m4, gl/memchr.valgrind, gl/strerror.c,
        gl/string.in.h, gl/tests/Makefile.am, gl/tests/getpagesize.c,
        lib/gl/Makefile.am, lib/gl/errno.in.h, lib/gl/getpagesize.c,
        lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/memchr.m4, lib/gl/m4/string_h.m4, lib/gl/memchr.valgrind,
        lib/gl/string.in.h, lib/gl/tests/Makefile.am,
        lib/gl/tests/getpagesize.c: Update gnulib files.

2009-06-18  Simon Josefsson <simon@josefsson.org>

        * libextra/m4/hooks.m4: Fix --disable-openssl-compatibility
        parameter.  Reported by Matthias Drochner <M.Drochner@fz-juelich.de>
        in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3646>.

2009-06-17  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Typo.

2009-06-17  Simon Josefsson <simon@josefsson.org>

        * tests/mpi.c: Fix build error.

2009-06-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-17  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_ui.c: Return proper MPI lengths in bits.  Reported by
        Peter Hendrickson <pdh@wiredyne.com> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

2009-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * : commit fad0d9b3289087dbd56176e7a1ccb498cf5ef099 Author: Simon
        Josefsson <simon@josefsson.org> Date:   Wed Jun 10 17:55:05 2009
        +0200

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs12_s2k.c: Improve test vectors.

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * NEWS, tests/Makefile.am, tests/pkcs12_s2k_pem.c: Added new
        self-test pkcs12_s2k_pem.

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-10  Simon Josefsson <simon@josefsson.org>

        * lib/x509/pkcs12_encr.c: Fix PKCS#12 string to key function for
        1/128 inputs.  Reported by "Kukosa, Tomas"
        <tomas.kukosa@siemens-enterprise.com> in
        <http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

2009-06-09  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4,
        gl/m4/memchr.m4, gl/m4/mmap-anon.m4, gl/memchr.c,
        gl/tests/Makefile.am, gl/tests/getpagesize.c,
        gl/tests/test-memchr.c, gl/tests/zerosize-ptr.h,
        lib/gl/Makefile.am, lib/gl/m4/getpagesize.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memchr.m4,
        lib/gl/m4/mmap-anon.m4, lib/gl/memchr.c, lib/gl/tests/Makefile.am,
        lib/gl/tests/getpagesize.c, lib/gl/tests/test-memchr.c,
        lib/gl/tests/zerosize-ptr.h: Update gnulib files.

2009-06-09  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-06-09  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-06-09  Simon Josefsson <simon@josefsson.org>

        * gl/m4/gnulib-comp.m4, gl/m4/version-etc.m4,
        gl/tests/test-alignof.c, gl/version-etc.c: Update gnulib files.

2009-06-08  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.1.

2009-06-08  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_extensions.c: Mark global extfunc_size as having static
        scope.

2009-06-08  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-08  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/init_roundtrip.c: Add self-test to detect
        extension init/deinit problem.

2009-06-08  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_extensions.c: Deinitalize extension global variable
        properly.  See <http://bugs.gentoo.org/272388>.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/alignof.h, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
        gl/tests/test-alignof.c, lib/gl/alignof.h: Update gnulib files.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/auth_srp.c, lib/debug.c, lib/debug.h, lib/gnutls_errors.c,
        lib/gnutls_errors.h, lib/libgnutls.map, lib/pk-libgcrypt.c,
        tests/mpi.c: Rename _gnutls_dump_mpi to _gnutls_mpi_log.  Rewrite to
        use less stack space.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Reduce stack size limit check.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Reduce stack size.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Fix malloc failure error strings.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/common.c: (_gnutls_x509_oid_data2string): Return proper @res_size for NULL
        res.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Indent.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Doc fix.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Doc fix.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Simplify.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Fix uninitialized variable access.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Reduce stack frame usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509_write.c: Reduce stack usage.

2009-06-02  Simon Josefsson <simon@josefsson.org>

        * gl/m4/manywarnings.m4: Update gnulib files.

2009-06-02  Simon Josefsson <simon@josefsson.org>

        * tests/crq_apis.c: Add.

2009-06-02  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Don't assert on expected errors.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Add crq self-test.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/extensions.c: Reduce stack usage.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Reduce stack usage.  Fix build failure wrt
        variable names.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/x509.h: Doc fix.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Doc fix.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Return buffer size for NULL/0 inputs.  Fix output
        buffer size computation.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/extensions.c: Fix mem leak.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/x509/crq.c: Don't assert for expected errors.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Export wstack.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * lib/configure.ac, libextra/configure.ac: Fix WSTACK_CFLAGS.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * src/serv.c: Improve logging and fix warnings.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/Makefile.am, lib/openpgp/Makefile.am,
        lib/x509/Makefile.am, libextra/Makefile.am: Check stack size.

2009-06-01  Simon Josefsson <simon@josefsson.org>

        * gl/m4/manywarnings.m4: Update gnulib files.

2009-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/TODO: Added gnutls_dh_get_prime_bits limitation.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * lib/x509/pkcs12_bag.c, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_write.c: Doc fix.  Reported by Peter Hendrickson
        <pdh@wiredyne.com>.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix paths.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.9.0.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix paths for alpha release.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_ui.c: Doc fix.

2009-05-28  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload: Update gnulib files.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/srptool.1: Fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/gnutls-serv.1: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_psk.c: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * lib/x509/pkcs7.c: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Cleanup rules.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am, doc/gnutls.texi, lib/Makefile.am,
        lib/openpgp/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am: 
        Move API texinfo generation into doc/.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * gl/m4/include_next.m4, gl/m4/size_max.m4,
        lib/gl/m4/include_next.m4, lib/gl/m4/size_max.m4: Update gnulib
        files.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.8.0.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Typo.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS, cfg.mk, configure.ac, lib/configure.ac,
        libextra/configure.ac: Prepare for stable release.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_ui.c: Doc fix.  Reported by Peter Hendrickson
        <pdh@wiredyne.com>.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * src/select.c: Remove unused file, replaced by poll from gnulib.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Fix generation of error_codes.texi and
        algorithms.texi.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Fix.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.14.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * src/certtool-gaa.c, src/serv-gaa.c: Regenerate.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c, lib/includes/gnutls/compat.h,
        libextra/gnutls_extra.c, libextra/includes/gnutls/extra.h,
        libextra/includes/gnutls/openssl.h, tests/openssl.c, tests/simple.c: 
        Fix version symbol namespace.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
        doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
        doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
        doc/gnutls.texi, doc/manpages/certtool.1,
        doc/manpages/gnutls-serv.1, lib/auth_anon.c, lib/auth_dh_common.c,
        lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/gnutls_anon_cred.c,
        lib/gnutls_errors.c, lib/gnutls_handshake.c, lib/gnutls_psk.c,
        lib/gnutls_record.c, lib/gnutls_ui.c,
        lib/includes/gnutls/gnutls.h.in, libextra/gnutls_ia.c,
        src/certtool.gaa, src/prime.c, src/serv.c, src/serv.gaa,
        src/tls_test.c, tests/anonself.c, tests/dhepskself.c,
        tests/openpgpself.c, tests/oprfi.c, tests/resume.c, tests/tlsia.c,
        tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Doc fixes.
        Suggested by Peter Hendrickson <pdh@wiredyne.com>.

2009-05-26  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_auth.c: Doc fix.  Reported by Peter Hendrickson
        <pdh@wiredyne.com>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.13.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Fix.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Improve.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Sort symbols.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Auto-generate from GnuTLS 2.6.x list of
        exported symbols.  No substantial change.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Move functions.  Reported by Andreas Metzler
        <ametzler@downhill.at.eu.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3578>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Move gnutls_x509_crq_set_key back to old ABI
        namespace.  Reported by Andreas Metzler
        <ametzler@downhill.at.eu.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-25  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix expired certs.  Exit early to make it
        easier to find failing test.  Reported by Andreas Metzler
        <ametzler@downhill.at.eu.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * .clcopying: Fix.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * AUTHORS: Fix PGP key.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi, src/Makefile.am, src/README, src/README.srptool: 
        Removed duplicated documentation.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.12.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/serv.c, src/tls_test.c: Fix gnutls-serv and
        gnutls-cli-debug on Windows.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * gl/getdelim.c: Update gnulib files.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/reference/Makefile.am, lib/minitasn1/libtasn1.h,
        lib/minitasn1/parser_aux.c: Use libtasn1 2.2.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload, gl/Makefile.am, gl/m4/sys_socket_h.m4,
        gl/sys_socket.in.h, gl/tests/test-sys_socket.c, lib/gl/Makefile.am,
        lib/gl/m4/sys_socket_h.m4, lib/gl/sys_socket.in.h,
        lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/vsnprintf.m4,
        lib/gl/tests/Makefile.am, lib/gl/tests/test-vsnprintf.c,
        lib/gl/vsnprintf.c: Replace vsnprintf if needed.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-20  Simon Josefsson <simon@josefsson.org>

        * tests/crq_key_id.c: Reorder gcry quick random to make it
        effective.  Reported by Andreas Metzler
        <ametzler@downhill.at.eu.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.11.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * NEWS, cfg.mk, configure.ac, doc/examples/Makefile.am,
        lib/Makefile.am, lib/configure.ac, lib/openpgp/Makefile.am,
        lib/x509/Makefile.am, libextra/Makefile.am, libextra/configure.ac,
        src/Makefile.am, tests/Makefile.am: Don't build with warnings all
        the time.  Use a WERROR_CFLAGS.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-18  Simon Josefsson <simon@josefsson.org>

        * src/serv.c: Don't use unportable NI_MAXHOST/NI_MAXSERV.

2009-05-17  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Link getaddrinfo libraries.  Reported by "Tom G.
        Christensen" <tgc@jupiterrise.com> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560>.

2009-05-17  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac: Need to run AC_PROG_CXX
        unconditionally.

2009-05-16  Simon Josefsson <simon@josefsson.org>

        * doc/doxygen/Doxyfile.in, libextra/gl/Makefile.am: Fix old gnulib
        lgpl/ paths.  Reported by "Tom G. Christensen" <tgc@jupiterrise.com>
        in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3556>.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * lib/minitasn1/Makefile.am: Need -DASN1_BUILDING for libtasn1.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * doc/announcement-template.txt: Add.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * lib/minitasn1/Makefile.am: Fix -I's after gnulib changes.
        Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>.

2009-05-14  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.10.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
        gl/tests/Makefile.am, gl/tests/test-alignof.c, lib/gl/Makefile.am,
        lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/tests/Makefile.am, lib/gl/tests/test-alignof.c: Avoid failing
        tests.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
        lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_priority.c,
        lib/gnutls_psk.c, lib/gnutls_session.c, lib/gnutls_state.c,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
        lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
        lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/x509/crq.c,
        lib/x509/dn.c, lib/x509/pkcs12_bag.c, lib/x509/x509.c,
        lib/x509/x509_write.c, libextra/gnutls_ia.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * lib/ext_server_name.c, lib/gnutls_priority.c,
        lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_state.c,
        lib/gnutls_ui.c, lib/gnutls_x509.c,
        lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
        lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs7.c,
        lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_write.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/crypto.h, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/x509.h, lib/openpgp/gnutls_openpgp.c,
        lib/x509/dn.c, lib/x509/output.c, lib/x509/pkcs7.c,
        lib/x509/verify.c, lib/x509/x509.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
        doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
        doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
        doc/examples/ex-client1.c, doc/examples/ex-client2.c,
        doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
        doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
        doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
        doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
        doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
        doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
        doc/examples/tcp.c: Place examples in public domain.  After
        discussion with Karl.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * gl/alignof.h, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
        gl/tests/test-alignof.c, lib/gl/alignof.h,
        lib/gl/m4/gnulib-comp.m4, lib/gl/tests/Makefile.am,
        lib/gl/tests/test-alignof.c, maint.mk: Update gnulib files.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * lib/opencdk/keydb.c: Avoid sprintf.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-client-tlsia.c, lib/opencdk/literal.c,
        lib/opencdk/misc.c, src/common.c, tests/chainverify.c,
        tests/tlsia.c: Fix warnings.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Fix.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-05-13  Simon Josefsson <simon@josefsson.org>

        * lib/pk-libgcrypt.c: Fix crash.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cert.c: Doc fix.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_dh_primes.c: Doc fix.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * lib/minitasn1/Makefile.am, lib/minitasn1/errors.h: Drop removed
        libtasn1 file.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/element.h,
        lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
        lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
        lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
        lib/minitasn1/structure.c, lib/minitasn1/structure.h: Upgrade
        libtasn1 to v2.1.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c, libextra/gnutls_extra.c: Doc fixes.  Remove
        debugging code.

2009-05-12  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.9.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * lib/configure.ac, libextra/configure.ac: Drop obsolete stuff.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Drop obsolete stuff.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
        gl/m4/ld-output-def.m4, gl/m4/ld-version-script.m4,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/ld-output-def.m4,
        lib/gl/m4/ld-version-script.m4, libextra/gl/gnulib.mk,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
        libextra/gl/m4/ld-output-def.m4,
        libextra/gl/m4/ld-version-script.m4: Move gnulib tests into proper
        directory.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * doc/scripts/gdoc: Fix gnutls_priority_init documentation.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * doc/scripts/gdoc: Revert "Fix man output for "%COMPAT" in
        docstrings." This reverts commit d10f1872bcbf7eb63632a8ce2e50728f42bd03fa.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * doc/scripts/gdoc: Fix man output for "%COMPAT" in docstrings.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: When writing man pages, don't append to
        any existing file.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_priority.c: Doc fix.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/examples/Makefile.am, lib/gl/Makefile.am,
        lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
        lib/gl/tests/test-lseek.sh, src/Makefile.am, tests/Makefile.am: Fix
        MinGW build failures.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * lib/autogen.sh: Add.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * gtk-doc.make: Fix syntax-check.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * gtk-doc.make, m4/gtk-doc.m4: Upgrade gtk-doc files.

2009-05-11  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, gl/sys_socket.in.h, gl/tests/test-vc-list-files-git.sh,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/sys_socket.in.h,
        lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
        lib/gl/tests/test-lseek.sh, libextra/gl/gnulib.mk,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4: 
        Update gnulib files.

2009-05-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Verisign CA v1 cert has expired!  Change
        expected results.  Also test expiration code more.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Don't always rebuild manual.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * gl/m4/sys_socket_h.m4, lib/gl/m4/sys_socket_h.m4: Update gnulib
        files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, lib/gl/Makefile.am: Update gnulib files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/alignof.h, lib/gl/Makefile.am: Update gnulib
        files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload, gl/Makefile.am, gl/m4/errno_h.m4,
        gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/sys_socket_h.m4,
        gl/m4/vasnprintf.m4, gl/sys_socket.in.h,
        gl/tests/test-sys_socket.c, lib/gl/Makefile.am, lib/gl/alignof.h,
        lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/multiarch.m4, lib/gl/m4/sys_socket_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/sys_socket.in.h,
        lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix -Werror handling.

2009-05-08  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Fix warnings.

2009-05-07  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
        doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
        doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
        tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
        tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
        tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Fix
        warnings.

2009-05-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-07  Simon Josefsson <simon@josefsson.org>

        * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
        tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
        tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Use memset
        instead of deprecated bzero.

2009-05-07  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/certtool-cfg.c, src/serv.c: Fix build failure on systems
        without AF_INET6, e.g., Solaris 2.6.  Reported by "Tom G.
        Christensen" <tgc@jupiterrise.com> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>.

2009-05-06  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Drop README.GIT.

2009-05-06  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Need to link directly to libgcrypt here.

2009-05-06  Simon Josefsson <simon@josefsson.org>

        * lib/mpi-libgcrypt.c: Don't use casts that break strict-aliasing
        rules.

2009-05-06  Simon Josefsson <simon@josefsson.org>

        * README-alpha: Fix.

2009-05-06  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Fix.

2009-05-05  Simon Josefsson <simon@josefsson.org>

        * README-alpha, doc/README.GIT: Replace doc/README.GIT with
        README-alpha.

2009-05-05  Simon Josefsson <simon@josefsson.org>

        * README-alpha: Fix.

2009-05-05  Simon Josefsson <simon@josefsson.org>

        * README-alpha: Add.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/libgnutls.map: Fix build failure when LZO is enabled.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
        libextra/includes/gnutls/extra.h: Fix gtk-doc warnings.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Regenerated libtasn1
        files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Build tools before using them.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * .x-sc_GPL_version, .x-sc_avoid_if_before_free,
        .x-sc_cast_of_alloca_return_value, .x-sc_cast_of_argument_to_free,
        .x-sc_file_system, .x-sc_m4_quote_check, .x-sc_makefile_check,
        .x-sc_program_name, .x-sc_prohibit_HAVE_MBRTOWC,
        .x-sc_prohibit_S_IS_definition, .x-sc_space_tab, .x-sc_the_the,
        .x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens, NEWS,
        cfg.mk, doc/examples/ex-serv-export.c, doc/gnutls.texi,
        gtk-doc.make, lib/gnutls.asn, lib/m4/hooks.m4,
        lib/openpgp/Makefile.am, lib/pkix.asn, lib/x509/Makefile.am,
        libextra/m4/hooks.m4, m4/valgrind.m4, src/Makefile.am,
        src/certtool-cfg.c, src/certtool.c, src/crypt.c, src/psk.c,
        src/serv.c, src/tls_test.c, tests/Makefile.am, tests/resume.c,
        tests/x509dn.c: Fix syntax-check warnings.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am, gtk-doc.make: Upgrade gtk-doc files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.8.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/gettext.h, gl/m4/wchar.m4, gl/wchar.in.h,
        lib/gl/Makefile.am, lib/gl/gettext.h, lib/gl/m4/wchar.m4,
        lib/gl/wchar.in.h: Update gnulib files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs1-padding/pkcs1-pad: Fix self test fails because of
        expired certs using datefudge.

2009-05-01  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Print cert details.  Fix verifying expired
        cert.

2009-05-01  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Avoid time checks.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/cve-2009-1415.c, tests/cve-2009-1416.c: 
        Add self-tests for security problems.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
        lib/includes/gnutls/x509.h, lib/x509/verify.c, src/common.c: 
        libgnutls: Check activation/expiration times on untrusted
        certificates.  Reported by Romain Francoise.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_pk.c: Fix DSA key generation.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Use modern git names.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add old NEWS entries.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Document how to use TLS exporters.

2009-04-30  Simon Josefsson <simon@josefsson.org>

        * src/serv.c: Fix getaddrinfo/bind loop.

2009-04-28  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * : Replace PDF with official ZIP file.  The PDFs have the same
        SHA-1.  The file was downloaded from:

        http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKI%20Testing%20Page.htmUsing the direct link:

        http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/certpath1.07.zip

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * build-aux/useless-if-before-free, build-aux/vc-list-files,
        gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
        gl/tests/test-vc-list-files-cvs.sh,
        gl/tests/test-vc-list-files-git.sh, maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c: Fix some error messages.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/vasnprintf.c,
        lib/gl/m4/lib-link.m4, lib/gl/m4/lib-prefix.m4,
        lib/gl/vasnprintf.c, libextra/gl/m4/lib-link.m4,
        libextra/gl/m4/lib-prefix.m4, maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Move symbols new with gnutls 2.8.x under
        GNUTLS_2_8 version.

2009-04-24  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/serv.c: gnutls-serv: Listen on all interfaces.

2009-04-24  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-04-24  Simon Josefsson <simon@josefsson.org>

        * lib/pk-libgcrypt.c: Cleanup code and fix memory leaks.

2009-04-23  Simon Josefsson <simon@josefsson.org>

        * doc/gendocs_template: Update gnulib files.

2009-04-23  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/gnutls.texi: Improve texinfo section names.

2009-04-23  Simon Josefsson <simon@josefsson.org>

        * tests/x509sign-verify.c: Also test DSA keys.

2009-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/verify.c: release allocated mpis in
        _gnutls_x509_verify_algorithm().

2009-04-21  Simon Josefsson <simon@josefsson.org>

        * tests/libgcrypt.supp: Suppress more for modern libgcrypt.

2009-04-21  Simon Josefsson <simon@josefsson.org>

        * tests/x509sign-verify.c: Cleanup code.

2009-04-21  Simon Josefsson <simon@josefsson.org>

        * src/cli.c: Pass proper socket to libgnutls on Windows.

2009-04-21  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
        gl/sockets.c, gl/sockets.h, gl/tests/Makefile.am, gl/tests/dummy.c,
        gl/tests/sockets.c, gl/tests/sockets.h: Need sockets module.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * lib/libgnutls.map: Make check needs more symbols.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/Makefile.am, lib/libgnutls.map, libextra/Makefile.am,
        libextra/libgnutls-extra.map, libextra/libgnutls-extra.vers: Improve
        version scripts.  Limit exported symbols on systems without linker
        script.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * NEWS, build-aux/gendocs.sh, configure.ac, lib/configure.ac,
        lib/m4/hooks.m4, libextra/configure.ac: Bump version.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.7.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Really generate DSA key in example.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509.c: Fix return value.  Doc fix.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Explain how to generate DSA key.

2009-04-20  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_x509.c, lib/x509/x509.c: Doc fix for new APIs.

2009-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/pk-libgcrypt.c: Corrected possible memory corruption on
        signature verification failure. Reported by Miroslav Kratochvil
        <exa.exa@gmail.com>

2009-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * doc/printlist.c: Added small patch from Romain Francoise to remove
        unneeded include.

2009-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/x509.h, lib/x509/privkey.c, lib/x509/x509.c,
        tests/Makefile.am, tests/x509sign-verify.c: Added self test for
        gnutls_x509_crt_verify_hash() and
        gnutls_x509_crt_get_verify_algorithm().  Added some notes in
        gnutls_x509_privkey_sign_hash().

2009-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c,
        lib/x509/x509.c: gnutls_x509_crt_get_sig_algorithm was renamed to
        gnutls_x509_crt_get_verify_algorithm.  Corrected some issues with
        the code.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Reorder.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/gnutls.pc.in: Add -ltasn1 to pkg-config file.  Reported
        by Andreas Metzler <ametzler@downhill.at.eu.org> in

        <http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Use new po domain.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * lib/po/de.po.in: Sync with TP.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * lib/po/de.po.in: Sync with TP.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2009-04-17  Simon Josefsson <simon@josefsson.org>

        * lib/po/de.po.in: Sync with TP.

2009-04-16  Simon Josefsson <simon@josefsson.org>

        * : commit 934102c33ac89ace9a1e1d02047d54f2fea6b59b Merge: bc279f4
        d720f3f Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date:
        Wed Apr 15 22:43:03 2009 +0300

2009-04-14  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh, doc/gendocs_template, doc/lgpl-2.1.texi: 
        Update gnulib files.

2009-04-11  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/inet_ntop.m4, maint.mk: Update gnulib files.

2009-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented Cedric Bail's function addition

2009-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * : commit 258d2e873f61d5543c674f46a6247b4a379d2cca Author: Simon
        Josefsson <simon@josefsson.org> Date:   Fri Apr 3 15:20:09 2009
        +0200

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * lib/po/POTFILES.in: Fix filenames.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix PODIR.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * Makefile.am, configure.ac, lib/Makefile.am, lib/configure.ac,
        lib/po/LINGUAS, lib/po/Makevars, lib/po/POTFILES.in,
        lib/po/cs.po.in, lib/po/de.po.in, lib/po/fr.po.in, lib/po/ms.po.in,
        lib/po/nl.po.in, lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in,
        po/LINGUAS, po/Makevars, po/POTFILES.in, po/cs.po.in, po/de.po.in,
        po/fr.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
        po/vi.po.in: Move i18n dir back to lib/, after discussion with
        Bruno.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4,
        m4/linker-script.m4: Use linker-script from gnulib.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-comp.m4, gl/m4/ld-output-def.m4, lib/configure.ac,
        libextra/configure.ac, m4/output-def.m4: Use output-def test from
        gnulib.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/Makefile.am, lib/libgnutls.map,
        lib/libgnutls.vers, lib/libgnutlsxx.map, lib/libgnutlsxx.vers: 
        Rename linker script.

2009-04-03  Simon Josefsson <simon@josefsson.org>

        * lib/Makefile.am, lib/m4/hooks.m4, libextra/Makefile.am: Use
        DLL_VERSION variable name.

2009-03-30  Simon Josefsson <simon@josefsson.org>

        * po/LINGUAS, po/cs.po.in: Sync with TP.

2009-03-30  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c, lib/openpgp/output.c, lib/x509/output.c: Fix
        warnings.

2009-03-30  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Only add warnings when using gcc.  Don't use
        -Wformat-nonliteral.

2009-03-30  Simon Josefsson <simon@josefsson.org>

        * GNUmakefile, build-aux/gnupload, gl/Makefile.am, gl/close-hook.c,
        gl/close-hook.h, gl/close.c, gl/fseeko.c, gl/gai_strerror.c,
        gl/m4/close.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
        gl/m4/printf.m4, gl/m4/select.m4, gl/m4/stdarg.m4,
        gl/m4/sys_select_h.m4, gl/readline.c, gl/select.c, gl/setsockopt.c,
        gl/stdint.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
        gl/tests/Makefile.am, gl/tests/sockets.c, gl/tests/sockets.h,
        gl/tests/test-getaddrinfo.c, gl/tests/test-sockets.c,
        gl/unistd.in.h, gl/vasnprintf.c, gl/winsock-select.c,
        lib/gl/Makefile.am, lib/gl/close-hook.c, lib/gl/close-hook.h,
        lib/gl/fseeko.c, lib/gl/m4/gnulib-common.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4, lib/gl/sockets.c,
        lib/gl/sockets.h, lib/gl/stdint.in.h, lib/gl/sys_socket.in.h,
        lib/gl/tests/test-sockets.c, lib/gl/unistd.in.h,
        lib/gl/vasnprintf.c, lib/gl/w32sock.h,
        libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.

2009-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/x509.c,
        lib/x509/x509_int.h: Applied patch by Cedric Bail to add functions
        gnutls_x509_crt_verify_hash() and
        gnutls_x509_crt_get_sig_algorithm().

2009-03-23  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Fix bootstrap.

2009-03-23  Simon Josefsson <simon@josefsson.org>

        * Makefile.am, cfg.mk, configure.ac, lib/Makefile.am,
        lib/configure.ac: Fix po paths.

2009-03-23  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS, lib/po/Makevars, lib/po/POTFILES.in,
        lib/po/de.po.in, lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in,
        lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in, po/LINGUAS,
        po/Makevars, po/POTFILES.in, po/de.po.in, po/fr.po.in, po/ms.po.in,
        po/nl.po.in, po/pl.po.in, po/sv.po.in, po/vi.po.in: Move lib/po to
        po/ since the gettext domain is global for gnutls.

2009-03-04  Simon Josefsson <simon@josefsson.org>

        * lib/x509/Makefile.am: Cosmetic fix.

2009-03-04  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c, lib/x509/x509_int.h: Be compatible with
        libtasn1 before v1.6.

2009-03-04  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-03-04  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/errors.c,
        lib/minitasn1/errors.h, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/structure.c: Update to minitasn1 v1.8.

2009-03-04  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c, lib/gnutls_global.h, lib/x509/common.c,
        lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
        lib/x509/extensions.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
        lib/x509/x509.c: Use modern libtasn1 interfaces.

2009-03-02  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-03-02  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump version.

2009-03-02  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Add -I's for errcodes/printlist.  Reported by
        Roman Bogorodskiy <novel@FreeBSD.org> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Fix distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Fix.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Remove error_codes.texi and algorithms.texi to
        fix make distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Update --css-include path to fix distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.6.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * .gitignore: Fix.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * gl/tests/test-fseeko2.sh, lib/gl/tests/test-fseeko2.sh: Update
        gnulib files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * gl/m4/gnulib-comp.m4, gl/m4/printf.m4, gl/m4/stdint.m4,
        gl/m4/stdlib_h.m4, gl/m4/vasnprintf.m4, gl/tests/Makefile.am,
        gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
        gl/vasnprintf.c, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/stdint.m4, lib/gl/m4/stdlib_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/tests/Makefile.am,
        lib/gl/tests/test-fseeko.c, lib/gl/vasnprintf.c: Update gnulib
        files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * gl/m4/ungetc.m4, lib/gl/m4/ungetc.m4: Update gnulib files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

        * doc/scripts/gdoc: Revert %-hack that lead to syntax errors in
        texinfo output.

2009-02-24  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c: Minor cleanup.

2009-02-24  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/certtool-cfg.c: certtool: Query for multiple dnsName
        subjectAltName in interactive mode.

2009-02-23  Simon Josefsson <simon@josefsson.org>

        * gl/m4/include_next.m4, lib/gl/m4/include_next.m4: Update gnulib
        files.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * NEWS: documented pkix.asn change

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn: Removed several unneeded parameters from pkix tree.
        This reduces initial memory usage after gnutls_global_init() from
        140kb (in amd64) to 50kb.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/x509/dn.c, tests/crq_key_id.c: Added more verbose information.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
        tests/crq_key_id.c: Revert "Added more verbose debugging info" This reverts commit c2d3596cddbb54ac4f19c44b15a03ee1fcceab12.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

        * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
        tests/crq_key_id.c: Added more verbose debugging info

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/TODO: removed items that have already been done or solved.

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * NEWS: documented the SSL3_RECORD_VERSION priority string

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/scripts/gdoc, lib/gnutls_priority.c: Applied patch by Martin
        von Gagern: The attached patch fixes gnutls_priority_init(3), but in
        a very hackish way, treating a percent sign as indicating a constant
        only if it is not immediately preceded by a double quote.

2009-02-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/manpages/gnutls-cli.1: Corrected listing of special keywords.
        Reported by Martin von Gagern.

2009-02-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/manpages/gnutls-cli.1, lib/gnutls_handshake.c,
        lib/gnutls_int.h, lib/gnutls_priority.c: Added %SSL3_RECORD_VERSION
        priority option that allows to specify the client hello message
        record version. Used to overcome buggy TLS servers. Report by Martin
        von Gagern.

2009-02-15  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/x509/verify.c: Corrected bit disable (was flipping instead).
        Initialy reported by Daniel Kahn Gillmor on 9/1/2008. Many thanks to
        moog@sysdev.oucs.ox.ac.uk for bringing this into my attention.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/serv.c: gnutls-serv: No longer disable MAC padding by
        default.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * src/serv.c: More gnulib usage.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * src/cli.c: Use more gnulib interfaces.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Update gnutls-serv --help output.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * doc/gnutls.texi: Update gnutls-cli --help output.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_x509.c: 
        libgnutls: Add new priority strings for allowing RSA-MD5 and V1-CA.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/cli.c: gnutls-cli: Don't permit V1 CAs by default.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am, doc/errcodes.c, doc/printlist.c,
        src/Makefile.am, src/errcodes.c, src/printlist.c: Move doc related
        tools from src/ to doc/.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Typo.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Typo.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Print OpenPGP cert info using libgnutls.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/openpgp/output.c: libgnutls: gnutls_openpgp_crt_print
        supports oneline mode.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * tests/pathlen/ca-no-pathlen.pem,
        tests/pathlen/no-ca-or-pathlen.pem: Fix expected test vectors.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/x509/output.c: libgnutls: gnutls_x509_crt_print prints
        signature algorithm in oneline mode.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * gl/m4/close.m4, gl/m4/sockets.m4, gl/tests/sockets.h,
        gl/tests/test-sockets.c, lib/gl/m4/sockets.m4, lib/gl/sockets.h,
        lib/gl/tests/test-sockets.c: Update gnulib files.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/common.c: gnutls-cli: Print certificate info using
        libgnutls.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-02-11  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Print bit size of RSA exponents.

2009-02-06  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-02-06  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Need -lgnutls etc for certtool-cfg.c.

2009-02-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.5.

2009-02-06  Simon Josefsson <simon@josefsson.org>

        * NEWS: Merge in old NEWS entries.

2009-02-06  Simon Josefsson <simon@josefsson.org>

        * lib/x509/verify.c: Move down revocation check to revert code to
        how it looked before.  The idea is that if you have marked a cert as
        trusted, you may want to trust it even though some authority has
        revoked it.  This changes back how this code used to work.

2009-02-02  Simon Josefsson <simon@josefsson.org>

        * NEWS, doc/TODO, lib/x509/verify.c, tests/chainverify.c: Make it
        possible to trust intermediary certificates.  Based on tiny patch
        from "Douglas E. Engert" <deengert@anl.gov> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3376>.

2009-02-02  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Add another chain from bug reports.

2009-02-02  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Print more certificate status values.

2009-02-02  Simon Josefsson <simon@josefsson.org>

        * lib/x509/x509.c: Assert less for expected errors.

2009-02-02  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Simplify keyid printing to avoid allocation and
        asserts.

2009-02-01  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am, doc/scripts/gdoc: Update gdoc and use
        -pkg-name.

2009-02-01  Simon Josefsson <simon@josefsson.org>

        * build-aux/gnupload, gl/Makefile.am, gl/m4/00gnulib.m4,
        gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/gnulib-common.m4,
        gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/pmccabe2html.m4,
        gl/m4/stdlib_h.m4, gl/stdlib.in.h, gl/tests/test-getaddrinfo.c,
        gl/version-etc.c, gl/version-etc.h, lib/gl/Makefile.am,
        lib/gl/m4/00gnulib.m4, lib/gl/m4/errno_h.m4,
        lib/gl/m4/extensions.m4, lib/gl/m4/gnulib-common.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/multiarch.m4,
        lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h,
        libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
        libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4: 
        Update gnulib files.

2009-01-27  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * NEWS, lib/gnutls_handshake.c: gnutls_handshake when sending client
        hello during a rehandshake, will not offer a version number larger
        than the current.  Reported by Tristan Hill <stan@saticed.me.uk>.

2009-01-27  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/gnutls_psk.c: result_size in gnutls_hex_encode behaves as
        documented. It now holds the size of the result. Reported by John
        Brooks.

2009-01-21  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/arpa_inet.in.h, gl/fseeko.c, gl/m4/alloca.m4,
        gl/m4/errno_h.m4, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
        gl/m4/getpass.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-common.m4,
        gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/intmax_t.m4,
        gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
        gl/m4/longlong.m4, gl/m4/malloc.m4, gl/m4/minmax.m4,
        gl/m4/printf.m4, gl/m4/readline.m4, gl/m4/realloc.m4,
        gl/m4/sockets.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
        gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
        gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/m4/wchar_t.m4,
        gl/m4/wint_t.m4, gl/progname.c, gl/stdint.in.h, gl/stdio.in.h,
        gl/strerror.c, gl/sys_stat.in.h, gl/tests/gettimeofday.c,
        gl/tests/ioctl.c, gl/tests/test-unistd.c, gl/unistd.in.h,
        gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
        lib/gl/m4/alloca.m4, lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4,
        lib/gl/m4/errno_h.m4, lib/gl/m4/gettext.m4,
        lib/gl/m4/gnulib-common.m4, lib/gl/m4/iconv.m4,
        lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
        lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
        lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
        lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4,
        lib/gl/m4/longlong.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memmem.m4,
        lib/gl/m4/memmove.m4, lib/gl/m4/minmax.m4, lib/gl/m4/nls.m4,
        lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4, lib/gl/m4/sockets.m4,
        lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4,
        lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/strcase.m4,
        lib/gl/m4/strverscmp.m4, lib/gl/m4/threadlib.m4,
        lib/gl/m4/uintmax_t.m4, lib/gl/m4/unistd_h.m4,
        lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
        lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
        lib/gl/tests/test-unistd.c, lib/gl/unistd.in.h, lib/gl/wchar.in.h: 
        Update gnulib files.

2009-01-21  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-01-21  Simon Josefsson <simon@josefsson.org>

        * libextra/gl/Makefile.am, libextra/gl/gnulib.mk,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
        libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4,
        libextra/gl/m4/md5.m4: Add -I's in libextra/gl for stdint.h on
        Solaris.  Reported by Dagobert Michelsen <dam@opencsw.org> in

        http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3388

2009-01-13  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_state.c: Check return value properly.

2009-01-13  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_state.c: Fix mem leak because buffer is not expanded
        correctly.

2009-01-09  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix typos.

2009-01-09  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/x509/verify.c: Permit V1 Certificate Authorities
        properly.  Before they were mistakenly rejected even though
        GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
        "Douglas E. Engert" <deengert@anl.gov> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

2009-01-09  Simon Josefsson <simon@josefsson.org>

        * src/certtool.c: Permit V1 CA's in new --verify-chain code.

2009-01-09  Simon Josefsson <simon@josefsson.org>

        * THANKS: Add.

2009-01-09  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Added chain supplied by "Douglas E. Engert"
        <deengert@anl.gov>.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * src/errcodes.c, src/printlist.c: Fix license header.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_global.c,
        lib/gnutls_global.h, lib/gnutls_int.h: Cleanup logger function type.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.4.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_rsa_export.c: Doc fixes.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
        doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
        doc/examples/ex-client1.c, lib/gnutls_algorithms.c,
        lib/gnutls_rsa_export.c, lib/openpgp/output.c, lib/x509/output.c,
        lib/x509/privkey.c, src/cli.c, src/common.c, src/serv.c,
        src/tls_test.c, tests/dhepskself.c: Fix warnings.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * build-aux/gendocs.sh, doc/gendocs_template, gl/Makefile.am,
        gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/getaddrinfo.m4,
        gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes_h.m4,
        gl/m4/lib-link.m4, gl/m4/manywarnings.m4, gl/m4/multiarch.m4,
        gl/m4/printf.m4, gl/m4/size_max.m4, gl/m4/stdint.m4,
        gl/m4/stdint_h.m4, gl/m4/wchar.m4, gl/m4/wchar_t.m4,
        gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/stdint.in.h, gl/stdlib.in.h,
        gl/sys_select.in.h, gl/tests/Makefile.am,
        gl/tests/test-select-in.sh, gl/unistd.in.h, gl/version-etc.c,
        gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/m4/codeset.m4,
        lib/gl/m4/errno_h.m4, lib/gl/m4/extensions.m4,
        lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
        lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
        lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intlmacosx.m4,
        lib/gl/m4/intmax.m4, lib/gl/m4/inttypes-pri.m4,
        lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
        lib/gl/m4/lib-link.m4, lib/gl/m4/multiarch.m4, lib/gl/m4/nls.m4,
        lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
        lib/gl/m4/progtest.m4, lib/gl/m4/size_max.m4, lib/gl/m4/stdint.m4,
        lib/gl/m4/stdint_h.m4, lib/gl/m4/threadlib.m4,
        lib/gl/m4/uintmax_t.m4, lib/gl/m4/visibility.m4,
        lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
        lib/gl/m4/xsize.m4, lib/gl/stdint.in.h, lib/gl/stdlib.in.h,
        lib/gl/tests/Makefile.am, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
        libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
        libextra/gl/m4/lib-link.m4: Update gnulib files.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix NEWS entry.

2009-01-07  Simon Josefsson <simon@josefsson.org>

        * tests/sha2/sha2: Fix self-test with new certtool --verify-chain
        output.

2009-01-06  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

        * NEWS: added NEWS item about MD5 deprecation

2009-01-06  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs1-padding/pkcs1-pad: Fix expect strings to compensate
        for new certtool -e output.

2009-01-06  Simon Josefsson <simon@josefsson.org>

        * NEWS, src/certtool.c: certtool: Make --verify-chain use libgnutls
        verification algorithm.

2009-01-06  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Test chain with EE cert signed using RSA-MD5.

2009-01-06  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

        * lib/x509/verify.c: actually deprecate MD5 and MD2 signatures
        during X.509 verification by treating them as invalid unless the
        GNUTLS_VERIFY_ALLOW_SIGN_RSA_{MD5,MD2} flags are present.

2008-12-12  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add NEWS entries from 2.6.3.

2008-12-12  Simon Josefsson <simon@josefsson.org>

        * tests/crq_key_id.c: Fix.

2008-12-12  Simon Josefsson <simon@josefsson.org>

        * tests/crq_key_id.c: Make it compile.  Speed up key generation.

2008-12-12  Simon Josefsson <simon@josefsson.org>

        * tests/crq_key_id.c: Indent.

2008-12-12  Simon Josefsson <simon@josefsson.org>

        * NEWS, tests/Makefile.am, tests/crq_key_id.c: Add crq_key_id
        self-test from David Marín Carreño.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Update manywarnings usage.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * lib/x509/output.c: Print public key id for certificate requests
        too.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * doc/manpages/Makefile.am: Generated.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2008-12-11  Simon Josefsson <simon@josefsson.org>

        * AUTHORS, NEWS, lib/includes/gnutls/x509.h, lib/x509/crq.c: gnutls:
        New interface to get key id for certificate requests.  Patch from
        David Marín Carreño <davefx@gmail.com> in

        <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.3.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Check ca=false with flags too.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * gl/override/tests/test-lseek.sh.diff, gl/tests/test-lseek.sh,
        lib/gl/tests/test-lseek.sh: Disable parts of gnulib self-tests that
        fail on mingw.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * lib/gl/tests/test-lseek.c, maint.mk: Update gnulib files.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * gl/override/tests/test-lseek.c.diff,
        gl/override/tests/test-select-in.sh.diff, gl/tests/test-lseek.c,
        gl/tests/test-select-in.sh: Disable parts of gnulib self-tests that
        fail on mingw.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * doc/examples/ex-cxx.cpp: Drop config.h, not needed (hopefully?)
        and breaks mingw due to rpl_gmtime.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Certtool need libgnutls etc for
        libcmd-certtool.la too, due to certtool-cfg.c.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/x509self.c: Fix comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Align with Nikos' patch.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * lib/opencdk/Makefile.am, lib/opencdk/armor.c,
        lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
        lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c: Revert "Fix warnings
        in opencdk." This reverts commit 59cddc711e55bbd094bdf95986277fb33ba964ee.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * lib/x509/verify.c: Revert last commit.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag
        when needed.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Add hbci chain.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Fix order to match comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Don't fail on expect errors, to allow more
        information to be collected.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/x509/verify.c: Revert Nikos revert, and fix verification
        hopefully better.  The new logic is to include the CA cert in
        validation, but short-cut full validation of trusted certificates.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/chainverify.c: Add chain with CA having a basic constraint
        saying CA=FALSE.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Add note.

2008-12-10  Simon Josefsson <simon@josefsson.org>

        * NEWS, tests/Makefile.am, tests/chainverify.c: Add self-test of
        chain verification logic.

2008-12-09  Simon Josefsson <simon@josefsson.org>

        * tests/libgcrypt.supp: Ignore more.

2008-12-05  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2008-12-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/x509/verify.c: reintroduced the self signed certificate
        removal code. This time shouldn't have the drawbacks that used to.

2008-12-05  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_global.c: Disable secmem rather than overriding
        libgcrypt memory allocators.  Suggested by Werner Koch in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2056>.

2008-12-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/gnutls_global.c: rearranged initialization stuff based on
        Werner's suggestions.

2008-12-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * src/certtool.c: gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) is
        being called after libgcrypt initialization (gnutls_global_init).

2008-12-03  Simon Josefsson <simon@josefsson.org>

        * lib/opencdk/Makefile.am, lib/opencdk/armor.c,
        lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
        lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
        lib/opencdk/sig-check.c, lib/opencdk/stream.c: Fix warnings in
        opencdk.

2008-12-03  Simon Josefsson <simon@josefsson.org>

        * gl/m4/manywarnings.m4: Add.

2008-12-01  Simon Josefsson <simon@josefsson.org>

        * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
        gl/m4/gnulib-comp.m4, gl/m4/include_next.m4, gl/m4/warnings.m4,
        gl/stdint.in.h, gl/sys_time.in.h, lib/gl/m4/include_next.m4,
        lib/gl/stdint.in.h: Update gnulib files.

2008-11-29  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * tests/x509self.c: Incorporated patch (with modifications) from Joe
        Orton that also checks the rehandshake capabilities.

2008-11-25  Simon Josefsson <simon@josefsson.org>

        * lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
        libextra/Makefile.am, tests/Makefile.am: Fix minitasn1 -I's.

2008-11-25  Simon Josefsson <simon@josefsson.org>

        * lib/x509/Makefile.am: Fix minitasn1 -I.

2008-11-25  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_buffers.c: Fix compiler warning.

2008-11-23  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Libreadline is needed by libcmd_certtool.la, not
        certtool.  Reported by Arfrever Frehtes Taifersar Arahesis
        <arfrever.fta@gmail.com> in

        <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3293>.

2008-11-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/opencdk/context.h, lib/opencdk/literal.c, lib/opencdk/misc.c,
        lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
        lib/opencdk/read-packet.c: Converted non-C compliant code to
        standard C. The usage of structures like: struct x {   int el1;   char str[1]; } and the trick of using a single allocation for str and the structure
        itself by allocating sizeof(x) + strlen()-1, are questionable. They
        were converted to: struct x {   int el1;   char *str; } and there is a single allocation of sizeof(x)+strlen() but then the
        str pointer is updated to point to the rest of the data.

2008-11-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_str.c,
        lib/gnutls_str.h, lib/x509/dn.c: When reading data from a buffer
        (gnutls_string) avoid memmoving all remaining data.  This will speed
        up short byte reads.

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/TODO: reorganized goals

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * src/cli.c: return non zero error code on error conditions.

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * doc/certtool.cfg: better grouping of configuration directives

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * : commit 8b14ab18cf5e5214ac3d28412e0c503e83a753c1 Author: Nikos
        Mavrogiannopoulos <nmav@crystal.(none)> Date:   Fri Nov 21 21:02:45
        2008 +0200

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_compress.c: Clean up LZO initialization.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/auth_cert.c: Don't use // comments.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am: Change link order, so that gnulib is last.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * maint.mk: Update gnulib files.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/po/LINGUAS, lib/po/ms.po.in: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        libextra/configure.ac: Bump versions.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * ChangeLog: Generated.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * NEWS: Version 2.7.2.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * doc/reference/Makefile.am: Add deprecated guard for libtasn1.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
        lib/minitasn1/element.c, lib/minitasn1/element.h,
        lib/minitasn1/errors.c, lib/minitasn1/gstr.h,
        lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
        lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
        lib/minitasn1/structure.h: Sync with libtasn1 v1.7.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * doc/examples/Makefile.am, lib/Makefile.am,
        lib/openpgp/Makefile.am, libextra/Makefile.am: Fix WARN_CFLAGS uses.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_compress.c: Fix warnings.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Respect ENABLE_OPENSSL.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Move gnulib EARLY early.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        lib/m4/output-def.m4, libextra/configure.ac, m4/output-def.m4: Move
        C++ and -output-def detection.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        lib/m4/linker-script.m4, libextra/configure.ac, m4/linker-script.m4: 
        Fix linker script test.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Fix typo.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac, libextra/m4/hooks.m4: Print Openssl status.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/m4/hooks.m4: Print C++ status.

2008-11-18  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Cleanup guile tests.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/m4/warnings.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Rewrite warning initializations.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Typo.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/m4/warnings.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * doc/examples/examples.h: Add.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * configure.ac, doc/examples/Makefile.am, doc/examples/ex-alert.c,
        doc/examples/ex-client-psk.c, doc/examples/ex-pkcs12.c,
        doc/examples/ex-rfc2818.c, doc/examples/ex-session-info.c,
        doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
        doc/examples/tcp.c, gl/gettext.h, gl/override/lib/gettext.h.diff,
        lib/gl/gettext.h, lib/gl/override/lib/gettext.h.diff,
        lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
        lib/gnutls_str.h, lib/openpgp/output.c, lib/x509/Makefile.am,
        lib/x509/dn.c, lib/x509/output.c, lib/x509/privkey.c,
        libextra/fipsmd5.c, libextra/gnutls_extra.c,
        libextra/gnutls_openssl.c, src/Makefile.am, src/cli.c,
        src/common.h, src/crypt.c, src/prime.c, src/psk.c, src/serv.c,
        src/tls_test.c, tests/Makefile.am, tests/anonself.c,
        tests/crypto_rng.c, tests/dhepskself.c, tests/dn.c,
        tests/finished.c, tests/gc.c, tests/mini.c, tests/openpgpself.c,
        tests/pkcs12_s2k.c, tests/pskself.c, tests/resume.c,
        tests/set_pkcs12_cred.c, tests/tlsia.c, tests/utils.c,
        tests/utils.h, tests/x509dn.c, tests/x509self.c,
        tests/x509signself.c: Use more warnings.  Fix many warnings.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/m4/warnings.m4, gl/override/tests/test-select-out.sh.diff,
        gl/tests/test-select-out.sh: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
        lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
        lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h: Fix
        cosmetic nits in header files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * NEWS, lib/includes/gnutls/compat.h,
        lib/includes/gnutls/gnutls.h.in: Fix namespace of version symbols.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Move #include's outside of C++
        markers.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h: 
        Generated.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * src/common.c: Work around gnulib+mingw problem.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * src/cli.gaa, src/common.h, src/serv.c, src/serv.gaa: Never include
        config.h in *.h files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/m4/hostent.m4, gl/m4/servent.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/override/tests/test-select-out.sh.diff,
        gl/tests/test-select-out.sh: Work around reported bug in gnulib
        self-tests.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, gl/m4/sockets.m4,
        gl/tests/test-select-out.sh, lib/gl/m4/sockets.m4: Update gnulib
        files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * Makefile.am, build-aux/gnupload, gl/m4/getaddrinfo.m4,
        gl/m4/netdb_h.m4, gl/netdb.in.h, gl/tests/sockets.h,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/netdb_h.m4, lib/gl/netdb.in.h,
        lib/gl/sockets.h, lib/gl/tests/Makefile.am,
        libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
        libextra/gl/m4/gnulib-comp.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_auth.c: Make it build.

2008-11-15  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

        * lib/gnutls_auth.c: Corrected memory leak in
        _gnutls_free_auth_info(). Trace and patch by Michael Weiser.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Disable openpgp-keyring when not building
        openpgp.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am: Add -I for libextra too.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * lib/gnutlsxx.cpp: Make it compile with --disable-openpgp.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/resume.c: Fix warning.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * lib/mpi-libgcrypt.c: Don't return from void function.  Reported by
        Jeff Cai <jeff.cai@sun.com> in
        https://savannah.gnu.org/support/?106549

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_int.h, libextra/ext_inner_application.c,
        libextra/gnutls_ia.c: Include gnutls/extra.h at the right places.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * lib/mac-libgcrypt.c: Don't return from void function.  Reported by
        Jeff Cai <jeff.cai@sun.com> in
        https://savannah.gnu.org/support/?106549

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/pkcs12-decode/Makefile.am,
        tests/pkcs12-decode/pkcs12_s2k.c, tests/pkcs12_s2k.c: Move
        pkcs12_s2k.c test to top-level to avoid -I/etc flag duplication.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs12-decode/pkcs12: Test pkcs12_2certs.p12 too.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * tests/pkcs12-decode/Makefile.am: Dist pkcs12_2certs.p12.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Dist README.gaa.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * doc/Makefile.am: Remove README.autoconf.

2008-11-14  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4: Run AC_PROG_CXX only when needed.  Reported by
        Daniel Black <dragonheart@gentoo.org> in
        <https://savannah.gnu.org/support/?106542>.

2008-11-13  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Use more warnings.

2008-11-13  Simon Josefsson <simon@josefsson.org>

        * libextra/gnutls_openssl.c: Fix warning.

2008-11-13  Simon Josefsson <simon@josefsson.org>

        * lib/Makefile.am: Drop incorrect -I.

2008-11-13  Simon Josefsson <simon@josefsson.org>

        * doc/README.gaa: Add.

2008-11-13  Simon Josefsson <simon@josefsson.org>

        * configure.ac, doc/examples/ex-serv-export.c,
        libextra/gnutls_ia.c, src/Makefile.am, src/certtool-gaa.c,
        src/cli-gaa.c, src/crypt-gaa.c, src/psk-gaa.c, src/serv-gaa.c,
        src/tests.c, src/tls_test-gaa.c: Use more warnings.  Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/auth_cert.c, lib/gnutls_mpi.c, lib/gnutls_pk.c,
        lib/mac-libgcrypt.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Add -Werror again, code is fixed.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * doc/examples/Makefile.am: Use warning flags, but not for C++ code.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * tests/Makefile.am, tests/cve-2008-4989.c: Use more warnings.  Fix
        warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * src/Makefile.am, src/certtool-cfg.h, src/certtool-gaa.c: Use more
        warnings.  Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/openpgp/Makefile.am, libextra/Makefile.am,
        libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
        libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4: Use
        more warning flags.  Need extensions in libextra.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_buffers.c, lib/gnutls_extensions.c,
        lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_mpi.c,
        lib/gnutls_x509.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/includes/gnutls/gnutls.h.in: Add prototype for
        gnutls_certificate_set_x509_simple_pkcs12_mem.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/x509/Makefile.am: Use WARN_CFLAGS.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/ext_server_name.c, lib/gnutls_cipher.c,
        lib/gnutls_constate.c, lib/gnutls_extensions.c,
        lib/gnutls_handshake.c, lib/gnutls_record.c,
        lib/gnutls_supplemental.c, lib/gnutls_v2_compat.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * Makefile.am: Build gl/ later.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * cfg.mk: Drop -Werror because gnutls code doesn't compile with it.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/Makefile.am: Disable pointer sign warnings.  Use
        WARN_CFLAGS more.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Better warning flag hangling.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, doc/README.GIT: Drop --enable-developer-mode.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * configure.ac: Remove debug code.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, configure.ac: Use warnings module.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * cfg.mk, configure.ac, gl/m4/gnulib-comp.m4, gl/m4/warnings.m4,
        lib/configure.ac, libextra/configure.ac: Use gnulib warnings module.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * NEWS: Add v2.6.2 entries.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4, lib/m4/output-def.m4: Use output-def.m4.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls.pc.in, libextra/gnutls-extra.pc.in: Add URL fields.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/m4/hooks.m4, lib/m4/linker-script.m4: Fix version script
        detection.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
        lib/m4/linker-script.m4, libextra/configure.ac, m4/valgrind.m4: Use
        external m4 files for shared tests.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * NEWS: Fix.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Frob expected verify status code.  With
        latest verify.c patch it just say the chain is invalid, rather than
        complaining about missing signer certificate.  This is arguable more
        correct.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * lib/x509/verify.c: Remove check of last certificate in path is
        self signed.  Causes crashes further down in the code for
        certificate chains that only contain one self-signed certificate.
        Still protects against the GNUTLS-SA-2008-3 vulnerabillity.
        Reported by Michael Meskes <meskes@debian.org> in
        <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.

2008-11-12  Simon Josefsson <simon@josefsson.org>

        * gl/tests/test-select-out.sh: Comment out broken test.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
        gl/m4/warnings.m4, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/warnings.m4: Update gnulib
        files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * Makefile.am: Need more -I's.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
        lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
        lib/gl/m4/gnulib-comp.m4, lib/gl/m4/warnings.m4: Update gnulib
        files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * gl/Makefile.am, gl/fseeko.c, gl/m4/getaddrinfo.m4,
        gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
        gl/m4/printf.m4, gl/netdb.in.h, gl/tests/test-select-fd.c,
        gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
        lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/netdb_h.m4,
        lib/gl/m4/printf.m4, lib/gl/netdb.in.h: Update gnulib files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Also test chain length of 1 since the
        security patch caused a crash.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * tests/libgcrypt.supp: Add another gcrypt leak.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
        lib/gnutls_global.c: Fix mem leak.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * tests/cve-2008-4989.c: Fix mem leaks.

2008-11-11  Simon Josefsson <simon@josefsson.org>

        * NEWS, tests/Makefile.am, tests/cve-2008-4989.c: Add
        cve-2008-4989.c self-test.

2008-11-10  Simon Josefsson <simon@josefsson.org>

        * gl/tests/gettimeofday.c, gl/tests/test-gettimeofday.c,
        gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
        gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c: Update
        gnulib files.

2008-11-10  Simon Josefsson <simon@josefsson.org>

        * gl/m4/gettimeofday.m4, gl/m4/gnulib-comp.m4,
        gl/m4/sys_ioctl_h.m4, gl/tests/Makefile.am,
        lib/gl/m4/include_next.m4, lib/gl/sys_stat.in.h: Update gnulib
        files.

2008-11-10  Simon Josefsson <simon@josefsson.org>

        * Merge in v2.6.1 fixes.

        -----

        Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010  Free Software
        Foundation, Inc.

        Copying and distribution of this file, with or without
        modification, are permitted provided the copyright notice
        and this notice are preserved.