1 If you want to contribute (implement something from the current list, or
2 anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org),
3 in order to avoid having people working on the same thing.
6 + Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys.
7 * Implement Datagram-TLS (DTLS).
8 * Correct TLS 1.2 support.
9 * Cleanup pkix.asn and remove unused (by the certificate api) structures.
10 That way memory used will be reduced.
11 * Improve or rewrite libtasn1 to make it easier to maintain.
12 * Verify added CRLs (is it really needed?)
13 * Add support for generating empty CRLs
14 * Document the format for the supported DN attributes.
16 - Support OpenSSL encrypted PKCS#1 RSA keys, for compatibility (new
17 applications should use PKCS#8 instead).
18 - Allow verifying of certificates on their reception.
19 - Add gnutls_certificate_set_openpgp_keyring()
20 function, similar to gnutls_certificate_set_openpgp_key().
21 - Add function to extract the signers of an openpgp key. Should
22 be similar to gnutls_x509_crt_get_dn_oid().
23 - Add function to verify an openpgp key against a plain key.
24 - Clean up name space of helper functions in library (memmem,
25 firstElement, bit_mask, ...) for platforms that libtool's
26 -export-symbols-regex doesn't work.
27 - Allow sending V2 Hello messages. It seems that some (old) broken
28 implementations require that.
29 - Add Kerberos ciphersuites
30 - Certificate chain validation improvements:
31 - Implement "correct" DN comparison (instead of memcmp).
32 - Support critical key usage KeyCertSign and cRLSign.
33 - Support path length constraints.
34 - RFC 3280 compliant certificate path validation.
35 - Add progress handler gnutls_{dh,rsa}_params_generate2, to allow
36 application to give progress feedback to user.
37 - Support non-blocking gnutls_{dh,rsa}_params_generate2 for when there
38 is not enough entropy available.
39 - Chain verifications.
40 - Check path length constraints.
41 - Check keyCertSign key usages.
42 - Reject extensions in v1 certificates.
43 - Support for cryptodev (and thus hardware accelerators)
44 - Exhaustive test suite, using NIST's PKI Test vectors,
45 see http://csrc.nist.gov/pki/testing/x509paths_old.html
46 and http://csrc.nist.gov/pki/testing/x509paths.html
47 - Clean up certtool. Perhaps separate the different functions into
48 separate tools. Probably a rewrite is necessary.
49 - Make it possible to extract the internal state of a session, to
50 be able to execve a new process that take over the current
51 living socket (using the fcntl close-on-exec flag) and
52 continue the TLS session as well.
53 - Reduce memory footprint
54 - Inside gnutls_global_init, the library allocates about 64 kb of
55 memory in almost 4000 calls to malloc. On my desktop, there are 22
56 processes using gnutls, meaning about 1.2 MB of memory usage from
58 - Furthermore, gnutls has 24 kb of relocations in the shared
59 library. You can see this on a 2.6.16 kernel by reading
60 /proc/PID/smaps and looking for:
62 b71a5000-b71ab000 rw-p 00062000 03:01 3131118
63 /usr/lib/libgnutls.so.12.3.6
71 This means another 24 kb used by each process that makes use of
73 - Make gnutls-cli-debug exit with better error messages if the
74 handshake fails, rather than saying that the server doesn't support
76 - Make gnutls_certificate_get_ours return a zero-terminated array (or
77 add a new API that return the size of the array).
78 - Debug why www-s.uiuc.edu:443 refuse to negotiate sslv3 when we propose
80 - Investigate why failed client authentication results in weird error
81 messages. See http://permalink.gmane.org/gmane.network.gnutls.general/875
82 - Print X.509 DN in the proper order.
83 - Debug why connections to smtp.hispeed.ch fails (Debian #429183).
84 Most likely the server is buggy, but it would be useful to document
86 - The return value of gnutls_dh_get_prime_bits and probably other get*bits
87 functions' are rounded up on byte level. Fix it.
89 (+) Means high priority
90 (*) Means medium priority
91 (-) Means low priority (ie. nobody is interested to develop that)