diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-03-13 18:17:20 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-03-13 18:17:20 +0100 |
| commit | 35197020ccadc5b74ded4760907970d4c75cb9ef (patch) | |
| tree | c0cf50a49f80546a86224fcc43a1569cb97841cd | |
| parent | b176026d6b53202dd7b32f05ce1f69b1ee93c869 (diff) | |
| download | gnutls-35197020ccadc5b74ded4760907970d4c75cb9ef.tar.gz | |
updated abi-tracking info
18 files changed, 14726 insertions, 435 deletions
diff --git a/abi-tracker/build_logs/gnutls/3.4.1/build b/abi-tracker/build_logs/gnutls/3.4.1/build new file mode 100644 index 0000000000..140cef70c3 --- /dev/null +++ b/abi-tracker/build_logs/gnutls/3.4.1/build @@ -0,0 +1,1727 @@ +checking build system type... x86_64-unknown-linux-gnu +checking host system type... x86_64-unknown-linux-gnu +checking for a BSD-compatible install... /usr/bin/install -c +checking whether build environment is sane... yes +checking for a thread-safe mkdir -p... /bin/mkdir -p +checking for gawk... gawk +checking whether make sets $(MAKE)... yes +checking whether make supports nested variables... yes +checking whether make supports nested variables... (cached) yes +*** +*** Checking for compilation programs... + +checking for pkg-config... /usr/bin/pkg-config +checking pkg-config is at least version 0.9.0... yes +checking for gcc... gcc +checking whether the C compiler works... yes +checking for C compiler default output file name... a.out +checking for suffix of executables... +checking whether we are cross compiling... no +checking for suffix of object files... o +checking whether we are using the GNU C compiler... yes +checking whether gcc accepts -g... yes +checking for gcc option to accept ISO C89... none needed +checking whether gcc understands -c and -o together... yes +checking for style of include used by make... GNU +checking dependency style of gcc... gcc3 +checking how to run the C preprocessor... gcc -E +checking for grep that handles long lines and -e... /bin/grep +checking for egrep... /bin/grep -E +checking for Minix Amsterdam compiler... no +checking for ar... ar +checking for ranlib... ranlib +checking for ANSI C header files... yes +checking for sys/types.h... yes +checking for sys/stat.h... yes +checking for stdlib.h... yes +checking for string.h... yes +checking for memory.h... yes +checking for strings.h... yes +checking for inttypes.h... yes +checking for stdint.h... yes +checking for unistd.h... yes +checking minix/config.h usability... no +checking minix/config.h presence... no +checking for minix/config.h... no +checking whether it is safe to define __EXTENSIONS__... yes +checking whether _XOPEN_SOURCE should be defined... no +checking for _LARGEFILE_SOURCE value needed for large files... no +checking for special C compiler options needed for large files... no +checking for _FILE_OFFSET_BITS value needed for large files... no +checking dependency style of gcc... gcc3 +checking the archiver (ar) interface... ar +checking for g++... g++ +checking whether we are using the GNU C++ compiler... yes +checking whether g++ accepts -g... yes +checking dependency style of g++... gcc3 +checking for bison... bison -y +checking for a sed that does not truncate output... /bin/sed +checking for inline... inline +checking for ANSI C header files... (cached) yes +checking cpuid.h usability... yes +checking cpuid.h presence... yes +checking for cpuid.h... yes +checking for getrandom... no +checking for getentropy... no +checking for NETTLE... yes +checking for HOGWEED... yes +checking for __gmpz_cmp in -lgmp... yes +checking whether to use the included minitasn1... yes +checking whether C99 macros are supported... yes +checking whether to disable DTLS-SRTP extension... no +checking whether to disable ALPN extension... no +checking whether to disable TLS heartbeat support... yes +checking whether to disable SRP authentication support... no +checking whether to disable PSK authentication support... no +checking whether to disable anonymous authentication support... no +checking whether to disable DHE support... no +checking whether to disable ECDHE support... no +checking whether to disable OpenPGP Certificate authentication support... no +checking whether to add cryptodev support... no +checking whether to disable OCSP support... no +checking whether to disable session tickets support... no +checking size of void *... 8 +checking size of long long... 8 +checking size of long... 8 +checking size of int... 4 +checking sys/socket.h usability... yes +checking sys/socket.h presence... yes +checking for sys/socket.h... yes +checking for sys/stat.h... (cached) yes +checking sys/time.h usability... yes +checking sys/time.h presence... yes +checking for sys/time.h... yes +checking for unistd.h... (cached) yes +checking sys/mman.h usability... yes +checking sys/mman.h presence... yes +checking for sys/mman.h... yes +checking netdb.h usability... yes +checking netdb.h presence... yes +checking for netdb.h... yes +checking netinet/in.h usability... yes +checking netinet/in.h presence... yes +checking for netinet/in.h... yes +checking wchar.h usability... yes +checking wchar.h presence... yes +checking for wchar.h... yes +checking for stdint.h... (cached) yes +checking for strings.h... (cached) yes +checking sys/uio.h usability... yes +checking sys/uio.h presence... yes +checking for sys/uio.h... yes +checking features.h usability... yes +checking features.h presence... yes +checking for features.h... yes +checking for inttypes.h... (cached) yes +checking arpa/inet.h usability... yes +checking arpa/inet.h presence... yes +checking for arpa/inet.h... yes +checking stdio_ext.h usability... yes +checking stdio_ext.h presence... yes +checking for stdio_ext.h... yes +checking termios.h usability... yes +checking termios.h presence... yes +checking for termios.h... yes +checking sys/select.h usability... yes +checking sys/select.h presence... yes +checking for sys/select.h... yes +checking for library containing setsockopt... none needed +checking whether to build OpenSSL compatibility layer... no +checking for gtkdoc-check... /usr/bin/gtkdoc-check +checking for gtkdoc-rebase... /usr/bin/gtkdoc-rebase +checking for gtkdoc-mkpdf... /usr/bin/gtkdoc-mkpdf +checking whether to build gtk-doc documentation... no +checking whether NLS is requested... yes +checking for msgfmt... /usr/bin/msgfmt +checking for gmsgfmt... /usr/bin/msgfmt +checking for xgettext... /usr/bin/xgettext +checking for msgmerge... /usr/bin/msgmerge +checking for ld used by GCC... /usr/bin/ld +checking if the linker (/usr/bin/ld) is GNU ld... yes +checking for shared library run path origin... done +checking for CFPreferencesCopyAppValue... no +checking for CFLocaleCopyCurrent... no +checking for GNU gettext in libc... yes +checking whether to use NLS... yes +checking where the gettext function comes from... libc +checking whether byte ordering is bigendian... no +checking for fork... yes +checking for inet_ntop... yes +checking for inet_pton... yes +checking for getrusage... yes +checking for getpwuid_r... yes +checking for nanosleep... yes +checking for daemon... yes +checking for getpid... yes +checking for clock_gettime... yes +checking for iconv... yes +checking for localtime... yes +checking for vasprintf... yes +checking for pthread_atfork... no +checking for __register_atfork... yes +checking for librt... yes +checking how to link with librt... -lrt +checking for pthread_mutex_lock... yes +checking for size_t... yes +checking for working alloca.h... yes +checking for alloca... yes +checking for C/C++ restrict keyword... __restrict +checking whether the preprocessor supports include_next... yes +checking whether system header files limit the line length... no +checking for complete errno.h... yes +checking for _set_invalid_parameter_handler... no +checking for getdelim... yes +checking for gettimeofday... yes +checking for mprotect... yes +checking for snprintf... yes +checking for strndup... yes +checking for localtime_r... yes +checking for vasnprintf... no +checking for shutdown... yes +checking for __fsetlocking... yes +checking for tcgetattr... yes +checking for tcsetattr... yes +checking for nanotime... no +checking for setenv... yes +checking for strdup... yes +checking whether stat file-mode macros are broken... no +checking for mode_t... yes +checking for nlink_t... yes +checking whether fchmodat is declared without a macro... yes +checking whether fstat is declared without a macro... yes +checking whether fstatat is declared without a macro... yes +checking whether futimens is declared without a macro... yes +checking whether lchmod is declared without a macro... yes +checking whether lstat is declared without a macro... yes +checking whether mkdirat is declared without a macro... yes +checking whether mkfifo is declared without a macro... yes +checking whether mkfifoat is declared without a macro... yes +checking whether mknod is declared without a macro... yes +checking whether mknodat is declared without a macro... yes +checking whether stat is declared without a macro... yes +checking whether utimensat is declared without a macro... yes +checking whether stdin defaults to large file offsets... yes +checking for pid_t... yes +checking whether ftello is declared... yes +checking for ftello... yes +checking whether ftello works... yes +checking whether getdelim is declared... yes +checking whether getline is declared... yes +checking for struct timeval... yes +checking for wide-enough struct timeval.tv_sec member... yes +checking whether gettimeofday is declared without a macro... yes +checking whether malloc, realloc, calloc are POSIX compliant... yes +checking for mmap... yes +checking for MAP_ANONYMOUS... yes +checking whether memchr works... yes +checking whether memmem is declared... yes +checking whether <limits.h> defines MIN and MAX... no +checking whether <sys/param.h> defines MIN and MAX... yes +checking whether snprintf returns a byte count as in C99... yes +checking whether snprintf is declared... yes +checking for stdbool.h that conforms to C99... yes +checking for _Bool... yes +checking for wchar_t... yes +checking for long long int... yes +checking for unsigned long long int... yes +checking whether stdint.h conforms to C99... yes +checking whether ffsl is declared without a macro... yes +checking whether ffsll is declared without a macro... yes +checking whether memmem is declared without a macro... yes +checking whether mempcpy is declared without a macro... yes +checking whether memrchr is declared without a macro... yes +checking whether rawmemchr is declared without a macro... yes +checking whether stpcpy is declared without a macro... yes +checking whether stpncpy is declared without a macro... yes +checking whether strchrnul is declared without a macro... yes +checking whether strdup is declared without a macro... yes +checking whether strncat is declared without a macro... yes +checking whether strndup is declared without a macro... yes +checking whether strnlen is declared without a macro... yes +checking whether strpbrk is declared without a macro... yes +checking whether strsep is declared without a macro... yes +checking whether strcasestr is declared without a macro... yes +checking whether strtok_r is declared without a macro... yes +checking whether strerror_r is declared without a macro... yes +checking whether strsignal is declared without a macro... yes +checking whether strverscmp is declared without a macro... yes +checking whether ffs is declared without a macro... yes +checking whether strcasecmp is declared without a macro... yes +checking whether strncasecmp is declared without a macro... yes +checking whether strndup is declared... (cached) yes +checking whether strnlen is declared... (cached) yes +checking whether strtok_r is declared... (cached) yes +checking whether <sys/socket.h> is self-contained... yes +checking for shutdown... (cached) yes +checking whether <sys/socket.h> defines the SHUT_* macros... yes +checking for struct sockaddr_storage... yes +checking for sa_family_t... yes +checking for struct sockaddr_storage.ss_family... yes +checking whether socket is declared without a macro... yes +checking whether connect is declared without a macro... yes +checking whether accept is declared without a macro... yes +checking whether bind is declared without a macro... yes +checking whether getpeername is declared without a macro... yes +checking whether getsockname is declared without a macro... yes +checking whether getsockopt is declared without a macro... yes +checking whether listen is declared without a macro... yes +checking whether recv is declared without a macro... yes +checking whether send is declared without a macro... yes +checking whether recvfrom is declared without a macro... yes +checking whether sendto is declared without a macro... yes +checking whether setsockopt is declared without a macro... yes +checking whether shutdown is declared without a macro... yes +checking whether accept4 is declared without a macro... yes +checking for struct timespec in <time.h>... yes +checking for wint_t... yes +checking for inttypes.h... yes +checking for stdint.h... yes +checking for intmax_t... yes +checking where to find the exponent in a 'double'... word 1 bit 20 +checking for snprintf... (cached) yes +checking for strnlen... yes +checking for wcslen... yes +checking for wcsnlen... yes +checking for mbrtowc... yes +checking for wcrtomb... yes +checking whether _snprintf is declared... no +checking whether vsnprintf is declared... yes +checking whether <wchar.h> uses 'inline' correctly... yes +checking for working fcntl.h... yes +checking whether ungetc works on arbitrary bytes... yes +checking whether imaxabs is declared without a macro... yes +checking whether imaxdiv is declared without a macro... yes +checking whether strtoimax is declared without a macro... yes +checking whether strtoumax is declared without a macro... yes +checking for inttypes.h... (cached) yes +checking whether the inttypes.h PRIxNN macros are broken... no +checking for alloca as a compiler built-in... yes +checking byteswap.h usability... yes +checking byteswap.h presence... yes +checking for byteswap.h... yes +checking whether conversion from 'int' to 'long double' works... yes +checking for ftello... (cached) yes +checking whether ftello works... (cached) yes +checking whether __func__ is available... yes +checking for working getdelim function... yes +checking for getline... yes +checking for working getline function... yes +checking whether gettimeofday clobbers localtime buffer... no +checking for gettimeofday with POSIX signature... almost +checking for iconv... yes +checking for working iconv... yes +checking for iconv declaration... + extern size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); +checking if gcc/ld supports -Wl,--output-def... no +checking if LD -Wl,--version-script works... yes +checking whether lseek detects pipes... yes +checking for memmem... yes +checking whether memmem works... yes +checking whether getaddrinfo is declared without a macro... yes +checking whether freeaddrinfo is declared without a macro... yes +checking whether gai_strerror is declared without a macro... yes +checking whether getnameinfo is declared without a macro... yes +checking whether <netinet/in.h> is self-contained... yes +checking for pmccabe... false +checking for stdint.h... (cached) yes +checking for SIZE_MAX... yes +checking for snprintf... (cached) yes +checking whether snprintf respects a size of 1... yes +checking whether printf supports POSIX/XSI format strings with positions... yes +checking for socklen_t... yes +checking for ssize_t... yes +checking for working stdalign.h... yes +checking for max_align_t... yes +checking whether NULL can be used in arbitrary expressions... yes +checking whether inttypes macros match system or gnu printf... system +checking whether dprintf is declared without a macro... yes +checking whether fpurge is declared without a macro... no +checking whether fseeko is declared without a macro... yes +checking whether ftello is declared without a macro... yes +checking whether getdelim is declared without a macro... yes +checking whether getline is declared without a macro... yes +checking whether gets is declared without a macro... no +checking whether pclose is declared without a macro... yes +checking whether popen is declared without a macro... yes +checking whether renameat is declared without a macro... yes +checking whether snprintf is declared without a macro... yes +checking whether tmpfile is declared without a macro... yes +checking whether vdprintf is declared without a macro... yes +checking whether vsnprintf is declared without a macro... yes +checking whether _Exit is declared without a macro... yes +checking whether atoll is declared without a macro... yes +checking whether canonicalize_file_name is declared without a macro... yes +checking whether getloadavg is declared without a macro... yes +checking whether getsubopt is declared without a macro... yes +checking whether grantpt is declared without a macro... yes +checking whether initstate is declared without a macro... yes +checking whether initstate_r is declared without a macro... yes +checking whether mkdtemp is declared without a macro... yes +checking whether mkostemp is declared without a macro... yes +checking whether mkostemps is declared without a macro... yes +checking whether mkstemp is declared without a macro... yes +checking whether mkstemps is declared without a macro... yes +checking whether posix_openpt is declared without a macro... yes +checking whether ptsname is declared without a macro... yes +checking whether ptsname_r is declared without a macro... yes +checking whether random is declared without a macro... yes +checking whether random_r is declared without a macro... yes +checking whether realpath is declared without a macro... yes +checking whether rpmatch is declared without a macro... yes +checking whether secure_getenv is declared without a macro... yes +checking whether setenv is declared without a macro... yes +checking whether setstate is declared without a macro... yes +checking whether setstate_r is declared without a macro... yes +checking whether srandom is declared without a macro... yes +checking whether srandom_r is declared without a macro... yes +checking whether strtod is declared without a macro... yes +checking whether strtoll is declared without a macro... yes +checking whether strtoull is declared without a macro... yes +checking whether unlockpt is declared without a macro... yes +checking whether unsetenv is declared without a macro... yes +checking for strcasecmp... yes +checking for strncasecmp... yes +checking whether strncasecmp is declared... (cached) yes +checking for working strndup... yes +checking for working strnlen... yes +checking for strtok_r... yes +checking whether strtok_r works... yes +checking for strverscmp... yes +checking for nlink_t... (cached) yes +checking whether fchmodat is declared without a macro... (cached) yes +checking whether fstat is declared without a macro... (cached) yes +checking whether fstatat is declared without a macro... (cached) yes +checking whether futimens is declared without a macro... (cached) yes +checking whether lchmod is declared without a macro... (cached) yes +checking whether lstat is declared without a macro... (cached) yes +checking whether mkdirat is declared without a macro... (cached) yes +checking whether mkfifo is declared without a macro... (cached) yes +checking whether mkfifoat is declared without a macro... (cached) yes +checking whether mknod is declared without a macro... (cached) yes +checking whether mknodat is declared without a macro... (cached) yes +checking whether stat is declared without a macro... (cached) yes +checking whether utimensat is declared without a macro... (cached) yes +checking whether localtime_r is declared... yes +checking whether localtime_r is compatible with its POSIX signature... yes +checking whether chdir is declared without a macro... yes +checking whether chown is declared without a macro... yes +checking whether dup is declared without a macro... yes +checking whether dup2 is declared without a macro... yes +checking whether dup3 is declared without a macro... yes +checking whether environ is declared without a macro... yes +checking whether euidaccess is declared without a macro... yes +checking whether faccessat is declared without a macro... yes +checking whether fchdir is declared without a macro... yes +checking whether fchownat is declared without a macro... yes +checking whether fdatasync is declared without a macro... yes +checking whether fsync is declared without a macro... yes +checking whether ftruncate is declared without a macro... yes +checking whether getcwd is declared without a macro... yes +checking whether getdomainname is declared without a macro... yes +checking whether getdtablesize is declared without a macro... yes +checking whether getgroups is declared without a macro... yes +checking whether gethostname is declared without a macro... yes +checking whether getlogin is declared without a macro... yes +checking whether getlogin_r is declared without a macro... yes +checking whether getpagesize is declared without a macro... yes +checking whether getusershell is declared without a macro... yes +checking whether setusershell is declared without a macro... yes +checking whether endusershell is declared without a macro... yes +checking whether group_member is declared without a macro... yes +checking whether isatty is declared without a macro... yes +checking whether lchown is declared without a macro... yes +checking whether link is declared without a macro... yes +checking whether linkat is declared without a macro... yes +checking whether lseek is declared without a macro... yes +checking whether pipe is declared without a macro... yes +checking whether pipe2 is declared without a macro... yes +checking whether pread is declared without a macro... yes +checking whether pwrite is declared without a macro... yes +checking whether readlink is declared without a macro... yes +checking whether readlinkat is declared without a macro... yes +checking whether rmdir is declared without a macro... yes +checking whether sethostname is declared without a macro... yes +checking whether sleep is declared without a macro... yes +checking whether symlink is declared without a macro... yes +checking whether symlinkat is declared without a macro... yes +checking whether ttyname_r is declared without a macro... yes +checking whether unlink is declared without a macro... yes +checking whether unlinkat is declared without a macro... yes +checking whether usleep is declared without a macro... yes +checking for valgrind... valgrind +checking whether self tests are run under valgrind... yes +checking for ptrdiff_t... yes +checking for vasprintf... (cached) yes +checking for vsnprintf... yes +checking whether snprintf respects a size of 1... (cached) yes +checking whether printf supports POSIX/XSI format strings with positions... (cached) yes +checking whether btowc is declared without a macro... yes +checking whether wctob is declared without a macro... yes +checking whether mbsinit is declared without a macro... yes +checking whether mbrtowc is declared without a macro... yes +checking whether mbrlen is declared without a macro... yes +checking whether mbsrtowcs is declared without a macro... yes +checking whether mbsnrtowcs is declared without a macro... yes +checking whether wcrtomb is declared without a macro... yes +checking whether wcsrtombs is declared without a macro... yes +checking whether wcsnrtombs is declared without a macro... yes +checking whether wcwidth is declared without a macro... yes +checking whether wmemchr is declared without a macro... yes +checking whether wmemcmp is declared without a macro... yes +checking whether wmemcpy is declared without a macro... yes +checking whether wmemmove is declared without a macro... yes +checking whether wmemset is declared without a macro... yes +checking whether wcslen is declared without a macro... yes +checking whether wcsnlen is declared without a macro... yes +checking whether wcscpy is declared without a macro... yes +checking whether wcpcpy is declared without a macro... yes +checking whether wcsncpy is declared without a macro... yes +checking whether wcpncpy is declared without a macro... yes +checking whether wcscat is declared without a macro... yes +checking whether wcsncat is declared without a macro... yes +checking whether wcscmp is declared without a macro... yes +checking whether wcsncmp is declared without a macro... yes +checking whether wcscasecmp is declared without a macro... yes +checking whether wcsncasecmp is declared without a macro... yes +checking whether wcscoll is declared without a macro... yes +checking whether wcsxfrm is declared without a macro... yes +checking whether wcsdup is declared without a macro... yes +checking whether wcschr is declared without a macro... yes +checking whether wcsrchr is declared without a macro... yes +checking whether wcscspn is declared without a macro... yes +checking whether wcsspn is declared without a macro... yes +checking whether wcspbrk is declared without a macro... yes +checking whether wcsstr is declared without a macro... yes +checking whether wcstok is declared without a macro... yes +checking whether wcswidth is declared without a macro... yes +checking for stdint.h... (cached) yes +checking whether fcntl is declared without a macro... yes +checking whether openat is declared without a macro... yes +checking whether fdopen sets errno... yes +checking for getpagesize... yes +checking whether getpagesize is declared... (cached) yes +checking whether INT32_MAX < INTMAX_MAX... yes +checking whether INT64_MAX == LONG_MAX... yes +checking whether UINT32_MAX < UINTMAX_MAX... yes +checking whether UINT64_MAX == ULONG_MAX... yes +checking for mmap... (cached) yes +checking for MAP_ANONYMOUS... yes +checking for mmap... (cached) yes +checking for MAP_ANONYMOUS... yes +checking for valgrind... (cached) valgrind +checking whether self tests are run under valgrind... yes +checking if environ is properly declared... yes +checking whether strerror_r is declared... (cached) yes +checking for strerror_r... yes +checking whether strerror_r returns char *... yes +checking whether fseeko is declared... (cached) yes +checking for fseeko... yes +checking for library containing gethostbyname... none required +checking for gethostbyname... yes +checking for library containing getservbyname... none required +checking for getservbyname... yes +checking for library containing inet_ntop... none required +checking whether inet_ntop is declared... yes +checking for IPv4 sockets... yes +checking for IPv6 sockets... yes +checking whether getpass is declared... yes +checking whether fflush_unlocked is declared... yes +checking whether flockfile is declared... yes +checking whether fputs_unlocked is declared... yes +checking whether funlockfile is declared... yes +checking whether putc_unlocked is declared... yes +checking for stdlib.h... (cached) yes +checking for GNU libc compatible malloc... yes +checking whether alarm is declared... yes +checking for compound literals... yes +checking whether struct tm is in sys/time.h or time.h... time.h +checking for struct tm.tm_gmtoff... yes +checking whether <sys/select.h> is self-contained... yes +checking whether pselect is declared without a macro... yes +checking whether select is declared without a macro... yes +checking whether setenv is declared... (cached) yes +checking search.h usability... yes +checking search.h presence... yes +checking for search.h... yes +checking for tsearch... yes +checking for sigset_t... yes +checking for uid_t in sys/types.h... yes +checking whether strdup is declared... (cached) yes +checking whether strerror(0) succeeds... yes +checking whether unsetenv is declared... (cached) yes +checking for alloca as a compiler built-in... (cached) yes +checking whether inet_ntop is declared without a macro... yes +checking whether inet_pton is declared without a macro... yes +checking for library containing clock_gettime... none required +checking for clock_gettime... (cached) yes +checking for clock_settime... yes +checking whether dup2 works... yes +checking for error_at_line... yes +checking whether conversion from 'int' to 'long double' works... (cached) yes +checking for fseeko... (cached) yes +checking for ftello... (cached) yes +checking whether ftello works... (cached) yes +configure: checking how to do getaddrinfo, freeaddrinfo and getnameinfo +checking for library containing getaddrinfo... none required +checking for getaddrinfo... yes +checking whether gai_strerror is declared... (cached) yes +checking whether gai_strerrorA is declared... no +checking for gai_strerror with POSIX signature... yes +checking for struct sockaddr.sa_len... no +checking whether getaddrinfo is declared... (cached) yes +checking whether freeaddrinfo is declared... (cached) yes +checking whether getnameinfo is declared... (cached) yes +checking for struct addrinfo... yes +checking for working getdelim function... (cached) yes +checking for getline... (cached) yes +checking for working getline function... (cached) yes +checking for getpass... yes +checking whether gettimeofday clobbers localtime buffer... (cached) no +checking for gettimeofday with POSIX signature... (cached) almost +checking for library containing gethostbyname... (cached) none required +checking for gethostbyname... (cached) yes +checking for library containing inet_ntop... (cached) none required +checking whether inet_ntop is declared... (cached) yes +checking for library containing inet_pton... none required +checking whether inet_pton is declared... (cached) yes +checking whether lseek detects pipes... (cached) yes +checking for working mktime... yes +checking whether getaddrinfo is declared without a macro... (cached) yes +checking whether freeaddrinfo is declared without a macro... (cached) yes +checking whether gai_strerror is declared without a macro... (cached) yes +checking whether getnameinfo is declared without a macro... (cached) yes +checking whether <netinet/in.h> is self-contained... (cached) yes +checking for struct tm.tm_zone... yes +checking whether program_invocation_name is declared... yes +checking whether program_invocation_short_name is declared... yes +checking whether select supports a 0 argument... yes +checking whether select detects invalid fds... yes +checking for library containing getservbyname... (cached) none required +checking for getservbyname... (cached) yes +checking whether setenv validates arguments... yes +checking for volatile sig_atomic_t... yes +checking for sighandler_t... yes +checking whether pthread_sigmask is declared without a macro... yes +checking whether sigaction is declared without a macro... yes +checking whether sigaddset is declared without a macro... yes +checking whether sigdelset is declared without a macro... yes +checking whether sigemptyset is declared without a macro... yes +checking whether sigfillset is declared without a macro... yes +checking whether sigismember is declared without a macro... yes +checking whether sigpending is declared without a macro... yes +checking whether sigprocmask is declared without a macro... yes +checking for stdint.h... (cached) yes +checking for SIZE_MAX... (cached) yes +checking for snprintf... (cached) yes +checking whether snprintf respects a size of 1... (cached) yes +checking whether printf supports POSIX/XSI format strings with positions... (cached) yes +checking for socklen_t... (cached) yes +checking for ssize_t... (cached) yes +checking for working stdalign.h... (cached) yes +checking for max_align_t... (cached) yes +checking whether NULL can be used in arbitrary expressions... (cached) yes +checking whether inttypes macros match system or gnu printf... (cached) system +checking whether dprintf is declared without a macro... (cached) yes +checking whether fpurge is declared without a macro... (cached) no +checking whether fseeko is declared without a macro... (cached) yes +checking whether ftello is declared without a macro... (cached) yes +checking whether getdelim is declared without a macro... (cached) yes +checking whether getline is declared without a macro... (cached) yes +checking whether gets is declared without a macro... (cached) no +checking whether pclose is declared without a macro... (cached) yes +checking whether popen is declared without a macro... (cached) yes +checking whether renameat is declared without a macro... (cached) yes +checking whether snprintf is declared without a macro... (cached) yes +checking whether tmpfile is declared without a macro... (cached) yes +checking whether vdprintf is declared without a macro... (cached) yes +checking whether vsnprintf is declared without a macro... (cached) yes +checking whether _Exit is declared without a macro... (cached) yes +checking whether atoll is declared without a macro... (cached) yes +checking whether canonicalize_file_name is declared without a macro... (cached) yes +checking whether getloadavg is declared without a macro... (cached) yes +checking whether getsubopt is declared without a macro... (cached) yes +checking whether grantpt is declared without a macro... (cached) yes +checking whether initstate is declared without a macro... (cached) yes +checking whether initstate_r is declared without a macro... (cached) yes +checking whether mkdtemp is declared without a macro... (cached) yes +checking whether mkostemp is declared without a macro... (cached) yes +checking whether mkostemps is declared without a macro... (cached) yes +checking whether mkstemp is declared without a macro... (cached) yes +checking whether mkstemps is declared without a macro... (cached) yes +checking whether posix_openpt is declared without a macro... (cached) yes +checking whether ptsname is declared without a macro... (cached) yes +checking whether ptsname_r is declared without a macro... (cached) yes +checking whether random is declared without a macro... (cached) yes +checking whether random_r is declared without a macro... (cached) yes +checking whether realpath is declared without a macro... (cached) yes +checking whether rpmatch is declared without a macro... (cached) yes +checking whether secure_getenv is declared without a macro... (cached) yes +checking whether setenv is declared without a macro... (cached) yes +checking whether setstate is declared without a macro... (cached) yes +checking whether setstate_r is declared without a macro... (cached) yes +checking whether srandom is declared without a macro... (cached) yes +checking whether srandom_r is declared without a macro... (cached) yes +checking whether strtod is declared without a macro... (cached) yes +checking whether strtoll is declared without a macro... (cached) yes +checking whether strtoull is declared without a macro... (cached) yes +checking whether unlockpt is declared without a macro... (cached) yes +checking whether unsetenv is declared without a macro... (cached) yes +checking for working strerror function... yes +checking whether <sys/select.h> is self-contained... (cached) yes +checking whether pselect is declared without a macro... (cached) yes +checking whether select is declared without a macro... (cached) yes +checking for nlink_t... (cached) yes +checking whether fchmodat is declared without a macro... (cached) yes +checking whether fstat is declared without a macro... (cached) yes +checking whether fstatat is declared without a macro... (cached) yes +checking whether futimens is declared without a macro... (cached) yes +checking whether lchmod is declared without a macro... (cached) yes +checking whether lstat is declared without a macro... (cached) yes +checking whether mkdirat is declared without a macro... (cached) yes +checking whether mkfifo is declared without a macro... (cached) yes +checking whether mkfifoat is declared without a macro... (cached) yes +checking whether mknod is declared without a macro... (cached) yes +checking whether mknodat is declared without a macro... (cached) yes +checking whether stat is declared without a macro... (cached) yes +checking whether utimensat is declared without a macro... (cached) yes +checking whether localtime_r is declared... (cached) yes +checking whether localtime_r is compatible with its POSIX signature... (cached) yes +checking whether chdir is declared without a macro... (cached) yes +checking whether chown is declared without a macro... (cached) yes +checking whether dup is declared without a macro... (cached) yes +checking whether dup2 is declared without a macro... (cached) yes +checking whether dup3 is declared without a macro... (cached) yes +checking whether environ is declared without a macro... (cached) yes +checking whether euidaccess is declared without a macro... (cached) yes +checking whether faccessat is declared without a macro... (cached) yes +checking whether fchdir is declared without a macro... (cached) yes +checking whether fchownat is declared without a macro... (cached) yes +checking whether fdatasync is declared without a macro... (cached) yes +checking whether fsync is declared without a macro... (cached) yes +checking whether ftruncate is declared without a macro... (cached) yes +checking whether getcwd is declared without a macro... (cached) yes +checking whether getdomainname is declared without a macro... (cached) yes +checking whether getdtablesize is declared without a macro... (cached) yes +checking whether getgroups is declared without a macro... (cached) yes +checking whether gethostname is declared without a macro... (cached) yes +checking whether getlogin is declared without a macro... (cached) yes +checking whether getlogin_r is declared without a macro... (cached) yes +checking whether getpagesize is declared without a macro... (cached) yes +checking whether getusershell is declared without a macro... (cached) yes +checking whether setusershell is declared without a macro... (cached) yes +checking whether endusershell is declared without a macro... (cached) yes +checking whether group_member is declared without a macro... (cached) yes +checking whether isatty is declared without a macro... (cached) yes +checking whether lchown is declared without a macro... (cached) yes +checking whether link is declared without a macro... (cached) yes +checking whether linkat is declared without a macro... (cached) yes +checking whether lseek is declared without a macro... (cached) yes +checking whether pipe is declared without a macro... (cached) yes +checking whether pipe2 is declared without a macro... (cached) yes +checking whether pread is declared without a macro... (cached) yes +checking whether pwrite is declared without a macro... (cached) yes +checking whether readlink is declared without a macro... (cached) yes +checking whether readlinkat is declared without a macro... (cached) yes +checking whether rmdir is declared without a macro... (cached) yes +checking whether sethostname is declared without a macro... (cached) yes +checking whether sleep is declared without a macro... (cached) yes +checking whether symlink is declared without a macro... (cached) yes +checking whether symlinkat is declared without a macro... (cached) yes +checking whether ttyname_r is declared without a macro... (cached) yes +checking whether unlink is declared without a macro... (cached) yes +checking whether unlinkat is declared without a macro... (cached) yes +checking whether usleep is declared without a macro... (cached) yes +checking for unsetenv... yes +checking for unsetenv() return type... int +checking whether unsetenv obeys POSIX... yes +checking for ptrdiff_t... (cached) yes +checking whether btowc is declared without a macro... (cached) yes +checking whether wctob is declared without a macro... (cached) yes +checking whether mbsinit is declared without a macro... (cached) yes +checking whether mbrtowc is declared without a macro... (cached) yes +checking whether mbrlen is declared without a macro... (cached) yes +checking whether mbsrtowcs is declared without a macro... (cached) yes +checking whether mbsnrtowcs is declared without a macro... (cached) yes +checking whether wcrtomb is declared without a macro... (cached) yes +checking whether wcsrtombs is declared without a macro... (cached) yes +checking whether wcsnrtombs is declared without a macro... (cached) yes +checking whether wcwidth is declared without a macro... (cached) yes +checking whether wmemchr is declared without a macro... (cached) yes +checking whether wmemcmp is declared without a macro... (cached) yes +checking whether wmemcpy is declared without a macro... (cached) yes +checking whether wmemmove is declared without a macro... (cached) yes +checking whether wmemset is declared without a macro... (cached) yes +checking whether wcslen is declared without a macro... (cached) yes +checking whether wcsnlen is declared without a macro... (cached) yes +checking whether wcscpy is declared without a macro... (cached) yes +checking whether wcpcpy is declared without a macro... (cached) yes +checking whether wcsncpy is declared without a macro... (cached) yes +checking whether wcpncpy is declared without a macro... (cached) yes +checking whether wcscat is declared without a macro... (cached) yes +checking whether wcsncat is declared without a macro... (cached) yes +checking whether wcscmp is declared without a macro... (cached) yes +checking whether wcsncmp is declared without a macro... (cached) yes +checking whether wcscasecmp is declared without a macro... (cached) yes +checking whether wcsncasecmp is declared without a macro... (cached) yes +checking whether wcscoll is declared without a macro... (cached) yes +checking whether wcsxfrm is declared without a macro... (cached) yes +checking whether wcsdup is declared without a macro... (cached) yes +checking whether wcschr is declared without a macro... (cached) yes +checking whether wcsrchr is declared without a macro... (cached) yes +checking whether wcscspn is declared without a macro... (cached) yes +checking whether wcsspn is declared without a macro... (cached) yes +checking whether wcspbrk is declared without a macro... (cached) yes +checking whether wcsstr is declared without a macro... (cached) yes +checking whether wcstok is declared without a macro... (cached) yes +checking whether wcswidth is declared without a macro... (cached) yes +checking for stdint.h... (cached) yes +checking whether C compiler handles -Werror -Wunknown-warning-option... no +checking whether C compiler handles -Wframe-larger-than=2048... yes +checking whether -Wno-missing-field-initializers is supported... yes +checking whether -Wno-missing-field-initializers is needed... no +checking whether -Wuninitialized is supported... yes +checking whether C compiler handles -W... yes +checking whether C compiler handles -Wabi... yes +checking whether C compiler handles -Waddress... yes +checking whether C compiler handles -Waggressive-loop-optimizations... yes +checking whether C compiler handles -Wall... yes +checking whether C compiler handles -Warray-bounds... yes +checking whether C compiler handles -Wattributes... yes +checking whether C compiler handles -Wbad-function-cast... yes +checking whether C compiler handles -Wbuiltin-macro-redefined... yes +checking whether C compiler handles -Wcast-align... yes +checking whether C compiler handles -Wchar-subscripts... yes +checking whether C compiler handles -Wclobbered... yes +checking whether C compiler handles -Wcomment... yes +checking whether C compiler handles -Wcomments... yes +checking whether C compiler handles -Wcoverage-mismatch... yes +checking whether C compiler handles -Wcpp... yes +checking whether C compiler handles -Wdate-time... yes +checking whether C compiler handles -Wdeprecated... yes +checking whether C compiler handles -Wdeprecated-declarations... yes +checking whether C compiler handles -Wdisabled-optimization... yes +checking whether C compiler handles -Wdiv-by-zero... yes +checking whether C compiler handles -Wdouble-promotion... yes +checking whether C compiler handles -Wempty-body... yes +checking whether C compiler handles -Wendif-labels... yes +checking whether C compiler handles -Wenum-compare... yes +checking whether C compiler handles -Wextra... yes +checking whether C compiler handles -Wformat-contains-nul... yes +checking whether C compiler handles -Wformat-extra-args... yes +checking whether C compiler handles -Wformat-security... yes +checking whether C compiler handles -Wformat-zero-length... yes +checking whether C compiler handles -Wfree-nonheap-object... yes +checking whether C compiler handles -Wignored-qualifiers... yes +checking whether C compiler handles -Wimplicit... yes +checking whether C compiler handles -Wimplicit-function-declaration... yes +checking whether C compiler handles -Wimplicit-int... yes +checking whether C compiler handles -Winit-self... yes +checking whether C compiler handles -Wint-to-pointer-cast... yes +checking whether C compiler handles -Winvalid-memory-model... yes +checking whether C compiler handles -Winvalid-pch... yes +checking whether C compiler handles -Wjump-misses-init... yes +checking whether C compiler handles -Wlogical-op... yes +checking whether C compiler handles -Wmain... yes +checking whether C compiler handles -Wmaybe-uninitialized... yes +checking whether C compiler handles -Wmissing-braces... yes +checking whether C compiler handles -Wmissing-declarations... yes +checking whether C compiler handles -Wmissing-field-initializers... yes +checking whether C compiler handles -Wmissing-include-dirs... yes +checking whether C compiler handles -Wmissing-parameter-type... yes +checking whether C compiler handles -Wmissing-prototypes... yes +checking whether C compiler handles -Wmultichar... yes +checking whether C compiler handles -Wnarrowing... yes +checking whether C compiler handles -Wnested-externs... yes +checking whether C compiler handles -Wnonnull... yes +checking whether C compiler handles -Wold-style-declaration... yes +checking whether C compiler handles -Wold-style-definition... yes +checking whether C compiler handles -Wopenmp-simd... yes +checking whether C compiler handles -Woverflow... yes +checking whether C compiler handles -Woverride-init... yes +checking whether C compiler handles -Wpacked... yes +checking whether C compiler handles -Wpacked-bitfield-compat... yes +checking whether C compiler handles -Wparentheses... yes +checking whether C compiler handles -Wpointer-arith... yes +checking whether C compiler handles -Wpointer-sign... yes +checking whether C compiler handles -Wpointer-to-int-cast... yes +checking whether C compiler handles -Wpragmas... yes +checking whether C compiler handles -Wreturn-local-addr... yes +checking whether C compiler handles -Wreturn-type... yes +checking whether C compiler handles -Wsequence-point... yes +checking whether C compiler handles -Wshadow... yes +checking whether C compiler handles -Wsizeof-pointer-memaccess... yes +checking whether C compiler handles -Wstrict-aliasing... yes +checking whether C compiler handles -Wstrict-prototypes... yes +checking whether C compiler handles -Wsuggest-attribute=format... yes +checking whether C compiler handles -Wswitch... yes +checking whether C compiler handles -Wsync-nand... yes +checking whether C compiler handles -Wtrampolines... yes +checking whether C compiler handles -Wtrigraphs... yes +checking whether C compiler handles -Wtype-limits... yes +checking whether C compiler handles -Wuninitialized... yes +checking whether C compiler handles -Wunknown-pragmas... yes +checking whether C compiler handles -Wunsafe-loop-optimizations... yes +checking whether C compiler handles -Wunused... yes +checking whether C compiler handles -Wunused-but-set-parameter... yes +checking whether C compiler handles -Wunused-but-set-variable... yes +checking whether C compiler handles -Wunused-function... yes +checking whether C compiler handles -Wunused-label... yes +checking whether C compiler handles -Wunused-local-typedefs... yes +checking whether C compiler handles -Wunused-macros... yes +checking whether C compiler handles -Wunused-parameter... yes +checking whether C compiler handles -Wunused-result... yes +checking whether C compiler handles -Wunused-value... yes +checking whether C compiler handles -Wunused-variable... yes +checking whether C compiler handles -Wvarargs... yes +checking whether C compiler handles -Wvariadic-macros... yes +checking whether C compiler handles -Wvector-operation-performance... yes +checking whether C compiler handles -Wvolatile-register-var... yes +checking whether C compiler handles -Wwrite-strings... yes +checking whether C compiler handles -Wnormalized=nfc... yes +checking whether C compiler handles -Wno-missing-field-initializers... yes +checking whether C compiler handles -Wno-format-y2k... yes +checking whether C compiler handles -Wno-unused-value... yes +checking whether C compiler handles -Wno-unused-result... yes +checking whether C compiler handles -Wno-unused-parameter... yes +checking whether C compiler handles -Wno-stack-protector... yes +checking whether C compiler handles -Wno-int-to-pointer-cast... yes +checking whether C compiler handles -fdiagnostics-show-option... yes +checking whether ln -s works... yes +checking how to print strings... printf +checking for a sed that does not truncate output... (cached) /bin/sed +checking for fgrep... /bin/grep -F +checking for ld used by gcc... /usr/bin/ld +checking if the linker (/usr/bin/ld) is GNU ld... yes +checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B +checking the name lister (/usr/bin/nm -B) interface... BSD nm +checking the maximum length of command line arguments... 1572864 +checking whether the shell understands some XSI constructs... yes +checking whether the shell understands "+="... yes +checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop +checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop +checking for /usr/bin/ld option to reload object files... -r +checking for objdump... objdump +checking how to recognize dependent libraries... pass_all +checking for dlltool... no +checking how to associate runtime and link libraries... printf %s\n +checking for archiver @FILE support... @ +checking for strip... strip +checking for ranlib... (cached) ranlib +checking command to parse /usr/bin/nm -B output from gcc object... ok +checking for sysroot... no +checking for mt... mt +checking if mt is a manifest tool... no +checking for dlfcn.h... yes +checking for objdir... .libs +checking if gcc supports -fno-rtti -fno-exceptions... yes +checking for gcc option to produce PIC... -fPIC -DPIC +checking if gcc PIC flag -fPIC -DPIC works... yes +checking if gcc static flag -static works... yes +checking if gcc supports -c -o file.o... yes +checking if gcc supports -c -o file.o... (cached) yes +checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking whether -lc should be explicitly linked in... no +checking dynamic linker characteristics... GNU/Linux ld.so +checking how to hardcode library paths into programs... immediate +checking whether stripping libraries is possible... yes +checking if libtool supports shared libraries... yes +checking whether to build shared libraries... yes +checking whether to build static libraries... no +checking how to run the C++ preprocessor... g++ -E +checking for ld used by g++... /usr/bin/ld -m elf_x86_64 +checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes +checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking for g++ option to produce PIC... -fPIC -DPIC +checking if g++ PIC flag -fPIC -DPIC works... yes +checking if g++ static flag -static works... yes +checking if g++ supports -c -o file.o... yes +checking if g++ supports -c -o file.o... (cached) yes +checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking dynamic linker characteristics... (cached) GNU/Linux ld.so +checking how to hardcode library paths into programs... immediate +checking for LIBIDN... yes +checking whether to build libdane... no +checking for tss library... yes +checking for working stdnoreturn.h... yes +checking for ssize_t... yes +checking size of unsigned long int... 8 +checking size of unsigned int... 4 +checking whether to include zlib compression support... yes +checking for libz... yes +checking how to link with libz... -lz +checking whether building Guile bindings... no +*** +*** Checking dependencies for crywrap... + +checking for arpa/inet.h... (cached) yes +checking for netinet/in.h... (cached) yes +checking for sys/select.h... (cached) yes +checking for sys/types.h... (cached) yes +checking sys/wait.h usability... yes +checking sys/wait.h presence... yes +checking for sys/wait.h... yes +checking return type of signal handlers... void +checking for sys/select.h... (cached) yes +checking for sys/socket.h... (cached) yes +checking types of arguments for select... int,fd_set *,struct timeval * +checking for alarm... yes +checking for atexit... yes +checking for dup2... yes +checking for epoll_create... yes +checking for kqueue... no +checking for memchr... yes +checking for memset... yes +checking for munmap... yes +checking for putenv... yes +checking for regcomp... yes +checking for scandir... yes +checking for select... yes +checking for socket... yes +checking for strcasecmp... (cached) yes +checking for strchr... yes +checking for strdup... (cached) yes +checking for strerror... yes +checking for strncasecmp... (cached) yes +checking for strrchr... yes +checking for strstr... yes +checking for strtoul... yes +checking for uname... yes +checking for argp_usage... yes +checking that generated files are newer than configure... done +configure: creating ./config.status +config.status: creating guile/pre-inst-guile +config.status: creating Makefile +config.status: creating doc/Makefile +config.status: creating doc/credentials/Makefile +config.status: creating doc/credentials/openpgp/Makefile +config.status: creating doc/credentials/srp/Makefile +config.status: creating doc/credentials/x509/Makefile +config.status: creating doc/cyclo/Makefile +config.status: creating doc/doxygen/Doxyfile +config.status: creating doc/examples/Makefile +config.status: creating doc/latex/Makefile +config.status: creating doc/manpages/Makefile +config.status: creating doc/reference/Makefile +config.status: creating doc/reference/version.xml +config.status: creating doc/scripts/Makefile +config.status: creating extra/Makefile +config.status: creating extra/includes/Makefile +config.status: creating libdane/Makefile +config.status: creating libdane/includes/Makefile +config.status: creating libdane/gnutls-dane.pc +config.status: creating gl/Makefile +config.status: creating gl/tests/Makefile +config.status: creating guile/Makefile +config.status: creating guile/modules/Makefile +config.status: creating guile/src/Makefile +config.status: creating guile/tests/Makefile +config.status: creating lib/Makefile +config.status: creating lib/accelerated/Makefile +config.status: creating lib/accelerated/x86/Makefile +config.status: creating lib/algorithms/Makefile +config.status: creating lib/auth/Makefile +config.status: creating lib/ext/Makefile +config.status: creating lib/extras/Makefile +config.status: creating lib/gnutls.pc +config.status: creating lib/includes/Makefile +config.status: creating lib/includes/gnutls/gnutls.h +config.status: creating lib/minitasn1/Makefile +config.status: creating lib/nettle/Makefile +config.status: creating lib/opencdk/Makefile +config.status: creating lib/openpgp/Makefile +config.status: creating lib/x509/Makefile +config.status: creating po/Makefile.in +config.status: creating src/Makefile +config.status: creating src/crywrap/Makefile +config.status: creating src/gl/Makefile +config.status: creating tests/Makefile +config.status: creating tests/cert-tests/Makefile +config.status: creating tests/dsa/Makefile +config.status: creating tests/dtls/Makefile +config.status: creating tests/srp/Makefile +config.status: creating tests/ecdsa/Makefile +config.status: creating tests/key-tests/Makefile +config.status: creating tests/openpgp-certs/Makefile +config.status: creating tests/pkcs1-padding/Makefile +config.status: creating tests/pkcs12-decode/Makefile +config.status: creating tests/pkcs8-decode/Makefile +config.status: creating tests/rsa-md5-collision/Makefile +config.status: creating tests/safe-renegotiation/Makefile +config.status: creating tests/scripts/Makefile +config.status: creating tests/sha2/Makefile +config.status: creating tests/slow/Makefile +config.status: creating tests/suite/Makefile +config.status: creating tests/userid/Makefile +config.status: creating config.h +config.status: executing depfiles commands +config.status: executing po-directories commands +config.status: creating po/POTFILES +config.status: creating po/Makefile +config.status: executing libtool commands +configure: summary of build options: + + version: 3.4.1 shared 30:1:0 + Host/Target system: x86_64-unknown-linux-gnu + Build system: x86_64-unknown-linux-gnu + Install prefix: /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1 + Compiler: gcc + CFlags: -g -Og -fpermissive -w + Library types: Shared=yes, Static=no + Local libopts: yes + Local libtasn1: yes + Use nettle-mini: no + +configure: External hardware support: + + /dev/crypto: no + Hardware accel: x86-64 + Padlock accel: yes + getrandom variant: no + PKCS#11 support: no + TPM support: yes + +configure: Optional features: +(note that included applications might not compile properly +if features are disabled) + + DTLS-SRTP support: yes + ALPN support: yes + OCSP support: yes + Ses. ticket support: yes + OpenPGP support: yes + SRP support: yes + PSK support: yes + DHE support: yes + ECDHE support: yes + Anon auth support: yes + Heartbeat support: yes + IDNA support: yes + Unicode support: yes + Self checks: no + Non-SuiteB curves: yes + FIPS140 mode: no + +configure: Optional applications: + + crywrap app: yes + +configure: Optional libraries: + + Guile wrappers: no + C++ library: no + DANE library: no + OpenSSL compat: no + +configure: System files: + + Trust store pkcs11: + Trust store dir: + Trust store file: /etc/ssl/certs/ca-certificates.crt + Blacklist file: + CRL file: + Priority file: /etc/gnutls/default-priorities + DNSSEC root key file: /usr/share/dns/root.key + +sed: can't read lib/gl/stdio.in.h: No such file or directory +make[1]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make all-recursive +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +Making all in gl +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' + GEN alloca.h + GEN c++defs.h + GEN arg-nonnull.h + GEN warn-on-use.h + GEN netdb.h + GEN stdio.h + GEN stdlib.h + GEN string.h + GEN strings.h + GEN sys/socket.h + GEN sys/stat.h + GEN sys/time.h + GEN sys/types.h + GEN sys/uio.h + GEN time.h + GEN unistd.h + GEN wchar.h +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +Making all in tests +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' + GEN c++defs.h + GEN arg-nonnull.h + GEN warn-on-use.h + GEN fcntl.h + GEN inttypes.h +make all-recursive +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +Making all in . +make[7]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[7]: Nothing to be done for 'all-am'. +make[7]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' + CC base64.lo + CC c-ctype.lo + CC hash-pjw-bare.lo + CC read-file.lo + CC sys_socket.lo + CC unistd.lo + CC xsize.lo + CC asnprintf.lo + CC printf-args.lo + CC printf-parse.lo + CC vasnprintf.lo + CCLD libgnu.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +Making all in lib +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +Making all in includes +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +make[5]: Nothing to be done for 'all'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +Making all in x509 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' + CC common.lo + CC key_encode.lo + CC key_decode.lo + CC crl.lo + CC crl_write.lo + CC crq.lo + CC dn.lo + CC extensions.lo + CC mpi.lo + CC output.lo + CC pkcs12.lo + CC pkcs12_bag.lo + CC pkcs12_encr.lo + CC pkcs7.lo + CC privkey.lo + CC privkey_pkcs8.lo + CC privkey_openssl.lo + CC hostname-verify.lo + CC sign.lo + CC verify.lo + CC x509.lo + CC x509_dn.lo + CC x509_write.lo + CC name_constraints.lo + CC verify-high.lo + CC verify-high2.lo + CC x509_ext.lo + CC email-verify.lo + CC ocsp.lo + CC ocsp_output.lo + CCLD libgnutls_x509.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' +Making all in auth +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' + CC anon.lo + CC cert.lo + CC dh_common.lo + CC dhe.lo + CC rsa_psk.lo + CC dhe_psk.lo + CC psk.lo + CC psk_passwd.lo + CC rsa.lo + CC srp.lo + CC srp_passwd.lo + CC srp_rsa.lo + CC srp_sb64.lo + CC anon_ecdh.lo + CC ecdhe.lo + CCLD libgnutls_auth.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' +Making all in ext +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' + CC max_record.lo + CC cert_type.lo + CC server_name.lo + CC signature.lo + CC safe_renegotiation.lo + CC session_ticket.lo + CC srp.lo + CC ecc.lo + CC heartbeat.lo + CC status_request.lo + CC dumbfw.lo + CC ext_master_secret.lo + CC etm.lo + CC alpn.lo + CC srtp.lo + CCLD libgnutls_ext.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' +Making all in algorithms +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' + CC cert_types.lo + CC ciphers.lo + CC ciphersuites.lo + CC ecc.lo + CC kx.lo + CC mac.lo + CC protocols.lo + CC publickey.lo + CC secparams.lo + CC sign.lo + CCLD libgnutls_alg.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' +Making all in extras +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' + CC randomart.lo + CCLD libgnutls_extras.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' +Making all in accelerated +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +Making all in x86 +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' + CC x86-common.lo + CC sha-x86-ssse3.lo + CC hmac-x86-ssse3.lo + CC aes-gcm-x86-ssse3.lo + CC aes-gcm-x86-aesni.lo + CC aes-cbc-x86-ssse3.lo + CC aes-cbc-x86-aesni.lo + CC aes-ccm-x86-aesni.lo + CC sha-padlock.lo + CC hmac-padlock.lo + CC aes-padlock.lo + CC aes-gcm-padlock.lo + CC aes-gcm-x86-pclmul.lo + CCAS elf/aesni-x86_64.lo + CCAS elf/cpuid-x86_64.lo + CCAS elf/ghash-x86_64.lo + CCAS elf/sha1-ssse3-x86_64.lo + CCAS elf/sha512-ssse3-x86_64.lo + CCAS elf/aes-ssse3-x86_64.lo + CCAS elf/e_padlock-x86_64.lo + CCLD libx86.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' + CC accelerated.lo + CC cryptodev.lo + CC cryptodev-gcm.lo + CCLD libaccelerated.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +Making all in minitasn1 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' + CC decoding.lo + CC gstr.lo + CC errors.lo + CC parser_aux.lo + CC structure.lo + CC element.lo + CC coding.lo + CC version.lo + CCLD libminitasn1.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' +Making all in opencdk +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' + CC armor.lo + CC kbnode.lo + CC sig-check.lo + CC keydb.lo + CC pubkey.lo + CC stream.lo + CC write-packet.lo + CC misc.lo + CC seskey.lo + CC literal.lo + CC new-packet.lo + CC read-packet.lo + CCLD libminiopencdk.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' +Making all in openpgp +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' + CC pgp.lo + CC pgpverify.lo + CC extras.lo + CC compat.lo + CC privkey.lo + CC output.lo + CC gnutls_openpgp.lo + CCLD libgnutls_openpgp.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' +Making all in nettle +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' + CC pk.lo + CC mpi.lo + CC mac.lo + CC cipher.lo + CC init.lo + CC egd.lo + CC rnd-common.lo + CC rnd.lo + CCLD libcrypto.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' + CC gnutls_range.lo + CC gnutls_record.lo + CC gnutls_compress.lo + CC debug.lo + CC gnutls_cipher.lo + CC gnutls_mbuffers.lo + CC gnutls_buffers.lo + CC gnutls_handshake.lo + CC gnutls_num.lo + CC gnutls_errors.lo + CC gnutls_dh.lo + CC gnutls_kx.lo + CC gnutls_priority.lo + CC gnutls_hash_int.lo + CC gnutls_cipher_int.lo + CC gnutls_session.lo + CC gnutls_db.lo + CC x509_b64.lo + CC gnutls_extensions.lo + CC gnutls_auth.lo + CC gnutls_v2_compat.lo + CC gnutls_datum.lo + CC gnutls_session_pack.lo + CC gnutls_mpi.lo + CC gnutls_pk.lo + CC gnutls_cert.lo + CC gnutls_global.lo + CC gnutls_constate.lo + CC gnutls_anon_cred.lo + CC pkix_asn1_tab.lo + CC gnutls_asn1_tab.lo + CC gnutls_mem.lo + CC gnutls_ui.lo + CC vasprintf.lo + CC gnutls_sig.lo + CC gnutls_ecc.lo + CC gnutls_alert.lo + CC gnutls_privkey_raw.lo + CC system.lo + CC inet_ntop.lo + CC gnutls_str.lo + CC gnutls_state.lo + CC gnutls_x509.lo + CC gnutls_helper.lo + CC gnutls_supplemental.lo + CC random.lo + CC crypto-api.lo + CC gnutls_privkey.lo + CC gnutls_pcert.lo + CC gnutls_pubkey.lo + CC locks.lo + CC gnutls_dtls.lo + CC system_override.lo + CC crypto-backend.lo + CC verify-tofu.lo + CC pin.lo + CC tpm.lo + CC fips.lo + CC safe-memfuncs.lo + CC inet_pton.lo + CC atfork.lo + CC urls.lo + CC system-keys-dummy.lo + CC gnutls_srp.lo + CC gnutls_psk.lo + CCLD libgnutls.la +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +Making all in extra +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +Making all in includes +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[4]: Nothing to be done for 'all'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[4]: Nothing to be done for 'all-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +Making all in po +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/po' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/po' +Making all in src/gl +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' + GEN alloca.h + GEN c++defs.h + GEN warn-on-use.h + GEN arg-nonnull.h + GEN arpa/inet.h + GEN netdb.h + GEN signal.h + GEN stdio.h + GEN stdlib.h + GEN string.h + GEN sys/select.h + GEN sys/socket.h + GEN sys/stat.h + GEN sys/time.h + GEN sys/types.h + GEN sys/uio.h + GEN time.h + GEN unistd.h + GEN wchar.h +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' + CC c-ctype.lo + CC exitfail.lo + CC fd-hook.lo + CC gettime.lo + CC malloca.lo + CC parse-datetime.lo + CC progname.lo + CC read-file.lo + CC sockets.lo + CC sys_socket.lo + CC timespec.lo + CC unistd.lo + CC xmalloc.lo + CC xalloc-die.lo + CC xsize.lo + CC asnprintf.lo + CC printf-args.lo + CC printf-parse.lo + CC vasnprintf.lo + CCLD libgnu_gpl.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[1]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[1]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +Making install in gl +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +Making install in tests +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make install-recursive +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +Making install in . +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[7]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[7]: Nothing to be done for 'install-exec-am'. +make[7]: Nothing to be done for 'install-data-am'. +make[7]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl/tests' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/gl' +Making install in lib +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +Making install in includes +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +make[5]: Nothing to be done for 'install-exec-am'. + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include/gnutls' + /usr/bin/install -c -m 644 gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h gnutls/abstract.h gnutls/dtls.h gnutls/ocsp.h gnutls/tpm.h gnutls/x509-ext.h gnutls/self-test.h gnutls/system-keys.h gnutls/urls.h '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include/gnutls' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include/gnutls' + /usr/bin/install -c -m 644 gnutls/gnutls.h '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/include/gnutls' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/includes' +Making install in x509 +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/x509' +Making install in auth +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/auth' +Making install in ext +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/ext' +Making install in algorithms +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/algorithms' +Making install in extras +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/extras' +Making install in accelerated +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +Making install in x86 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' +make[6]: Nothing to be done for 'install-exec-am'. +make[6]: Nothing to be done for 'install-data-am'. +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated/x86' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +make[6]: Nothing to be done for 'install-exec-am'. +make[6]: Nothing to be done for 'install-data-am'. +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/accelerated' +Making install in minitasn1 +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/minitasn1' +Making install in opencdk +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/opencdk' +Making install in openpgp +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/openpgp' +Making install in nettle +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib/nettle' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib' + /bin/bash ../libtool --mode=install /usr/bin/install -c libgnutls.la '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib' +libtool: install: /usr/bin/install -c .libs/libgnutls.so.30.0.1 /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib/libgnutls.so.30.0.1 +libtool: install: (cd /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib && { ln -s -f libgnutls.so.30.0.1 libgnutls.so.30 || { rm -f libgnutls.so.30 && ln -s libgnutls.so.30.0.1 libgnutls.so.30; }; }) +libtool: install: (cd /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib && { ln -s -f libgnutls.so.30.0.1 libgnutls.so || { rm -f libgnutls.so && ln -s libgnutls.so.30.0.1 libgnutls.so; }; }) +libtool: install: /usr/bin/install -c .libs/libgnutls.lai /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib/libgnutls.la +libtool: finish: PATH="/home/nmav/perl5/bin:/opt/open64-5.0/bin:/home/nmav/cvs/gnulib:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/nmav/android/adt-bundle-linux-x86_64-20130917/sdk/tools:/sbin" ldconfig -n /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib +---------------------------------------------------------------------- +Libraries have been installed in: + /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib + +If you ever happen to want to link against installed libraries +in a given directory, LIBDIR, you must either use libtool, and +specify the full pathname of the library, or use the `-LLIBDIR' +flag during linking and do at least one of the following: + - add LIBDIR to the `LD_LIBRARY_PATH' environment variable + during execution + - add LIBDIR to the `LD_RUN_PATH' environment variable + during linking + - use the `-Wl,-rpath -Wl,LIBDIR' linker flag + - have your system administrator add LIBDIR to `/etc/ld.so.conf' + +See any operating system documentation about shared libraries for +more information, such as the ld(1) and ld.so(8) manual pages. +---------------------------------------------------------------------- + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib/pkgconfig' + /usr/bin/install -c -m 644 gnutls.pc '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/lib/pkgconfig' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/lib' +Making install in extra +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +Making install in includes +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[4]: Nothing to be done for 'install-exec-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra/includes' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[4]: Nothing to be done for 'install-data-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/extra' +Making install in po +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/po' +installing en@boldquot.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/en@boldquot/LC_MESSAGES/gnutls.mo +installing en@quot.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/en@quot/LC_MESSAGES/gnutls.mo +installing cs.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/cs/LC_MESSAGES/gnutls.mo +installing de.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/de/LC_MESSAGES/gnutls.mo +installing eo.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/eo/LC_MESSAGES/gnutls.mo +installing fi.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/fi/LC_MESSAGES/gnutls.mo +installing fr.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/fr/LC_MESSAGES/gnutls.mo +installing it.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/it/LC_MESSAGES/gnutls.mo +installing ms.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/ms/LC_MESSAGES/gnutls.mo +installing nl.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/nl/LC_MESSAGES/gnutls.mo +installing pl.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/pl/LC_MESSAGES/gnutls.mo +installing sv.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/sv/LC_MESSAGES/gnutls.mo +installing uk.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/uk/LC_MESSAGES/gnutls.mo +installing vi.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/vi/LC_MESSAGES/gnutls.mo +installing zh_CN.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/locale/zh_CN/LC_MESSAGES/gnutls.mo +if test "gnutls" = "gettext-tools"; then \ + /bin/mkdir -p /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/gettext/po; \ + for file in Makefile.in.in remove-potcdate.sin quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot Makevars.template; do \ + /usr/bin/install -c -m 644 ./$file \ + /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/gettext/po/$file; \ + done; \ + for file in Makevars; do \ + rm -f /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.1/share/gettext/po/$file; \ + done; \ +else \ + : ; \ +fi +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/po' +Making install in src/gl +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1/src/gl' +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[3]: Nothing to be done for 'install-exec-am'. +make[3]: Nothing to be done for 'install-data-am'. +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' +make[1]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.1' diff --git a/abi-tracker/build_logs/gnutls/3.4.10/build b/abi-tracker/build_logs/gnutls/3.4.10/build new file mode 100644 index 0000000000..588d7c04e6 --- /dev/null +++ b/abi-tracker/build_logs/gnutls/3.4.10/build @@ -0,0 +1,1750 @@ +checking build system type... x86_64-unknown-linux-gnu +checking host system type... x86_64-unknown-linux-gnu +checking for a BSD-compatible install... /usr/bin/install -c +checking whether build environment is sane... yes +checking for a thread-safe mkdir -p... /bin/mkdir -p +checking for gawk... gawk +checking whether make sets $(MAKE)... yes +checking whether make supports nested variables... yes +checking whether make supports nested variables... (cached) yes +*** +*** Checking for compilation programs... + +checking for pkg-config... /usr/bin/pkg-config +checking pkg-config is at least version 0.9.0... yes +checking for gcc... gcc +checking whether the C compiler works... yes +checking for C compiler default output file name... a.out +checking for suffix of executables... +checking whether we are cross compiling... no +checking for suffix of object files... o +checking whether we are using the GNU C compiler... yes +checking whether gcc accepts -g... yes +checking for gcc option to accept ISO C89... none needed +checking whether gcc understands -c and -o together... yes +checking for style of include used by make... GNU +checking dependency style of gcc... gcc3 +checking how to run the C preprocessor... gcc -E +checking for grep that handles long lines and -e... /bin/grep +checking for egrep... /bin/grep -E +checking for Minix Amsterdam compiler... no +checking for ar... ar +checking for ranlib... ranlib +checking for ANSI C header files... yes +checking for sys/types.h... yes +checking for sys/stat.h... yes +checking for stdlib.h... yes +checking for string.h... yes +checking for memory.h... yes +checking for strings.h... yes +checking for inttypes.h... yes +checking for stdint.h... yes +checking for unistd.h... yes +checking minix/config.h usability... no +checking minix/config.h presence... no +checking for minix/config.h... no +checking whether it is safe to define __EXTENSIONS__... yes +checking whether _XOPEN_SOURCE should be defined... no +checking for _LARGEFILE_SOURCE value needed for large files... no +checking for special C compiler options needed for large files... no +checking for _FILE_OFFSET_BITS value needed for large files... no +checking dependency style of gcc... gcc3 +checking the archiver (ar) interface... ar +checking for g++... g++ +checking whether we are using the GNU C++ compiler... yes +checking whether g++ accepts -g... yes +checking dependency style of g++... gcc3 +checking for bison... bison -y +checking for a sed that does not truncate output... /bin/sed +checking for inline... inline +checking for ANSI C header files... (cached) yes +checking cpuid.h usability... yes +checking cpuid.h presence... yes +checking for cpuid.h... yes +checking for getrandom... no +checking for getentropy... no +checking for NETTLE... yes +checking for HOGWEED... yes +checking for __gmpz_cmp in -lgmp... yes +checking whether to use the included minitasn1... yes +checking whether C99 macros are supported... yes +checking whether to disable DTLS-SRTP extension... no +checking whether to disable ALPN extension... no +checking whether to disable TLS heartbeat support... yes +checking whether to disable SRP authentication support... no +checking whether to disable PSK authentication support... no +checking whether to disable anonymous authentication support... no +checking whether to disable DHE support... no +checking whether to disable ECDHE support... no +checking whether to disable OpenPGP Certificate authentication support... no +checking whether to add cryptodev support... no +checking whether to disable OCSP support... no +checking whether to disable session tickets support... no +checking size of void *... 8 +checking size of long long... 8 +checking size of long... 8 +checking size of int... 4 +checking sys/socket.h usability... yes +checking sys/socket.h presence... yes +checking for sys/socket.h... yes +checking for sys/stat.h... (cached) yes +checking sys/time.h usability... yes +checking sys/time.h presence... yes +checking for sys/time.h... yes +checking for unistd.h... (cached) yes +checking sys/mman.h usability... yes +checking sys/mman.h presence... yes +checking for sys/mman.h... yes +checking netdb.h usability... yes +checking netdb.h presence... yes +checking for netdb.h... yes +checking netinet/in.h usability... yes +checking netinet/in.h presence... yes +checking for netinet/in.h... yes +checking wchar.h usability... yes +checking wchar.h presence... yes +checking for wchar.h... yes +checking for stdint.h... (cached) yes +checking for strings.h... (cached) yes +checking sys/uio.h usability... yes +checking sys/uio.h presence... yes +checking for sys/uio.h... yes +checking features.h usability... yes +checking features.h presence... yes +checking for features.h... yes +checking for inttypes.h... (cached) yes +checking arpa/inet.h usability... yes +checking arpa/inet.h presence... yes +checking for arpa/inet.h... yes +checking stdio_ext.h usability... yes +checking stdio_ext.h presence... yes +checking for stdio_ext.h... yes +checking termios.h usability... yes +checking termios.h presence... yes +checking for termios.h... yes +checking sys/select.h usability... yes +checking sys/select.h presence... yes +checking for sys/select.h... yes +checking for library containing setsockopt... none needed +checking whether to build OpenSSL compatibility layer... no +checking for gtkdoc-check... /usr/bin/gtkdoc-check +checking for gtkdoc-rebase... /usr/bin/gtkdoc-rebase +checking for gtkdoc-mkpdf... /usr/bin/gtkdoc-mkpdf +checking whether to build gtk-doc documentation... no +checking whether NLS is requested... yes +checking for msgfmt... /usr/bin/msgfmt +checking for gmsgfmt... /usr/bin/msgfmt +checking for xgettext... /usr/bin/xgettext +checking for msgmerge... /usr/bin/msgmerge +checking for ld used by GCC... /usr/bin/ld +checking if the linker (/usr/bin/ld) is GNU ld... yes +checking for shared library run path origin... done +checking for CFPreferencesCopyAppValue... no +checking for CFLocaleCopyCurrent... no +checking for GNU gettext in libc... yes +checking whether to use NLS... yes +checking where the gettext function comes from... libc +checking whether byte ordering is bigendian... no +checking for fork... yes +checking for inet_ntop... yes +checking for inet_pton... yes +checking for getrusage... yes +checking for getpwuid_r... yes +checking for nanosleep... yes +checking for daemon... yes +checking for getpid... yes +checking for clock_gettime... yes +checking for iconv... yes +checking for localtime... yes +checking for vasprintf... yes +checking for __register_atfork... yes +checking for librt... yes +checking how to link with librt... -lrt +checking for pthread_mutex_lock... yes +checking for size_t... yes +checking for working alloca.h... yes +checking for alloca... yes +checking for C/C++ restrict keyword... __restrict +checking whether the preprocessor supports include_next... yes +checking whether system header files limit the line length... no +checking for complete errno.h... yes +checking for _set_invalid_parameter_handler... no +checking for getdelim... yes +checking for gettimeofday... yes +checking for mprotect... yes +checking for snprintf... yes +checking for strndup... yes +checking for localtime_r... yes +checking for vasnprintf... no +checking for shutdown... yes +checking for __fsetlocking... yes +checking for tcgetattr... yes +checking for tcsetattr... yes +checking for nanotime... no +checking for setenv... yes +checking for strdup... yes +checking whether stat file-mode macros are broken... no +checking for mode_t... yes +checking for nlink_t... yes +checking whether fchmodat is declared without a macro... yes +checking whether fstat is declared without a macro... yes +checking whether fstatat is declared without a macro... yes +checking whether futimens is declared without a macro... yes +checking whether lchmod is declared without a macro... yes +checking whether lstat is declared without a macro... yes +checking whether mkdirat is declared without a macro... yes +checking whether mkfifo is declared without a macro... yes +checking whether mkfifoat is declared without a macro... yes +checking whether mknod is declared without a macro... yes +checking whether mknodat is declared without a macro... yes +checking whether stat is declared without a macro... yes +checking whether utimensat is declared without a macro... yes +checking whether stdin defaults to large file offsets... yes +checking for pid_t... yes +checking whether ftello is declared... yes +checking for ftello... yes +checking whether ftello works... yes +checking whether getdelim is declared... yes +checking whether getline is declared... yes +checking for struct timeval... yes +checking for wide-enough struct timeval.tv_sec member... yes +checking whether gettimeofday is declared without a macro... yes +checking whether malloc, realloc, calloc are POSIX compliant... yes +checking for mmap... yes +checking for MAP_ANONYMOUS... yes +checking whether memchr works... yes +checking whether memmem is declared... yes +checking whether <limits.h> defines MIN and MAX... no +checking whether <sys/param.h> defines MIN and MAX... yes +checking whether snprintf returns a byte count as in C99... yes +checking whether snprintf is declared... yes +checking for stdbool.h that conforms to C99... yes +checking for _Bool... yes +checking for wchar_t... yes +checking for long long int... yes +checking for unsigned long long int... yes +checking whether stdint.h conforms to C99... yes +checking whether ffsl is declared without a macro... yes +checking whether ffsll is declared without a macro... yes +checking whether memmem is declared without a macro... yes +checking whether mempcpy is declared without a macro... yes +checking whether memrchr is declared without a macro... yes +checking whether rawmemchr is declared without a macro... yes +checking whether stpcpy is declared without a macro... yes +checking whether stpncpy is declared without a macro... yes +checking whether strchrnul is declared without a macro... yes +checking whether strdup is declared without a macro... yes +checking whether strncat is declared without a macro... yes +checking whether strndup is declared without a macro... yes +checking whether strnlen is declared without a macro... yes +checking whether strpbrk is declared without a macro... yes +checking whether strsep is declared without a macro... yes +checking whether strcasestr is declared without a macro... yes +checking whether strtok_r is declared without a macro... yes +checking whether strerror_r is declared without a macro... yes +checking whether strsignal is declared without a macro... yes +checking whether strverscmp is declared without a macro... yes +checking whether ffs is declared without a macro... yes +checking whether strcasecmp is declared without a macro... yes +checking whether strncasecmp is declared without a macro... yes +checking whether strndup is declared... (cached) yes +checking whether strnlen is declared... (cached) yes +checking whether strtok_r is declared... (cached) yes +checking whether <sys/socket.h> is self-contained... yes +checking for shutdown... (cached) yes +checking whether <sys/socket.h> defines the SHUT_* macros... yes +checking for struct sockaddr_storage... yes +checking for sa_family_t... yes +checking for struct sockaddr_storage.ss_family... yes +checking whether socket is declared without a macro... yes +checking whether connect is declared without a macro... yes +checking whether accept is declared without a macro... yes +checking whether bind is declared without a macro... yes +checking whether getpeername is declared without a macro... yes +checking whether getsockname is declared without a macro... yes +checking whether getsockopt is declared without a macro... yes +checking whether listen is declared without a macro... yes +checking whether recv is declared without a macro... yes +checking whether send is declared without a macro... yes +checking whether recvfrom is declared without a macro... yes +checking whether sendto is declared without a macro... yes +checking whether setsockopt is declared without a macro... yes +checking whether shutdown is declared without a macro... yes +checking whether accept4 is declared without a macro... yes +checking for struct timespec in <time.h>... yes +checking for wint_t... yes +checking for inttypes.h... yes +checking for stdint.h... yes +checking for intmax_t... yes +checking where to find the exponent in a 'double'... word 1 bit 20 +checking for snprintf... (cached) yes +checking for strnlen... yes +checking for wcslen... yes +checking for wcsnlen... yes +checking for mbrtowc... yes +checking for wcrtomb... yes +checking whether _snprintf is declared... no +checking whether vsnprintf is declared... yes +checking whether <wchar.h> uses 'inline' correctly... yes +checking for working fcntl.h... yes +checking whether ungetc works on arbitrary bytes... yes +checking whether imaxabs is declared without a macro... yes +checking whether imaxdiv is declared without a macro... yes +checking whether strtoimax is declared without a macro... yes +checking whether strtoumax is declared without a macro... yes +checking for inttypes.h... (cached) yes +checking whether the inttypes.h PRIxNN macros are broken... no +checking for alloca as a compiler built-in... yes +checking byteswap.h usability... yes +checking byteswap.h presence... yes +checking for byteswap.h... yes +checking whether conversion from 'int' to 'long double' works... yes +checking for ftello... (cached) yes +checking whether ftello works... (cached) yes +checking whether __func__ is available... yes +checking for working getdelim function... yes +checking for getline... yes +checking for working getline function... yes +checking whether gettimeofday clobbers localtime buffer... no +checking for gettimeofday with POSIX signature... almost +checking for iconv... yes +checking for working iconv... yes +checking for iconv declaration... + extern size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); +checking if gcc/ld supports -Wl,--output-def... no +checking if LD -Wl,--version-script works... yes +checking whether lseek detects pipes... yes +checking for memmem... yes +checking whether memmem works... yes +checking whether getaddrinfo is declared without a macro... yes +checking whether freeaddrinfo is declared without a macro... yes +checking whether gai_strerror is declared without a macro... yes +checking whether getnameinfo is declared without a macro... yes +checking whether <netinet/in.h> is self-contained... yes +checking for pmccabe... false +checking for stdint.h... (cached) yes +checking for SIZE_MAX... yes +checking for snprintf... (cached) yes +checking whether snprintf respects a size of 1... yes +checking whether printf supports POSIX/XSI format strings with positions... yes +checking for socklen_t... yes +checking for ssize_t... yes +checking for working stdalign.h... yes +checking for max_align_t... yes +checking whether NULL can be used in arbitrary expressions... yes +checking which flavor of printf attribute matches inttypes macros... system +checking whether dprintf is declared without a macro... yes +checking whether fpurge is declared without a macro... no +checking whether fseeko is declared without a macro... yes +checking whether ftello is declared without a macro... yes +checking whether getdelim is declared without a macro... yes +checking whether getline is declared without a macro... yes +checking whether gets is declared without a macro... no +checking whether pclose is declared without a macro... yes +checking whether popen is declared without a macro... yes +checking whether renameat is declared without a macro... yes +checking whether snprintf is declared without a macro... yes +checking whether tmpfile is declared without a macro... yes +checking whether vdprintf is declared without a macro... yes +checking whether vsnprintf is declared without a macro... yes +checking whether _Exit is declared without a macro... yes +checking whether atoll is declared without a macro... yes +checking whether canonicalize_file_name is declared without a macro... yes +checking whether getloadavg is declared without a macro... yes +checking whether getsubopt is declared without a macro... yes +checking whether grantpt is declared without a macro... yes +checking whether initstate is declared without a macro... yes +checking whether initstate_r is declared without a macro... yes +checking whether mkdtemp is declared without a macro... yes +checking whether mkostemp is declared without a macro... yes +checking whether mkostemps is declared without a macro... yes +checking whether mkstemp is declared without a macro... yes +checking whether mkstemps is declared without a macro... yes +checking whether posix_openpt is declared without a macro... yes +checking whether ptsname is declared without a macro... yes +checking whether ptsname_r is declared without a macro... yes +checking whether random is declared without a macro... yes +checking whether random_r is declared without a macro... yes +checking whether realpath is declared without a macro... yes +checking whether rpmatch is declared without a macro... yes +checking whether secure_getenv is declared without a macro... yes +checking whether setenv is declared without a macro... yes +checking whether setstate is declared without a macro... yes +checking whether setstate_r is declared without a macro... yes +checking whether srandom is declared without a macro... yes +checking whether srandom_r is declared without a macro... yes +checking whether strtod is declared without a macro... yes +checking whether strtoll is declared without a macro... yes +checking whether strtoull is declared without a macro... yes +checking whether unlockpt is declared without a macro... yes +checking whether unsetenv is declared without a macro... yes +checking for strcasecmp... yes +checking for strncasecmp... yes +checking whether strncasecmp is declared... (cached) yes +checking for working strndup... yes +checking for working strnlen... yes +checking for strtok_r... yes +checking whether strtok_r works... yes +checking for strverscmp... yes +checking for nlink_t... (cached) yes +checking whether fchmodat is declared without a macro... (cached) yes +checking whether fstat is declared without a macro... (cached) yes +checking whether fstatat is declared without a macro... (cached) yes +checking whether futimens is declared without a macro... (cached) yes +checking whether lchmod is declared without a macro... (cached) yes +checking whether lstat is declared without a macro... (cached) yes +checking whether mkdirat is declared without a macro... (cached) yes +checking whether mkfifo is declared without a macro... (cached) yes +checking whether mkfifoat is declared without a macro... (cached) yes +checking whether mknod is declared without a macro... (cached) yes +checking whether mknodat is declared without a macro... (cached) yes +checking whether stat is declared without a macro... (cached) yes +checking whether utimensat is declared without a macro... (cached) yes +checking whether localtime_r is declared... yes +checking whether localtime_r is compatible with its POSIX signature... yes +checking whether chdir is declared without a macro... yes +checking whether chown is declared without a macro... yes +checking whether dup is declared without a macro... yes +checking whether dup2 is declared without a macro... yes +checking whether dup3 is declared without a macro... yes +checking whether environ is declared without a macro... yes +checking whether euidaccess is declared without a macro... yes +checking whether faccessat is declared without a macro... yes +checking whether fchdir is declared without a macro... yes +checking whether fchownat is declared without a macro... yes +checking whether fdatasync is declared without a macro... yes +checking whether fsync is declared without a macro... yes +checking whether ftruncate is declared without a macro... yes +checking whether getcwd is declared without a macro... yes +checking whether getdomainname is declared without a macro... yes +checking whether getdtablesize is declared without a macro... yes +checking whether getgroups is declared without a macro... yes +checking whether gethostname is declared without a macro... yes +checking whether getlogin is declared without a macro... yes +checking whether getlogin_r is declared without a macro... yes +checking whether getpagesize is declared without a macro... yes +checking whether getusershell is declared without a macro... yes +checking whether setusershell is declared without a macro... yes +checking whether endusershell is declared without a macro... yes +checking whether group_member is declared without a macro... yes +checking whether isatty is declared without a macro... yes +checking whether lchown is declared without a macro... yes +checking whether link is declared without a macro... yes +checking whether linkat is declared without a macro... yes +checking whether lseek is declared without a macro... yes +checking whether pipe is declared without a macro... yes +checking whether pipe2 is declared without a macro... yes +checking whether pread is declared without a macro... yes +checking whether pwrite is declared without a macro... yes +checking whether readlink is declared without a macro... yes +checking whether readlinkat is declared without a macro... yes +checking whether rmdir is declared without a macro... yes +checking whether sethostname is declared without a macro... yes +checking whether sleep is declared without a macro... yes +checking whether symlink is declared without a macro... yes +checking whether symlinkat is declared without a macro... yes +checking whether ttyname_r is declared without a macro... yes +checking whether unlink is declared without a macro... yes +checking whether unlinkat is declared without a macro... yes +checking whether usleep is declared without a macro... yes +checking for valgrind... valgrind +checking whether self tests are run under valgrind... yes +checking for ptrdiff_t... yes +checking for vasprintf... (cached) yes +checking for vsnprintf... yes +checking whether snprintf respects a size of 1... (cached) yes +checking whether printf supports POSIX/XSI format strings with positions... (cached) yes +checking whether btowc is declared without a macro... yes +checking whether wctob is declared without a macro... yes +checking whether mbsinit is declared without a macro... yes +checking whether mbrtowc is declared without a macro... yes +checking whether mbrlen is declared without a macro... yes +checking whether mbsrtowcs is declared without a macro... yes +checking whether mbsnrtowcs is declared without a macro... yes +checking whether wcrtomb is declared without a macro... yes +checking whether wcsrtombs is declared without a macro... yes +checking whether wcsnrtombs is declared without a macro... yes +checking whether wcwidth is declared without a macro... yes +checking whether wmemchr is declared without a macro... yes +checking whether wmemcmp is declared without a macro... yes +checking whether wmemcpy is declared without a macro... yes +checking whether wmemmove is declared without a macro... yes +checking whether wmemset is declared without a macro... yes +checking whether wcslen is declared without a macro... yes +checking whether wcsnlen is declared without a macro... yes +checking whether wcscpy is declared without a macro... yes +checking whether wcpcpy is declared without a macro... yes +checking whether wcsncpy is declared without a macro... yes +checking whether wcpncpy is declared without a macro... yes +checking whether wcscat is declared without a macro... yes +checking whether wcsncat is declared without a macro... yes +checking whether wcscmp is declared without a macro... yes +checking whether wcsncmp is declared without a macro... yes +checking whether wcscasecmp is declared without a macro... yes +checking whether wcsncasecmp is declared without a macro... yes +checking whether wcscoll is declared without a macro... yes +checking whether wcsxfrm is declared without a macro... yes +checking whether wcsdup is declared without a macro... yes +checking whether wcschr is declared without a macro... yes +checking whether wcsrchr is declared without a macro... yes +checking whether wcscspn is declared without a macro... yes +checking whether wcsspn is declared without a macro... yes +checking whether wcspbrk is declared without a macro... yes +checking whether wcsstr is declared without a macro... yes +checking whether wcstok is declared without a macro... yes +checking whether wcswidth is declared without a macro... yes +checking for stdint.h... (cached) yes +checking whether fcntl is declared without a macro... yes +checking whether openat is declared without a macro... yes +checking whether fdopen sets errno... yes +checking for getpagesize... yes +checking whether getpagesize is declared... (cached) yes +checking whether INT32_MAX < INTMAX_MAX... yes +checking whether INT64_MAX == LONG_MAX... yes +checking whether UINT32_MAX < UINTMAX_MAX... yes +checking whether UINT64_MAX == ULONG_MAX... yes +checking for mmap... (cached) yes +checking for MAP_ANONYMOUS... yes +checking for mmap... (cached) yes +checking for MAP_ANONYMOUS... yes +checking for valgrind... (cached) valgrind +checking whether self tests are run under valgrind... yes +checking if environ is properly declared... yes +checking whether strerror_r is declared... (cached) yes +checking for strerror_r... yes +checking whether strerror_r returns char *... yes +checking whether fseeko is declared... (cached) yes +checking for fseeko... yes +checking for library containing gethostbyname... none required +checking for gethostbyname... yes +checking for library containing getservbyname... none required +checking for getservbyname... yes +checking for library containing inet_ntop... none required +checking whether inet_ntop is declared... yes +checking for IPv4 sockets... yes +checking for IPv6 sockets... yes +checking whether getpass is declared... yes +checking whether fflush_unlocked is declared... yes +checking whether flockfile is declared... yes +checking whether fputs_unlocked is declared... yes +checking whether funlockfile is declared... yes +checking whether putc_unlocked is declared... yes +checking for stdlib.h... (cached) yes +checking for GNU libc compatible malloc... yes +checking whether alarm is declared... yes +checking for compound literals... yes +checking whether struct tm is in sys/time.h or time.h... time.h +checking for struct tm.tm_gmtoff... yes +checking whether <sys/select.h> is self-contained... yes +checking whether pselect is declared without a macro... yes +checking whether select is declared without a macro... yes +checking whether setenv is declared... (cached) yes +checking search.h usability... yes +checking search.h presence... yes +checking for search.h... yes +checking for tsearch... yes +checking for sigset_t... yes +checking for uid_t in sys/types.h... yes +checking whether strdup is declared... (cached) yes +checking whether strerror(0) succeeds... yes +checking whether unsetenv is declared... (cached) yes +checking for alloca as a compiler built-in... (cached) yes +checking whether inet_ntop is declared without a macro... yes +checking whether inet_pton is declared without a macro... yes +checking for library containing clock_gettime... none required +checking for clock_gettime... (cached) yes +checking for clock_settime... yes +checking whether dup2 works... yes +checking for error_at_line... yes +checking whether conversion from 'int' to 'long double' works... (cached) yes +checking for fseeko... (cached) yes +checking for ftello... (cached) yes +checking whether ftello works... (cached) yes +configure: checking how to do getaddrinfo, freeaddrinfo and getnameinfo +checking for library containing getaddrinfo... none required +checking for getaddrinfo... yes +checking whether gai_strerror is declared... (cached) yes +checking whether gai_strerrorA is declared... no +checking for gai_strerror with POSIX signature... yes +checking for struct sockaddr.sa_len... no +checking whether getaddrinfo is declared... (cached) yes +checking whether freeaddrinfo is declared... (cached) yes +checking whether getnameinfo is declared... (cached) yes +checking for struct addrinfo... yes +checking for working getdelim function... (cached) yes +checking for getline... (cached) yes +checking for working getline function... (cached) yes +checking for getpass... yes +checking whether gettimeofday clobbers localtime buffer... (cached) no +checking for gettimeofday with POSIX signature... (cached) almost +checking for library containing gethostbyname... (cached) none required +checking for gethostbyname... (cached) yes +checking for library containing inet_ntop... (cached) none required +checking whether inet_ntop is declared... (cached) yes +checking for library containing inet_pton... none required +checking whether inet_pton is declared... (cached) yes +checking whether lseek detects pipes... (cached) yes +checking for working mktime... yes +checking whether getaddrinfo is declared without a macro... (cached) yes +checking whether freeaddrinfo is declared without a macro... (cached) yes +checking whether gai_strerror is declared without a macro... (cached) yes +checking whether getnameinfo is declared without a macro... (cached) yes +checking whether <netinet/in.h> is self-contained... (cached) yes +checking for struct tm.tm_zone... yes +checking whether program_invocation_name is declared... yes +checking whether program_invocation_short_name is declared... yes +checking whether select supports a 0 argument... yes +checking whether select detects invalid fds... yes +checking for library containing getservbyname... (cached) none required +checking for getservbyname... (cached) yes +checking whether setenv validates arguments... yes +checking for volatile sig_atomic_t... yes +checking for sighandler_t... yes +checking whether pthread_sigmask is declared without a macro... yes +checking whether sigaction is declared without a macro... yes +checking whether sigaddset is declared without a macro... yes +checking whether sigdelset is declared without a macro... yes +checking whether sigemptyset is declared without a macro... yes +checking whether sigfillset is declared without a macro... yes +checking whether sigismember is declared without a macro... yes +checking whether sigpending is declared without a macro... yes +checking whether sigprocmask is declared without a macro... yes +checking for stdint.h... (cached) yes +checking for SIZE_MAX... (cached) yes +checking for snprintf... (cached) yes +checking whether snprintf respects a size of 1... (cached) yes +checking whether printf supports POSIX/XSI format strings with positions... (cached) yes +checking for socklen_t... (cached) yes +checking for ssize_t... (cached) yes +checking for working stdalign.h... (cached) yes +checking for max_align_t... (cached) yes +checking whether NULL can be used in arbitrary expressions... (cached) yes +checking which flavor of printf attribute matches inttypes macros... (cached) system +checking whether dprintf is declared without a macro... (cached) yes +checking whether fpurge is declared without a macro... (cached) no +checking whether fseeko is declared without a macro... (cached) yes +checking whether ftello is declared without a macro... (cached) yes +checking whether getdelim is declared without a macro... (cached) yes +checking whether getline is declared without a macro... (cached) yes +checking whether gets is declared without a macro... (cached) no +checking whether pclose is declared without a macro... (cached) yes +checking whether popen is declared without a macro... (cached) yes +checking whether renameat is declared without a macro... (cached) yes +checking whether snprintf is declared without a macro... (cached) yes +checking whether tmpfile is declared without a macro... (cached) yes +checking whether vdprintf is declared without a macro... (cached) yes +checking whether vsnprintf is declared without a macro... (cached) yes +checking whether _Exit is declared without a macro... (cached) yes +checking whether atoll is declared without a macro... (cached) yes +checking whether canonicalize_file_name is declared without a macro... (cached) yes +checking whether getloadavg is declared without a macro... (cached) yes +checking whether getsubopt is declared without a macro... (cached) yes +checking whether grantpt is declared without a macro... (cached) yes +checking whether initstate is declared without a macro... (cached) yes +checking whether initstate_r is declared without a macro... (cached) yes +checking whether mkdtemp is declared without a macro... (cached) yes +checking whether mkostemp is declared without a macro... (cached) yes +checking whether mkostemps is declared without a macro... (cached) yes +checking whether mkstemp is declared without a macro... (cached) yes +checking whether mkstemps is declared without a macro... (cached) yes +checking whether posix_openpt is declared without a macro... (cached) yes +checking whether ptsname is declared without a macro... (cached) yes +checking whether ptsname_r is declared without a macro... (cached) yes +checking whether random is declared without a macro... (cached) yes +checking whether random_r is declared without a macro... (cached) yes +checking whether realpath is declared without a macro... (cached) yes +checking whether rpmatch is declared without a macro... (cached) yes +checking whether secure_getenv is declared without a macro... (cached) yes +checking whether setenv is declared without a macro... (cached) yes +checking whether setstate is declared without a macro... (cached) yes +checking whether setstate_r is declared without a macro... (cached) yes +checking whether srandom is declared without a macro... (cached) yes +checking whether srandom_r is declared without a macro... (cached) yes +checking whether strtod is declared without a macro... (cached) yes +checking whether strtoll is declared without a macro... (cached) yes +checking whether strtoull is declared without a macro... (cached) yes +checking whether unlockpt is declared without a macro... (cached) yes +checking whether unsetenv is declared without a macro... (cached) yes +checking for working strerror function... yes +checking whether <sys/select.h> is self-contained... (cached) yes +checking whether pselect is declared without a macro... (cached) yes +checking whether select is declared without a macro... (cached) yes +checking for nlink_t... (cached) yes +checking whether fchmodat is declared without a macro... (cached) yes +checking whether fstat is declared without a macro... (cached) yes +checking whether fstatat is declared without a macro... (cached) yes +checking whether futimens is declared without a macro... (cached) yes +checking whether lchmod is declared without a macro... (cached) yes +checking whether lstat is declared without a macro... (cached) yes +checking whether mkdirat is declared without a macro... (cached) yes +checking whether mkfifo is declared without a macro... (cached) yes +checking whether mkfifoat is declared without a macro... (cached) yes +checking whether mknod is declared without a macro... (cached) yes +checking whether mknodat is declared without a macro... (cached) yes +checking whether stat is declared without a macro... (cached) yes +checking whether utimensat is declared without a macro... (cached) yes +checking whether localtime_r is declared... (cached) yes +checking whether localtime_r is compatible with its POSIX signature... (cached) yes +checking whether chdir is declared without a macro... (cached) yes +checking whether chown is declared without a macro... (cached) yes +checking whether dup is declared without a macro... (cached) yes +checking whether dup2 is declared without a macro... (cached) yes +checking whether dup3 is declared without a macro... (cached) yes +checking whether environ is declared without a macro... (cached) yes +checking whether euidaccess is declared without a macro... (cached) yes +checking whether faccessat is declared without a macro... (cached) yes +checking whether fchdir is declared without a macro... (cached) yes +checking whether fchownat is declared without a macro... (cached) yes +checking whether fdatasync is declared without a macro... (cached) yes +checking whether fsync is declared without a macro... (cached) yes +checking whether ftruncate is declared without a macro... (cached) yes +checking whether getcwd is declared without a macro... (cached) yes +checking whether getdomainname is declared without a macro... (cached) yes +checking whether getdtablesize is declared without a macro... (cached) yes +checking whether getgroups is declared without a macro... (cached) yes +checking whether gethostname is declared without a macro... (cached) yes +checking whether getlogin is declared without a macro... (cached) yes +checking whether getlogin_r is declared without a macro... (cached) yes +checking whether getpagesize is declared without a macro... (cached) yes +checking whether getusershell is declared without a macro... (cached) yes +checking whether setusershell is declared without a macro... (cached) yes +checking whether endusershell is declared without a macro... (cached) yes +checking whether group_member is declared without a macro... (cached) yes +checking whether isatty is declared without a macro... (cached) yes +checking whether lchown is declared without a macro... (cached) yes +checking whether link is declared without a macro... (cached) yes +checking whether linkat is declared without a macro... (cached) yes +checking whether lseek is declared without a macro... (cached) yes +checking whether pipe is declared without a macro... (cached) yes +checking whether pipe2 is declared without a macro... (cached) yes +checking whether pread is declared without a macro... (cached) yes +checking whether pwrite is declared without a macro... (cached) yes +checking whether readlink is declared without a macro... (cached) yes +checking whether readlinkat is declared without a macro... (cached) yes +checking whether rmdir is declared without a macro... (cached) yes +checking whether sethostname is declared without a macro... (cached) yes +checking whether sleep is declared without a macro... (cached) yes +checking whether symlink is declared without a macro... (cached) yes +checking whether symlinkat is declared without a macro... (cached) yes +checking whether ttyname_r is declared without a macro... (cached) yes +checking whether unlink is declared without a macro... (cached) yes +checking whether unlinkat is declared without a macro... (cached) yes +checking whether usleep is declared without a macro... (cached) yes +checking for unsetenv... yes +checking for unsetenv() return type... int +checking whether unsetenv obeys POSIX... yes +checking for ptrdiff_t... (cached) yes +checking whether btowc is declared without a macro... (cached) yes +checking whether wctob is declared without a macro... (cached) yes +checking whether mbsinit is declared without a macro... (cached) yes +checking whether mbrtowc is declared without a macro... (cached) yes +checking whether mbrlen is declared without a macro... (cached) yes +checking whether mbsrtowcs is declared without a macro... (cached) yes +checking whether mbsnrtowcs is declared without a macro... (cached) yes +checking whether wcrtomb is declared without a macro... (cached) yes +checking whether wcsrtombs is declared without a macro... (cached) yes +checking whether wcsnrtombs is declared without a macro... (cached) yes +checking whether wcwidth is declared without a macro... (cached) yes +checking whether wmemchr is declared without a macro... (cached) yes +checking whether wmemcmp is declared without a macro... (cached) yes +checking whether wmemcpy is declared without a macro... (cached) yes +checking whether wmemmove is declared without a macro... (cached) yes +checking whether wmemset is declared without a macro... (cached) yes +checking whether wcslen is declared without a macro... (cached) yes +checking whether wcsnlen is declared without a macro... (cached) yes +checking whether wcscpy is declared without a macro... (cached) yes +checking whether wcpcpy is declared without a macro... (cached) yes +checking whether wcsncpy is declared without a macro... (cached) yes +checking whether wcpncpy is declared without a macro... (cached) yes +checking whether wcscat is declared without a macro... (cached) yes +checking whether wcsncat is declared without a macro... (cached) yes +checking whether wcscmp is declared without a macro... (cached) yes +checking whether wcsncmp is declared without a macro... (cached) yes +checking whether wcscasecmp is declared without a macro... (cached) yes +checking whether wcsncasecmp is declared without a macro... (cached) yes +checking whether wcscoll is declared without a macro... (cached) yes +checking whether wcsxfrm is declared without a macro... (cached) yes +checking whether wcsdup is declared without a macro... (cached) yes +checking whether wcschr is declared without a macro... (cached) yes +checking whether wcsrchr is declared without a macro... (cached) yes +checking whether wcscspn is declared without a macro... (cached) yes +checking whether wcsspn is declared without a macro... (cached) yes +checking whether wcspbrk is declared without a macro... (cached) yes +checking whether wcsstr is declared without a macro... (cached) yes +checking whether wcstok is declared without a macro... (cached) yes +checking whether wcswidth is declared without a macro... (cached) yes +checking for stdint.h... (cached) yes +checking whether C compiler handles -Werror -Wunknown-warning-option... no +checking whether C compiler handles -Wframe-larger-than=2048... yes +checking whether -Wno-missing-field-initializers is supported... yes +checking whether -Wno-missing-field-initializers is needed... no +checking whether -Wuninitialized is supported... yes +checking whether C compiler handles -W... yes +checking whether C compiler handles -Wabi... yes +checking whether C compiler handles -Waddress... yes +checking whether C compiler handles -Waggressive-loop-optimizations... yes +checking whether C compiler handles -Wall... yes +checking whether C compiler handles -Wattributes... yes +checking whether C compiler handles -Wbad-function-cast... yes +checking whether C compiler handles -Wbool-compare... yes +checking whether C compiler handles -Wbuiltin-macro-redefined... yes +checking whether C compiler handles -Wcast-align... yes +checking whether C compiler handles -Wchar-subscripts... yes +checking whether C compiler handles -Wchkp... yes +checking whether C compiler handles -Wclobbered... yes +checking whether C compiler handles -Wcomment... yes +checking whether C compiler handles -Wcomments... yes +checking whether C compiler handles -Wcoverage-mismatch... yes +checking whether C compiler handles -Wcpp... yes +checking whether C compiler handles -Wdate-time... yes +checking whether C compiler handles -Wdeprecated... yes +checking whether C compiler handles -Wdeprecated-declarations... yes +checking whether C compiler handles -Wdesignated-init... yes +checking whether C compiler handles -Wdisabled-optimization... yes +checking whether C compiler handles -Wdiscarded-array-qualifiers... yes +checking whether C compiler handles -Wdiscarded-qualifiers... yes +checking whether C compiler handles -Wdiv-by-zero... yes +checking whether C compiler handles -Wdouble-promotion... yes +checking whether C compiler handles -Wempty-body... yes +checking whether C compiler handles -Wendif-labels... yes +checking whether C compiler handles -Wenum-compare... yes +checking whether C compiler handles -Wextra... yes +checking whether C compiler handles -Wformat-contains-nul... yes +checking whether C compiler handles -Wformat-extra-args... yes +checking whether C compiler handles -Wformat-security... yes +checking whether C compiler handles -Wformat-zero-length... yes +checking whether C compiler handles -Wfree-nonheap-object... yes +checking whether C compiler handles -Wignored-qualifiers... yes +checking whether C compiler handles -Wimplicit... yes +checking whether C compiler handles -Wimplicit-function-declaration... yes +checking whether C compiler handles -Wimplicit-int... yes +checking whether C compiler handles -Wincompatible-pointer-types... yes +checking whether C compiler handles -Winit-self... yes +checking whether C compiler handles -Wint-conversion... yes +checking whether C compiler handles -Wint-to-pointer-cast... yes +checking whether C compiler handles -Winvalid-memory-model... yes +checking whether C compiler handles -Winvalid-pch... yes +checking whether C compiler handles -Wjump-misses-init... yes +checking whether C compiler handles -Wlogical-not-parentheses... yes +checking whether C compiler handles -Wlogical-op... yes +checking whether C compiler handles -Wmain... yes +checking whether C compiler handles -Wmaybe-uninitialized... yes +checking whether C compiler handles -Wmemset-transposed-args... yes +checking whether C compiler handles -Wmissing-braces... yes +checking whether C compiler handles -Wmissing-declarations... yes +checking whether C compiler handles -Wmissing-field-initializers... yes +checking whether C compiler handles -Wmissing-include-dirs... yes +checking whether C compiler handles -Wmissing-parameter-type... yes +checking whether C compiler handles -Wmissing-prototypes... yes +checking whether C compiler handles -Wmultichar... yes +checking whether C compiler handles -Wnarrowing... yes +checking whether C compiler handles -Wnested-externs... yes +checking whether C compiler handles -Wnonnull... yes +checking whether C compiler handles -Wodr... yes +checking whether C compiler handles -Wold-style-declaration... yes +checking whether C compiler handles -Wold-style-definition... yes +checking whether C compiler handles -Wopenmp-simd... yes +checking whether C compiler handles -Woverflow... yes +checking whether C compiler handles -Woverride-init... yes +checking whether C compiler handles -Wpacked... yes +checking whether C compiler handles -Wpacked-bitfield-compat... yes +checking whether C compiler handles -Wparentheses... yes +checking whether C compiler handles -Wpointer-arith... yes +checking whether C compiler handles -Wpointer-sign... yes +checking whether C compiler handles -Wpointer-to-int-cast... yes +checking whether C compiler handles -Wpragmas... yes +checking whether C compiler handles -Wreturn-local-addr... yes +checking whether C compiler handles -Wreturn-type... yes +checking whether C compiler handles -Wsequence-point... yes +checking whether C compiler handles -Wshadow... yes +checking whether C compiler handles -Wshift-count-negative... yes +checking whether C compiler handles -Wshift-count-overflow... yes +checking whether C compiler handles -Wsizeof-array-argument... yes +checking whether C compiler handles -Wsizeof-pointer-memaccess... yes +checking whether C compiler handles -Wstrict-aliasing... yes +checking whether C compiler handles -Wstrict-prototypes... yes +checking whether C compiler handles -Wsuggest-attribute=format... yes +checking whether C compiler handles -Wsuggest-final-methods... yes +checking whether C compiler handles -Wsuggest-final-types... yes +checking whether C compiler handles -Wswitch... yes +checking whether C compiler handles -Wswitch-bool... yes +checking whether C compiler handles -Wsync-nand... yes +checking whether C compiler handles -Wtrampolines... yes +checking whether C compiler handles -Wtrigraphs... yes +checking whether C compiler handles -Wtype-limits... yes +checking whether C compiler handles -Wuninitialized... yes +checking whether C compiler handles -Wunknown-pragmas... yes +checking whether C compiler handles -Wunsafe-loop-optimizations... yes +checking whether C compiler handles -Wunused... yes +checking whether C compiler handles -Wunused-but-set-parameter... yes +checking whether C compiler handles -Wunused-but-set-variable... yes +checking whether C compiler handles -Wunused-function... yes +checking whether C compiler handles -Wunused-label... yes +checking whether C compiler handles -Wunused-local-typedefs... yes +checking whether C compiler handles -Wunused-macros... yes +checking whether C compiler handles -Wunused-parameter... yes +checking whether C compiler handles -Wunused-result... yes +checking whether C compiler handles -Wunused-value... yes +checking whether C compiler handles -Wunused-variable... yes +checking whether C compiler handles -Wvarargs... yes +checking whether C compiler handles -Wvariadic-macros... yes +checking whether C compiler handles -Wvector-operation-performance... yes +checking whether C compiler handles -Wvolatile-register-var... yes +checking whether C compiler handles -Wwrite-strings... yes +checking whether C compiler handles -Warray-bounds=2... yes +checking whether C compiler handles -Wnormalized=nfc... yes +checking whether C compiler handles -Wno-missing-field-initializers... yes +checking whether C compiler handles -Wno-format-y2k... yes +checking whether C compiler handles -Wno-unused-value... yes +checking whether C compiler handles -Wno-unused-result... yes +checking whether C compiler handles -Wno-unused-parameter... yes +checking whether C compiler handles -Wno-stack-protector... yes +checking whether C compiler handles -Wno-int-to-pointer-cast... yes +checking whether C compiler handles -fdiagnostics-show-option... yes +checking whether ln -s works... yes +checking how to print strings... printf +checking for a sed that does not truncate output... (cached) /bin/sed +checking for fgrep... /bin/grep -F +checking for ld used by gcc... /usr/bin/ld +checking if the linker (/usr/bin/ld) is GNU ld... yes +checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B +checking the name lister (/usr/bin/nm -B) interface... BSD nm +checking the maximum length of command line arguments... 1572864 +checking whether the shell understands some XSI constructs... yes +checking whether the shell understands "+="... yes +checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop +checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop +checking for /usr/bin/ld option to reload object files... -r +checking for objdump... objdump +checking how to recognize dependent libraries... pass_all +checking for dlltool... no +checking how to associate runtime and link libraries... printf %s\n +checking for archiver @FILE support... @ +checking for strip... strip +checking for ranlib... (cached) ranlib +checking command to parse /usr/bin/nm -B output from gcc object... ok +checking for sysroot... no +checking for mt... mt +checking if mt is a manifest tool... no +checking for dlfcn.h... yes +checking for objdir... .libs +checking if gcc supports -fno-rtti -fno-exceptions... yes +checking for gcc option to produce PIC... -fPIC -DPIC +checking if gcc PIC flag -fPIC -DPIC works... yes +checking if gcc static flag -static works... yes +checking if gcc supports -c -o file.o... yes +checking if gcc supports -c -o file.o... (cached) yes +checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking whether -lc should be explicitly linked in... no +checking dynamic linker characteristics... GNU/Linux ld.so +checking how to hardcode library paths into programs... immediate +checking whether stripping libraries is possible... yes +checking if libtool supports shared libraries... yes +checking whether to build shared libraries... yes +checking whether to build static libraries... no +checking how to run the C++ preprocessor... g++ -E +checking for ld used by g++... /usr/bin/ld -m elf_x86_64 +checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes +checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking for g++ option to produce PIC... -fPIC -DPIC +checking if g++ PIC flag -fPIC -DPIC works... yes +checking if g++ static flag -static works... yes +checking if g++ supports -c -o file.o... yes +checking if g++ supports -c -o file.o... (cached) yes +checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes +checking dynamic linker characteristics... (cached) GNU/Linux ld.so +checking how to hardcode library paths into programs... immediate +checking for LIBIDN... yes +checking whether to build libdane... no +checking for tss library... yes +checking for working stdnoreturn.h... yes +checking for ssize_t... yes +checking size of unsigned long int... 8 +checking size of unsigned int... 4 +checking whether to include zlib compression support... yes +checking for libz... yes +checking how to link with libz... -lz +checking whether building Guile bindings... no +*** +*** Checking dependencies for crywrap... + +checking for arpa/inet.h... (cached) yes +checking for netinet/in.h... (cached) yes +checking for sys/select.h... (cached) yes +checking for sys/types.h... (cached) yes +checking sys/wait.h usability... yes +checking sys/wait.h presence... yes +checking for sys/wait.h... yes +checking return type of signal handlers... void +checking for sys/select.h... (cached) yes +checking for sys/socket.h... (cached) yes +checking types of arguments for select... int,fd_set *,struct timeval * +checking for alarm... yes +checking for atexit... yes +checking for dup2... yes +checking for epoll_create... yes +checking for kqueue... no +checking for memchr... yes +checking for memset... yes +checking for munmap... yes +checking for putenv... yes +checking for regcomp... yes +checking for scandir... yes +checking for select... yes +checking for socket... yes +checking for strcasecmp... (cached) yes +checking for strchr... yes +checking for strdup... (cached) yes +checking for strerror... yes +checking for strncasecmp... (cached) yes +checking for strrchr... yes +checking for strstr... yes +checking for strtoul... yes +checking for uname... yes +checking for argp_usage... yes +checking that generated files are newer than configure... done +configure: creating ./config.status +config.status: creating guile/pre-inst-guile +config.status: creating Makefile +config.status: creating doc/Makefile +config.status: creating doc/credentials/Makefile +config.status: creating doc/credentials/openpgp/Makefile +config.status: creating doc/credentials/srp/Makefile +config.status: creating doc/credentials/x509/Makefile +config.status: creating doc/cyclo/Makefile +config.status: creating doc/doxygen/Doxyfile +config.status: creating doc/examples/Makefile +config.status: creating doc/latex/Makefile +config.status: creating doc/manpages/Makefile +config.status: creating doc/reference/Makefile +config.status: creating doc/reference/version.xml +config.status: creating doc/scripts/Makefile +config.status: creating extra/Makefile +config.status: creating extra/includes/Makefile +config.status: creating libdane/Makefile +config.status: creating libdane/includes/Makefile +config.status: creating libdane/gnutls-dane.pc +config.status: creating gl/Makefile +config.status: creating gl/tests/Makefile +config.status: creating guile/Makefile +config.status: creating guile/modules/Makefile +config.status: creating guile/src/Makefile +config.status: creating guile/tests/Makefile +config.status: creating lib/Makefile +config.status: creating lib/accelerated/Makefile +config.status: creating lib/accelerated/x86/Makefile +config.status: creating lib/algorithms/Makefile +config.status: creating lib/auth/Makefile +config.status: creating lib/ext/Makefile +config.status: creating lib/extras/Makefile +config.status: creating lib/gnutls.pc +config.status: creating lib/includes/Makefile +config.status: creating lib/includes/gnutls/gnutls.h +config.status: creating lib/minitasn1/Makefile +config.status: creating lib/nettle/Makefile +config.status: creating lib/opencdk/Makefile +config.status: creating lib/openpgp/Makefile +config.status: creating lib/x509/Makefile +config.status: creating po/Makefile.in +config.status: creating src/Makefile +config.status: creating src/crywrap/Makefile +config.status: creating src/gl/Makefile +config.status: creating tests/Makefile +config.status: creating tests/cert-tests/Makefile +config.status: creating tests/dsa/Makefile +config.status: creating tests/dtls/Makefile +config.status: creating tests/srp/Makefile +config.status: creating tests/ecdsa/Makefile +config.status: creating tests/key-tests/Makefile +config.status: creating tests/openpgp-certs/Makefile +config.status: creating tests/pkcs1-padding/Makefile +config.status: creating tests/pkcs12-decode/Makefile +config.status: creating tests/pkcs8-decode/Makefile +config.status: creating tests/rsa-md5-collision/Makefile +config.status: creating tests/safe-renegotiation/Makefile +config.status: creating tests/scripts/Makefile +config.status: creating tests/sha2/Makefile +config.status: creating tests/slow/Makefile +config.status: creating tests/suite/Makefile +config.status: creating tests/userid/Makefile +config.status: creating config.h +config.status: executing depfiles commands +config.status: executing po-directories commands +config.status: creating po/POTFILES +config.status: creating po/Makefile +config.status: executing libtool commands +configure: summary of build options: + + version: 3.4.10 shared 36:2:6 + Host/Target system: x86_64-unknown-linux-gnu + Build system: x86_64-unknown-linux-gnu + Install prefix: /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10 + Compiler: gcc + CFlags: -g -Og -fpermissive -w + Library types: Shared=yes, Static=no + Local libopts: yes + Local libtasn1: yes + Use nettle-mini: no + +configure: External hardware support: + + /dev/crypto: no + Hardware accel: x86-64 + Padlock accel: yes + getrandom variant: no + PKCS#11 support: no + TPM support: yes + +configure: + TPM library: /usr/lib/libtspi.so.1 + +configure: Optional features: +(note that included applications might not compile properly +if features are disabled) + + DTLS-SRTP support: yes + ALPN support: yes + OCSP support: yes + Ses. ticket support: yes + OpenPGP support: yes + SRP support: yes + PSK support: yes + DHE support: yes + ECDHE support: yes + Anon auth support: yes + Heartbeat support: yes + IDNA support: yes + Unicode support: yes + Self checks: no + Non-SuiteB curves: yes + FIPS140 mode: no + +configure: Optional applications: + + crywrap app: yes + +configure: Optional libraries: + + Guile wrappers: no + C++ library: no + DANE library: no + OpenSSL compat: no + +configure: System files: + + Trust store pkcs11: + Trust store dir: + Trust store file: /etc/ssl/certs/ca-certificates.crt + Blacklist file: + CRL file: + Priority file: /etc/gnutls/default-priorities + DNSSEC root key file: /usr/share/dns/root.key + +sed: can't read lib/gl/stdio.in.h: No such file or directory +make[1]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make all-recursive +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +Making all in gl +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' + GEN alloca.h + GEN c++defs.h + GEN arg-nonnull.h + GEN warn-on-use.h + GEN netdb.h + GEN stdio.h + GEN stdlib.h + GEN string.h + GEN strings.h + GEN sys/socket.h + GEN sys/stat.h + GEN sys/time.h + GEN sys/types.h + GEN sys/uio.h + GEN time.h + GEN unistd.h + GEN wchar.h +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +Making all in tests +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' + GEN c++defs.h + GEN arg-nonnull.h + GEN warn-on-use.h + GEN fcntl.h + GEN inttypes.h +make all-recursive +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +Making all in . +make[7]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[7]: Nothing to be done for 'all-am'. +make[7]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' + CC base64.lo + CC c-ctype.lo + CC hash-pjw-bare.lo + CC read-file.lo + CC sys_socket.lo + CC unistd.lo + CC xsize.lo + CC asnprintf.lo + CC printf-args.lo + CC printf-parse.lo + CC vasnprintf.lo + CCLD libgnu.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +Making all in lib +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +Making all in includes +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +make[5]: Nothing to be done for 'all'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +Making all in x509 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' + CC common.lo + CC key_encode.lo + CC key_decode.lo + CC crl.lo + CC crl_write.lo + CC crq.lo + CC dn.lo + CC extensions.lo + CC mpi.lo + CC output.lo + CC pkcs12.lo + CC pkcs12_bag.lo + CC pkcs12_encr.lo + CC pkcs7.lo + CC pkcs7-attrs.lo + CC privkey.lo + CC privkey_pkcs8.lo + CC privkey_openssl.lo + CC hostname-verify.lo + CC sign.lo + CC verify.lo + CC x509.lo + CC x509_dn.lo + CC x509_write.lo + CC name_constraints.lo + CC verify-high.lo + CC verify-high2.lo + CC x509_ext.lo + CC email-verify.lo + CC pkcs7-output.lo + CC ocsp.lo + CC ocsp_output.lo + CCLD libgnutls_x509.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' +Making all in auth +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' + CC anon.lo + CC cert.lo + CC dh_common.lo + CC dhe.lo + CC rsa_psk.lo + CC dhe_psk.lo + CC psk.lo + CC psk_passwd.lo + CC rsa.lo + CC srp.lo + CC srp_passwd.lo + CC srp_rsa.lo + CC srp_sb64.lo + CC anon_ecdh.lo + CC ecdhe.lo + CCLD libgnutls_auth.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' +Making all in ext +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' + CC max_record.lo + CC cert_type.lo + CC server_name.lo + CC signature.lo + CC safe_renegotiation.lo + CC session_ticket.lo + CC srp.lo + CC ecc.lo + CC heartbeat.lo + CC status_request.lo + CC dumbfw.lo + CC ext_master_secret.lo + CC etm.lo + CC alpn.lo + CC srtp.lo + CCLD libgnutls_ext.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' +Making all in algorithms +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' + CC cert_types.lo + CC ciphers.lo + CC ciphersuites.lo + CC ecc.lo + CC kx.lo + CC mac.lo + CC protocols.lo + CC publickey.lo + CC secparams.lo + CC sign.lo + CCLD libgnutls_alg.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' +Making all in extras +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' + CC randomart.lo + CC hex.lo + CCLD libgnutls_extras.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' +Making all in accelerated +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +Making all in x86 +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' + CC x86-common.lo + CC sha-x86-ssse3.lo + CC hmac-x86-ssse3.lo + CC aes-gcm-x86-ssse3.lo + CC aes-gcm-x86-aesni.lo + CC aes-cbc-x86-ssse3.lo + CC aes-cbc-x86-aesni.lo + CC aes-ccm-x86-aesni.lo + CC sha-padlock.lo + CC hmac-padlock.lo + CC aes-padlock.lo + CC aes-gcm-padlock.lo + CC aes-gcm-x86-pclmul.lo + CCAS elf/aesni-x86_64.lo + CCAS elf/cpuid-x86_64.lo + CCAS elf/ghash-x86_64.lo + CCAS elf/sha1-ssse3-x86_64.lo + CCAS elf/sha512-ssse3-x86_64.lo + CCAS elf/aes-ssse3-x86_64.lo + CCAS elf/e_padlock-x86_64.lo + CCLD libx86.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' + CC accelerated.lo + CC cryptodev.lo + CC cryptodev-gcm.lo + CCLD libaccelerated.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +Making all in minitasn1 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' + CC decoding.lo + CC gstr.lo + CC errors.lo + CC parser_aux.lo + CC structure.lo + CC element.lo + CC coding.lo + CC version.lo + CCLD libminitasn1.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' +Making all in opencdk +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' + CC armor.lo + CC kbnode.lo + CC sig-check.lo + CC keydb.lo + CC pubkey.lo + CC stream.lo + CC write-packet.lo + CC misc.lo + CC seskey.lo + CC literal.lo + CC new-packet.lo + CC read-packet.lo + CCLD libminiopencdk.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' +Making all in openpgp +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' + CC pgp.lo + CC pgpverify.lo + CC extras.lo + CC compat.lo + CC privkey.lo + CC output.lo + CC gnutls_openpgp.lo + CCLD libgnutls_openpgp.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' +Making all in nettle +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' + CC pk.lo + CC mpi.lo + CC mac.lo + CC cipher.lo + CC init.lo + CC egd.lo + CC rnd-common.lo + CC rnd.lo + CCLD libcrypto.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' + CC gnutls_range.lo + CC gnutls_record.lo + CC gnutls_compress.lo + CC debug.lo + CC gnutls_cipher.lo + CC gnutls_mbuffers.lo + CC gnutls_buffers.lo + CC gnutls_handshake.lo + CC gnutls_num.lo + CC gnutls_errors.lo + CC gnutls_dh.lo + CC gnutls_kx.lo + CC gnutls_priority.lo + CC gnutls_hash_int.lo + CC gnutls_cipher_int.lo + CC gnutls_session.lo + CC gnutls_db.lo + CC x509_b64.lo + CC gnutls_extensions.lo + CC gnutls_auth.lo + CC gnutls_v2_compat.lo + CC gnutls_datum.lo + CC gnutls_session_pack.lo + CC gnutls_mpi.lo + CC gnutls_pk.lo + CC gnutls_cert.lo + CC gnutls_global.lo + CC gnutls_constate.lo + CC gnutls_anon_cred.lo + CC pkix_asn1_tab.lo + CC gnutls_asn1_tab.lo + CC gnutls_mem.lo + CC gnutls_ui.lo + CC vasprintf.lo + CC gnutls_sig.lo + CC gnutls_ecc.lo + CC gnutls_alert.lo + CC gnutls_privkey_raw.lo + CC system.lo + CC inet_ntop.lo + CC gnutls_str.lo + CC gnutls_state.lo + CC gnutls_x509.lo + CC gnutls_helper.lo + CC gnutls_supplemental.lo + CC random.lo + CC crypto-api.lo + CC gnutls_privkey.lo + CC gnutls_pcert.lo + CC gnutls_pubkey.lo + CC locks.lo + CC gnutls_dtls.lo + CC system_override.lo + CC crypto-backend.lo + CC verify-tofu.lo + CC pin.lo + CC tpm.lo + CC fips.lo + CC safe-memfuncs.lo + CC inet_pton.lo + CC atfork.lo + CC urls.lo + CC auto-verify.lo + CC system-keys-dummy.lo + CC gnutls_srp.lo + CC gnutls_psk.lo + CCLD libgnutls.la +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +Making all in extra +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +Making all in includes +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[4]: Nothing to be done for 'all'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[4]: Nothing to be done for 'all-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +Making all in po +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/po' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/po' +Making all in src/gl +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' + GEN alloca.h + GEN c++defs.h + GEN warn-on-use.h + GEN arg-nonnull.h + GEN arpa/inet.h + GEN netdb.h + GEN signal.h + GEN stdio.h + GEN stdlib.h + GEN string.h + GEN sys/select.h + GEN sys/socket.h + GEN sys/stat.h + GEN sys/time.h + GEN sys/types.h + GEN sys/uio.h + GEN time.h + GEN unistd.h + GEN wchar.h +make all-recursive +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' + CC c-ctype.lo + CC exitfail.lo + CC fd-hook.lo + CC gettime.lo + CC malloca.lo + CC parse-datetime.lo + CC progname.lo + CC read-file.lo + CC sockets.lo + CC sys_socket.lo + CC timespec.lo + CC unistd.lo + CC xmalloc.lo + CC xalloc-die.lo + CC xsize.lo + CC asnprintf.lo + CC printf-args.lo + CC printf-parse.lo + CC vasnprintf.lo + CCLD libgnu_gpl.la +ar: `u' modifier ignored since `D' is the default (see `U') +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[3]: Nothing to be done for 'all-am'. +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[1]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[1]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +Making install in gl +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +Making install in tests +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make install-recursive +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +Making install in . +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[7]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[7]: Nothing to be done for 'install-exec-am'. +make[7]: Nothing to be done for 'install-data-am'. +make[7]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl/tests' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/gl' +Making install in lib +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +Making install in includes +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +make[5]: Nothing to be done for 'install-exec-am'. + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include/gnutls' + /usr/bin/install -c -m 644 gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h gnutls/abstract.h gnutls/dtls.h gnutls/ocsp.h gnutls/tpm.h gnutls/x509-ext.h gnutls/self-test.h gnutls/system-keys.h gnutls/urls.h gnutls/pkcs7.h '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include/gnutls' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include/gnutls' + /usr/bin/install -c -m 644 gnutls/gnutls.h '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/include/gnutls' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/includes' +Making install in x509 +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/x509' +Making install in auth +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/auth' +Making install in ext +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/ext' +Making install in algorithms +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/algorithms' +Making install in extras +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/extras' +Making install in accelerated +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +Making install in x86 +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' +make[6]: Nothing to be done for 'install-exec-am'. +make[6]: Nothing to be done for 'install-data-am'. +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated/x86' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +make[6]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +make[6]: Nothing to be done for 'install-exec-am'. +make[6]: Nothing to be done for 'install-data-am'. +make[6]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/accelerated' +Making install in minitasn1 +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/minitasn1' +Making install in opencdk +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/opencdk' +Making install in openpgp +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/openpgp' +Making install in nettle +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib/nettle' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib' + /bin/bash ../libtool --mode=install /usr/bin/install -c libgnutls.la '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib' +libtool: install: /usr/bin/install -c .libs/libgnutls.so.30.6.2 /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib/libgnutls.so.30.6.2 +libtool: install: (cd /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib && { ln -s -f libgnutls.so.30.6.2 libgnutls.so.30 || { rm -f libgnutls.so.30 && ln -s libgnutls.so.30.6.2 libgnutls.so.30; }; }) +libtool: install: (cd /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib && { ln -s -f libgnutls.so.30.6.2 libgnutls.so || { rm -f libgnutls.so && ln -s libgnutls.so.30.6.2 libgnutls.so; }; }) +libtool: install: /usr/bin/install -c .libs/libgnutls.lai /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib/libgnutls.la +libtool: finish: PATH="/home/nmav/perl5/bin:/opt/open64-5.0/bin:/home/nmav/cvs/gnulib:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/nmav/android/adt-bundle-linux-x86_64-20130917/sdk/tools:/sbin" ldconfig -n /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib +---------------------------------------------------------------------- +Libraries have been installed in: + /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib + +If you ever happen to want to link against installed libraries +in a given directory, LIBDIR, you must either use libtool, and +specify the full pathname of the library, or use the `-LLIBDIR' +flag during linking and do at least one of the following: + - add LIBDIR to the `LD_LIBRARY_PATH' environment variable + during execution + - add LIBDIR to the `LD_RUN_PATH' environment variable + during linking + - use the `-Wl,-rpath -Wl,LIBDIR' linker flag + - have your system administrator add LIBDIR to `/etc/ld.so.conf' + +See any operating system documentation about shared libraries for +more information, such as the ld(1) and ld.so(8) manual pages. +---------------------------------------------------------------------- + /bin/mkdir -p '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib/pkgconfig' + /usr/bin/install -c -m 644 gnutls.pc '/home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/lib/pkgconfig' +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/lib' +Making install in extra +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +Making install in includes +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[4]: Nothing to be done for 'install-exec-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra/includes' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[4]: Nothing to be done for 'install-data-am'. +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/extra' +Making install in po +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/po' +installing en@boldquot.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/en@boldquot/LC_MESSAGES/gnutls.mo +installing en@quot.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/en@quot/LC_MESSAGES/gnutls.mo +installing cs.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/cs/LC_MESSAGES/gnutls.mo +installing de.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/de/LC_MESSAGES/gnutls.mo +installing eo.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/eo/LC_MESSAGES/gnutls.mo +installing fi.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/fi/LC_MESSAGES/gnutls.mo +installing fr.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/fr/LC_MESSAGES/gnutls.mo +installing it.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/it/LC_MESSAGES/gnutls.mo +installing ms.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/ms/LC_MESSAGES/gnutls.mo +installing nl.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/nl/LC_MESSAGES/gnutls.mo +installing pl.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/pl/LC_MESSAGES/gnutls.mo +installing sv.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/sv/LC_MESSAGES/gnutls.mo +installing uk.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/uk/LC_MESSAGES/gnutls.mo +installing vi.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/vi/LC_MESSAGES/gnutls.mo +installing zh_CN.gmo as /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/locale/zh_CN/LC_MESSAGES/gnutls.mo +if test "gnutls" = "gettext-tools"; then \ + /bin/mkdir -p /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/gettext/po; \ + for file in Makefile.in.in remove-potcdate.sin quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot Makevars.template; do \ + /usr/bin/install -c -m 644 ./$file \ + /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/gettext/po/$file; \ + done; \ + for file in Makevars; do \ + rm -f /home/nmav/cvs/gnutls-web/abi-tracker/installed/gnutls/3.4.10/share/gettext/po/$file; \ + done; \ +else \ + : ; \ +fi +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/po' +Making install in src/gl +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make install-recursive +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[4]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[5]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[5]: Nothing to be done for 'install-exec-am'. +make[5]: Nothing to be done for 'install-data-am'. +make[5]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[4]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10/src/gl' +make[2]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[3]: Entering directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[3]: Nothing to be done for 'install-exec-am'. +make[3]: Nothing to be done for 'install-data-am'. +make[3]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[2]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' +make[1]: Leaving directory '/tmp/zinbp9wpb_/build/gnutls-3.4.10' diff --git a/abi-tracker/changelog/gnutls/3.4.10/log.html b/abi-tracker/changelog/gnutls/3.4.10/log.html new file mode 100644 index 0000000000..7229a257a2 --- /dev/null +++ b/abi-tracker/changelog/gnutls/3.4.10/log.html @@ -0,0 +1,8726 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="GnuTLS, 3.4.10, changes, changelog" /> + <meta name="description" content="Log of changes in the package" /> + <link rel="stylesheet" type="text/css" href="../../../css/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../css/changelog.css" /> + + + <title> + GnuTLS 3.4.10: changelog + </title> + + </head> + +<body> +<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for GnuTLS' href='../../../timeline/gnutls/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(GnuTLS)</h1></td></tr></table><hr/> +<br/> +<br/> +<h1>Changelog for <span class='version'>3.4.10</span> version</h1><br/><br/> +<div class='changelog'> +<pre class='wrap'>GnuTLS NEWS -- History of user-visible changes. -*- outline -*- +Copyright (C) 2000-2015 Free Software Foundation, Inc. +Copyright (C) 2013-2015 Nikos Mavrogiannopoulos +See the end for copying conditions. + +* Version 3.4.10 (released 2016-03-03) + +** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes + to be used with hashing functions. + +** libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import(). + +** libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches + by Jan Vcelak. + +** libgnutls: Several fixes to prevent relying on undefined behavior of C + (found with libubsan). + +** API and ABI modifications: +No changes since last version. + + +* Version 3.4.9 (released 2016-02-03) + +** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate + the last commonly supported protocol, rather than the first. Reported by + Remi Denis-Courmont (#63). + +** libgnutls: Tolerate empty DN fields in informational output functions. + +** libgnutls: Corrected regression causes by incorrect fix in + gnutls_x509_ext_export_key_usage() at 3.4.8 release. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.4.8 (released 2016-01-08) + +** libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when + used with PKCS #11 keys. + +** libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import + their public keys from either a public key object or a certificate. + That is, because private keys do not contain all the required + parameters for a direct import. Reported by Jan Vcelak. + +** libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 + tokens. + +** libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage(), + report and patch by Tim Kosse. + +** libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to + draft-ietf-tls-chacha20-poly1305-02. + +** libgnutls: Several fixes in PKCS #7 signing which improve compatibility + with the MacOSX tools. Reported by sskaje (#59). + +** libgnutls: The max-record extension not negotiated on DTLS. This resolves + issue with the max-record being negotiated but ignored. + +** certtool: Added the --p7-include-cert and --p7-show-data options. + +** API and ABI modifications: +gnutls_pkcs7_get_embedded_data: Added + + +* Version 3.4.7 (released 2015-11-22) + +** libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 + ciphersuites. This solves an interoperability issue with openssl. + Reported by Viktor Dukhovni. + +** libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info(). + +** libgnutls: On a rehandshake allow switching from anonymous to ECDHE and + DHE ciphersuites. + +** libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128 + from using arbitrary key sizes. Reported by Andreas Schneider. + +** libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping + the implicit global initialization. + +** gnutls.pc: Don't include libtool specific options to link flags. + Reported by Dan Kegel. + +** tools: Better support for FTP AUTH TLS negotiation + +** API and ABI modifications: +gnutls_x509_crt_set_issuer_unique_id: Added +gnutls_x509_crt_set_subject_unique_id: Added +gnutls_certificate_set_flags: Added +GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Added + + +* Version 3.4.6 (released 2015-10-20) + +** libgnutls: Added new simple verification functions. That avoids the need + to install a callback to perform certificate verification. See + doc/examples/ex-client-x509.c for usage. + +** libgnutls: Introduced the security parameter 'future' which is at + the 256-bit level of security, and 'ultra' was aligned to its documented + size at 192-bits. + +** libgnutls: When writing a certificate into a PKCS #11 token, ensure + that CKA_SERIAL_NUMBER and CKA_ISSUER are written. Reported by Sumit + Bose. + +** libgnutls: Allow the presence of legacy ciphers and key exchanges in + priority strings and consider them a no-op. + +** libgnutls: Handle the extended master secret as a mandatory extension. + That fixes incompatibility issues with Chromium (#45). Reported by + Hubert Kario. + +** libgnutls: Added the ability to copy a public key into a PKCS #11 + token. + +** tools: Added support for LDAP and XMPP negotiation for STARTTLS. + +** p11tool: Allow writing a public key into a PKCS #11 token. + +** certtool: Key generation security level was switched to HIGH. That + is, by default the tool generates 3072 bit keys for RSA and DSA. + +** API and ABI modifications: +gnutls_session_set_verify_function: Added +gnutls_session_set_verify_cert: Added +gnutls_session_set_verify_cert2: Added +gnutls_session_get_verify_cert_status: Added +gnutls_pkcs11_copy_pubkey: Added + + +* Version 3.4.5 (released 2015-09-12) + +** libgnutls: When re-importing CRLs to a trust list ensure that there + no duplicate entries. + +** certtool: Removed any arbitrary limits imposed on input file sizes + and maximum number of certificates imported. + +** certtool: Allow specifying fixed dates on CRL generation. + +** gnutls-cli-debug: Added check for inappropriate fallback support + (RFC7507). + +** API and ABI modifications: +No changes since last version. + + +* Version 3.4.4 (released 2015-08-10) + +** libgnutls: added high level API (gnutls_prf_rfc5705) to access + the PRF as specified by RFC5705. Suggestion and original patch + by Rick van Rein. + +** libgnutls: Link to trousers (TPM library) dynamically when this + functionality is requested. + +** libgnutls: Fix issue with server side sending the status request + extension even when not requested. Reported by Jeremy Harris. + +** libgnutls: Added support for RFC7507 by introducing the %FALLBACK_SCSV + priority string option. Patch by Alessandro Ghedini. + +** libgnutls: gnutls_pkcs11_privkey_generate2() will store the generated + public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is + specified. + +** libgnutls: Corrected regression from 3.4.3 in loading PKCS #8 keys as + fallback. Reported by Daniel Berrange. + +** libgnutls: Allow the parsing of very long DNs. Also fixes double free + in DN decoding [GNUTLS-SA-2015-3]. + +** API and ABI modifications: +gnutls_prf_rfc5705: Added +gnutls_hex_encode2: Added +gnutls_hex_decode2: Added + + +* Version 3.4.3 (released 2015-07-12) + +** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for + dates prior to 2050. + +** libgnutls: Force 16-byte alignment to all input to ciphers (previously it + was done only when cryptodev was enabled). + +** libgnutls: Removed support for pthread_atfork() as it has undefined + semantics when used with dlopen(), and may lead to a crash. + +** libgnutls: corrected failure when importing plain files + with gnutls_x509_privkey_import2(), and a password was provided. + +** libgnutls: Don't reject certificates if a CA has the URI or IP address + name constraints, and the end certificate doesn't have an IP address + name or a URI set. + +** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. + +** p11tool: Added --list-token-urls option, and print the token module name + in list-tokens. + +** API and ABI modifications: +gnutls_ecc_curve_get_oid: Added +gnutls_digest_get_oid: Added +gnutls_pk_get_oid: Added +gnutls_sign_get_oid: Added +gnutls_ecc_curve_get_id: Added +gnutls_oid_to_digest: Added +gnutls_oid_to_pk: Added +gnutls_oid_to_sign: Added +gnutls_oid_to_ecc_curve: Added +gnutls_pkcs7_get_signature_count: Added + + +* Version 3.4.2 (released 2015-06-16) + +** libgnutls: DTLS blocking API is more robust against infinite blocking, +and will notify of more possible timeouts. + +** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported +by Manuel Pegourie-Gonnard. + +** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That +allows to disable SIGPIPE for writes done within gnutls. + +** libgnutls: Enhanced the PKCS #7 API to allow signing and verification +of structures. API moved to gnutls/pkcs7.h header. + +** certtool: Added options to generate PKCS #7 bundles and signed +structures. + +** API and ABI modifications: +gnutls_x509_dn_get_str: Added +gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added +gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added +gnutls_x509_crt_verify_data2: Added +gnutls_pkcs7_get_crt_raw2: Added +gnutls_pkcs7_signature_info_deinit: Added +gnutls_pkcs7_get_signature_info: Added +gnutls_pkcs7_verify_direct: Added +gnutls_pkcs7_verify: Added +gnutls_pkcs7_get_crl_raw2: Added +gnutls_pkcs7_sign: Added +gnutls_pkcs7_attrs_deinit: Added +gnutls_pkcs7_add_attr: Added +gnutls_pkcs7_get_attr: Added +gnutls_pkcs7_print: Added + + +* Version 3.4.1 (released 2015-05-03) + +** libgnutls: gnutls_certificate_get_ours: will return the certificate even +if a callback was used to send it. + +** libgnutls: Check for invalid length in the X.509 version field. Without +the check certificates with invalid length would be detected as having an +arbitrary version. Reported by Hanno Böck. + +** libgnutls: Handle DNS name constraints with a leading dot. Patch by +Fotis Loukos. + +** libgnutls: Updated system-keys support for windows to compile in more +versions of mingw. Patch by Tim Kosse. + +** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by +Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. + +** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout +by default. That caused issues with non-blocking programs. + +** certtool: It can generate SHA256 key IDs. + +** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. + +** configure: re-enabled the --enable-local-libopts flag + +** API and ABI modifications: +gnutls_x509_crt_get_pk_ecc_raw: Added + + +* Version 3.4.0 (released 2015-04-08) + +** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) +ciphersuites. The former are enabled by default, the latter need to be +explicitly enabled, since they reduce the overall security level. + +** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following +draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. +That is currently provided as technology preview and is not enabled by +default, since there are no assigned ciphersuite points by IETF and there +is no guarrantee of compatibility between draft versions. The ciphersuite +priority string to enable it is "+CHACHA20-POLY1305". + +** libgnutls: Added support for encrypt-then-authenticate in CBC +ciphersuites (RFC7366 -taking into account its errata text). This is +enabled by default and can be disabled using the %NO_ETM priority +string. + +** libgnutls: Added support for the extended master secret +(triple-handshake fix) following draft-ietf-tls-session-hash-02. + +** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). + +** libgnutls: SSL 3.0 is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+VERS-SSL3.0". + +** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+ARCFOUR-128". + +** libgnutls: DSA signatures and DHE-DSS are no longer included in the +default priorities list. They have to be explicitly enabled, e.g., with +a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The +DSA ciphersuites were dropped because they had no deployment at all +on the internet, to justify their inclusion. + +** libgnutls: The priority string EXPORT was completely removed. The string +was already defunc as support for the EXPORT ciphersuites was removed in +GnuTLS 3.2.0. + +** libgnutls: Added API to utilize system specific private keys in +"gnutls/system-keys.h". It is currently provided as technology preview +and is restricted to windows CNG keys. + +** libgnutls: gnutls_x509_crt_check_hostname() and friends will use +RFC6125 comparison of hostnames. That introduces a dependency on libidn. + +** libgnutls: Depend on p11-kit 0.23.1 to comply with the final +PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). + +** libgnutls: Depend on nettle 3.1. + +** libgnutls: Use getrandom() or getentropy() when available. That +avoids the complexity of file descriptor handling and issues with +applications closing all open file descriptors on startup. + +** libgnutls: Use pthread_atfork() to detect fork when available. + +** libgnutls: If a key purpose (extended key usage) is specified for verification, +it is applied into intermediate certificates. The verification result +GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. + +** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in +combination with PKCS #11, or TPM URLs, it will utilize the provided +password as PIN if required. That removes the requirement for the +application to set a callback for PINs in that case. + +** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are +restricted to the corresponding protocols only, and the VERS-ALL +string is introduced to catch all possible protocols. + +** libgnutls: Added helper functions to obtain information on PKCS #8 +structures. + +** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t +will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. + +** libgnutls: Added functions to export and set the record state. That +allows for gnutls_record_send() and recv() to be offloaded (to kernel, +hardware or any other subsystem). + +** libgnutls: Added the ability to register application specific URL +types, which express certificates and keys using gnutls_register_custom_url(). + +** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., +to override AES-GCM using a system-specific accelerator. That is, (crypto.h) +gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), +gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). + +** libgnutls: Added gnutls_ext_register() to register custom extensions. +Contributed by Thierry Quemerais. + +** libgnutls: Added gnutls_supplemental_register() to register custom +supplemental data handshake messages. Contributed by Thierry Quemerais. + +** libgnutls-openssl: it is no longer built by default. + + +** certtool: Added --p8-info option, which will print PKCS #8 information +even if the password is not available. + +** certtool: --key-info option will print PKCS #8 encryption information +when available. + +** certtool: Added the --key-id and --fingerprint options. + +** certtool: Added the --verify-hostname, --verify-email and --verify-purpose +options to be used in certificate chain verification, to simulate verification +for specific hostname and key purpose (extended key usage). + +** certtool: --p12-info option will print PKCS #12 MAC and cipher information +when available. + +** certtool: it will print the A-label (ACE) names in addition to UTF-8. + +** p11tool: added options --set-id and --set-label. + +** gnutls-cli: added options --priority-list and --save-cert. + +** guile: Deprecated priority API has been removed. The old priority API, +which had been deprecated for some time, is now gone; use 'set-session-priorities!' +instead. + +** guile: Remove RSA parameters and related procedures. This API had been +deprecated. + +** guile: Fix compilation on MinGW. Previously only the static version of the +'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. + +** API and ABI modifications: +gnutls_record_get_state: Added +gnutls_record_set_state: Added +gnutls_aead_cipher_init: Added +gnutls_aead_cipher_decrypt: Added +gnutls_aead_cipher_encrypt: Added +gnutls_aead_cipher_deinit: Added +gnutls_pkcs12_generate_mac2: Added +gnutls_pkcs12_mac_info: Added +gnutls_pkcs12_bag_enc_info: Added +gnutls_pkcs8_info: Added +gnutls_pkcs_schema_get_name: Added +gnutls_pkcs_schema_get_oid: Added +gnutls_pcert_export_x509: Added +gnutls_pcert_export_openpgp: Added +gnutls_pcert_import_x509_list: Added +gnutls_pkcs11_privkey_cpy: Added +gnutls_x509_crq_get_signature_algorithm: Added +gnutls_x509_trust_list_iter_get_ca: Added +gnutls_x509_trust_list_iter_deinit: Added +gnutls_x509_trust_list_get_issuer_by_dn: Added +gnutls_pkcs11_get_raw_issuer_by_dn: Added +gnutls_certificate_get_trust_list: Added +gnutls_privkey_export_x509: Added +gnutls_privkey_export_pkcs11: Added +gnutls_privkey_export_openpgp: Added +gnutls_privkey_import_ext3: Added +gnutls_certificate_get_x509_key: Added +gnutls_certificate_get_x509_crt: Added +gnutls_certificate_get_openpgp_key: Added +gnutls_certificate_get_openpgp_crt: Added +gnutls_record_discard_queued: Added +gnutls_session_ext_master_secret_status: Added +gnutls_priority_string_list: Added +gnutls_dh_params_import_raw2: Added +gnutls_memset: Added +gnutls_memcmp: Added +gnutls_pkcs12_bag_set_privkey: Added +gnutls_ocsp_resp_get_responder_raw_id: Added +gnutls_system_key_iter_deinit: Added +gnutls_system_key_iter_get_info: Added +gnutls_system_key_delete: Added +gnutls_system_key_add_x509: Added +gnutls_system_recv_timeout: Added +gnutls_register_custom_url: Added +gnutls_pkcs11_obj_list_import_url3: Added +gnutls_pkcs11_obj_list_import_url4: Added +gnutls_pkcs11_obj_set_info: Added +gnutls_crypto_register_cipher: Added +gnutls_crypto_register_aead_cipher: Added +gnutls_crypto_register_mac: Added +gnutls_crypto_register_digest: Added +gnutls_ext_register: Added +gnutls_supplemental_register: Added +gnutls_supplemental_recv: Added +gnutls_supplemental_send: Added +gnutls_openpgp_crt_check_email: Added +gnutls_x509_crt_check_email: Added +gnutls_handshake_set_hook_function: Modified +gnutls_pkcs11_privkey_generate3: Added +gnutls_pkcs11_copy_x509_crt2: Added +gnutls_pkcs11_copy_x509_privkey2: Added +gnutls_pkcs11_obj_list_import_url: Removed +gnutls_pkcs11_obj_list_import_url2: Removed +gnutls_certificate_client_set_retrieve_function: Removed +gnutls_certificate_server_set_retrieve_function: Removed +gnutls_certificate_set_rsa_export_params: Removed +gnutls_certificate_type_set_priority: Removed +gnutls_cipher_set_priority: Removed +gnutls_compression_set_priority: Removed +gnutls_kx_set_priority: Removed +gnutls_mac_set_priority: Removed +gnutls_protocol_set_priority: Removed +gnutls_rsa_export_get_modulus_bits: Removed +gnutls_rsa_export_get_pubkey: Removed +gnutls_rsa_params_cpy: Removed +gnutls_rsa_params_deinit: Removed +gnutls_rsa_params_export_pkcs1: Removed +gnutls_rsa_params_export_raw: Removed +gnutls_rsa_params_generate2: Removed +gnutls_rsa_params_import_pkcs1: Removed +gnutls_rsa_params_import_raw: Removed +gnutls_rsa_params_init: Removed +gnutls_sign_callback_get: Removed +gnutls_sign_callback_set: Removed +gnutls_x509_crt_verify_data: Removed +gnutls_x509_crt_verify_hash: Removed +gnutls_pubkey_get_verify_algorithm: Removed +gnutls_x509_crt_get_verify_algorithm: Removed +gnutls_pubkey_verify_hash: Removed +gnutls_pubkey_verify_data: Removed +gnutls_record_set_max_empty_records: Removed + +guile: +set-session-cipher-priority!: Removed +set-session-mac-priority!: Removed +set-session-compression-method-priority!: Removed +set-session-kx-priority!: Removed +set-session-protocol-priority!: Removed +set-session-certificate-type-priority!: Removed +set-session-default-priority!: Removed +set-session-default-export-priority!: Removed +make-rsa-parameters: Removed +rsa-parameters?: Removed +set-certificate-credentials-rsa-export-parameters!: Removed +pkcs1-import-rsa-parameters: Removed +pkcs1-export-rsa-parameters: Removed + + + +* Version 3.3.6 (released 2014-07-23) + +** libgnutls: Use inet_ntop to print IP addresses when available + +** libgnutls: gnutls_x509_crt_check_hostname and friends will also check +IP addresses, and match documented behavior. Reported by David Woodhouse. + +** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 +bit parameters. + +** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens +being usable after a reinitialization. + +** libgnutls: fixed PKCS #11 private key operations after a fork. + +** libgnutls: fixed PKCS #11 ECDSA key generation. + +** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to +explicitly enable/disable the use of certain CPU capabilities. Note that CPU +detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel +CPU. The currently available options are: + 0x1: Disable all run-time detected optimizations + 0x2: Enable AES-NI + 0x4: Enable SSSE3 + 0x8: Enable PCLMUL + 0x100000: Enable VIA padlock + 0x200000: Enable VIA PHE + 0x400000: Enable VIA PHE SHA512 + +** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. + +** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. + +** p11tool: ask for label when one isn't provided. + +** p11tool: added --batch parameter to disable any interactivity. + +** p11tool: will not implicitly enable so-login for certain types of +objects. That avoids issues with tokens that require different login +types. + +** certtool/p11tool: Added the --curve parameter which allows to explicitly +specify the curve to use. + +** API and ABI modifications: +gnutls_certificate_set_x509_trust_dir: Added +gnutls_x509_trust_list_add_trust_dir: Added + + +* Version 3.3.5 (released 2014-06-26) + +** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). +These functions provide a variant of gnutls_record_recv() that avoids +the final memcpy of data. + +** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a +faster variant of gnutls_x509_crl_get_crt_serial() when coping with +very large structures. + +** libgnutls: When the decoding of a printable DN element fails, then treat +it as unknown and print its hex value rather than failing. That works around +an issue in a TURKTRST root certificate which improperly encodes the +X520countryName element. + +** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number +of certificates present in a PKCS #11 token when loading it. + +** libgnutls: Allow the post client hello callback to put the handshake on +hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. + +** certtool: option --to-p12 will now consider --load-ca-certificate + +** certtol: Added option to specify the PKCS #12 friendly name on command +line. + +** p11tool: Allow marking a certificate copied to a token as a CA. + +** API and ABI modifications: +GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added +gnutls_x509_crl_iter_deinit: Added +gnutls_x509_crl_iter_crt_serial: Added +gnutls_record_recv_packet: Added +gnutls_packet_deinit: Added +gnutls_packet_get: Added + + +* Version 3.3.4 (released 2014-05-31) + +** libgnutls: Updated Andy Polyakov's assembly code. That prevents a +crash on certain CPUs. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.3 (released 2014-05-30) + +** libgnutls: Eliminated memory corruption issue in Server Hello parsing. +Issue reported by Joonas Kuorilehto of Codenomicon. + +** libgnutls: gnutls_global_set_mutex() was modified to operate with the +new initialization process. + +** libgnutls: Increased the maximum certificate size buffer +in the PKCS #11 subsystem. + +** libgnutls: Check the return code of getpwuid_r() instead of relying +on the result value. That avoids issue in certain systems, when using +tofu authentication and the home path cannot be determined. Issue reported +by Viktor Dukhovni. + +** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to +create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 + +** gnutls-cli: --dane will only check the end certificate if PKIX validation +has been disabled. + +** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot +be emulated with the implicit initialization of gnutls. + +** certtool: Allow multiple organizations and organizational unit names to +be specified in a template. + +** certtool: Warn when invalid configuration options are set to a template. + +** ocsptool: Include path in ocsp request. This resolves #108582 +(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +** API and ABI modifications: +gnutls_credentials_get: Added + + +* Version 3.3.2 (released 2014-05-06) + +** libgnutls: Added the 'very weak' certificate verification profile +that corresponds to 64-bit security level. + +** libgnutls: Corrected file descriptor leak on random generator +initialization. + +** libgnutls: Corrected file descriptor leak on PSK password file +reading. Issue identified using the Codenomicon TLS test suite. + +** libgnutls: Avoid deinitialization if initialization has failed. + +** libgnutls: null-terminate othername alternative names. + +** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly +on a PKCS #11 trust list. + +** libgnutls: Several small bug fixes identified using valgrind and +the Codenomicon TLS test suite. + +** libgnutls-dane: Accept a certificate using DANE if there is at least one +entry that matches the certificate. Patch by simon [at] arlott.org. + +** libgnutls-guile: Fixed compilation issue. + +** certtool: Allow exporting a CRL on DER format. + +** certtool: The ECDSA keys generated by default use the SECP256R1 curve +which is supported more widely than the previously used SECP224R1. + +** API and ABI modifications: +GNUTLS_PROFILE_VERY_WEAK: Added + + +* Version 3.3.1 (released 2014-04-19) + +** libgnutls: Enforce more strict checks to heartbeat messages +concerning padding and payload. Suggested by Peter Dettman. + +** libgnutls: Allow decoding PKCS #8 files with ECC parameters +from openssl. + +** libgnutls: Several small bug fixes found by coverity. + +** libgnutls: The conditionally available self-test functions +were moved to self-test.h. + +** libgnutls: Fixed issue with the check of incoming data when two +different recv and send pointers have been specified. Reported and +investigated by JMRecio. + +** libgnutls: Fixed issue in the RSA-PSK key exchange, which would +result to illegal memory access if a server hint was provided. Reported +by André Klitzing. + +** libgnutls: Fixed client memory leak in the PSK key exchange, if a +server hint was provided. + +** libgnutls: Corrected the *get_*_othername_oid() functions. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.0 (released 2014-04-10) + +** libgnutls: The initialization of the library was moved to a +constructor. That is, gnutls_global_init() is no longer required +unless linking with a static library or a system that does not +support library constructors. + +** libgnutls: static libraries are not built by default. + +** libgnutls: PKCS #11 initialization is delayed to first usage. +That avoids long delays in gnutls initialization due to broken PKCS #11 +modules. + +** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" +on the first PKCS #11 API call after a fork. + +** libgnutls: certificate verification profiles were introduced +that can be specified as flags to verification functions. They +are enumerations in gnutls_certificate_verification_profiles_t +and can be converted to flags for use in a verification function +using GNUTLS_PROFILE_TO_VFLAGS(). + +** libgnutls: Added the ability to read system-specific initial +keywords, if they are prefixed with '@'. That allows a compile-time +specified configuration file to be used to read pre-configured priority +strings from. That can be used to impose system specific policies. + +** libgnutls: Increased the default security level of priority +strings (NORMAL and PFS strings require at minimum a 1008 DH prime), +and set a verification profile by default. The LEGACY keyword is +introduced to set the old defaults. + +** libgnutls: Added support for the name constraints PKIX extension. +Currently only DNS names and e-mails are supported (no URIs, IPs +or DNs). + +** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to +SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. + +** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. +This API handles the X.509 extensions in isolation, allowing to parse +similarly formatted extensions stored in other structures. + +** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS +can be used to specify a particular subgroup as the number of bits in +gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). + +** libgnutls: DH parameter generation is now delegated to nettle. +That unfortunately has the side-effect that DH parameters longer than +3072 bits, cannot be generated (not without a nettle update). + +** libgnutls: Separated nonce RNG from the main RNG. The nonce +random number generator is based on salsa20/12. + +** libgnutls: The buffer alignment provided to crypto backend is +enforced to be 16-byte aligned, when compiled with cryptodev +support. That allows certain cryptodev drivers to operate more +efficiently. + +** libgnutls: Return error when a public/private key pair that doesn't +match is set into a credentials structure. + +** libgnutls: Depend on p11-kit 0.20.0 or later. + +** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has +been removed. It was not approved by IETF. + +** libgnutls: The experimental xssl library is removed from the gnutls +distribution. + +** libgnutls: Reduced the number of gnulib modules used in the main library. + +** libgnutls: Added priority string %DISABLE_WILDCARDS. + +** libgnutls: Added the more extensible verification function +gnutls_certificate_verify_peers(), that allows checking, in addition +to a peer's DNS hostname, for the key purpose of the end certificate +(via PKIX extended key usage). + +** certtool: Timestamps for serial numbers were increased to 8 bytes, +and in batch mode to 12 (appended with 4 random bytes). + +** certtool: When no CRL number is provided (or value set to -1), then +a time-based number will be used, similarly to the serial generation +number in certificates. + +** certtool: Print the SHA256 fingerprint of a certificate in addition +to SHA1. + +** libgnutls: Added --enable-fips140-mode configuration option (unsupported). +That option enables (when running on FIPS140-enabled system): + o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) + o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. + o Self-tests on initialization on ciphers/MACs, public key algorithms + and the random generator. + o HMAC-SHA256 verification of the library on load. + o MD5 is included for TLS purposes but cannot be used by the high level + hashing functions. + o All ciphers except AES are disabled. + o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). + o All keys (temporal and long term) are zeroized after use. + o Security levels are adjusted to the FIPS140-2 recommendations (rather + than ECRYPT). + +** API and ABI modifications: +GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added +gnutls_certificate_verify_peers: Added +gnutls_privkey_generate: Added +gnutls_pkcs11_crt_is_known: Added +gnutls_fips140_mode_enabled: Added +gnutls_sec_param_to_symmetric_bits: Added +gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) +gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) +gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) +gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) +gnutls_pubkey_verify_params: Added +gnutls_privkey_export_ecc_raw: Added +gnutls_privkey_export_dsa_raw: Added +gnutls_privkey_export_rsa_raw: Added +gnutls_privkey_import_ecc_raw: Added +gnutls_privkey_import_dsa_raw: Added +gnutls_privkey_import_rsa_raw: Added +gnutls_privkey_verify_params: Added +gnutls_x509_crt_check_hostname2: Added +gnutls_openpgp_crt_check_hostname2: Added +gnutls_x509_name_constraints_init: Added +gnutls_x509_name_constraints_deinit: Added +gnutls_x509_crt_get_name_constraints: Added +gnutls_x509_name_constraints_add_permitted: Added +gnutls_x509_name_constraints_add_excluded: Added +gnutls_x509_crt_set_name_constraints: Added +gnutls_x509_name_constraints_get_permitted: Added +gnutls_x509_name_constraints_get_excluded: Added +gnutls_x509_name_constraints_check: Added +gnutls_x509_name_constraints_check_crt: Added +gnutls_x509_crl_get_extension_data2: Added +gnutls_x509_crt_get_extension_data2: Added +gnutls_x509_crq_get_extension_data2: Added +gnutls_subject_alt_names_init: Added +gnutls_subject_alt_names_deinit: Added +gnutls_subject_alt_names_get: Added +gnutls_subject_alt_names_set: Added +gnutls_x509_ext_import_subject_alt_names: Added +gnutls_x509_ext_export_subject_alt_names: Added +gnutls_x509_crl_dist_points_init: Added +gnutls_x509_crl_dist_points_deinit: Added +gnutls_x509_crl_dist_points_get: Added +gnutls_x509_crl_dist_points_set: Added +gnutls_x509_ext_import_crl_dist_points: Added +gnutls_x509_ext_export_crl_dist_points: Added +gnutls_x509_ext_import_name_constraints: Added +gnutls_x509_ext_export_name_constraints: Added +gnutls_x509_aia_init: Added +gnutls_x509_aia_deinit: Added +gnutls_x509_aia_get: Added +gnutls_x509_aia_set: Added +gnutls_x509_ext_import_aia: Added +gnutls_x509_ext_export_aia: Added +gnutls_x509_ext_import_subject_key_id: Added +gnutls_x509_ext_export_subject_key_id: Added +gnutls_x509_ext_export_authority_key_id: Added +gnutls_x509_ext_import_authority_key_id: Added +gnutls_x509_aki_init: Added +gnutls_x509_aki_get_id: Added +gnutls_x509_aki_get_cert_issuer: Added +gnutls_x509_aki_set_id: Added +gnutls_x509_aki_set_cert_issuer: Added +gnutls_x509_aki_deinit: Added +gnutls_x509_ext_import_private_key_usage_period: Added +gnutls_x509_ext_export_private_key_usage_period: Added +gnutls_x509_ext_import_basic_constraints: Added +gnutls_x509_ext_export_basic_constraints: Added +gnutls_x509_ext_import_key_usage: Added +gnutls_x509_ext_export_key_usage: Added +gnutls_x509_ext_import_proxy: Added +gnutls_x509_ext_export_proxy: Added +gnutls_x509_policies_init: Added +gnutls_x509_policies_deinit: Added +gnutls_x509_policies_get: Added +gnutls_x509_policies_set: Added +gnutls_x509_ext_import_policies: Added +gnutls_x509_ext_export_policies: Added +gnutls_x509_key_purpose_init: Added +gnutls_x509_key_purpose_deinit: Added +gnutls_x509_key_purpose_set: Added +gnutls_x509_key_purpose_get: Added +gnutls_x509_ext_import_key_purposes: Added +gnutls_x509_ext_export_key_purposes: Added +gnutls_digest_self_test: Added (conditionally) +gnutls_mac_self_test: Added (conditionally) +gnutls_pk_self_test: Added (conditionally) +gnutls_cipher_self_test: Added (conditionally) +gnutls_global_set_mem_functions: Deprecated + + +* Version 3.2.6 (released 2013-10-31) + +** libgnutls: Support for TPM via trousers is now enabled by default. + +** libgnutls: Camellia in GCM mode has been added in default priorities, and +GCM mode is prioritized over CBC in all of the default priority strings. + +** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. + +** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, +GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. +Reported by Stefan Buehler. + +** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. + +** libgnutls: Minimum acceptable DH group parameters were increased to 767 +bits from 727. + +** libgnutls: Added function to obtain random data from PKCS #11 tokens. +Contributed by Wolfgang Meyer zu Bergsten. + +** gnulib: updated. + +** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the +previous fix. Reported by Tomas Mraz. + +** p11tool: Added option generate-random. + +** API and ABI modifications: +gnutls_pkcs11_token_get_random: Added + + +* Version 3.2.5 (released 2013-10-23) + +** libgnutls: Documentation and build-time fixes. + +** libgnutls: Allow the generation of DH groups of less than 700 bits. + +** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC, +as well as Camellia with GCM. + +** libdane: Added interfaces to allow initialization of dane_query_t from +external DNS resolutions, and to allow direct verification of a certificate +chain against a dane_query_t. Contributed by Christian Grothoff. + +** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be +triggered by a DNS server supplying more than 4 DANE records. Report and fix +by Christian Grothoff. + +** srptool: Fixed index command line option. Patch by Attila Molnar. + +** gnutls-cli: Added support for inline commands, using the +--inline-commands-prefix and --inline-commands options. Patch by Raj Raman. + +** certtool: pathlen constraint is now read correctly. Reported by +Christoph Seitz. + +** API and ABI modifications: +gnutls_certificate_get_crt_raw: Added +dane_verify_crt_raw: Added +dane_raw_tlsa: Added + + +* Version 3.2.4 (released 2013-08-31) + +** libgnutls: Fixes when session tickets and session DB are used. +Report and initial patch by Stefan Buehler. + +** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner, +based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH. + +** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch +by Stefan Buehler. + +** libgnutls: Added the PFS priority string option. + +** libgnutls: Gnulib included files are strictly LGPLv2. + +** libgnutls: Corrected gnutls_certificate_server_set_request(). +Reported by Petr Pisar. + +** API and ABI modifications: +gnutls_record_set_timeout: Exported + + +* Version 3.2.3 (released 2013-07-30) + +** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. + +** libgnutls: Solve issue with received TLS packets that exceed 2^14. +(this fixes a bug that was accidentally introduced in 3.2.2) + +** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be +used by the library. + +** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by +Alfredo Pironti. + +** API and ABI modifications: +gnutls_priority_kx_list: Added +gnutls_priority_mac_list: Added +gnutls_priority_cipher_list: Added + + +* Version 3.2.2 (released 2013-07-14) + +** libgnutls: Several optimizations in the related to packet processing +subsystems. + +** libgnutls: DTLS replay detection can now be disabled (to be used +in certain transport layers like SCTP). + +** libgnutls: Fixes in SRTP extension generation when MKI is being +used. + +** libgnutls: Added ability to set hooks before or after sending or receiving +any handshake message with gnutls_handshake_set_hook_function(). + +** API and ABI modifications: +GNUTLS_NO_REPLAY_PROTECTION: Added +gnutls_certificate_set_trust_list: Added +gnutls_cipher_get_tag_size: Added +gnutls_record_overhead_size: Added +gnutls_est_record_overhead_size: Added +gnutls_handshake_set_hook_function: Added +gnutls_handshake_description_get_name: Added +gnutls_digest_list: Added +gnutls_digest_get_id: Added +gnutls_digest_get_name: Added + + +* Version 3.2.1 (released 2013-06-01) + +** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain +openssl versions. + +** libgnutls: Fixes in interrupted function resumption. Report +and patch by Tim Kosse. + +** libgnutls: Corrected issue when receiving client hello verify requests +in DTLS. + +** libgnutls: Fixes in DTLS record overhead size calculations. + +** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported +by Mann Ern Kang. + +** API and ABI modifications: +gnutls_session_set_id: Added + + +* Version 3.2.0 (released 2013-05-10) + +** libgnutls: Use nettle's elliptic curve implementation. + +** libgnutls: Added Salsa20 cipher + +** libgnutls: Added UMAC-96 and UMAC-128 + +** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. +As they are not standardized they are defined using private ciphersuite +numbers. + +** libgnutls: Added support for DTLS 1.2. + +** libgnutls: Added support for the Application Layer Protocol Negotiation +(ALPN) extension. + +** libgnutls: Removed support for the RSA-EXPORT ciphersuites. + +** libgnutls: Avoid linking to librt (that also avoids unnecessary +linking to pthreads if p11-kit isn't used). + +** API and ABI modifications: +gnutls_cipher_get_iv_size: Added +gnutls_hmac_set_nonce: Added +gnutls_mac_get_nonce_size: Added + + +* Version 3.1.10 (released 2013-03-22) + +** certtool: When generating PKCS #12 files use by default the +ARCFOUR (RC4) cipher to be compatible with devices that don't +support AES with PKCS #12. + +** libgnutls: Load CA certificates in android 4.x systems. + +** libgnutls: Optimized CA certificate loading. + +** libgnutls: Private keys are overwritten on deinitialization. + +** libgnutls: PKCS #11 slots are scanned only when needed, not +on initialization. This speeds up gnutls initialization when smart +cards are present. + +** libgnutls: Corrected issue in the (deprecated) external key +signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. + +** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by +Joke de Buhr. + +** libgnutls-dane: Updated DANE verification options. + +** configure: Trust store file must be explicitly set or unset when +cross compiling. + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_dn2: Added +gnutls_x509_crt_get_dn2: Added +gnutls_x509_crl_get_issuer_dn2: Added +gnutls_x509_crq_get_dn2: Added +gnutls_x509_trust_list_remove_trust_mem: Added +gnutls_x509_trust_list_remove_trust_file: Added +gnutls_x509_trust_list_remove_cas: Added +gnutls_session_get_desc: Added +gnutls_privkey_sign_raw_data: Added +gnutls_privkey_status: Added + + +* Version 3.1.9 (released 2013-02-27) + +** certtool: Option --to-p12 will now ask for a password to generate +a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. + +** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). + +** libgnutls: Corrected parsing issue in XMPP within a subject +alternative name. Reported by James Cloos. + +** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 +modules, and not only the ones loaded via p11-kit. + +** libgnutls: Added function to check whether the private key is +still available (inserted). + +** libgnutls: Try to detect fork even during nonce generation. + +** API and ABI modifications: +gnutls_handshake_set_random: Added +gnutls_transport_set_int2: Added +gnutls_transport_get_int2: Added +gnutls_transport_get_int: Added +gnutls_record_cork: Exported +gnutls_record_uncork: Exported +gnutls_pkcs11_privkey_status: Added + + +* Version 3.1.8 (released 2013-02-10) + +** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return +GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation +with encrypted keys. Reported by Yan Fiz. + +** libgnutls: The minimum DH bits accepted by priorities NORMAL and +PERFORMANCE was set to previous defaults 727 bits. Reported by Diego +Elio Petteno. + +** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() +to operate with long keys. Reported by Erik A Jensen. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.7 (released 2013-02-04) + +** certtool: Added option "dn" which allows to directly set the DN +in a template from an RFC4514 string. + +** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. + +** libgnutls-xssl: Added a new library to simplify GnuTLS usage. + +** libgnutls-dane: Added function to specify a DLV file. + +** libgnutls: Heartbeat code was made optional. + +** libgnutls: Fixes in server side of DTLS-0.9. + +** libgnutls: DN variable 'T' was expanded to 'title'. + +** libgnutls: Fixes in record padding parsing to prevent a timing attack. +Issue reported by Kenny Paterson and Nadhem Alfardan. + +** libgnutls: Added functions to directly set the DN in a certificate +or request from an RFC4514 string. + +** libgnutls: Optimizations in the random generator. The re-seeding of +it is now explicitly done on every session deinit. + +** libgnutls: Simplified the DTLS sliding window implementation. + +** libgnutls: The minimum DH bits accepted by a client are now set +by the specified priority string. The current values correspond to the +previous defaults (727 bits), except for the SECURE128 and SECURE192 +strings which increase the minimum to 1248 and 1776 respectively. + +** libgnutls: Added the gnutls_record_cork() and uncork API to enable +buffering in sending application data. + +** libgnutls: Removed default random padding, and added a length-hiding interface +instead. Both the server and the client must support this extension. Whether +length-hiding can be used on a given session can be checked using +gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. + +** libgnutls: Added the experimental %NEW_PADDING priority string. It enables +a new padding mechanism in TLS allowing arbitrary padding in TLS records +in all ciphersuites, which makes length-hiding more efficient and solves +the issues with timing attacks on CBC ciphersuites. + +** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD +ciphers (i.e., AES-GCM). Reported by William McGovern. + +** API and ABI modifications: +gnutls_db_check_entry_time: Added +gnutls_record_set_timeout: Added +gnutls_record_get_random_padding_status: Added +gnutls_x509_crt_set_dn: Added +gnutls_x509_crt_set_issuer_dn: Added +gnutls_x509_crq_set_dn: Added +gnutls_range_split: Added +gnutls_record_send_range: Added +gnutls_record_set_max_empty_records: Added +gnutls_record_can_use_length_hiding: Added +gnutls_rnd_refresh: Added +xssl_deinit: Added +xssl_flush: Added +xssl_read: Added +xssl_getdelim: Added +xssl_write: Added +xssl_printf: Added +xssl_sinit: Added +xssl_client_init: Added +xssl_server_init: Added +xssl_get_session: Added +xssl_get_verify_status: Added +xssl_cred_init: Added +xssl_cred_deinit: Added +dane_state_set_dlv_file: Added +GNUTLS_SEC_PARAM_EXPORT: Added +GNUTLS_SEC_PARAM_VERY_WEAK: Added + + +* Version 3.1.6 (released 2013-01-02) + +** libgnutls: Fixed record padding parsing issue. Reported by Kenny +Paterson and Nadhem Alfardan. + +** libgnutls: Several updates in the ASN.1 string handling subsystem. + +** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero +policy qualifiers. + +** libgnutls: Ignore heartbeat messages when received out-of-order, +instead of issuing an error. + +** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported +by Kikuchi Masashi. + +** libgnutls: TPM support is disabled by default because GPL programs +cannot link with it. Use --with-tpm to enable it. + +** libgnutls-guile: Fixed parallel compilation issue. + +** gnutls-cli: It will try to connect to all possible returned addresses +before failing. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.5 (released 2012-11-24) + +** libgnutls: Added functions to parse the certificates policies +extension. + +** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished +Name by translating it to UTF-8 (works on windows or systems with iconv). + +** libgnutls: Added PKCS #11 key generation function that returns the +public key on generation. + +** libgnutls: Corrected bug in priority string parsing, that mostly +affected combined levels. Patch by Tim Kosse. + +** certtool: The --pubkey-info option can be combined with the +--load-privkey or --load-request to print the corresponding public keys. + +** certtool: It is able to set certificate policies via a template. + +** certtool: Added --hex-numbers option which prints big numbers in +an easier to parse format. + +** p11tool: After key generation, outputs the public key (useful in +tokens that do not store the public key). + +** danetool: It is being built even without libgnutls-dane (the +--check functionality is disabled though). + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate2: Added +gnutls_x509_crt_get_policy: Added +gnutls_x509_crt_set_policy: Added +gnutls_x509_policy_release: Added +gnutls_pubkey_import_x509_crq: Added +gnutls_pubkey_print: Added +GNUTLS_CRT_PRINT_FULL_NUMBERS: Added + + +* Version 3.1.4 (released 2012-11-10) + +** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on +the available revocation data validity. + +** libgnutls: Added gnutls_certificate_verification_status_print(), +a function to print the verification status code in human readable text. + +** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. + +** libgnutls: Simplified certificate verification by adding +gnutls_certificate_verify_peers3(). + +** libgnutls: Added support for extension to establish keys for SRTP. +Contributed by Martin Storsjo. + +** libgnutls: The X.509 verification functions check the key +usage bits and pathlen constraints and on failure output +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. + +** libgnutls: gnutls_x509_crl_verify() includes the time checks. + +** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN +and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. + +** libgnutls: Always tolerate key usage violation errors from the side +of the peer, but also notify via an audit message. + +** gnutls-cli: Added --local-dns option. + +** danetool: Corrected bug that prevented loading PEM files. + +** danetool: Added --check option to allow querying and verifying +a site's DANE data. + +** libgnutls-dane: Added pkg-config file for the library. + +** API and ABI modifications: +gnutls_session_get_id2: Added +gnutls_sign_is_secure: Added +gnutls_certificate_verify_peers3: Added +gnutls_ocsp_status_request_is_checked: Added +gnutls_certificate_verification_status_print: Added +gnutls_srtp_set_profile: Added +gnutls_srtp_set_profile_direct: Added +gnutls_srtp_get_selected_profile: Added +gnutls_srtp_get_profile_name: Added +gnutls_srtp_get_profile_id: Added +gnutls_srtp_get_keys: Added +gnutls_srtp_get_mki: Added +gnutls_srtp_set_mki: Added +gnutls_srtp_profile_t: Added +dane_cert_type_name: Added +dane_match_type_name: Added +dane_cert_usage_name: Added +dane_verification_status_print: Added +GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added +GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added +GNUTLS_CERT_UNEXPECTED_OWNER: Added +GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added + + +* Version 3.1.3 (released 2012-10-12) + +** libgnutls: Added support for the OCSP Certificate Status +extension. + +** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP +certificate status extension in verification. + +** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). + +** libgnutls: Increased maximum password length in the PKCS #12 +functions. + +** libgnutls: Fixed the receipt of session tickets during session resumption. +Reported by danblack at http://savannah.gnu.org/support/?108146 + +** libgnutls: Added functions to export structures in an allocated buffer. + +** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP +response corresponds to the given certificate. + +** libgnutls: In client side gnutls_init() enables the session ticket and +OCSP certificate status request extensions by default. The flag +GNUTLS_NO_EXTENSIONS can be used to prevent that. + +** libgnutls: Several updates in the OpenPGP code. The generating code +is fully RFC6091 compliant and RFC5081 support is only supported in client +mode. + +** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC +certificate verification. + +** gnutls-cli: Added --dane option to enable DANE certificate verification. + +** danetool: Added tool to generate DANE TLSA Resource Records (RR). + +** API and ABI modifications: +gnutls_certificate_get_peers_subkey_id: Added +gnutls_certificate_set_ocsp_status_request_function: Added +gnutls_certificate_set_ocsp_status_request_file: Added +gnutls_ocsp_status_request_enable_client: Added +gnutls_ocsp_status_request_get: Added +gnutls_ocsp_resp_check_crt: Added +gnutls_dh_params_export2_pkcs3: Added +gnutls_pubkey_export2: Added +gnutls_x509_crt_export2: Added +gnutls_x509_dn_export2: Added +gnutls_x509_crl_export2: Added +gnutls_pkcs7_export2: Added +gnutls_x509_privkey_export2: Added +gnutls_x509_privkey_export2_pkcs8: Added +gnutls_x509_crq_export2: Added +gnutls_openpgp_crt_export2: Added +gnutls_openpgp_privkey_export2: Added +gnutls_pkcs11_obj_export2: Added +gnutls_pkcs12_export2: Added +gnutls_pubkey_import_openpgp_raw: Added +gnutls_pubkey_import_x509_raw: Added +dane_state_init: Added +dane_state_deinit: Added +dane_query_tlsa: Added +dane_query_status: Added +dane_query_entries: Added +dane_query_data: Added +dane_query_deinit: Added +dane_verify_session_crt: Added +dane_verify_crt: Added +dane_strerror: Added + + +* Version 3.1.2 (released 2012-09-26) + +** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() +and gnutls_x509_trust_list_add_trust_mem() that prevented the loading +of certificates in the windows platform. + +** libgnutls: Corrected bug in OpenPGP subpacket encoding. + +** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. +(the work was done during Google Summer of Code). + +** libgnutls: Added X.509 certificate verification flag +GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification +of unsorted certificate chains and is enabled by default for +TLS certificate verification (if gnutls_certificate_set_verify_flags() +does not override it). + +** libgnutls: Prints warning on certificates that contain keys of +an insecure level. If the %COMPAT priority flag is not specified +the TLS connection fails. + +** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode +if interrupted during the retrasmition of handshake data. + +** libgnutls: Better mingw32 support (patch by LRN). + +** libgnutls: The %COMPAT keyword, if specified, will tolerate +key usage violation errors (they are far too common to ignore). + +** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), +which provides a tool to counter compression-related attacks where +parts of the data are controlled by the attacker _and_ are placed in +separate records (use with care - do not use compression if not sure). + +** libgnutls: Depends on libtasn1 2.14 or later. + +** certtool: Prints the number of bits of the public key algorithm +parameter in a private key. + +** API and ABI modifications: +gnutls_x509_privkey_get_pk_algorithm2: Added +gnutls_heartbeat_ping: Added +gnutls_heartbeat_pong: Added +gnutls_heartbeat_allowed: Added +gnutls_heartbeat_enable: Added +gnutls_heartbeat_set_timeouts: Added +gnutls_heartbeat_get_timeout: Added +GNUTLS_SEC_PARAM_WEAK: Added +GNUTLS_SEC_PARAM_INSECURE: Added + +* Version 3.1.1 (released 2012-09-02) + +** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. + +** certtool: Changes in password handling of certtool. +Ask password when required and only if the '--password' option is not +given. If the '--password' option is given during key generation then +assume the PKCS #8 file format, instead of ignoring the password. + +** tpmtool: No longer asks for key password in registered keys. + +** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. +wmNAF is now used for point multiplication and other optimizations. +(the major part of the work was done during Google Summer of Code). + +** libgnutls: The default pull_timeout_function only uses select +instead of a combination of select() and recv() to prevent issues +when used in stream sockets in some systems. + +** libgnutls: Be tolerant in ECDSA signature violations (e.g. using +SHA256 with a SECP384 curve instead of SHA-384), to interoperate with +openssl. + +** libgnutls: Fixed DSA and ECDSA signature generation in smart +cards. Thanks to Andreas Schwier from cardcontact.de for providing +me with ECDSA capable smart cards. + +** API and ABI modifications: +gnutls_sign_algorithm_get: Added +gnutls_sign_get_hash_algorithm: Added +gnutls_sign_get_pk_algorithm: Added + + +* Version 3.1.0 (released 2012-08-15) + +** libgnutls: Added direct support for TPM as a cryptographic module +in gnutls/tpm.h. TPM keys can be used in functions accepting files +using URLs of the following types: + tpmkey:file=/path/to/file + tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user + +** libgnutls: Priority string level keywords can be combined. +For example the string "SECURE256:+SUITEB128" is now allowed. + +** libgnutls: requires libnettle 2.5. + +** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) +for encryption and signatures. + +** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between +generic errors and signature verification errors in the verification +functions. + +** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function +to simplify parsing in most PKCS #12 use cases. + +** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds +the whole certificate chain (if any) to the credentials structure, instead +of only the end-user certificate. + +** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() +and gnutls_x509_privkey_import_pkcs8(), return consistently +GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no +password was provided. + +** libgnutls: Added gnutls_handshake_set_timeout() a function that +allows to set the maximum time spent in a handshake. + +** libgnutlsxx: Added session::set_transport_vec_push_function. Patch +by Alexandre Bique. + +** tpmtool: Added. It is a tool to generate private keys in the +TPM. + +** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx +and --benchmark-tls-ciphers + +** certtool: generated PKCS #12 structures may hold more than one +private key. Patch by Lucas Fisher. + +** certtool: Added option --null-password to generate/decrypt keys +that use a NULL password (in schemas that distinguish between NULL +an empty passwords). + +** minitasn1: Upgraded to libtasn1 version 2.13. + +** API and ABI modifications: +GNUTLS_CERT_SIGNATURE_FAILURE: Added +GNUTLS_CAMELLIA_192_CBC: Added +GNUTLS_PKCS_NULL_PASSWORD: Added +gnutls_url_is_supported: Added +gnutls_pkcs11_obj_list_import_url2: Added +gnutls_pkcs11_obj_set_pin_function: Added +gnutls_pkcs11_privkey_set_pin_function: Added +gnutls_pkcs11_get_pin_function: Added +gnutls_privkey_import_tpm_raw: Added +gnutls_privkey_import_tpm_url: Added +gnutls_privkey_import_pkcs11_url: Added +gnutls_privkey_import_openpgp_raw: Added +gnutls_privkey_import_x509_raw: Added +gnutls_privkey_import_ext2: Added +gnutls_privkey_import_url: Added +gnutls_privkey_set_pin_function: Added +gnutls_tpm_privkey_generate: Added +gnutls_tpm_key_list_deinit: Added +gnutls_tpm_key_list_get_url: Added +gnutls_tpm_get_registered: Added +gnutls_tpm_privkey_delete: Added +gnutls_pubkey_import_tpm_raw: Added +gnutls_pubkey_import_tpm_url: Added +gnutls_pubkey_import_url: Added +gnutls_pubkey_verify_hash2: Added +gnutls_pubkey_set_pin_function: Added +gnutls_x509_privkey_import2: Added +gnutls_x509_privkey_import_openssl: Added +gnutls_x509_crt_set_pin_function: Added +gnutls_load_file: Added +gnutls_pkcs12_simple_parse: Added +gnutls_certificate_set_x509_system_trust: Added +gnutls_certificate_set_pin_function: Added +gnutls_x509_trust_list_add_system_trust: Added +gnutls_x509_trust_list_add_trust_file: Added +gnutls_x509_trust_list_add_trust_mem: Added +gnutls_pk_to_sign: Added +gnutls_handshake_set_timeout: Added +gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) +gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2) + + +* Version 3.0.22 (released 2012-08-04) + +** libgnutls: gnutls_certificate_set_x509_system_trust() +is now supported on OpenBSD. + +** libgnutls: When verifying a certificate chain make sure it is chain. +If the chain is wronly interrupted at some point then truncate it, +and only try to verify the correct part. Patch by David Woodhouse + +** libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() +which now may (again) accept a NULL password. + +** certtool: Allow the user to choose the hash algorithm +when signing certificate request or certificate revocation list. +Patch by Petr PÃsaÅ™. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.21 (released 2012-07-02) + +** libgnutls: fixed bug in gnutls_x509_privkey_import() +that prevented the loading of EC private keys when DER +encoded. Reported by David Woodhouse. + +** libgnutls: In DTLS larger to mtu records result to +GNUTLS_E_LARGE_PACKET instead of being truncated. + +** libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based +on patch by David Woodhouse. + +** libgnutls: Fixed memory leak in PKCS #8 key import. + +** libgnutls: Added support for an old version of the DTLS protocol +used by openconnect vpn client for compatibility with Cisco's AnyConnect +SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols +as it has issues. + +** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs +if only the label is specified. Patch by David Woodhouse. + +** libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET +is returned. + +** API and ABI modifications: +gnutls_dtls_set_data_mtu: Added +gnutls_session_set_premaster: Added + + +* Version 3.0.20 (released 2012-06-05) + +** libgnutls: Corrected bug which prevented the parsing of +handshake packets spanning multiple records. + +** libgnutls: Check key identifiers when checking for an issuer. + +** libgnutls: Added gnutls_pubkey_verify_hash2() + +** libgnutls: Added gnutls_certificate_set_x509_system_trust() +that loads the trusted CA certificates from system locations +(e.g. trusted storage in windows and CA bundle files in other systems). + +** certtool: Added support for the URI subject alternative +name type in certtool. + +** certtool: Increase to 128 the maximum number of distinct options +(e.g. dns_names) allowed. + +** gnutls-cli: If --print-cert is given, print the certificate, +even on verification failure. + +** API and ABI modifications: +gnutls_pk_to_sign: Added +gnutls_pubkey_verify_hash2: Added +gnutls_certificate_set_x509_system_trust: Added + + +* Version 3.0.19 (released 2012-04-22) + +** libgnutls: When decoding a PKCS #11 URL the pin-source field +is assumed to be a file that stores the pin. Based on patch +by David Smith. + +** libgnutls: gnutls_record_check_pending() no longer +returns unprocessed data, and thus ensure the non-blocking +of the next call to gnutls_record_recv(). + +** libgnutls: Added strict tests in Diffie-Hellman and +SRP key exchange public keys. + +** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less +strict in hash selection, and allow a stronger hash to +be used than the appropriate, to improve interoperability +with openssl. + +** tests: Disabled floating point test, and corrections +in pkcs12 decoding tests. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.18 (released 2012-04-02) + +** certtool: Avoid a Y2K38 bug when generating certificates. +Patch by Robert Millan. + +** libgnutls: Make sure that GNUTLS_E_PREMATURE_TERMINATION +is returned on premature termination (and added unit test). + +** libgnutls: Fixes for W64 API. Patch by B. Scott Michel. + +** libgnutls: Corrected VIA padlock detection for old +VIA processors. Reported by Kris Karas. + +** libgnutls: Updated assembler files. + +** libgnutls: Time in generated certificates is stored +as GeneralizedTime instead of UTCTime (which only stores +2 digits of a year). + +** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release). + +** API and ABI modifications: +gnutls_x509_crt_set_private_key_usage_period: Added +gnutls_x509_crt_get_private_key_usage_period: Added +gnutls_x509_crq_set_private_key_usage_period: Added +gnutls_x509_crq_get_private_key_usage_period: Added +gnutls_session_get_random: Added + + +* Version 3.0.17 (released 2012-03-17) + +** command line apps: Always link with local libopts. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.16 (released 2012-03-16) + +** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release). + +** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2. + +** libgnutls: included assembler files for MacOSX. + +** p11tool: Small fixes in handling of the --private command +line option. + +** certtool: The template option allows for setting the domain +component (DC) option of the distinguished name, and the ocsp_uri +as well as the ca_issuers_uri options. + +** API and ABI modifications: +gnutls_x509_crt_set_authority_info_access: Added + + +* Version 3.0.15 (released 2012-03-02) + +** test suite: Only run under valgrind in the development +system (the full git repository) + +** command line apps: Link with local libopts if the +installed is an old one. + +** libgnutls: Eliminate double free during SRP +authentication. Reported by Peter Penzov. + +** libgnutls: Corrections in record packet parsing. +Reported by Matthew Hall. + +** libgnutls: Cryptodev updates and fixes. + +** libgnutls: Corrected issue with select() that affected +FreeBSD. This prevented establishing DTLS sessions. +Reported by Andreas Metzler. + +** libgnutls: Corrected rehandshake and resumption +operations in DTLS. Reported by Sean Buckheister. + +** libgnutls: PKCS #11 objects that do not have ID +no longer crash listing. Reported by Sven Geggus. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.14 (released 2012-02-24) + +** command line apps: Included libopts doesn't get installed +by default. + +** libgnutls: Eliminate double free on wrongly formatted +certificate list. Reported by Remi Gacogne. + +** libgnutls: cryptodev code corrected, updated to account +for hashes and GCM mode. + +** libgnutls: Eliminated memory leak in PCKS #11 initialization. +Report and fix by Sam Varshavchik. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.13 (released 2012-02-18) + +** gnutls-cli: added the --ocsp option which will verify +the peer's certificate with OCSP. + +** gnutls-cli: added the --tofu option and if specified, gnutls-cli +will use an ssh-style authentication method. + +** gnutls-cli: if no --x509cafile is provided a default is +assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + +** ocsptool: Added --ask parameter, to verify a certificate's +status from an ocsp server. + +** command line apps: Use gnu autogen (libopts) to parse command +line arguments and template files. + +** tests: Added stress test for DTLS packet losses and +out-of-order receival. Contributed by Sean Buckheister. + +** libgnutls: Several updates and corrections in the DTLS +DTLS lost packet handling and retransmission timeouts. +Report and patches by Sean Buckheister. + +** libgnutls: Added new functions to easily allow the usage of +a trust on first use (SSH-style) authentication. + +** libgnutls: SUITEB128 and SUITEB192 priority strings account +for the RFC6460 requirements. + +** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY +to account for security level of 96-bits. + +** libgnutls: In client side if server does not advertise any +known CAs and only a single certificate is set in the credentials, +sent that one. + +** libgnutls: Added functions to parse authority key identifiers +when stored as a 'general name' and serial combo. + +** libgnutls: Added function to force explicit reinitialization +of PKCS #11 modules. This is required on the child process after +a fork (if PKCS #11 functionality is desirable). + +** libgnutls: Depend on p11-kit 0.11. + +** API and ABI modifications: +gnutls_dtls_get_timeout: Added +gnutls_verify_stored_pubkey: Added +gnutls_store_pubkey: Added +gnutls_store_commitment: Added +gnutls_x509_crt_get_authority_key_gn_serial: Added +gnutls_x509_crl_get_authority_key_gn_serial: Added +gnutls_pkcs11_reinit: Added +gnutls_ecc_curve_list: Added +gnutls_priority_certificate_type_list: Added +gnutls_priority_sign_list: Added +gnutls_priority_protocol_list: Added +gnutls_priority_compression_list: Added +gnutls_priority_ecc_curve_list: Added +gnutls_tdb_init: Added +gnutls_tdb_set_store_func: Added +gnutls_tdb_set_store_commitment_func: Added +gnutls_tdb_set_verify_func: Added +gnutls_tdb_deinit: Added + + +* Version 3.0.12 (released 2012-01-20) + +** libgnutls: Added OCSP support. +There is a new header file gnutls/ocsp.h and a set of new functions +under the gnutls_ocsp namespace. Currently the functionality provided +is to parse and extract information from OCSP requests/responses, to +generate OCSP requests and to verify OCSP responses. See the manual +for more information. Run ./configure with --disable-ocsp to build +GnuTLS without OCSP support. + +This work was sponsored by Smoothwall <http://smoothwall.net/>. + +** ocsptool: Added new command line tool. +The tool can parse OCSP request/responses, generate OCSP requests and +verify OCSP responses. See the manual for more information. + +** certtool: --outder option now works for private +and public keys as well. + +** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET +to warn when no or insufficient priorities were set. + +** libgnutls: Corrected an alignment issue in ECDH +key generation which prevented some keys from being +correctly aligned in rare circumstances. + +** libgnutls: Corrected memory leaks in DH parameter +generation and ecc_projective_check_point(). + +** libgnutls: Added gnutls_x509_dn_oid_name() to +return a descriptive name of a DN OID. + +** API and ABI modifications: +gnutls_pubkey_encrypt_data: Added +gnutls_x509_dn_oid_name: Added +gnutls_session_resumption_requested: Added +gnutls/ocsp.h: Added new header file. +gnutls_ocsp_print_formats_t: Added new type. +gnutls_ocsp_resp_status_t: Added new type. +gnutls_ocsp_cert_status_t: Added new type. +gnutls_x509_crl_reason_t: Added new type. +gnutls_ocsp_req_add_cert: Added. +gnutls_ocsp_req_add_cert_id: Added. +gnutls_ocsp_req_deinit: Added. +gnutls_ocsp_req_export: Added. +gnutls_ocsp_req_get_cert_id: Added. +gnutls_ocsp_req_get_extension: Added. +gnutls_ocsp_req_get_nonce: Added. +gnutls_ocsp_req_get_version: Added. +gnutls_ocsp_req_import: Added. +gnutls_ocsp_req_init: Added. +gnutls_ocsp_req_print: Added. +gnutls_ocsp_req_randomize_nonce: Added. +gnutls_ocsp_req_set_extension: Added. +gnutls_ocsp_req_set_nonce: Added. +gnutls_ocsp_resp_deinit: Added. +gnutls_ocsp_resp_export: Added. +gnutls_ocsp_resp_get_certs: Added. +gnutls_ocsp_resp_get_extension: Added. +gnutls_ocsp_resp_get_nonce: Added. +gnutls_ocsp_resp_get_produced: Added. +gnutls_ocsp_resp_get_responder: Added. +gnutls_ocsp_resp_get_response: Added. +gnutls_ocsp_resp_get_signature: Added. +gnutls_ocsp_resp_get_signature_algorithm: Added. +gnutls_ocsp_resp_get_single: Added. +gnutls_ocsp_resp_get_status: Added. +gnutls_ocsp_resp_get_version: Added. +gnutls_ocsp_resp_import: Added. +gnutls_ocsp_resp_init: Added. +gnutls_ocsp_resp_print: Added. +gnutls_ocsp_resp_verify: Added. + +* Version 3.0.11 (released 2012-01-06) + +** libgnutls: Corrected functionality of +gnutls_record_get_direction(). Reported by Philip Allison. + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. Patch by Nadhem Alfardan. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.10 (released 2012-01-04) + +** gnutls-cli/serv: Set don't fragment bit in DTLS sessions +in Linux as well as in BSD. + +** gnutls-cli: Fixed reading from windows terminals. + +** libgnutls: When GNUTLS_OPENPGP_FMT_BASE64 is specified +the stream is assumed to be base64 encoded (previously +the encoding was auto-detected). This avoids a decoding +issue in windows systems. + +** libgnutls: Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 + +** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 +and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. + +** libgnutls: Added function gnutls_random_art() to convert +fingerprints to images (currently ascii-art). + +** libgnutls: Corrected bug in DSA private key parsing, which +prevented the verification of the key. + +** API and ABI modifications: +gnutls_random_art: Added + + +* Version 3.0.9 (released 2011-12-13) + +** certtool: Added new parameter --dh-info. + +** certtool: -l option was overloaded so if combined with --priority +it will only list the ciphersuites that are enabled by the given +priority string. + +** libgnutls: Added new priority string %SERVER_PRECEDENCE, which +changes the ciphersuite selection procedure. If specified the server +priorities will be used for selection instead of the client's. + +** libgnutls: Optimizations in Diffie-Hellman parameters generation +and key exchange. + +** libgnutls: When session tickets are negotiated and used in a +session, a server will not store that session data into its cache. + +** libgnutls: Added the SECP192R1 curve. + +** libgnutls: Added gnutls_priority_get_cipher_suite_index() to +allow listing the ciphersuites enabled in a priority structure. +It outputs an index to be used in gnutls_get_cipher_suite_info(). + +** libgnutls: Optimizations in the elliptic curve code --timing +attacks resistant code is only used in ECDSA private key operations. + +** doc: man pages for API functions generation was fixed and are +now added again in the distribution. + +** API and ABI modifications: +GNUTLS_ECC_CURVE_SECP192R1: New curve definition +gnutls_priority_get_cipher_suite_index: Added + + +* Version 3.0.8 (released 2011-11-12) + +** certtool: Certtool -e returns error code on verification +failure. + +** certtool: Verifies parameters of generated keys. + +** libgnutls: Corrected ECC key generation (introduced in 3.0.6) + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. + +** doc: man pages for API functions were removed. +The reason was that the code that auto-generated the man pages missed +many APIs and we couldn't fix it (volunteers welcome). See the info +manual or the GTK-DOC manual instead. + +** API and ABI modifications: +gnutls_x509_privkey_verify_params: Added + + +* Version 3.0.7 (released 2011-11-08) + +** libgnutls: Corrected fix in gnutls_session_get_data() +to report the actual session size when the provided buffer +is not enough. + +** libgnutls: Fixed ciphersuite GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, +which was using a wrong MAC algorithm. Reported by Fabrice Gautier. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.6 (released 2011-11-07) + +** gnutls-guile: Compilation fixes. + +** libgnutls: Fixed possible buffer overflow in +gnutls_session_get_data(). Reported and fix by Alban Crequy. + +** libgnutls: Bug fixes in the ciphersuites with NULL cipher. +Reported by Fabrice Gautier. + +** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems. +Thanks to Joseph Graham for providing access to such a system. + +** libgnutls: Correctly report ECC private key parsing errors. +Reported by Fabrice Gautier. + +** libgnutls: In ECDHE verify that the received point lies on +the selected curve. The ECDHE ciphersuites now take precendence +to plain DHE. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.5 (released 2011-10-27) + +** libgnutls-extra: is no more + +** libgnutls: Corrections in order to compile with mingw32. + +** libgnutls: Corrections in VIA padlock code for VIA C5 processor +and new detection of PHE with support for partial hashing. + +** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix +by Vincent Untz. + +** minitasn1: Upgraded to libtasn1 version 2.10. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.4 (released 2011-10-15) + +** libgnutls-extra: gnutls_register_md5_handler() was +removed. + +** gnutls-cli-debug: Added more tests including AES-GCM, +SHA256 and elliptic curves. + +** gnutls-cli: Added --benchmark-soft-ciphers to benchmark +the software version of the ciphers instead of hw accelerated +(where available) + +** libgnutls: Public key ID calculation is consistent among +all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo. + +** libgnutls: gnutls_privkey_t allows setting external callback +to perform signing or decryption. Can be set using +gnutls_privkey_import_ext() + +** libgnutls: A certificate credentials structure can be +used with a gnutls_privkey_t and a gnutls_pcert_st +structure using gnutls_certificate_set_key(). + +** libgnutls: Fixes to enable external signing callback to +operate with TLS 1.2. + +** libgnutls: Fixed crash when printing ECDSA certificate key +ID. Reported by Erik Jensen. + +** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks +show a 50x increase in AES speed and a 14x increase in VIA nano. Added +support for hashes and HMACs. + +** libgnutls: Compilation fixed when p11-kit is not detected. + +** libgnutls: Fixed the deflate compression code. + +** libgnutls: Added gnutls_x509_crt_get_authority_info_access. +Used to get the PKIX Authority Information Access (AIA) field. + +** libgnutls: gnutls_x509_crt_print supports printing AIA fields. + +** libgnutls: Added ability to gnutls_privkey_t to operate with +signing callback function. + +** API and ABI modifications: +gnutls_x509_crt_get_authority_info_access (x509.h): Added function. +gnutls_privkey_import_ext: Added function. +gnutls_certificate_set_key: Added function. +gnutls_info_access_what_t (x509.h): Added enum. +GNUTLS_OID_AIA (x509.h): Added symbol. +GNUTLS_OID_AD_OCSP (x509.h): Added symbol. +GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol. + +* Version 3.0.3 (released 2011-09-18) + +** libgnutls: Added gnutls_record_get_discarded() to return the +number of discarded records in a DTLS session. + +** libgnutls: All functions related to RSA-EXPORT were deprecated. +Support for RSA-EXPORT ciphersuites will be ceased in future versions. + +** libgnutls: Memory leak fixes in credentials private key +deinitialization. Reported by Dan Winship. + +** libgnutls: Memory leak fixes in ECC ciphersuites. + +** libgnutls: Do not send an empty extension structure in server +hello. This affected old implementations that do not support extensions. +Reported by J. Cameijo Cerdeira. + +** libgnutls: Allow CA importing of 0 certificates to succeed. +Reported by Jonathan Nieder <jrnieder@gmail.com> in +<http://bugs.debian.org/640639>. + +** libgnutls: Added support for VIA padlock AES optimizations. +(disabled by default) + +** libgnutls: Added support for elliptic curves in +PKCS #11. + +** libgnutls: Added gnutls_pkcs11_privkey_generate() +to allow generating a key in a token. + +** p11tool: Added generate-rsa, generate-dsa and +generate-ecc options to allow generating private +keys in the token. + +** libgnutls: gnutls_transport_set_lowat dummy macro was +removed. + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate: Added +gnutls_pubkey_import_ecc_raw: Added +gnutls_pubkey_import_ecc_x962: Added +gnutls_pubkey_get_pk_ecc_x962: Added +gnutls_record_get_discarded: Added + + +* Version 3.0.2 (released 2011-09-01) + +** libgnutls: OpenPGP certificate type is not enabled +by default. + +** libgnutls: Added %NO_EXTENSIONS priority string. + +** libgnutls: Corrected issue in gnutls_record_recv() +triggered on encryption or compression error. + +** libgnutls: Compatibility fixes in CPU ID detection +for i386 and old GCC. + +** gnutls-cli: Benchmark applications were incorporated +with it. + +** libgnutls: Corrected parsing of XMPP subject +alternative names. + +** libgnutls: Allow for out-of-order ChangeCipherSpec +message in DTLS. + +** libgnutls: gnutls_certificate_set_x509_key() and +gnutls_certificate_set_openpgp_key() operate as in 2.10.x +and allow the release of the private key during the +lifetime of the certificate structure. + +** API and ABI modifications: +GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag + + +* Version 3.0.1 (released 2011-08-20) + +** libgnutls: gnutls_certificate_set_x509_key_file() and +friends support server name indication. If multiple +certificates are set using these functions the proper one +will be selected during a handshake. + +** libgnutls: Added AES-256-GCM which was left out from +the previous release. Reported by Benjamin Hof. + +** libgnutls: When asking for a PKCS# 11 PIN multiple +times, the flags in the callback were not being updated +to reflect for PIN low count or final try. + +** libgnutls: Do not allow second instances of PKCS #11 +modules. + +** libgnutls: fixed alignment issue in AES-NI code. + +** libgnutls: The config file at gnutls_pkcs11_init() +is being read if provided. + +** libgnutls: Ensure that a certificate list specified +using gnutls_certificate_set_x509_key() and friends, is +sorted according to TLS specification (from subject to issuer). + +** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for +gnutls_x509_crt_list_import. It checks whether the list to be +imported is properly sorted. + +** crywrap: Added to the distribution. It is an application +that proxies TLS session to a port using a plaintext service. + +** doc: Many GTK-DOC improvements. + +** i18n: Translations were updated. + +** API and ABI modifications: +GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in gnutls_certificate_import_flags +GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback + + +* Version 3.0.0 (released 2011-07-29) + +** libgnutls: writev_emu: stop on the first incomplete write. Patch by +Sjoerd Simons. + +** libgnutls: Fix zlib handling in gnutls.pc. Patch by Andreas +Metzler. + +** certtool: bug fixes in certificate request generation. Patch +by Petr PÃsaÅ™. + +** API and ABI modifications: +gnutls_pcert_list_import_x509_raw: ADDED + + +* Version 2.99.4 (released 2011-07-23) + +** doc: documentation updates. + +** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t +to avoid thread-safety issues. Reported by Sam Varshavchik. + +** libgnutls: Added compatibility mode with /etc/gnutls/pkcs11.conf + +** libgnutls: license upgraded to LGPLv3 + +** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc() +for consistency. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.99.3 (released 2011-06-18) + +** libgnutls: Added new PKCS #11 flags to force an object being private or +not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) + +** libgnutls: Added SUITEB128 and SUITEB192 priority +strings to enable the NSA SuiteB cryptography ciphersuites. + +** libgnutls: Added gnutls_pubkey_verify_data2() that will +verify data provided the signature algorithm. + +** libgnutls: Simplified the handling of handshake messages to +be hashed. Instead of hashing during the handshake process we now +keep the data until handshake is over and hash them on request. +This uses more memory but eliminates issues with TLS 1.2 and +simplifies code. + +** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ +instruction. Uses Andy Polyakov's assembly code. + +** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and +gnutls_x509_trust_list_verify_named_crt() that allow having a +list of certificates in the trusted list that will be associated +with a name (e.g. server name) and will not be used as CAs. + +** libgnutls: PKCS #11 back-end rewritten to use p11-kit +http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by +Stef Walter. + +** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). + +** API and ABI modifications: +gnutls_pubkey_verify_data2: ADDED +gnutls_ecc_curve_get: ADDED +gnutls_x509_trust_list_add_named_crt: ADDED +gnutls_x509_trust_list_verify_named_crt: ADDED +gnutls_x509_privkey_verify_data: REMOVED +gnutls_crypto_bigint_register: REMOVED +gnutls_crypto_cipher_register: REMOVED +gnutls_crypto_digest_register: REMOVED +gnutls_crypto_mac_register: REMOVED +gnutls_crypto_pk_register: REMOVED +gnutls_crypto_rnd_register: REMOVED +gnutls_crypto_single_cipher_register: REMOVED +gnutls_crypto_single_digest_register: REMOVED +gnutls_crypto_single_mac_register: REMOVED +GNUTLS_KX_ECDHE_PSK: New key exchange method +GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag. + + +* Version 2.99.2 (released 2011-05-26) + +** libgnutls: Added Elliptic curve support. This is not +enabled by default. Requires priority strings: ++CURVE-ALL: to add all supported curves ++ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate ++ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate ++ANON-ECDHE: to add anonymous ECDH + +** libgnutls: PKCS #11 URLs conform to the latest draft +being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04. + +** certtool: Can now load private keys and public keys from PKCS #11 tokens +via URLs. + +** libgnutls: Added gnutls_global_set_audit_log_function() that allows +to get important auditing information including the corresponding session. +That might be useful to block DoS or other attacker from specific IPs. + +** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read +the public key algorithm of the key. + +** libgnutls: Added gnutls_certificate_get_issuer() and +gnutls_x509_trust_list_get_issuer() to compensate for the +missing gnutls_certificate_get_x509_cas(). + +** libgnutls: Added gnutls_x509_crq_verify() to allow +verification of the self signature in a certificate request. +This allows verifying whether the owner of the private key +is the generator of the request. + +** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies +the self signature of the request. + +** API and ABI modifications: +gnutls_certificate_get_issuer: ADDED +gnutls_x509_trust_list_get_issuer: ADDED +gnutls_x509_crq_verify: ADDED +gnutls_global_set_audit_log_function: ADDED +gnutls_ecc_curve_get_name: ADDED +gnutls_ecc_curve_get_size: ADDED +gnutls_x509_privkey_import_ecc_raw: ADDED +gnutls_x509_privkey_export_ecc_raw: ADDED +gnutls_global_set_time_function: ADDED + +GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code +GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code +GNUTLS_KX_ECDHE_RSA: New key exchange method +GNUTLS_KX_ECDHE_ECDSA: New key exchange method +GNUTLS_KX_ANON_ECDH: New key exchange method +GNUTLS_PK_ECC: New public key algorithm +GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm +GNUTLS_ECC_CURVE_INVALID: New curve definition +GNUTLS_ECC_CURVE_SECP224R1: New curve definition +GNUTLS_ECC_CURVE_SECP256R1: New curve definition +GNUTLS_ECC_CURVE_SECP384R1: New curve definition +GNUTLS_ECC_CURVE_SECP521R1: New curve definition + + +* Version 2.99.1 (released 2011-04-23) + +** libgnutls: LZO support was removed. + +** libgnutls: Corrections in SSLv2 client hello parsing. + +** libgnutls: Added support for AES-NI if detected. Uses +Andy Polyakov's AES-NI code. + +** libgnutls: Restored HMAC-MD5 for compatibility. Although considered +weak, several sites require it for connection. It is enabled for +"NORMAL" and "PERFORMANCE" priority strings. + +** libgnutls: depend on libdl. + +** libgnutls-extra: Dropped support of LZO compression via liblzo. + +** libgnutls: gnutls_transport_set_global_errno() was removed. This +function required GnuTLS to access system specific data, for no reason. +Use gnutls_transport_set_errno(), or your system's errno fascility +instead. + +** libgnutls: Added gnutls_certificate_set_retrieve_function2() +to set a callback to retrieve a certificate. The certificate is +received in a format that requires no processing from gnutls thus +it is suitable when performance is required. + +** API and ABI modifications: +gnutls_transport_set_global_errno: REMOVED +gnutls_certificate_set_retrieve_function2: ADDED + +* Version 2.99.0 (released 2011-04-09) + +** libgnutls: Added Datagram TLS support. + +** libgnutls: Uses a single configure file and a single +gnulib library to save space. + +** libgnutls: Several bug fixes. + +** libgnutls: gnutls_transport_set_lowat() is no more. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** libgnutls: Corrected signature generation and verification +in the Certificate Verify message when in TLS 1.2. Reported +by Todd A. Ouska. + +** libgnutlsxx: The C++ interface returns exception on +every error and not only on fatal ones. This allows easier +handling of errors. + +** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored +the PSK callback. + +** libgnutls: SRP and PSK are no longer set on the default priorities. +They have to be explicitly set. + +** libgnutls: During handshake message verification using DSS +use the hash algorithm required by it. + +** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION +on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. + +** libgnutls: Added GCM mode (interoperates with tls.secg.org) + +** libgnutls-extra: Inner application extension was removed. +It was never standardized nor published as an RFC. + +** libgnutls: Added new certificate verification functions, that +can provide more details and are more efficient. Check +gnutls_x509_trust_list_*. + +** certtool: Uses the new certificate verification functions for +--verify-chain. + +** certtool: Added new certificate verification functionality +using the --verify option. Combined with --load-ca-certificate +it can verify a certificate chain against a list of certificates. + +** Several files unnecessarily included <gcrypt.h>; this has been fixed. + +** API and ABI modifications: +gnutls_dtls_set_timeouts: ADDED +gnutls_dtls_get_mtu: ADDED +gnutls_dtls_get_data_mtu: ADDED +gnutls_dtls_set_mtu: ADDED +gnutls_dtls_cookie_send: ADDED +gnutls_dtls_cookie_verify: ADDED +gnutls_dtls_prestate_set: ADDED +gnutls_x509_trust_list_verify_crt: ADDED +gnutls_x509_trust_list_add_crls: ADDED +gnutls_x509_trust_list_add_cas: ADDED +gnutls_x509_trust_list_init: ADDED +gnutls_x509_trust_list_deinit: ADDED +gnutls_cipher_add_auth: ADDED +gnutls_cipher_tag: ADDED +gnutls_psk_netconf_derive_key: REMOVED +gnutls_certificate_verify_peers: REMOVED +gnutls_session_set_finished_function: REMOVED +gnutls_ext_register: REMOVED +gnutls_certificate_get_x509_crls: REMOVED +gnutls_certificate_get_x509_cas: REMOVED +gnutls_certificate_get_openpgp_keyring: REMOVED +gnutls_session_get_server_random: REMOVED +gnutls_session_get_client_random: REMOVED +gnutls_session_get_master_secret: REMOVED +gnutls_ia_allocate_client_credentials: REMOVED +gnutls_ia_allocate_server_credentials: REMOVED +gnutls_ia_enable: REMOVED +gnutls_ia_endphase_send: REMOVED +gnutls_ia_extract_inner_secret: REMOVED +gnutls_ia_free_client_credentials: REMOVED +gnutls_ia_free_server_credentials: REMOVED +gnutls_ia_generate_challenge: REMOVED +gnutls_ia_get_client_avp_ptr: REMOVED +gnutls_ia_get_server_avp_ptr: REMOVED +gnutls_ia_handshake: REMOVED +gnutls_ia_handshake_p: REMOVED +gnutls_ia_permute_inner_secret: REMOVED +gnutls_ia_recv: REMOVED +gnutls_ia_send: REMOVED +gnutls_ia_set_client_avp_function: REMOVED +gnutls_ia_set_client_avp_ptr: REMOVED +gnutls_ia_set_server_avp_function: REMOVED +gnutls_ia_set_server_avp_ptr: REMOVED +gnutls_ia_verify_endphase: REMOVED + + +* Version 2.12.2 (released 2011-04-08) + +** libgnutls: Several updates and fixes for win32. Patches by LRN. + +** libgnutls: Several bug and memory leak fixes. + +** srptool: Accepts the -d option to enable debugging. + +** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented +the allocation of a verifier. Reported by Andrew Wiseman. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.12.1 (released 2011-04-02) + +** certtool: Generated certificate request with stricter permissions. +Reported by Luca Capello. + +** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. + +** libgnutls: Corrected windows system_errno() function prototype. + +** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. + +** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the +GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler. + +** API and ABI modifications: +No changes since last version. + + + + +* Version 2.12.0 (released 2011-03-24) + +** certtool: Warns on generation of DSA keys of over 1024 bits, about +the incompatibility with TLS other than 1.2. + +** libgnutls: Modified signature algorithm selection in client +certificate request, to avoid failures in DSA certificates. + +** libgnutls: Instead of failing with internal error, return +GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA +key with the negotiated protocol is encountered. + +** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys. + +** libgnutls: Force state update when fork is detected in the nettle +rng. + +** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred +subkey instead of setting explicitly one. + +** libgnutls: Corrected default behavior in record version of Client Hellos. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** API and ABI modifications: +gnutls_pubkey_import_openpgp: MODIFIED + + +* Version 2.11.7 + +** libgnutls: The deprecated gnutls_x509_privkey_sign_hash() was +replaced by gnutls_privkey_sign_hash2(). + +** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash, +gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, +gnutls_x509_crt_verify_hash return the negative error code +GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error +checking. + +** libgnutls: Added helper functions for signature verification: +gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey(). + +** libgnutls: Modified gnutls_privkey_sign_data(). + +** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2() +gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(), +gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were +deprecated for gnutls_x509_crl_privkey_sign(), +gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(), +gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash() +gnutls_pubkey_verify_data() respectively. + +** libgnutls: gnutls_*_export_raw() functions now add leading zero in +integers. + +** libgnutls: Added convenience functions gnutls_x509_crl_list_import2() +and gnutls_x509_crt_list_import2(). + +** crypto.h: Fix use with C++. +Reported by "Brendan Doherty" <brendand@gentrack.com>. + +** API and ABI modifications: +gnutls_x509_crl_list_import: ADDED +gnutls_x509_crl_list_import2: ADDED +gnutls_x509_crt_list_import2: ADDED +gnutls_x509_crl_get_raw_issuer_dn: ADDED +gnutls_pubkey_import_privkey: ADDED +gnutls_pubkey_verify_data: ADDED +gnutls_privkey_sign_hash: MODIFIED (was added in 2.11.0) +gnutls_privkey_sign_data: MODIFIED (was added in 2.11.0) +gnutls_x509_crq_sign2: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_sign: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_get_preferred_hash_algorithm: REMOVED (was added in 2.11.0) +gnutls_x509_crl_sign: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_crl_sign2: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data2) +gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_session_set_finished_function: DEPRECATED +gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash) +gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use: gnutls_pubkey_get_verify_algorithm) +gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use: gnutls_pubkey_get_preferred_hash_algorithm) +gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0) +gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0) +gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0) + +* Version 2.11.6 (released 2010-12-06) + +** libgnutls: Record version of Client Hellos is now set by default to +SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION +priority string. + +** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. +This makes us comply with RFC3279. Reported by Michael Rommel. + +** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.5 (released 2010-12-01) + +** libgnutls: Reverted default behavior for verification and +introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default +V1 trusted CAs are allowed, unless the new flag is specified. + +** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. +Reported by Jeffrey Walton. + +** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL +as priority strings. Those allow to set all the supported algorithms +at once. + +** p11tool: Introduced. It allows manipulating pkcs 11 tokens. + +** gnutls-cli: Print channel binding only in verbose mode. +Before it printed it after the 'Compression:' output, thus breaking +Emacs starttls.el string searches. + +** API and ABI modifications: +gnutls_pkcs11_token_init: New function +gnutls_pkcs11_token_set_pin: New function + +* Version 2.11.4 (released 2010-10-15) + +** libgnutls: Add new API gnutls_session_channel_binding. +The function is used to get the channel binding data. Currently only +the "tls-unique" (RFC 5929) channel binding type is supported, through +the GNUTLS_CB_TLS_UNIQUE type. See new section "Channel Bindings" in +the manual. + +** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings. + +** doc: Added pkcs11.h header file to GTK-DOC manual. + +** build: Update gnulib files. + +** i18n: Update translations. + +** tests: Add self tests gendh.c. Speed up Guile self checks. + +** API and ABI modifications: +gnutls_session_channel_binding: New function. +gnutls_channel_binding_t: New enumeration. +GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member. +GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code. + +* Version 2.11.3 (released 2010-10-14) + +** Indent code to follow the GNU Coding Standard. +You should be able to unpack the 2.11.2 release and run 'make indent' +twice to get exactly the same content as 2.11.3 except for generated +files. Using GNU Indent 2.2.11. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.2 (released 2010-10-08) + +** libgnutls: Several bug fixes on session resumption +and session tickets support. + +** libgnutls: Add new extended key usage ipsecIKE. + +** certtool: Renamed PKCS #11 options to: --p11-provider, +--p11-export-url, --p11-list-certs, --p11-list-certs, +--p11-list-privkeys, --p11-list-trusted, --p11-list-all-certs, +--p11-list-all, --p11-list-tokens, --p11-login, --p11-write, +--p11-write-label, --p11-write-trusted, --p11-detailed-url, +--p11-delete-url + +** libgnutls: Corrected bug that caused importing DSA keys as RSA, +introduced with the new nettle code. + +** libgnutls: Corrected advertizing issue for session tickets. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_unique_id: ADDED. +gnutls_x509_crt_get_issuer_unique_id: ADDED. + +* Version 2.11.1 (released 2010-09-14) + +** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt +to use the libgcrypt back end. + +** libgnutls: Depend on nettle 2.1. This makes nettle a fully working +backend crypto library. + +** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites. + +** libgnutls: Several updates in the buffering internal interface. + +** libgnutls: Is now more liberal in the PEM decoding. That is spaces and +tabs are being skipped. + +** libgnutls: Added support for draft-pechanec-pkcs11uri-02. + +** libgnutls: The %COMPAT flag now allows larger records that violate the +TLS spec. + +** libgnutls: by default lowat level has been set to zero to avoid unnecessary +system calls. Applications that depended on it being 1 should explicitly call +gnutls_transport_set_lowat(). + +** libgnutls: Updated documentation and gnutls_pk_params_t mappings +to ECRYPT II recommendations. Mappings were moved to a single location +and DSA keys are handled differently (since DSA2 allows for 1024,2048 +and 3072 keys only). + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: HMAC-MD5 no longer used by default. + +** API and ABI modifications: +gnutls_openpgp_privkey_sec_param: ADDED +gnutls_x509_privkey_sec_param: ADDED + +* Version 2.11.0 (released 2010-07-22) + +** libgnutls: support scattered write using writev(). This takes +advantage of the new buffering layer and allows queuing of packets +and flushing them. This is currently used for handshake messages +only. + +** libgnutls: Added gnutls_global_set_mutex() to allow setting +alternative locking procedures. By default the system available +locking is used. In *NIX pthreads are used and in windows the +critical section API. This follows a different approach than the +previous versions that depended on libgcrypt initialization. The +locks are now set by default in systems that support it. Programs +that used gcry_control() to set thread locks should insert it into +a block of +#if GNUTLS_VERSION_NUMBER <= 0x020b00 + gcry_control(...) +#endif + +** libgnutls: Added support for reading DN from EV-certificates. +New DN values: +jurisdictionOfIncorporationLocalityName, +jurisdictionOfIncorporationStateOrProvinceName, +jurisdictionOfIncorporationCountryName + +** libgnutls: Added support for DSA signing/verifying with bit +length over 1024. + +** libgnutls-extra: When in FIPS mode gnutls_global_init_extra() +has to be called to register any required md5 handlers. + +** libgnutls: Internal buffering code was replaced by simpler +code contributed by Jonathan Bastien-Filiatrault. + +** libgnutls: Internal API for extensions augmented to allow +safe storing and loading of data on resumption. This allows writing +self-contained extensions (when possible). As a side effect +the OPRFI extension was removed. + +** libgnutls: Added support for DSA-SHA256 and DSA-SHA224 + +** libgnutls: Added PKCS #11 support and an API to access objects in +gnutls/pkcs11.h. Currently certificates and public keys can be +imported from tokens, and operations can be performed on private keys. + +** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t + +** libgnutls: Added initial support for the nettle library. It uses +the system's random generator for seeding. That is /dev/urandom in Linux, +system calls in Win32 and EGD on other systems. + +** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now + works even when resuming a session. + +** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the +similar gnutls_certificate_set_server_retrieve_function() and +gnutls_certificate_set_client_retrieve_function(). In addition it support +PKCS #11 private keys. + +** libgnutls: Added gnutls_pkcs11_copy_x509_crt(), gnutls_pkcs11_copy_x509_privkey(), +and gnutls_pkcs11_delete_url() to allow copying and deleting data in tokens. + +** libgnutls: Added gnutls_sec_param_to_pk_bits() et al. to allow select bit +sizes for private keys using a human understandable scale. + +** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all +--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs, +--pkcs11-delete-url, --pkcs11-write + +certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior can +be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +certtool: Added --certificate-pubkey to print the public key of the +certificate. + +** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile +can now accept a PKCS #11 URL in addition to a file. This will allow for +example to use the Gnome-keyring trusted certificate list to verify +connections using a url such as: +pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring + +** API and ABI modifications: +gnutls_certificate_set_server_retrieve_function: DEPRECATED +gnutls_certificate_set_client_retrieve_function: DEPRECATED +gnutls_sign_callback_set: DEPRECATED +gnutls_global_set_mutex: ADDED +gnutls_pubkey_get_preferred_hash_algorithm: ADDED +gnutls_x509_crt_get_preferred_hash_algorithm: ADDED +gnutls_x509_privkey_export_rsa_raw2: ADDED +gnutls_rnd: ADDED +gnutls_sec_param_to_pk_bits: ADDED +gnutls_pk_bits_to_sec_param: ADDED +gnutls_sec_param_get_name: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_certificate_set_retrieve_function: ADDED +gnutls_pkcs11_init: ADDED +gnutls_pkcs11_deinit: ADDED +gnutls_pkcs11_set_pin_function: ADDED +gnutls_pkcs11_set_token_function: ADDED +gnutls_pkcs11_add_provider: ADDED +gnutls_pkcs11_obj_init: ADDED +gnutls_pkcs11_obj_import_url: ADDED +gnutls_pkcs11_obj_export_url: ADDED +gnutls_pkcs11_obj_deinit: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_pkcs11_obj_list_import_url: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_x509_crt_import_pkcs11: ADDED +gnutls_pkcs11_obj_get_type: ADDED +gnutls_x509_crt_list_import_pkcs11: ADDED +gnutls_x509_crt_import_pkcs11_url: ADDED +gnutls_pkcs11_obj_get_info: ADDED +gnutls_pkcs11_token_get_info: ADDED +gnutls_pkcs11_token_get_url: ADDED +gnutls_pkcs11_privkey_init: ADDED +gnutls_pkcs11_privkey_deinit: ADDED +gnutls_pkcs11_privkey_get_pk_algorithm: ADDED +gnutls_pkcs11_privkey_get_info: ADDED +gnutls_pkcs11_privkey_import_url: ADDED +gnutls_pkcs11_privkey_sign_data: ADDED +gnutls_pkcs11_privkey_sign_hash: ADDED +gnutls_pkcs11_privkey_decrypt_data: ADDED +gnutls_privkey_init: ADDED +gnutls_privkey_deinit: ADDED +gnutls_privkey_get_pk_algorithm: ADDED +gnutls_privkey_get_type: ADDED +gnutls_privkey_import_pkcs11: ADDED +gnutls_privkey_import_x509: ADDED +gnutls_privkey_import_openpgp: ADDED +gnutls_privkey_sign_data: ADDED +gnutls_privkey_sign_hash: ADDED +gnutls_privkey_decrypt_data: ADDED +gnutls_pkcs11_privkey_export_url: ADDED +gnutls_x509_crq_privkey_sign: ADDED +gnutls_x509_crl_privkey_sign: ADDED +gnutls_x509_crt_privkey_sign: ADDED +gnutls_pubkey_init: ADDED +gnutls_pubkey_deinit: ADDED +gnutls_pubkey_get_pk_algorithm: ADDED +gnutls_pubkey_import_x509: ADDED +gnutls_pubkey_import_openpgp: ADDED +gnutls_pubkey_get_pk_rsa_raw: ADDED +gnutls_pubkey_get_pk_dsa_raw: ADDED +gnutls_pubkey_export: ADDED +gnutls_pubkey_get_key_id: ADDED +gnutls_pubkey_get_key_usage: ADDED +gnutls_pubkey_verify_hash: ADDED +gnutls_pubkey_get_verify_algorithm: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_pubkey_import_pkcs11_url: ADDED +gnutls_pubkey_import: ADDED +gnutls_pubkey_import_pkcs11: ADDED +gnutls_pubkey_import_dsa_raw: ADDED +gnutls_pubkey_import_rsa_raw: ADDED +gnutls_x509_crt_set_pubkey: ADDED +gnutls_x509_crq_set_pubkey: ADDED +gnutls_pkcs11_copy_x509_crt: ADDED +gnutls_pkcs11_copy_x509_privkey: ADDED +gnutls_pkcs11_delete_url: ADDED + +* Version 2.10.1 (released 2010-07-25) + +** libgnutls: Added support for broken certificates that indicate RSA +with strange OIDs. + +** gnutls-cli: Allow verification using V1 CAs. + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: Correctly deinitialize crypto API functions to prevent +a memory leak. Reported by Mads Kiilerich. + +** certtool: If asked to generate DSA keys of size more than 1024 bits, +issue a warning, that the output key might not be working everywhere. + +** certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior +can be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +** API and ABI modifications: +No changes since last version. + +* Version 2.10.0 (released 2010-06-25) + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.12 (released 2010-06-17) + +** gnutls-cli: Make --starttls work again. +Problem introduced in patch to use read() instead of fgets() committed +on 2010-01-27. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.11 (released 2010-06-07) + +** libgnutls: Removed two APIs related to safe renegotiation. +Use priority strings instead. The APIs were +gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. +(Remember that we don't promise ABI stability during development +series, so this doesn't cause an shared library ABI increment.) + +** tests: More self testing of safe renegotiation extension. +See tests/safe-renegotiation/README for more information. + +** doc: a PDF version of the API reference manual (GTK-DOC) is now built. + +** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency. + +** API and ABI modifications: +gnutls_safe_negotiation_set_initial: REMOVED. +gnutls_safe_renegotiation_set: REMOVED. + +* Version 2.9.10 (released 2010-04-22) + +** libgnutls: Time verification extended to trusted certificate list. +Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is +specified. + +** certtool: Display postalCode and Name X.509 DN attributes correctly. +Based on patch by Pavan Konjarla. Adds new constant +GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME. + +** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746) +Solves the issue discussed in: +<http://www.ietf.org/mail-archive/web/tls/current/msg03928.html> and +<http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>. +Note that to allow connecting to unpatched servers the full protection +is only enabled if the priority string %SAFE_RENEGOTIATION is +specified. You can check whether protection is in place by querying +gnutls_safe_renegotiation_status(). New error codes +GNUTLS_E_SAFE_RENEGOTIATION_FAILED and +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added. + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Added cryptodev support (/dev/crypto). +Tested with http://www.logix.cz/michal/devel/cryptodev/. Added +benchmark utility for AES. Adds new error codes +GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR. + +** libgnutls: Exported API to access encryption and hash algorithms. +The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit, +gnutls_cipher_encrypt, gnutls_cipher_get_block_size, +gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast, +gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output, +gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast, +gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API +constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224. + +** libgnutls: Added gnutls_certificate_set_verify_function() to allow +verification of certificate upon receipt rather than waiting until the +end of the handshake. + +** libgnutls: Don't send alerts during handshake. +Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added. + +** certtool: Corrected two issues that affected certificate request generation. +(1) Null padding is added on integers (found thanks to Wilankar Trupti), +(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA +parameters were added. Those were rejected by Verisign. Gnutls no longer adds +those parameters there since other implementations don't do either and having +them does not seem to offer anything (anyway you need the signer's certificate +to verify thus public key will be available). Found thanks to Boyan Kasarov. +This however has the side-effect that public key IDs shown by certtool are +now different than previous gnutls releases. +(3) the option --pgp-certificate-info will verify self signatures + +** certtool: Allow exporting of Certificate requests on DER format. + +** certtool: New option --no-crq-extensions to avoid extensions in CSRs. + +** gnutls-cli: Handle reading binary data from server. +Reported by and tiny patch from Vitaly Mayatskikh +<v.mayatskih@gmail.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>. + +** minitasn1: Upgraded to libtasn1 version 2.6. + +** i18n: Updated Czech, Dutch, French, Polish, Swedish translation. +** Added Italian and Simplified Chinese translation. +Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz, +Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu. + +** doc: The GTK-DOC manual is significantly improved. + +** API and ABI modifications: +%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use). +%INITIAL_SAFE_RENEGOTIATION: Added to priority strings. +%UNSAFE_RENEGOTIATION: Added to priority strings. +GNUTLS_DIG_SHA224: ADDED. +GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED. +GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED. +GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED. +GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED. +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED. +GNUTLS_MAC_SHA224: ADDED. +GNUTLS_OID_X520_NAME: ADDED. +GNUTLS_OID_X520_POSTALCODE: ADDED. +GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED. +GNUTLS_VERSION_MAX: ADDED. +gnutls_certificate_set_verify_function: ADDED. +gnutls_cipher_decrypt: ADDED. +gnutls_cipher_deinit: ADDED. +gnutls_cipher_encrypt: ADDED. +gnutls_cipher_get_block_size: ADDED. +gnutls_cipher_init: ADDED. +gnutls_hash: ADDED. +gnutls_hash_deinit: ADDED. +gnutls_hash_fast: ADDED. +gnutls_hash_get_len: ADDED. +gnutls_hash_init: ADDED. +gnutls_hash_output: ADDED. +gnutls_hmac: ADDED. +gnutls_hmac_deinit: ADDED. +gnutls_hmac_fast: ADDED. +gnutls_hmac_get_len: ADDED. +gnutls_hmac_init: ADDED. +gnutls_hmac_output: ADDED. +gnutls_safe_negotiation_set_initial: ADDED. +gnutls_safe_renegotiation_set: ADDED. +gnutls_safe_renegotiation_status: ADDED. + +* Version 2.9.9 (released 2009-11-09) + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +<https://savannah.gnu.org/support/?107029>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.8 (released 2009-11-05) + +** libgnutls: Fix for memory leaks on interrupted handshake. +Reported by Tang Tong. + +** libgnutls: Addition of support for TLS 1.2 signature algorithms +** extension and certificate verify field. +This requires changes for TLS 1.2 servers and clients that use +callbacks for certificate retrieval. They are now required to check +with gnutls_sign_algorithm_get_requested() whether the certificate +they send complies with the peer's preferences in signature +algorithms. + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8 +** encryption. +This affects also PKCS #12 encoded files. This adds the following new +enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128, +GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** certtool: Added the --pkcs-cipher option. +To explicitely specify the encryption algorithm to use. + +** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>. + +** tests: Fix expired cert in chainverify self-test. + +** i18n: Vietnamese translation updated. +Thanks to Clytie Siddall. + +** API and ABI modifications: +GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h. +GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h. +GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h. +GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h. +gnutls_sign_algorithm_get_requested: ADDED. + +* Version 2.9.7 (released 2009-10-06) + +** libgnutls: TLS 1.2 server mode fixes. +Now interoperates against Opera. Contributed by Daiki Ueno. + +** libgnutlsxx: Fix link problems. +Tiny patch from Boyan Kasarov <bkasarov@gmail.com>. + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes <ludovic.courtes@laas.fr>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.6 (released 2009-09-22) + +** libgnutls: Enable Camellia ciphers by default. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.5 (released 2009-09-10) + +** libgnutls: Add new functions to extract X.509 Issuer Alternative Names. +The new functions are gnutls_x509_crt_get_issuer_alt_name2, +gnutls_x509_crt_get_issuer_alt_name, and +gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad +Hards <bradh@frogmouth.net>. + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_alt_name2: ADDED. +gnutls_x509_crt_get_issuer_alt_name: ADDED. +gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED. + +* Version 2.9.4 (released 2009-09-03) + +** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works. +The new supported ciphersuites are AES-128/256 in CBC mode with +ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further, +SHA-256 is now the preferred default MAC (however it is only used with +TLS 1.2). + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu <hyc@symas.com> in +<https://savannah.gnu.org/support/?106975>. + +** Fix use of deprecated types internally. +Use of deprecated types in GnuTLS from now on will lead to a compile +error, to prevent this from happening again. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.3 (released 2009-08-19) + +** libgnutls: Support for TLS tickets was contributed by Daiki Ueno. +The new APIs are gnutls_session_ticket_enable_client, +gnutls_session_ticket_enable_server, and +gnutls_session_ticket_key_generate. + +** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets. + +** API and ABI modifications: +gnutls_session_ticket_key_generate: ADDED. +gnutls_session_ticket_enable_client: ADDED. +gnutls_session_ticket_enable_server: ADDED. + +* Version 2.9.2 (released 2009-08-14) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com> +for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson +<pdh@wiredyne.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse +<tim.kosse@filezilla-project.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" <tomas.kukosa@siemens-enterprise.com> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1663>. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671> +and +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri <md@linux.it> via Andreas Metzler +<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>. + +** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error. + +** tests: Improved test vectors in self-test pkcs12_s2k. + +** tests: Added new self-test dn2 to detect off-by-one size error. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.1 (released 2009-06-08) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from +<http://bugs.gentoo.org/272388>. + +** tests: Added new self-tests init_roundtrip.c to detect previous problem. + +** Reduce stack usage for some CRQ functions. + +** Doc fixes for CRQ functions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.0 (released 2009-05-28) + +** Doc fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.6 (released 2010-03-15) + +** libgnutls: For CSRs, don't null pad integers for RSA/DSA value. +VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti +<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>. + +Note: As a side effect of this change, the "public key identifier" +value computed for a certificate using this version of GnuTLS will be +different from values computed using earlier versions of GnuTLS. + +** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the +** optional SignatureAlgorithm parameter field. +VeriSign rejected these CSRs. They are stricly speaking not needed +since you need the signer's certificate to verify the certificate +signature anyway. Reported by Wilankar Trupti +<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>. + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +<https://savannah.gnu.org/support/?107029>. + +** examples: Use the new APIs for printing X.509 certificate information. + +** Fix build failures on Solaris. +Thanks to Dagobert Michelsen <dam@opencsw.org>. + +** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese +** translations. Added Simplified Chinese translation. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.5 (released 2009-11-02) + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes <ludovic.courtes@laas.fr>. + +** tests: Fix expired cert in chainverify self-test. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.4 (released 2009-09-18) + +** libgnutls: Enable Camellia ciphers by default. + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu <hyc@symas.com> in +<https://savannah.gnu.org/support/?106975>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.3 (released 2009-08-13) + +** libgnutls: Fix patch for NUL in CN/SAN in last release. +Code intended to be removed would lead to an read-out-bound error in +some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE +code have been allocated for the vulnerability: [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error. + +** tests: Made self-test mini-eagain take less time. + +** doc: Typo fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.2 (released 2009-08-10) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com> +for providing one part of the patch. [GNUTLS-SA-2009-4]. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson +<pdh@wiredyne.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse +<tim.kosse@filezilla-project.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671> +and +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri <md@linux.it> via Andreas Metzler +<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>. + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.1 (released 2009-06-10) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from +<http://bugs.gentoo.org/272388>. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" <tomas.kukosa@siemens-enterprise.com> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1663>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.0 (released 2009-05-27) + +** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists. + +** Major changes compared to the v2.4 branch: + +*** lib: Linker version scripts reduces number of exported symbols. + +*** lib: Limit exported symbols on systems without LD linker scripts. + +*** libgnutls: Fix namespace issue with version symbols. + +*** libgnutls: Add functions to verify a hash against a certificate. +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. + +*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. + +*** certtool: Query for multiple dnsName subjectAltName in interactive mode. + +*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. + +*** gnutls-serv: No longer disable MAC padding by default. + +*** gnutls-cli: Certificate information output format changed. + +*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +*** and %VERIFY_ALLOW_X509_V1_CA_CRT. + +*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +*** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +*** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. + +*** libgnutls: New interface to get key id for certificate requests. +gnutls_x509_crq_get_key_id: ADDED. + +*** libgnutls: gnutls_x509_crq_print will now also print public key id. + +*** certtool: --verify-chain now prints results of using library verification. + +*** libgnutls: Libgcrypt initialization changed. + +*** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +*** gnutls-cli: Return non-zero exit code on error conditions. + +*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +*** certtool: allow setting arbitrary key purpose object identifiers. + +*** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +*** Fix warnings and build GnuTLS with more warnings enabled. + +*** New API to set X.509 credentials from PKCS#12 memory structure. +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED + +*** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +*** libgnutls: Added functions to handle CRL extensions. +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED + +*** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +*** certtool: Print and set CRL and CRQ extensions. + +*** minitasn1: Internal copy updated to libtasn1 v2.1. + +*** examples: Now released into the public domain. + +*** The Texinfo and GTK-DOC manuals were improved. + +*** Several self-tests were added and others improved. + +*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x +No offically supported interfaces have been modified or removed. The +library should be completely backwards compatible on both the source +and binary level. + +The shared library no longer exports some symbols that have never been +officially supported, i.e., not mentioned in any of the header files. +The symbols are: + + _gnutls* + gnutls_asn1_tab + +Normally when symbols are removed, the shared library version has to +be incremented. This leads to a significant cost for everyone using +the library. Because none of the above symbols have ever been +intended for use by well-behaved applications, we decided that the it +would be better for those applications to pay the price rather than +incurring problems on the majority of applications. + +If it turns out that applications have been using unofficial +interfaces, we will need to release a follow-on release on the v2.8 +branch to exports additional interfaces. However, initial testing +suggests that few if any applications have been using any of the +internal symbols. + +Although not a new change compared to 2.6.x, we'd like to remind you +interfaces have been modified so that X.509 chain verification now +also checks activation/expiration times on certificates. The affected +functions are: + +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +This change in behaviour was made during the GnuTLS 2.6.x cycle, and +we gave our rationale for it in earlier release notes. + +The following symbols have been added to the library: + +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_key_id: ADDED. +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED +gnutls_x509_crt_verify_hash: ADDED + +The following interfaces have been added to the header files: + +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. + +The following interfaces have been deprecated: + +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.14 (released 2009-05-26) + +** libgnutls: Fix namespace issue with version symbol for libgnutls-extra. +The symbol LIBGNUTLS_EXTRA_VERSION were renamed to +GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is +deprecated. + +** Doc: Several typo fixes in documentation. +Reported by Peter Hendrickson <pdh@wiredyne.com>. + +** API and ABI modifications: +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.13 (released 2009-05-25) + +** libgnutls: Fix version of some exported symbols in the shared library. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>. + +** tests: Handle recently expired certificates in chainverify self-test. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.12 (released 2009-05-20) + +** gnutls-serv, gnutls-cli-debug: Make them work on Windows. + +** tests/crq_key_id: Don't read entropy from /dev/random in self-test. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>. + +** Fix build failures. +Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom +G. Christensen" <tgc@jupiterrise.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3571>. + +** minitasn1: Internal copy updated to libtasn1 v2.2. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.11 (released 2009-05-18) + +** minitasn1: Fix build failure when using internal libtasn1. +Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>. + +** libgnutls: Fix build failure with --disable-cxx. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3557>. + +** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV. +Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560> + +** Building with many warning flags now requires --enable-gcc-warnings. +This avoids crying wolf for normal compiles. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.10 (released 2009-05-13) + +** examples: Now released into the public domain. +This makes the license of the example code compatible with more +licenses, including the (L)GPL. + +** minitasn1: Internal copy updated to libtasn1 v2.1. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** libgnutls: Fix crash in signature verification +The fix for the CVE-2009-1415 problem wasn't merged completely. + +** doc: Fixes for GTK-DOC output. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.9 (released 2009-05-11) + +** doc: Fix strings in man page of gnutls_priority_init. + +** doc: Fix tables of error codes and supported algorithms. + +** Fix build failure when cross-compiled using MinGW. + +** Fix build failure when LZO is enabled. +Reported by Arfrever Frehtes Taifersar Arahesis +<arfrever.fta@gmail.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3522>. + +** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6. +Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>. + +** Fix warnings in self-tests. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.8 (released 2009-05-03) + +** libgnutls: Fix DSA key generation. +Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Merged from stable branch. Reported by Romain Francoise +<romain@orebokech.com>. This changes the semantics of +gnutls_x509_crt_list_verify, which in turn is used by +gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. +We add two new gnutls_certificate_status_t codes for reporting the new +error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. +We also add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417] + +** lib: Linker version scripts reduces number of exported symbols. +The linker version script now lists all exported ABIs explicitly, to +avoid accidentally exporting unintended functions. Compared to +before, most symbols beginning with _gnutls* are no longer exported. +These functions have never been intended for use by applications, and +there were no prototypes for these function in the public header +files. Thus we believe it is possible to do this without incrementing +the library ABI version which normally has to be done when removing an +interface. + +** lib: Limit exported symbols on systems without LD linker scripts. +Before all symbols were exported. Now we limit the exported symbols +to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls) +_gnutls*. This is a superset of the actual supported ABI, but still +an improvement compared to before. This is implemented using Libtool +-export-symbols-regex. It is more portable than linker version +scripts. + +** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols. +This should have been done in the last release. + +** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. +Reported by Peter Hendrickson <pdh@wiredyne.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3476>. + +** doc: Improved sections for the info manual. +We now follow the advice given by the texinfo manual on which +directory categories to use. In particular, libgnutls moved from the +'GNU Libraries' section to the 'Software libraries' and the command +line tools moved from 'Network Applications' to 'System +Administration'. + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.7.7 (released 2009-04-20) + +** libgnutls: Applied patch by Cedric Bail to add functions +gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm(). + +** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>. + +** minitasn1: Internal copy updated to libtasn1 v1.8. +GnuTLS is also internally ready to be used with libtasn1 v2.0. + +** doc: Fix build failure of errcodes/printlist. +Reported by Roman Bogorodskiy <novel@FreeBSD.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>. + +** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. +It is currently only used by the core library. This will enable a new +domain 'gnutls' for translations of the command line tools. + +** Corrected possible memory corruption on signature verification failure. +Reported by Miroslav Kratochvil <exa.exa@gmail.com> + +** API and ABI modifications: +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +* Version 2.7.6 (released 2009-02-27) + +** certtool: Query for multiple dnsName subjectAltName in interactive mode. +This applies both to generating certificates and certificate requests. + +** pkix.asn: Removed unneeded definitions to reduce memory usage. + +** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. +Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to +be used for chain verification. + +** gnutls-serv: No longer disable MAC padding by default. +Use --priority NORMAL:%COMPAT to disable MAC padding again. + +** gnutls-cli: Certificate information output format changed. +The tool now uses libgnutls' functions to print certificate +information. This avoids code duplication. + +** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +** and %VERIFY_ALLOW_X509_V1_CA_CRT. +They can be used to override the default certificate chain validation +behaviour. + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +** doc: Update gnutls-cli and gnutls-serv --help output descriptions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.5 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" +<deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks <special@dereferenced.net>. + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill <stan@saticed.me.uk>. + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" <deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.4 (released 2009-01-07) + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor +<dkg@fifthhorseman.net> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, +debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn +Gillmor <dkg@fifthhorseman.net>. + +** libgnutls: New interface to get key id for certificate requests. +Patch from David MarÃn Carreño <davefx@gmail.com> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>. + +** libgnutls: gnutls_x509_crq_print will now also print public key id. + +** certtool: --verify-chain now prints results of using library verification. +Earlier, certtool --verify-chain used its own validation algorithm +which wasn't guaranteed to give the same result as the libgnutls +internal validation algorithm. Now this command print a new final +line with header 'Chain verification output:' that contains the result +from using the internal verification algorithm on the same chain. + +** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id. + +** API and ABI modifications: +gnutls_x509_crq_get_key_id: ADDED. + +* Version 2.7.3 (released 2008-12-10) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer <Michael-Kiefer@web.de> in +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by +Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>. + +** libgnutls: Libgcrypt initialization changed. +If libgcrypt has not already been initialized, GnuTLS will now +initialize libgcrypt with disabled secure memory. Initialize +libgcrypt explicitly in your application if you want to enable secure +memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory +allocation functions, which doesn't use secure memory, so there is no +real change in behaviour. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser <michael@weiser.dinsnail.net> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1465>. + +** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** tests: Added chainverify self-test that tests X.509 chain verifications. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.2 (released 2008-11-18) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to <http://www.gnu.org/software/gnutls/security.html> + +** libgnutls: Fix namespace issue with version symbols. +The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and +LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER, +GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and +GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to +work but are deprecated. + +** certtool: allow setting arbitrary key purpose object identifiers. + +** libgnutls: Fix detection of C99 macros, to make debug logging work again. + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick <quick@sparq.org> in +<https://savannah.gnu.org/support/index.php?106454>. + +** libgnutls-extra: Make building with LZO compression work again. +Build failure reported by Arfrever Frehtes Taifersar Arahesis +<arfrever.fta@gmail.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3194>. + +** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +** doc: Change license on the manual to GFDLv1.3+. + +** doc: GTK-DOC fixes for new splitted configuration system. + +** doc: Texinfo stylesheet uses white background. + +** tests: Add cve-2008-4989.c self-test. +Tests regressions of the GNUTLS-SA-2008-3 security problem, and the +follow-on problem with crashes on length 1 certificate chains. + +** gnulib: Deprecated modules removed. +Modules include memchr and memcmp. + +** Fix warnings and build GnuTLS with more warnings enabled. + +** minitasn1: Internal copy updated to libtasn1 v1.7. + +** API and ABI modifications: +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. + +* Version 2.7.1 (released 2008-10-31) + +** certtool: print a PKCS #8 key even if it is not encrypted. + +** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +** Configuration system modified. +There is now a configure script in lib/ and libextra/ as well, because +gnulib works better with a config.h per gnulib directory. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.0 (released 2008-10-16) + +** libgnutls: Added functions to handle CRL extensions. + +** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. + +** libgnutls: Improved error string for GNUTLS_E_AGAIN. +Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>. + +** certtool: Print and set CRL and CRQ extensions. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko <ucko@ncbi.nlm.nih.gov>. + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann <tv@beamnet.de>. + +** libgnutlsxx: Define server_session::get_srp_username even if no SRP. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config. +We now require a libgcrypt that has Camellia constants declared in +gcrypt.h, which means v1.3.0 or later. + +** API and ABI modifications: +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +* Version 2.6.6 (released 2009-04-30) + +** libgnutls: Corrected double free on signature verification failure. +Reported by Miroslav Kratochvil <exa.exa@gmail.com>. See the advisory +for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415] + +** libgnutls: Fix DSA key generation. +Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All +DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory +for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Reported by Romain Francoise <romain@orebokech.com>. Before the +library did not check activation/expiration times on certificates, and +was documented as not doing so. We have realized that many +applications that use libgnutls, including gnutls-cli, fail to perform +proper checks. Implementing similar logic in all applications leads +to code duplication. Hence, we decided to check whether the current +time (as reported by the time function) is within the +activation/expiration period of certificates when verifying untrusted +certificates. + +This changes the semantics of gnutls_x509_crt_list_verify, which in +turn is used by gnutls_certificate_verify_peers and +gnutls_certificate_verify_peers2. We add two new +gnutls_certificate_status_t codes for reporting the new error +condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also +add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. + +More details about the vulnerabilities will be posted at +<http://www.gnu.org/software/gnutls/security.html>. + +** gnutls-cli, gnutls-cli-debug: Fix AIX build problem. +Reported by LAUPRETRE François (P) <francois.laupretre@ratp.fr> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3468>. + +** tests: Fix linking of tests/openpgp/keyring self-test. +Reported by Daniel Black in <https://savannah.gnu.org/support/?106543>. + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.6.5 (released 2009-04-11) + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** GnuTLS no longer uses the libtasn1-config script to find libtasn1. +Libtasn1 0.3.4 or later is required. This is to align with the +upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.4 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" +<deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks <special@dereferenced.net>. + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill <stan@saticed.me.uk>. + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" <deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor +<dkg@fifthhorseman.net> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, +debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn +Gillmor <dkg@fifthhorseman.net>. + +** libgnutls: Fix compile error with Sun CC. +Reported by Jeff Cai <jeff.cai@sun.com> in +<https://savannah.gnu.org/support/?106549>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.3 (released 2008-12-12) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer <Michael-Kiefer@web.de> in +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by +Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser <michael@weiser.dinsnail.net> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1465>. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.2 (released 2008-11-12) + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes <meskes@debian.org> in +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.1 (released 2008-11-10) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to <http://www.gnu.org/software/gnutls/security.html> + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick <quick@sparq.org> in +<https://savannah.gnu.org/support/index.php?106454>. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko <ucko@ncbi.nlm.nih.gov>. + +** libgnutls-openssl: Fix patch against X509_get_issuer_name. +It incorrectly returned the subject DN instead of issuer DN in v2.6.0. +Thanks to Thomas Viehmann <tv@beamnet.de> for report. + +** certtool: Print a PKCS #8 key even if it is not encrypted. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.0 (released 2008-10-06) + +** libgnutls: Correct printing and parsing of IPv6 addresses. + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann <tv@beamnet.de>. + +** certtool: Use inet_pton for parsing IPv6 addresses. + +** Major changes compared to the v2.4 branch: + +*** Added API to replace and update the crypto backend. + +*** certtool: can add several subject alternative names via template file. + +*** opencdk: Parse (but not decrypt) encrypted secret keys. + +*** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +*** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. + +*** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. + +*** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +*** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +*** libgnutls: New API to set the public parameters in a certificate request +*** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. + +*** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +*** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. + +*** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +*** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +*** API/ABI changes in GnuTLS 2.6 +No functions have been removed or modified. The library should be +fully backwards compatible on both the source and binary level. + +A new header file <gnutls/crypto.h> have been added. It contains +definitions related to replacing the internal crypto functionality. +All definitions and the header itself is experimental but supported. + +We have realized that the symbols TLS_MASTER_SIZE and TLS_RANDOM_SIZE +does not use the normal namespace. We have added GNUTLS_MASTER_SIZE +and GNUTLS_RANDOM_SIZE, but the old symbols are still defined. + +The following functions have been added to libgnutls: + +GNUTLS_MASTER_SIZE +GNUTLS_RANDOM_SIZE +gnutls_crypto_bigint_register2 +gnutls_crypto_cipher_register2 +gnutls_crypto_digest_register2 +gnutls_crypto_mac_register2 +gnutls_crypto_pk_register2 +gnutls_crypto_rnd_register2 +gnutls_crypto_single_cipher_register2 +gnutls_crypto_single_digest_register2 +gnutls_crypto_single_mac_register2 +gnutls_ext_register +gnutls_pk_get_id +gnutls_pk_get_name +gnutls_pk_list +gnutls_session_set_finished_function +gnutls_sign_get_id +gnutls_sign_get_name +gnutls_sign_list +gnutls_srp_set_prime_bits: +gnutls_strerror_name +gnutls_x509_crq_set_key_rsa_raw +gnutls_x509_crt_set_crl_dist_points2 +gnutls_x509_crt_set_subject_alt_name + +The following functions have been added to libgnutls-extra: + +gnutls_register_md5_handler + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.9 (released 2008-09-29) + +** libgnutls: Fix several memory leaks. +Reported by Sam Varshavchik <mrsam@courier-mta.com>. + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: crypto.h gnutls_pk_params_st changes allocation strategy. +The parameters are now allocated in the structure itself. + +** doc: Texinfo HTML manual uses a stylesheet to improve readability. + +** tests: Scripts now use EXEEXT properly. +Modern libtool doesn't create wrapper script, so the self tests need +to invoke certtool.exe under MinGW32+Wine. + +** Uses autoconf 2.63, automake 1.10.1, libtool 2.2.6a. +Automake warnings are now also enabled. + +** API and ABI modifications: +gnutls_pk_params_st: MODIFIED + +* Version 2.5.8 (released 2008-09-21) + +** certtool: updated so it can add several subject alternative names using +the template file. + +** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers. + +** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick +<quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>. + +** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc. +Also fix overflows in calls to those functions. Reported by Werner +Koch <wk@gnupg.org>. + +** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +** Opencdk: Add calls to gnutls_assert to ease debugging. + +** Indent code. + +** API and ABI modifications: +gnutls_srp_set_prime_bits: ADDED +gnutls_register_md5_handler: ADDED +gnutls_x509_crt_set_crl_dist_points2: ADDED +gnutls_x509_crt_set_subject_alt_name: ADDED + +* Version 2.5.7 (released 2008-09-16) + +** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Fix libgnutls shared library version. +It wasn't properly incremented after adding symbols in the last +release. + +** manual: Now mention supported public key and public key signing algorithms. + +** tests/openssl: initialize gnutls before use. + +** tests/setcredcrash: New test to catch regressions of gnutls_credentials_set. + +** GTK-DOC manual: mention new symbols in 2.6.x. Mention crypto.h functions. + +** API and ABI modifications: +gnutls_sign_get_name: ADDED +gnutls_pk_get_name: ADDED + +* Version 2.5.6 (released 2008-09-08) + +** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. Suggested by Sam +Varshavchik <mrsam@courier-mta.com>. + +** libgnutls: Refactor and clean up some code. + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli: Improve --list output to include public key and signature algs. + +** gnutls-cli, gnutls-serv: Remove --copyright parameter. +Use standard --version to get license info. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby <jw+debian@jameswestby.net>. + +** tests: New self-test pgps2kgnu to test parsing of encrypted secrets. +Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>. + +** API and ABI modifications: +gnutls_pk_list: ADDED +gnutls_pk_get_id: ADDED +gnutls_sign_list: ADDED +gnutls_sign_get_id: ADDED + +* Version 2.5.5 (released 2008-08-29) + +** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +** libgnutls: Fix include paths so that building with internal libtasn1 works. +Reported by "jth.net ApS" <info@jth.net>. + +** libgnutls: Fix segmentation fault when generating private keys. +Reported by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>. + +** libgnutls: Remove code to import certificate chains in PKCS#7 format. +The code has not worked since v0.9.0 and apparently nobody has missed +it, so we decided to remove the code rather than fix it. If you have +old certificate chains stored in PKCS#7 format, you can convert them +to a list of PEM certificates by using 'certtool --p7-info'. Reported +by Christian Grothoff <christian@grothoff.org>. + +** opencdk: Parse (but not decrypt) encrypted secret keys. +Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>. + +** libgnutls: Fix many warnings. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** Add French translation, thanks to Nicolas Provost. + +** API and ABI modifications: +gnutls_strerror_name: ADDED + +* Version 2.5.4 (released 2008-08-19) + +** Fix secure memory initialization of libgcrypt. +Reported by Joe Orton <joe@manyfish.co.uk> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2992>. + +** Doc fixes. +Reference to NIST SP 800-57 in the manual on key size recommendations. +Added 'Since:' tags to new APIs for gtk-doc. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.3 (released 2008-08-14) + +** libgnutls: New API to set the public parameters in a certificate request +** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. Inspired by +discussion with "Zach C." <fxchip@gmail.com>. + +** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +** libgnutls: Drop final comma after GNUTLS_CRT_PRINT_UNSIGNED_FULL in enum. +Reported in <https://savannah.gnu.org/support/?106453>. + +** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. +The new names are GNUTLS_MASTER_SIZE and GNUTLS_RANDOM_SIZE. The old +names are mapped to the new names in compat.h. These mappings will +likely be removed more quickly than other mappings in that file due to +the namespace violation. + +** libgnutlsxx: Make it build when SRP is disabled. + +** doc: Add doxygen files in doc/doxygen/. + +** API and ABI modifications: +gnutls_x509_crq_set_key_rsa_raw: ADDED +gnutls_session_set_finished_function: ADDED +gnutls_finished_callback_func: ADDED +GNUTLS_MASTER_SIZE: ADDED +GNUTLS_RANDOM_SIZE: ADDED +TLS_MASTER_SIZE: DEPRECATED +TLS_RANDOM_SIZE: DEPRECATED + +* Version 2.5.2 (released 2008-07-08) + +** libgnutls: Fix bug in gnutls_dh_params_generate2. +The prime and generator was swapped. + +** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +** Move more code for TLS/IA extension from libgnutls to libgnutls-extra. +This was made possible by using the new gnutls_ext_register interface. +The TLS/IA functionality has only been supported through the +libgnutls-extra library, so it makes sense for the code to belong +there too. + +** API and ABI modifications: +gnutls_ext_recv_func: ADDED +gnutls_ext_send_func: ADDED +gnutls_ext_parse_type_t: ADDED +gnutls_ext_register: ADDED + +* Version 2.5.1 (released 2008-07-02) + +** Indent code. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.0 (released 2008-07-02) + +** Port fixes from v2.4.1 release, see below. + +** Added API to replace and update the crypto backend. +The header gnutls/crypto.h is now officially supported, and declares +the symbols below. + +** Rewritten opencdk crypto backend, to use the gnutls internal one. + +** Update gnulib and translations. +The gnulib gc crypto code has been removed since it was never finished +and is no longer even used. An internal non-libgcrypt crypto +implementation may be added in the future, but we'll decide that later +on. + +** API and ABI modifications: +gnutls_crypto_bigint_register2: ADDED. +gnutls_crypto_cipher_register2: ADDED. +gnutls_crypto_digest_register2: ADDED. +gnutls_crypto_mac_register2: ADDED. +gnutls_crypto_pk_register2: ADDED. +gnutls_crypto_rnd_register2: ADDED. +gnutls_crypto_single_cipher_register2: ADDED. +gnutls_crypto_single_digest_register2: ADDED. +gnutls_crypto_single_mac_register2: ADDED. + +* Version 2.4.3 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" +<deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" <deengert@anl.gov> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor +<dkg@fifthhorseman.net> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, +debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn +Gillmor <dkg@fifthhorseman.net>. + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer <Michael-Kiefer@web.de> in +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by +Andreas Metzler <ametzler@downhill.at.eu.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>. + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes <meskes@debian.org> in +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>. + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to <http://www.gnu.org/software/gnutls/security.html> + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: Avoid use of non-thread safe strerror. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.2 (released 2008-09-15) + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Corrected memory leak in X.509 functions. +Thanks to Colin Leroy <colin@colino.net>. + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby <jw+debian@jameswestby.net>. + +** tests/openssl: initialize gnutls before use. +Fixes crash with libgcrypt 1.4.2. Reported by Ludovic Courtes +<ludovic.courtes@laas.fr>. + +** doc/: Fix texinfo markup for old texinfo versions. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.1 (released 2008-06-30) + +** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] +If the gnutls_handshake function is called for a normal session, which +can happen for re-handshakes, the library would crash because it tried +to hash some data using a libgcrypt handle that had been deallocated. +Report and tiny patch from Tomas Mraz <tmraz@redhat.com>. Any updates +with more details about this vulnerability will be added to +<http://www.gnu.org/software/gnutls/security.html> + +** libgnutls: Fix memory leaks when doing a re-handshake. +Reported by Sam Varshavchik <mrsam@courier-mta.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>. + +** Fix compiler warnings. +Reported by Massimo Gaspari <massimo.gaspari@alice.it> in +<http://thread.gmane.org/gmane.network.gnutls.general/1281>. + +** Fix ordering of -I's to avoid opencdk.h conflict with system headers. +Reported by Roman Bogorodskiy <novel@FreeBSD.org> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>. + +** srptool: Fix a problem where --verify check does not succeed. +Report and tiny patch by Matthias Koenig <mkoenig@suse.de> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2944>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.0 (released 2008-06-19) + +** Major changes compared to the v2.2 branch: + +*** The OpenPGP sub-system has been improved and now supports subkeys. + +*** The PSK sub-system has been improved and now supports password +*** derivation and PSK identity hints. +The password derivation algorithms support is documented in +draft-ietf-netconf-tls-02.txt. + +*** The certtool --inder and --outder has been replaced by --inraw and --outraw. +This aligns terminology with OpenPGP, which doesn't use DER encoding. +The old parameters will continue to work for some time. + +*** Certtool now confirm passwords and changes permissions of private key files. + +*** The default handshake size limit has been increased to 48kb. +It appears as if some valid handshakes are large due to sending many +CA certificates. (The earlier limit was 16kb.) + +*** LZO compression is now disabled by default. +The main reason is that LZO compression in TLS is not standardized, +but license compatiblity issues with minilzo triggered us to make this +decision now. + +*** Improvements for cross-compilation to Windows and OpenWRT. + +*** The look of the GTK-DOC manual has been improved. +Major developer visible changes compared to the v2.2 branch: + +*** Full OpenPGP support is part of libgnutls, licensed under the LGPL. + +*** New APIs to access the raw X.509 Subject and Issuer DN's and +*** elements from the certificate credentials structure. +Thanks to Joe Orton. + +*** New APIs to improve working with username/passwords and PSK. + +*** Names of constants to affect certificate printing changed. +The constants are used for OpenPGP too, which the names didn't +reflect, so the following name change has been made: + + Old name New name + GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL + GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE + GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL + +The old names will be mapped to the new names for some time. + +*** The function gnutls_openpgp_privkey_get_id has been renamed to +*** gnutls_openpgp_privkey_get_key_id. +A compatibility mapping exists to avoid breaking API backwards +compatibility. + +*** Replaced all uses of alloca with malloc and free. + +*** We no longer build with -D_REENTRANT -D_THREAD_SAFE. +We have been unable to find a documented rationale for this practice. + +*** Of course, many smaller fixes have been made, see the ChangeLog file. + +*** API/ABI changes in GnuTLS 2.4 +All OpenPGP related functions have been moved from libgnutls-extra to +libgnutls, and several new functions have been added (see below). +Before making the release, we discussed whether moving functions from +libgnutls-extra to libgnutls would require us to increment the ABI +version, but the general opinion was that this would not be required. +All older functions continue to work the same. We are open to the +possibility that this decision will lead to problem on some platform, +and if it turns out that the Right Thing should have been to increment +the shared library version, we would need to release an update within +the 2.4.x branch that increments the shared library version. + +This release adds the following functions: + + gnutls_psk_client_get_hint + gnutls_psk_set_server_credentials_hint + gnutls_psk_netconf_derive_key + + Used to get/set the PSK identity hint, and derive PSK keys from + passwords a'la netconf. + + gnutls_x509_dn_deinit + gnutls_x509_dn_export + gnutls_x509_dn_import + gnutls_x509_dn_init + + Used to handle X.509 Certificate DN's directly. + + gnutls_hex2bin + + Converts a data buffer to hex. Useful for handling PSK/SRP shared + secrets. + + gnutls_certificate_get_x509_cas + gnutls_certificate_get_x509_crls + gnutls_certificate_get_openpgp_keyring + + Functions for direct access to credential elements. + + gnutls_openpgp_crt_get_auth_subkey + gnutls_openpgp_crt_get_key_id + gnutls_openpgp_crt_get_pk_dsa_raw + gnutls_openpgp_crt_get_pk_rsa_raw + gnutls_openpgp_crt_get_preferred_key_id + gnutls_openpgp_crt_get_revoked_status + gnutls_openpgp_crt_get_subkey_count + gnutls_openpgp_crt_get_subkey_creation_time + gnutls_openpgp_crt_get_subkey_expiration_time + gnutls_openpgp_crt_get_subkey_fingerprint + gnutls_openpgp_crt_get_subkey_id + gnutls_openpgp_crt_get_subkey_idx + gnutls_openpgp_crt_get_subkey_pk_algorithm + gnutls_openpgp_crt_get_subkey_pk_dsa_raw + gnutls_openpgp_crt_get_subkey_pk_rsa_raw + gnutls_openpgp_crt_get_subkey_revoked_status + gnutls_openpgp_crt_get_subkey_usage + gnutls_openpgp_crt_print + gnutls_openpgp_crt_set_preferred_key_id + gnutls_openpgp_keyring_get_crt + gnutls_openpgp_keyring_get_crt_count + gnutls_openpgp_privkey_export + gnutls_openpgp_privkey_export_dsa_raw + gnutls_openpgp_privkey_export_rsa_raw + gnutls_openpgp_privkey_export_subkey_dsa_raw + gnutls_openpgp_privkey_export_subkey_rsa_raw + gnutls_openpgp_privkey_get_fingerprint + gnutls_openpgp_privkey_get_key_id + gnutls_openpgp_privkey_get_pk_algorithm + gnutls_openpgp_privkey_get_preferred_key_id + gnutls_openpgp_privkey_get_revoked_status + gnutls_openpgp_privkey_get_subkey_count + gnutls_openpgp_privkey_get_subkey_creation_time + gnutls_openpgp_privkey_get_subkey_expiration_time + gnutls_openpgp_privkey_get_subkey_fingerprint + gnutls_openpgp_privkey_get_subkey_id + gnutls_openpgp_privkey_get_subkey_idx + gnutls_openpgp_privkey_get_subkey_pk_algorithm + gnutls_openpgp_privkey_get_subkey_revoked_status + gnutls_openpgp_privkey_set_preferred_key_id + + New OpenPGP related functions. + + The function gnutls_openpgp_crt_get_key_id is the same as the old + from gnutls_openpgp_crt_get_id, see above. + +The release also adds a new header file 'gnutls/crypto.h', however it +is currently not used. + +** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys. +Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>. + +** API and ABI modifications: +gnutls_openpgp_crt_get_subkey_fingerprint: ADDED. +gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED. + +* Version 2.3.15 (released 2008-06-15) + +** Disable the openpgp-certs self-tests. +It results in failure under Wine and doesn't work on Debian buildds. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.14 (released 2008-06-11) + +** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour. +An OpenPGP certificate is now only considered verified if all the user +IDs are verified. + +** Examples: Make C++ example compile. +Earlier it may have failed with an unresolved reference to strlen. + +** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid. +Reported by Sam Varshavchik <mrsam@courier-mta.com>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.13 (released 2008-06-07) + +** libgnutls [OpenPGP]: Make OpenPGP handshakes work again. + +** doc/: Add psktool to info index. Some minor cleanups. + +** tests/: Added non-forking TLS handshake test, see tests/mini.c. + +** tests/: Added libgcrypt.supp which can be used with valgrind. +The file suppresses the known libgcrypt memory leaks, so they aren't +printed when you run valgrind on the gnutls self-tests. Use it as +follows: valgrind --suppressions=libgcrypt.supp ./x509self or add +'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your +~/.valgrindrc file. + +** tests/: Reduce amount of debugging output by default. +Use --verbose for each test to get the full output. + +** tests/: Fix memory leaks in several self-tests. +None of the self tests should be leaking memory when running valgrind +or similar tools. (Known exceptions are dhepskself, pskself, and +set_pkcs12_cred, which appear likely to be due to memory leaks in the +library.) + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.12 (released 2008-06-04) + +** Merge gnutls_with_netconf branch. + +*** libgnutls [PSK]: New API to retrieve PSK identity hint in client. +The function is gnutls_psk_client_get_hint. + +*** libgnutls [PSK]: New API to set PSK identity hint in server. +The function is gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support server key exchange with PSK identity hint. +In the client, the message is parsed and the application can use +gnutls_psk_client_get_hint to retrieve the hint. In the server, the +message is sent if the application has specified a PSK identity hint +using gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support Netconf PSK key derivation. +The function gnutls_psk_netconf_derive_key supports the PSK key +derivation as specified in draft-ietf-netconf-tls-02.txt. New self +test netconf-psk.c. + +*** psktool: Support new --netconf-hint to generate PSK key from password. +Uses the Netconf algorithm to derive PSK key from password. + +*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint. + +*** gnutls-cli: Always support PSK modes, through a callback. +The callback will derive a PSK key using Netconf algorithm. It will +print the PSK identity hint to help the user. + +*** New PSK example client and server. +See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c. + +** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms. +The code didn't work properly on platforms where 'char' is unsigned, +when you set version 0. Reported by Laurence Withers +<l@lwithers.me.uk> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>. + +** libgnutls-openssl: added RAND_pseudo_bytes API. +Patch from Robert Millan <rmh@aybabtu.com>. + +** API and ABI modifications: +RAND_pseudo_bytes: ADDED to libgnutls-openssl. +gnutls_psk_client_get_hint: ADDED. +gnutls_psk_set_server_credentials_hint: ADDED. +gnutls_psk_netconf_derive_key: ADDED + +* Version 2.3.11 (released 2008-05-20) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler +<ametzler@downhill.at.eu.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>. + +** Don't use gnulib headers when building C++ library. +Fixes builds under Windows. + +** Make umask a requirement. +We don't know of any system that lacks it, even GNU CoreUtils use it +unconditionally. + +** Update gnulib files. +Fixes a problem where it pulled in a replacement for memcmp under +MinGW, which caused the C++ example to fail to build. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.10 (released 2008-05-19) + +** Added wide wildcard hostname matching. +Tiny patch by Jean-Philippe Garcia Ballester. + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to +<http://www.gnu.org/software/gnutls/security.html> + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** libgnutlsxx: Updated API according to patches from Eduardo +Villanueva Che (discussion at +<http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>) + +** Use umask to restrict permissions to owner before creating a file. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.9 (released 2008-05-16) + +** libgnutls: Fix build failures if SRP/OpenPGP is disabled. +Based on report and tiny patches from +<jared.jennings.ctr@eglin.af.mil>, see +<https://savannah.gnu.org/support/index.php?106342>. + +** libgnutls: Translation fixes. + +** gnutls-cli: Fix so that PSK authentication works. +Also improve manual to give example for gnutls-cli PSK authentication. + +** certtool: Encrypting a private key now require a confirmed password. +Before './certtool -k -8' would merely ask for a password once. +Reported by Daniel 'NebuchadnezzaR' Dehennin +<nebuchadnezzar@asgardr.info> see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>. + +** certtool: When writing private keys to files, change permissions of file. +Now the file which the private key is saved to is chmod'ed 0600. +Reported by martin f krafft <madduck@debian.org> see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>. + +** guile: Fix -fgnu89-inline test. + +** Removed --enable-profile-mode. +The code linked gnutls with the libfc project (Function Check) which +appears to have been stalled since around 2002. + +** Clean up header file checks by ./configure. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.8 (released 2008-04-29) + +** libgnutls: Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente" +<marc@mclemente.net> for reporting and providing test servers. + +** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE +Returned when the handshake data size is too large. Before +GNUTLS_E_MEMORY_ERROR was used, which could be confused with other +error situations. + +** libgnutls: Hide definitions in crypto.h. +We have decided that the APIs defined in crypto.h are not stable +enough for v2.4, so don't use any of those functions. + +** gnutls-cli: exit when hostname doesn't match certificate. +Use --insecure to avoid hostname comparison. + +** certtool: --inder and --outder replaced by --inraw and --outraw. +The reason is to align terminology with OpenPGP, which doesn't use +DER. The old parameters will continue to work for some time. + +** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual. + +** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings. + +** Mingw32: Revert libgcrypt vasprintf work-around added in last release. +Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the +vasprintf symbol from the libgcrypt library which caused problems. + +** Update of gnulib files. + +** tests: New self-test of crypto.h RNG code tests/crypto_rng. + +** API and ABI modifications: +GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED. + +* Version 2.3.7 (released 2008-04-21) + +** opencdk now properly sets the key usage bits into openpgp keys. + +** gnutls-cli: Fix crash on TLS handshake failures. +Reported by "Marc F. Clemente" <marc@mclemente.net> in Debian BTS #466477. +This is similar to <http://bugs.debian.org/429183>. + +** certtool: with --generate-request and newly generated keys, print the key. + +** Build fixes for MinGW. +Missing rpl_fseeko symbol in lib/opencdk/. Better checks for linking +with -lws2_32 when needed. Use ASCII only isprint() when printing +X.509 certificate information, to avoid non-ASCII but printable +characters. Thanks to Massimo Gaspari <massimo.gaspari@alice.it> for +reports. + +** Update internal copy of libtasn1 to version 1.4. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.6 (released 2008-04-17) + +** Make gnutls_x509_crq_sign2 set certificate request version if not set. +** Improve documentation for gnutls_x509_crq_sign2. +Based on report from "John Brooks" <aspecialj@gmail.com> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1154>. + +** tests/pathlen: run diff without parameters to improve portability. +Based on HPUX build hints in +<http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>. + +** Don't use %e specifier with strftime, it doesn't work under Windows. +Reported by Massimo Gaspari <massimo.gaspari@alice.it> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1170>. + +** Remove all uses of gnutls_alloca/gnutls_afree. +Use normal gnutls_malloc instead. One reason is increased portability +to Windows, the other is that several of the uses may be unsafe +because the size of data allocated could be large. Reported by +Massimo Gaspari <massimo.gaspari@alice.it> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1170>. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>. + +** Several GTK-DOC related fixes. + +** Clean up OpenCDK related code. +GnuTLS now requires its internal OpenCDK code rather than the external +GPL library OpenCDK. Unfortunately, we don't have resources to +maintain an external library (help welcome). + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.5 (released 2008-04-14) + +** Build fix for MinGW and --disable-shared. +Reported by Massimo Gaspari <massimo.gaspari@alice.it> in +<http://permalink.gmane.org/gmane.network.gnutls.general/1145>. + +** Document how to generate CRLs. +Suggested by "Rainer Gerhards" <rgerhards@gmail.com>. + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Several minor fixes in the OpenPGP interface. +Thanks to Daniel Kahn Gillmor. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers <l@lwithers.me.uk>, see +<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>. + +** Translations files not stored directly in git to avoid merge conflicts. + +** New APIs to let applications replace the RNG used. +Update all RNG callers in the code to use the new interface. + +** Guile code now built with -fgnu89-inline to fix inline semantic problem. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_crypto_rnd_register: ADDED +gnutls_rnd_level_t: ADDED +GNUTLS_RND_KEY: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_RANDOM: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_NONCE: ADDED, gnutls_rnd_level_t member +gnutls_crypto_rnd_st: ADDED +GNUTLS_DIG_SHA224: ADDED +GNUTLS_SIGN_RSA_SHA224: ADDED +gnutls_openpgp_crt_get_auth_subkey: MODIFIED + +* Version 2.3.4 (released 2008-03-19) + +** Finish renaming of gnutls_certificate_export_x509_cas etc. +They weren't renamed in the public header file. + +** Added functions to register a cipher/mac/digest. This allows to +override the included ones. + +** Fix a bunch of compiler warnings. + +** API and ABI modifications: +gnutls_crypto_cipher_st: ADDED +gnutls_crypto_mac_st: ADDED +gnutls_crypto_digest_st: ADDED +gnutls_crypto_cipher_register: ADDED +gnutls_crypto_mac_register: ADDED +gnutls_crypto_digest_register: ADDED +GNUTLS_E_CRYPTO_ALREADY_REGISTERED: ADDED + +* Version 2.3.3 (released 2008-03-10) + +** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h. +Reported by Roman Bogorodskiy <novel@FreeBSD.org>. + +** No longer compiled using -D_REENTRANT -D_THREAD_SAFE. +We could not find any modern justification for enabling these flags by +default. If you know of some platform that needs one of the flags to +work properly, please let us know. (Actually introduced in v2.3.0 but +not documented until now.) + +** Importing many CA certificates are now considerably faster. +This affect gnutls_certificate_set_x509_trust_mem, +gnutls_certificate_set_x509_trust, and +gnutls_certificate_set_x509_trust_file. The complexity was reduced +from O(2*n^2) to O(n). When adding 206 files containing 408 +certificates, using gnutls_certificate_set_x509_trust_file, the time +dropped from 40 seconds to 0.3 seconds. Thanks to Edgar Fuß for code +to trigger the problem. See also +<http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>. + +** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name +** to be explicit that it takes zero terminated data. + +** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters. + +** Documentation fixes for the GTK-DOC manual. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +<https://savannah.gnu.org/support/?106267>. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length, + and char* instead of void* for output buffer. + +* Version 2.3.2 (released 2008-02-26) + +** Fix srcdir!=objdir failure in openpgpself test. + +** Improved API documentation output from GTK-DOC. + +** Added gnutls_x509_dn_export(). Patch by Joe Orton. + +** Renamed gnutls_certificate_export_x509_cas and friends. +See <http://lists.gnu.org/archive/html/gnutls-devel/2008-02/msg00043.html>. + +** Internal header files cleanup. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: RENAMED to gnutls_certificate_get_x509_cas +gnutls_certificate_export_x509_crls: RENAMED to gnutls_certificate_get_x509_crls +gnutls_certificate_export_openpgp_keyring: RENAMED to gnutls_certificate_get_openpgp_keyring +gnutls_x509_dn_export: ADDED + +* Version 2.3.1 (released 2008-02-21) + +** OpenPGP support merged into libgnutls and is now licensed under LGPL. +The included copy of OpenCDK has been stripped down and re-licensed +under the LGPL. + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers <l@lwithers.me.uk>. + +** gnutls-cli: When -d is used, also prints RNG information from libgcrypt. + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** Add section 'On Record Padding' to the manual. +This collects all problems related to record padding with +Nokia/Sony-Ericsson phones that we know about. + +** Several improvements in the OpenPGP authentication. +Now subkeys can be used for authentication, according to +draft-mavrogiannopoulos-rfc5081bis-00.txt. + +** certtool can print information on OpenPGP certificates and keys. + +** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN. +Patch by Joe Orton. + +** Added gnutls_certificate_export_x509_cas and other functions to +export elements from the certificate credentials structure. Based on +suggestion from Joe Orton. + +** Doc fixes. +Clarify that srp_base64 is not the same as normal base64. + +** Fix non-portable use of brace expansion in makefiles. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: ADDED +gnutls_certificate_export_x509_crls: ADDED +gnutls_certificate_export_openpgp_keyring: ADDED +gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char[8]'. +gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id. +gnutls_openpgp_crt_get_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_count: ADDED +gnutls_openpgp_crt_get_subkey_idx: ADDED +gnutls_openpgp_crt_get_subkey_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_crt_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_expiration_time: ADDED +gnutls_openpgp_crt_get_subkey_id: ADDED +gnutls_openpgp_crt_get_subkey_usage: ADDED +gnutls_openpgp_privkey_get_fingerprint: ADDED +gnutls_openpgp_privkey_get_key_id: ADDED +gnutls_openpgp_privkey_get_subkey_count: ADDED +gnutls_openpgp_privkey_get_subkey_idx: ADDED +gnutls_openpgp_privkey_get_subkey_revoked_status: ADDED +gnutls_openpgp_privkey_get_revoked_status: ADDED +gnutls_openpgp_privkey_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_privkey_get_subkey_expiration_time: ADDED +gnutls_openpgp_privkey_get_subkey_id: ADDED +gnutls_openpgp_privkey_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_subkey_pk_rsa_raw: ADDED +gnutls_openpgp_crt_get_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_pk_rsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_dsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_rsa_raw: ADDED +gnutls_openpgp_privkey_export_dsa_raw: ADDED +gnutls_openpgp_privkey_export_rsa_raw: ADDED +gnutls_openpgp_privkey_export: ADDED +gnutls_certificate_set_openpgp_key_file2: ADDED +gnutls_certificate_set_openpgp_key_mem2: ADDED +gnutls_x509_dn_init: ADDED +gnutls_x509_dn_import: ADDED +gnutls_x509_dn_deinit: ADDED +GNUTLS_E_OPENPGP_SUBKEY_ERROR: ADDED +gnutls_hex2bin: ADDED +GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL. +GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE. +GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as + old GNUTLS_X509_CRT_UNSIGNED_FULL. + +* Version 2.3.0 (released 2008-01-08) + +** LZO compression is now disabled by default. +The reason is that LZO compression is not standardized in TLS. If you +wish to experiment with it, you will have to supply --with-lzo when +invoking ./configure. The internal copy of minilzo is no longer +included with GnuTLS, so you will need to install liblzo or liblzo2 on +your system to have --with-lzo to be effective. + +** More than one server name field is now sent to the server properly. +Thanks to mark.phillips@virgin.net. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.5 (released 2008-05-19) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler +<ametzler@downhill.at.eu.org> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.4 (released 2008-05-19) + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to +<http://www.gnu.org/software/gnutls/security.html> + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.3 (released 2008-05-06) + +** Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente" +<marc@mclemente.net> for reporting and providing test servers. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +<https://savannah.gnu.org/support/?106267>. + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers <l@lwithers.me.uk>, see +<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>. + +** Make Camellia encryption work. +Reported by Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> in +<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2746>. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.2 (released 2008-02-21) + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers <l@lwithers.me.uk>. + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.1 (released 2008-01-17) + +** Prevent linking libextra against previously installed libgnutls. +Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see +<http://bugs.gentoo.org/show_bug.cgi?id=202269>. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.0 (released 2007-12-14) + +** Update internal copy of libtasn1 to version 1.2. + +** Certtool --verify-chain now handle inputs larger than 64kb. +This fixes the self-test "rsa-md5-collision" under MinGW+Wine with +recent versions of libgcrypt. The problem was that Wine with the +libgcrypt RNG generates huge amounts of debugging output. + +** Translation updates. +Added Dutch translation. Updated Polish and Swedish translation. + +** Major changes compared to the v2.0 branch: + +*** SRP support aligned with newly published RFC 5054. + +*** OpenPGP support aligned with newly published RFC 5081. + +*** Support for DSA2 keys. + +*** Support for Camellia cipher. + +*** Support for Opaque PRF Input extension. + +*** PKCS#8 parser now handle DSA keys. + +*** Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. +Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier +versions, such as 2.01 which is included with GnuTLS, is available +under GPLv2 or later. If this incompatibility causes problems, we +recommend you to disable LZO using --without-lzo. LZO compression is +not a standard TLS compression algorithm, so the impact should be +minimal. + +*** Functions for disabling record protocol padding. +Works around bugs on Nokia/Ericsson phones. + +*** New functions gnutls_priority_set() for setting cipher priorities easily. +Priorities like "COMPAT" also enables other work arounds, such as +disabling padding. + +*** Other minor improvements and bug fixes. + +** Backwards incompatible API/ABI changes in GnuTLS 2.2 +To adapt to changes in the TLS extension specifications for OpenPGP +and SRP, the GnuTLS API had to be modified. This means breaking the +API and ABI backwards compatibility. That is something we try to +avoid unless it is necessary. We decided to also remove the already +deprecated stub functions for X.509 to XML conversion and TLS +authorization (see below) when we had the opportunity. + +Generally, most applications does not need to be modified. Just +re-compile them against the latest GnuTLS release, and it should work +fine. + +Applications that use the OpenPGP or SRP features needs to be +modified. Below is a list of the modified APIs and discussion of what +the minimal things you need to modify in your application to make it +work with GnuTLS 2.2. + +Note that GnuTLS 2.2 also introduces new APIs -- such as +gnutls_set_priority() that is superior to +gnutls_set_default_priority() -- that you may want to start using. +However, using those new APIs is not required to use GnuTLS 2.2 since +the old functions continue are still supported. This text only +discuss what you minimally have to modify. + +*** XML related changes +The function `gnutls_x509_crt_to_xml' has been removed. It has been +deprecated and only returned an error code since GnuTLS version +1.2.11. Nobody has complained, so users doesn't seem to miss the +functionality. We don't know of any other library to convert X.509 +certificates into XML format, but we decided (long ago) that GnuTLS +isn't the right place for this kind of functionality. If you want +help to find some other library to use here, please explain and +discuss your use case on help-gnutls@gnu.org. + +*** TLS Authorization related changes +Everything related to TLS authorizations have been removed, they were +only stub functions that returned an error code: + + GNUTLS_SUPPLEMENTAL_AUTHZ_DATA + gnutls_authz_data_format_type_t + gnutls_authz_recv_callback_func + gnutls_authz_send_callback_func + gnutls_authz_enable + gnutls_authz_send_x509_attr_cert + gnutls_authz_send_saml_assertion + gnutls_authz_send_x509_attr_cert_url + gnutls_authz_send_saml_assertion_url + +*** SRP related changes +The callback gnutls_srp_client_credentials_function has a new +prototype, and its semantic has changed. You need to rewrite the +callback, see the updated function documentation and SRP example code +(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more +information. + +The alert codes GNUTLS_A_MISSING_SRP_USERNAME and +GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP +specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is +used. There are #define's to map the old names to the new. You may +run into problems if you have a switch-case with cases for both SRP +alerts, since they are now mapped to the same value. The solution is +to drop the SRP alerts from such switch cases, as they are now +deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. + +*** OpenPGP related changes +The function `gnutls_certificate_set_openpgp_keyserver' have been +removed. There is no replacement functionality inside GnuTLS. If you +need keyserver functionality, consider using the GnuPG tools. + +All functions, types, and error codes related to OpenPGP trustdb +format have been removed. The trustdb format is a non-standard +GnuPG-specific format, and we recommend you to use key rings instead. +The following have been removed: + + gnutls_certificate_set_openpgp_trustdb + gnutls_openpgp_trustdb_init + gnutls_openpgp_trustdb_deinit + gnutls_openpgp_trustdb_import + gnutls_openpgp_key_verify_trustdb + gnutls_openpgp_trustdb_t + GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED + +The following functions has an added parameter of the (new) type +`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data +(binary or base64). The functions are: + gnutls_certificate_set_openpgp_key_file + gnutls_certificate_set_openpgp_key_mem + gnutls_certificate_set_openpgp_keyring_mem + gnutls_certificate_set_openpgp_keyring_file + +To improve terminology and align with the X.509 interface, some +functions have been renamed. Compatibility mappings exists. The old +and new names of the affected functions and types are: + + Old name New name + gnutls_openpgp_key_t gnutls_openpgp_crt_t + gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t + gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t + GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT + GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT + gnutls_openpgp_key_init gnutls_openpgp_crt_init + gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit + gnutls_openpgp_key_import gnutls_openpgp_crt_import + gnutls_openpgp_key_export gnutls_openpgp_crt_export + gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage + gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint + gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm + gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name + gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version + gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time + gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time + gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id + gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname + gnutls_openpgp_send_key gnutls_openpgp_send_cert + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.8 (released 2007-12-10) + +** The GPL version has been changed from version 2 to version 3. +This affects the self-tests, command-line tools, the libgnutls-extra +library, the relevant guile parts, and the build environment. + +** Added gnutls_x509_crt_get_subject_alt_name2(). + +** Corrected a segfault when setting an empty gnutls_priority_t +at gnutls_priority_set(). + +** Use gettext 0.17 which updates m4/lib-*.m4 macros. +Fixes a problem with spurious -L/usr/lib additions. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_alt_name2: ADD. + +* Version 2.1.7 (released 2007-11-29) + +** PKCS #8 parser can now encode/decode DSA keys. + +** Updated gnutls_set_default_priority2() now renamed to +gnutls_priority_set() and gnutls_priority_set_direct() which +accept a string to indicate preferences of ciphersuite parameters. + +** gnutls-cli and gnutls-serv now have a --priority option to set +the priority string. + +** The gnutls_*_convert_priority() functions were deprecated by +the gnutls_priority_set() and gnutls_priority_set_direct(). + +** Internal copy of OpenCDK upgraded to version 0.6.6. + +** API and ABI modifications: +gnutls_priority_init: ADD. +gnutls_priority_deinit: ADD. +gnutls_priority_set: ADD. +gnutls_priority_set_direct: ADD. +gnutls_set_default_priority2: RENAMED to gnutls_priority_set_direct() +gnutls_mac_convert_priority: REMOVED +gnutls_compression_convert_priority: REMOVED +gnutls_protocol_convert_priority: REMOVED +gnutls_kx_convert_priority: REMOVED +gnutls_cipher_convert_priority: REMOVED +gnutls_certificate_type_convert_priority: REMOVED +gnutls_set_default_priority: UNDEPRECATED +gnutls_set_default_priority_export: UNDEPRECATED + +** Undocumented API and ABI modifications earlier in the 2.1.x series: +GNUTLS_CIPHER_UNKNOWN: ADD. +GNUTLS_CIPHER_CAMELLIA_128_CBC: ADD. +GNUTLS_CIPHER_CAMELLIA_256_CBC: ADD. +GNUTLS_KX_UNKNOWN: ADD. +GNUTLS_COMP_UNKNOWN: ADD. +GNUTLS_CRT_UNKNOWN: ADD. +gnutls_mac_get_id: ADD. +gnutls_compression_get_id: ADD. +gnutls_cipher_get_id: ADD. +gnutls_kx_get_id: ADD. +gnutls_protocol_get_id: ADD. +gnutls_certificate_type_get_id: ADD. +gnutls_handshake_post_client_hello_func: ADD. +gnutls_certificate_send_x509_rdn_sequence: ADD prototype to gnutls.h.in. + +* Version 2.1.6 (released 2007-11-15) + +** Corrected bug in decompression of expanded compression data. + +** Added the --to-p8 option to certtool to convert private keys +to PKCS #8 keys. + +** Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code. + +** gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted +private keys. + +** Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM. +During the 2.1.x series the GNUTLS_E_UNKNOWN_HASH_ALGORITHM error code +was renamed to GNUTLS_E_UNKNOWN_ALGORITHM, unfortunately without being +documented. This caused some problems (e.g., debian #450854). To +avoid backwards compatibility problems, this release revert this +change, so that GNUTLS_E_UNKNOWN_HASH_ALGORITHM works just like it has +done in GnuTLS 2.0.x and earlier, and add a new error code +GNUTLS_E_UNKNOWN_ALGORITHM. + +** Fixes several gtk-doc warnings. + +** API and ABI modifications: +GNUTLS_E_UNKNOWN_ALGORITHM: CHANGED. +GNUTLS_E_UNKNOWN_HASH_ALGORITHM: CHANGED. +GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR: ADD. + +* Version 2.1.5 (released 2007-11-01) + +** Fix PKCS#3 parameter export problem. + +** Improve certtool queries, they now print the default value. + +** Fix ABI version. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.4 (released 2007-10-27) + +** Added the --v1 option to certtool, to allow generating X.509 +version 1 certificates. + +** certtool: Add option --disable-quick-random to enable the old behaviour +of using /dev/random to generate keys. + +** Added priority functions that accept strings. + +** Added gnutls_set_default_priority2() which accepts a flag to indicate +priorities preferences. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** The gnutls_certificate_set_openpgp_* functions were modified to include +the format. This makes the interface consistent with the x509 functions. + +** Internal copy of OpenCDK upgraded to version 0.6.5. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_certificate_set_openpgp_key_mem: MODIFIED +gnutls_certificate_set_openpgp_key_file: MODIFIED +gnutls_certificate_set_openpgp_keyring_mem: MODIFIED +gnutls_certificate_set_openpgp_keyring_file: MODIFIED +gnutls_set_default_priority: DEPRECATED +gnutls_set_default_priority_export: DEPRECATED +gnutls_set_default_priority2: ADDED +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED +gnutls_mac_convert_priority: ADDED +gnutls_compression_convert_priority: ADDED +gnutls_protocol_convert_priority: ADDED +gnutls_kx_convert_priority: ADDED +gnutls_cipher_convert_priority: ADDED +gnutls_certificate_type_convert_priority: ADDED +gnutls_openpgp_key_t: RENAMED to gnutls_openpgp_crt_t +gnutls_openpgp_key_status_t: RENAMED to gnutls_openpgp_crt_status_t +gnutls_openpgp_send_key: RENAMED to gnutls_openpgp_send_cert +gnutls_openpgp_key_init: RENAMED to gnutls_openpgp_crt_init +gnutls_openpgp_key_import: RENAMED to gnutls_openpgp_crt_import +gnutls_openpgp_key_export: RENAMED to gnutls_openpgp_crt_export +gnutls_openpgp_key_check_hostname: RENAMED to gnutls_openpgp_crt_check_hostname +gnutls_openpgp_key_get_creation_time: RENAMED to gnutls_openpgp_crt_get_creation_time +gnutls_openpgp_key_get_expiration_time: RENAMED to gnutls_openpgp_crt_get_expiration_time +gnutls_openpgp_key_get_fingerprint: RENAMED to gnutls_openpgp_crt_get_fingerprint +gnutls_openpgp_key_get_version: RENAMED to gnutls_openpgp_crt_get_version +gnutls_openpgp_key_get_pk_algorithm: RENAMED to gnutls_openpgp_crt_get_pk_algorithm +gnutls_openpgp_key_get_name: RENAMED to gnutls_openpgp_crt_get_name +gnutls_openpgp_key_deinit: RENAMED to gnutls_openpgp_crt_deinit +gnutls_openpgp_key_get_id: RENAMED to gnutls_openpgp_crt_get_id +gnutls_openpgp_key_get_key_usage: RENAMED to gnutls_openpgp_crt_get_key_usage +gnutls_openpgp_key_verify_ring: RENAMED to gnutls_openpgp_crt_verify_ring +gnutls_openpgp_key_verify_self: RENAMED to gnutls_openpgp_crt_verify_self + +* Version 2.1.3 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** Re-enabled the 256 bit ciphers in the default priorities. + +** Corrected bugs in openpgp key verification using a keyring (both in +gnutls and opencdk) + +** API and ABI modifications: +gnutls_certificate_set_openpgp_keyserver: REMOVED +gnutls_authz_data_format_type_t, +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func, +gnutls_authz_enable, +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: REMOVED. +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.1.2 (released 2007-10-14) + +** Removed all the trustdb code from openpgp authentication. +We now use only the well-specified keyrings. + +** The 256 bit ciphers are not enabled in the default priorities. + +** Added support for DSA2 using libgcrypt 1.3.0. + +** certtool: Fixed data corruption when using --outder. + +** Removed all the xml related stubs and functions. + +** Added capability to set a callback after the client hello is received +by the server in order to adjust parameters before the handshake. + +** SRP was corrected to adhere to the latest draft (published soon as RFC) + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** Updated the DN parser which now prints wrongly decoded values as hex +strings. + +** certtool: Add option --quick-random. +For generating low security test credentials. + +** API and ABI modifications: +gnutls_x509_crt_to_xml: REMOVED +gnutls_openpgp_key_to_xml: REMOVED +gnutls_openpgp_key_verify_trustdb: REMOVED +gnutls_openpgp_trustdb_init: REMOVED +gnutls_openpgp_trustdb_deinit: REMOVED +gnutls_openpgp_trustdb_import: REMOVED +gnutls_certificate_set_openpgp_trustdb: REMOVED +gnutls_srp_client_credentials_function: CHANGED +gnutls_handshake_set_post_client_hello_function: ADDED +gnutls_mac_get_key_size: ADDED +GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED: DEPRECATED. +GNUTLS_A_MISSING_SRP_USERNAME: DEPRECATED +GNUTLS_A_UNKNOWN_SRP_USERNAME: DEPRECATED + +* Version 2.1.1 (released 2007-09-24) + +** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA. +Camellia is only enabled in GnuTLS if the installed libgcrypt has been +compiled with Camellia support. See the libgcrypt documentation on +how to enable it. Unconditionally disable it using the configure +option --disable-camellia. Fixes #1. + +** Properly document in the NEWS file the API change in the last release. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.0 (released 2007-09-20) + +** Support for draft-rescorla-tls-opaque-prf-input-00.txt. +The support is disabled by default. Since no value has been allocated +by the IANA for this extension yet, you will need to provide one +yourself by invoking './configure --enable-opaque-prf-input=42'. +Fixes #2. + +** Example code: Fix compilation flaw under MinGW. + +** API and ABI modifications: +gnutls_oprfi_callback_func: ADD, new typedef function prototype. +gnutls_oprfi_enable_client: ADD, new function. +gnutls_oprfi_enable_server: ADD, new function. + +* Version 2.0.4 (released 2007-11-16) + +** Corrected bug in decompression of expanded compression data. + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.3 (released 2007-11-10) + +** This version backports several fixes from the 2.1.x branch. + +** Fixed PKCS #3 parameter export. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** API and ABI modifications: +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED + +* Version 2.0.2 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** certtool: Fixed data corruption when using --outder. + +** Fix configure-time Guile detection. + +** API and ABI modifications: +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.0.1 (released 2007-09-20) + +** New directory doc/credentials/ with test credentials. +This collects the test credentials from the web page and from src/. +The script gnutls-http-serv has also been moved to that directory. + +** Update SRP extension type and cipher suite with official IANA values. +This breaks backwards compatibility with SRP in older versions of +GnuTLS, but this is intentional to speed up the adoption of the +official values. The old values we used were incorrect. + +** Guile: Fix `x509-certificate-dn-oid' + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.0 (released 2007-09-04) + +** Included copy of Libtasn1 upgraded to version 1.1. + +** Disable building of some examples if anonymous ciphers are disabled. + +** Don't build examples for disabled features. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.19 (released 2007-08-27) + +** Fix gnutls_error_is_fatal so that positive "errors" are non-critical. +This solves connection problems in mutt, see +<http://bugs.debian.org/439640>. + +** Update gnulib files. +In particular, the getpass module -- with its dependencies on getline, +getdelim, fseeko etc -- where moved from the lgl/ (used by the core +library) directory to the gl/ directory (only used by the command line +tools). The reason is that getpass is now only used by the +command-line tools, and reducing the number of gnulib modules linked +to the core library helps portability and reduces size. + +** Fix warnings. + +** Disable building of PGP examples if PGP is disabled. + +** Included copy of OpenCDK upgraded to version 0.6.4. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.18 (released 2007-08-16) + +** Install images for the info manual. +This has a side effect of renaming the images. See +<http://thread.gmane.org/gmane.comp.tex.texinfo.bugs/3533> for +discussions on the approach chosen. + +** Fix pointer mix to variables of different size. +Patch extracted from +<http://cvs.fedora.redhat.com/viewcvs/devel/gnutls/gnutls-1.6.3-incompat-pointers.patch?rev=1.1&view=auto>. + +** Fix warnings during build. +Thanks to Andreas Metzler <ametzler@downhill.at.eu.org>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.17 (released 2007-08-15) + +** New functions to perform external signing. +Set the signing callback function (of the gnutls_sign_func prototype) +using the gnutls_sign_callback_set function. In the callback, you may +find the new functions gnutls_x509_privkey_sign_hash and +gnutls_openpgp_privkey_sign_hash useful. A new function +gnutls_sign_callback_get is also added, to retrieve the function +pointer. Thanks to "Alon Bar-Lev" <alon.barlev@gmail.com> for +comments and testing. + +** New self test of client and server authenticated X.509 TLS sessions. +See tests/x509self.c and tests/x509signself.c. The latter also tests +the new external signing callback interface. + +** New errors GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX. +These two actually describe the outer limits of a range of error codes +reserved to the application. All of the errors are treated as fatal +by the library (it has to since it doesn't know the semantics of the +error codes). This can be useful in callbacks, to signal some +application-specific error condition, which will usually eventually +cause some gnutls API to return the same error code as the callback, +which then can be inspected by the application. Note that error codes +are negative. + +** gnutls_set_default_priority now disable TLS 1.2 by default. +The RFC is not released yet, and we're approaching a major release so +let's not enable it just yet. + +** Fix namespace so that gnutls_*_t is used consistently. +Before, many places in the GnuTLS code used the old deprecated type +names without the '_t' suffix. + +** Build fixes for Guile code. +Patch from Ludovic Courtes <ludovic.courtes@laas.fr>. + +** More documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes <ludovic.courtes@laas.fr>. + +** Updated Polish and Swedish translations. +Thanks to Jakub Bogusz <qboosh@pld-linux.org> and Daniel Nylander +<po@danielnylander.se>. + +** API and ABI modifications: +gnutls_sign_func: ADD, new type for sign callback. +gnutls_sign_callback_set: ADD, new function to set sign callback. +gnutls_sign_callback_get: ADD, new function to retrieve sign callback. +gnutls_x509_privkey_sign_hash, +gnutls_openpgp_privkey_sign_hash: ADD, new functions useful in sign callback. +GNUTLS_E_APPLICATION_ERROR_MIN, +GNUTLS_E_APPLICATION_ERROR_MAX: ADD, new CPP #defines for error codes. + +* Version 1.7.16 (released 2007-08-07) + +** Fix sanity checks and return values in certificate selection. +In some cases, GnuTLS omitted to report suitable error codes when no +suitable certificate was found. + +** Fix gnutls-cli starttls EOF on Mac OS X. +Thanks to Hal Eden <n.mavrogiannopoulos@gmail.com>. + +** Documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes <ludovic.courtes@laas.fr>. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.15 (released 2007-07-02) + +** Fix self-tests key-id under mingw32. + +** Test that the Guile header files are recent enough to work. +Before we just tested that the command line tool 'guile' was recent +enough, which may not be sufficient if you still have an old +libguile.h header installed. + +** Guile bindings are now installed under $prefix by default. +Use --without-guile-site-dir to install it under $pkgdatadir/site/ +where $pkgdatadir is as returned by "guile-config info pkgdatadir". +Use --with-guile-site-dir=/your/own/path to specify the path manually. +The default, --with-guile-site-dir, will install the Guile bindings +under $datadir/guile/site. There is a new section 'Guile +Preparations' in the manual that discuss these issues. + +** Fix run-time library path ordering in linking the Guile bindings. + +** Improved manual on downloading, installing, getting help, bug reports etc. +Suggested by Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Add Malay message translations. +Thanks to Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.14 (released 2007-06-26) + +** Don't enable Guile bindings unless we have Guile 1.8 or later. +Patch from Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Fix memory leak during DSA signature verification. +Patch from Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Fix crash in gnutls-cli when TLS handshake fails. +Reported by Marc Haber <mh+debian-bugs@zugschlus.de> and Andreas +Metzler <ametzler@downhill.at.eu.org> via Debian BTS #429183, see +<http://bugs.debian.org/429183>. + +** Minor OpenPGP fixes in stream_to_datum. +Patch from Timo Schulz <twoaday@freakmail.de> and Ludovic Courtès +<ludovic.courtes@laas.fr>. + +** Fix off-by-one in TLS 1.2 handshake. +Patch from Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Minor Guile binding self-test cleanup. +Patch from Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.13 (released 2007-06-11) + +** OpenCDK copy updated to version 0.6.3. + +** Build fixes for GnuTLS Guile bindings. +Patch from Ludovic Courtès <ludovic.courtes@laas.fr>. + +** Build fix for GTK-DOC manual. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.12 (released 2007-06-08) + +** Guile bindings for GnuTLS have been included. +Contributed by Ludovic Courtès <ludovic.courtes@laas.fr>. There is a +new chapter 'Guile Bindings' in the manual. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>. + +** Fix mem leaks. +Reported by Dennis Vshivkov <walrus@amur.ru>, see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>. Added +self-test tests/parse_ca.c to test regressions. + +** Fix build failures related to missing images in manual. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org>. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.11 (released 2007-05-26) + +** Include opencdk.h in the release. +Reported by Roman Bogorodskiy <novel@FreeBSD.org>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.10 (released 2007-05-25) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. + +** Update of gnulib files. + +** GnuTLS is now developed in GIT instead of CVS. +See <http://repo.or.cz/w/gnutls.git> for a public repository. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.7.9 (released 2007-05-12) + +** X.509 certificates are preferred over OpenPGP keys. +This is a change in the semantics of gnutls_set_default_priority. + +** The included copy of OpenCDK has been updated to 0.6.1. +There has been some API changes in OpenCDK, and the GnuTLS layer have +been modified as well. Note that while there are API/ABI incompatible +changes in OpenCDK, this does not influence GnuTLS's API/ABI because +its API/ABI have not changed. From this version on, GnuTLS requires +OpenCDK 0.6.0 or later. + +** Fix build failure caused by missing doc/gnutls-logo.pdf. + +** Change certtool's default serial number from 0 to a time-based value. + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Fix mem leaks in gnutls_x509_crt_print. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.8 (released 2007-04-16) + +** Added examples for the authorization extension. +See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c. + +** The examples only use gnutls_set_default_priority(). +The exception is when DH_ANON is needed. + +** Improve gnutls_set_default_priority() priorities. +The new approach is for it to try and negotiate all secure and +standard mechanisms available. Currently, DH_ANON ciphersuites and +LZO compressions are not enabled by default, because they are, +respectively, insecure and non-standardized. Note that TLS 1.2 will +not be enabled by default in non-experimental release until it has +been approved by the IETF. + +** gnutls-cli and gnutls-serv now uses the library's default priorities. +This means that to get DH_ANON and LZO compression, you'll need to +specify that manually using '--kx anon' or '--comp lzo'. + +** Minor fixes to the human display format of X.509 certificates. + +** New APIs to extract Distinguished Name's from X.509 certificates. +Based on patch from Howard Chu <hyc@symas.com>. + +** Improved library searching for opencdk. +It will now add the appropriate -R or -Wl,-rpath flags as necessary. +The deprecated opencdk.m4 is no longer used. + +** New APIs to list supported algorithms in the library. +The APIs are gnutls_cipher_list, gnutls_mac_list, +gnutls_compression_list, gnutls_protocol_list, +gnutls_certificate_type_list, gnutls_kx_list, and +gnutls_cipher_suite_info. Suggested by Howard Chu <hyc@symas.com>. + +** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys. + +** New configure option --disable-tls-authorization to disable tls-authz. + +** Fix prototype for `gnutls_psk_set_client_credentials'. +The last parameter was renamed from 'flags' to 'format' and the type +changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type), +which shouldn't cause any ABI changes. Reported by ludo@chbouib.org +(Ludovic Courtès). + +** Fix allocation in gnutls_certificate_set_openpgp_key. +Tiny patch from ludo@chbouib.org (Ludovic Courtès). + +** API and ABI modifications: +gnutls_x509_dn_t: ADD. +gnutls_x509_ava_st: ADD. +gnutls_x509_crt_get_subject, +gnutls_x509_crt_get_issuer: ADD. +gnutls_x509_dn_get_rdn_ava: ADD. +gnutls_cipher_list: ADD. +gnutls_mac_list: ADD. +gnutls_compression_list: ADD. +gnutls_protocol_list: ADD. +gnutls_certificate_type_list: ADD. +gnutls_kx_list: ADD. +gnutls_cipher_suite_info: ADD. + +* Version 1.7.7 (released 2007-02-22) + +** Support for supplemental handshake messages and authorization data. +Supplemental data is described in RFC 4680 and the authorization +extensions in draft-housley-tls-authz-extns-07. + +** Support for authorization data in gnutls-cli and gnutls-serv. +New parameters --authz-x509-attr-cert and --authz-saml-assertion. + +** Fix for gnutls_x509_crt_check_hostname. +Before it would have reported that the certificate matched a hostname +when it did not have any dNSName or any CN field. Report and tiny +patch from "Richard W.M. Jones" <rjones@redhat.com>. + +** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname. +Tests regressions of the bug, and several other features. + +** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's. +Before there were no support for iPAddress SAN's during comparison. + +** New API to print information about CRL's. +The function is gnutls_x509_crl_print. + +** New API to extract signature value from CRL's. +The function is gnutls_x509_crl_get_signature. + +** Support for directoryName Subject Alternative Name's. +The gnutls_x509_crt_get_subject_alt_name function returns the DN as a +string in the provided buffer. + +** Internal improvements to certtool. +It uses gnutls_x509_crl_print to print CRL information. It uses some +more gnulib modules to simplify error handling. + +** API and ABI modifications: +GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element. +gnutls_supplemental_data_format_type_t: ADD. +gnutls_authz_data_format_type_t: ADD. +gnutls_supplemental_get_name: ADD. +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func: ADD, callback prototypes. +gnutls_authz_enable: ADD. +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: ADD. +GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element. +gnutls_x509_crl_print: ADD. +gnutls_x509_crl_get_signature: ADD. + +* Version 1.7.6 (released 2007-02-12) + +** Support for 'otherName' Subject Alternative Names. +The existing API gnutls_x509_crt_get_subject_alt_name may now return +the new type GNUTLS_SAN_OTHERNAME together with the otherName value. +To find out the otherName OID (necessary for proper parsing of the +value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid. +For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will +return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to +simplify OID matching. Suggested by Matthias Wimmer <m@tthias.eu>. + +** Certtool can print otherName SAN values for certificates. +For known otherName OIDs (currently only id-on-xmppAddr as defined by +RFC 3920), it will also print the name. + +** Fix TLS 1.2 RSA signing in servers. +Before it used the old-style MD5+SHA1 signature, but the TLS +signatures should be normal PKCS#1 signatures. FYI, we use and +require that DigestInfo parameters are present and NULL for TLS 1.2. + +** Add APIs to access X.509 extensions sequentially. +The existing APIs gnutls_x509_crt_get_extension_oid() and +gnutls_x509_crt_get_extension_by_oid() does not permit callers to +inspect the extensions in the order defined by the certificate. + +** Add API to extract signature value from X.509 certificates. +The function is gnutls_x509_crt_get_signature. + +** Fix crash when generating proxy certificates in batch mode. +If you don't specify a proxy policy in batch mode, it will use +id-ppl-inheritALL. + +** Add API to print information about X.509 certificates. +The function is gnutls_x509_crt_print. + +** Certtool uses the new API gnutls_x509_crt_print to print certificate info. +One consequence of this is that the output syntax has changed +slightly. Some more fields are printed. + +** Doc fixes. + +** API and ABI modifications: +gnutls_x509_crt_print: ADD +gnutls_certificate_print_formats_t: ADD, new enum. +gnutls_x509_crt_get_signature: ADD. +gnutls_x509_crt_get_extension_data: ADD. +gnutls_x509_crt_get_extension_info: ADD. +gnutls_x509_crt_get_subject_alt_othername_oid: ADD. +GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element. +GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element. + +* Version 1.7.5 (released 2007-02-06) + +** Servers won't negotiate SRP RSA/DSS cipher suites if no SRP credential +** is set. + +** Default behaviour for the gnutls-cli and gnutls-serv tools improved. + +** Fix --list output for gnutls-cli and gnutls-serv. +Mention TLS1.2, SHA512 etc. + +** Manual contains new section on setting up a test HTTP server. +A server set up following those descriptions are available online via +<http://www.gnutls.org/server.html>. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.4 (released 2007-02-05) + +** Support for RSA signing using SHA-256/384/512. +A new self test "sha2" tries to build a long X.509 certificate chain +testing all new hashes. + +** The gnutls-serv tool now use static DH parameters if none are supplied. + +** Discuss proxy certificates in the manual. + +** Improve bibliographical citations in the manual. + +** Update of gnulib files. + +** Fix certtool template handling of pathLenConstraints. +It now defaults to -1 instead of 0, which causes the field to be +missing unless the template specify it. + +** API and ABI modifications: +GNUTLS_MAC_SHA256, +GNUTLS_MAC_SHA384, +GNUTLS_MAC_SHA512: New gnutls_mac_algorithm_t values. +GNUTLS_DIG_SHA256, +GNUTLS_DIG_SHA384, +GNUTLS_DIG_SHA512: New gnutls_digest_algorithm_t values. +GNUTLS_SIGN_RSA_SHA256, +GNUTLS_SIGN_RSA_SHA384, +GNUTLS_SIGN_RSA_SHA512: New gnutls_sign_algorithm_t values. + +* Version 1.7.3 (released 2007-02-01) + +** New option to certtool: --generate-proxy. +This will generate a Proxy Certificate from an end entity certificate. +Proxy Certificates are documented in RFC 3820. You will need to +specify the proxy certificate's private key with --load-privkey, the +user certificate with --load-certificate and the private key used to +sign the new proxy certificate with --load-ca-privkey. Certtool will +query for proxy path length and the policy language OID. Currently +only OIDs that have an empty policy are supported (which includes the +two OIDs defined by RFC 3820). + +** Certtool --certificate-info now prints information for Proxy Certificates. +Before the proxy extension was just printed as DER encoded data. + +** New APIs to set proxy subject names and get/set proxy cert extension. + +** Fix parsing of pathLenConstraints in BasicConstraints with missing cA. + +** Added self-test to test for regressions of pathLenConstraint bug. +Incidentally, this also test (some) other regressions or changes in +the output from certtool --certificate-info. + +** When certtool generates CA certificates, pressing enter on the path +** length constraint query will now remove the field. +Before it set the path length constraint to 0, which is a rather poor +default. + +** Certtool now print times in UTC when printing certificate/CRL info. + +** Add better fix to work around C++ compiler bug on Mac OS X. +Reported and tiny patch provided by Matthias Scheler <tron@NetBSD.org>. + +** Fix import of ASCII armored OpenPGP keys. +Patch by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_set_proxy_dn: ADD. +gnutls_x509_crt_set_proxy: ADD. +gnutls_x509_crt_get_proxy: ADD. + +* Version 1.7.2 (released 2007-01-14) + +** Certtool now print the value of the pathLenConstraints field for certs. + +** Certtool now query for path length constraints when generating CA certs. +For batch uses, the certtool configuration name is "path_len". +Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>. + +** Add new API to get/set pathLenConstraint in the Basic Constraints. +The new functions gnutls_x509_crt_get_basic_constraints and +gnutls_x509_crt_set_basic_constraints provide a superset of the +functionality in the old gnutls_x509_crt_get_ca_status and +gnutls_x509_crt_set_ca_status (respectively), but the old functions +will continue to be supported. + +** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr. +The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. A proper +OpenCDK release with this patch will be made soon, which should bump +the OpenCDK version number. Patch by Mario Lenz <mario.lenz@gmx.net>. + +** Certtool --to-p12 can now store more than one certificate in the blob. +Before it could only store one certificate, but now it will read and +store as many certificate there are from the --load-certificate file. +Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>. + +** Clean up separation of gnutls and gnutls-extra for OpenPGP. +In particular, the OpenPGP function variables are no longer part of +the exported libgnutls interface, and no header files from +libgnutls-extra (GPL) are needed by libgnutls (LGPL). The variables +were never intended for non-internal purposes, and thus this does not +imply a change in the external API/ABI. + +** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc. +Before these parameters were set to make GnuTLS build under mingw32, +however, they appear to no longer be necessary. + +** A minor fix to the C++ library to make it build. +Reported by Pavlov Konstantin <thresh@altlinux.ru>. + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_get_basic_constraints: ADD. +gnutls_x509_crt_set_basic_constraints: ADD. +cdk_pubkey_to_sexp: ADD (in opencdk). +cdk_seckey_to_sexp: ADD (in opencdk). + +* Version 1.7.1 (released 2006-12-28) + +** TLS 1.2 server side fix. +The Certificate Request sent did not contain the list of supported +hashes field, thus violating the protocol. It will now contain an +empty list. Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** TLS 1.2 DSA signature verification fix. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann <max@duempel.org>. + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Also added a self-test in tests/certificate_set_x509_crl.c to test the +function. Reported by Max Kellermann <max@duempel.org>. + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +<max@duempel.org>. + +** Improve out-of-sourcedir builds from CVS. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Bootstrap tools changed. +We now require autoconf 2.61, automake 1.10, and gettext 0.16, when +building GnuTLS from CVS. Libtool 1.5.22 is used. + +** Fixed a syntax error in lib/gnutls.asn. +Reported by Paul Millar <p.millar@physics.gla.ac.uk>. + +** Added German translation of GnuTLS messages. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.0 (released 2006-11-29) + +** The default protocol priority try TLS 1.1 and TLS 1.2 too. +The details is that the protocol priority set by +`gnutls_set_default_priority' has been changed from TLS 1.0 and SSL +3.0 to TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0. + +** Preliminary support for TLS 1.2. +The client has been successfully tested against +https://www.mikestoolbox.org:4433/. + +** Anonself test now print a lot of debugging info, including TLS version. + +** Doc fixes in OpenCDK, to avoid some gtk-doc warnings. + +** Update of gnulib files. + +** API and ABI modifications: +GNUTLS_TLS1_2: New gnutls_protocol_t enum member. + +*** Pulled up from stable 1.6.x branch: + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" <mvergall@telenet.be>. + +* Version 1.6.3 (released 2007-05-26) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. Backported +from the 1.7.x branch, see +<http://lists.gnu.org/archive/html/help-gnutls/2007-05/msg00029.html>. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see +<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>. + +** Fix building of 'tlsia' self test. +Earlier some gcc are known to build tlsia linking to +$prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in +the build directory, even though command line parameters look OK. +Changing order of some parameters fixes it. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.6.2 (released 2007-04-18) + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Regenerate the PKIX ASN.1 syntax tree. +For some reason, after changing the ASN.1 type of ldap-UID in the last +release, the generated C file built from the ASN.1 schema was not +refreshed. This can cause problems when reading/writing UID +components inside X.500 Distinguished Names. Reported by devel +<dev001@pas-world.com>. + +** Updated translations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.1 (released 2006-12-28) + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann <max@duempel.org>. + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Reported by Max Kellermann <max@duempel.org>. + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +<max@duempel.org>. + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" <mvergall@telenet.be>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.0 (released 2006-11-17) + +** No changes since 1.5.5. +The major changes compared to the 1.4.x branch are: + +*** A GnuTLS C++ library is part of the official distribution. +Currently there are no examples or documentation, but hopefully this +will change. See gnutlsxx.h for the API. + +*** Windows is a supported platform. +There are, however, two know bugs. One is related to select() in +command line tools (not, nota bene, in the library), the other is a +problem with libgcrypt that causes delays. Help is needed to resolve +those issues, so we feel we can't delay the release because of this. + +*** New APIs for custom push/pull function error reporting. +The new APIs are gnutls_transport_set_errno and +gnutls_transport_set_global_errno. See the release notes for version +1.5.4 for more information. + +*** Self tests are run under valgrind, if available. See --disable-valgrind. + +* Version 1.5.5 (released 2006-11-16) + +** Correctly bump shared library version after adding new APIs. +This was forgotten in the last release. + +** Fix unsigned vs signed problem in ex-x509-info.c example. +Reported by Tim Kosse <tim.kosse@filezilla-project.org>. + +** Fix the rsa-md5-collision self test to work for MinGW+Wine. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.4 (released 2006-11-07) + +** New API functions to set errno in push/pull functions. +Under Windows, setting the errno variable in a push/pull replacement +may end up setting the wrong errno variable, and GnuTLS send/recv +functions become confused about the real errno returned from a failed +push/pull function. Therefor, we have added two APIs to set the errno +variable used by GnuTLS. The APIs can also help to keep things +thread-safe, by avoiding potentially global variables. Typically, +instead of setting errno in your push/pull function, you will call one +of these functions. It is recommended to use +gnutls_transport_set_errno, but if you don't have the session variable +easily accessible in the push/pull replacement function, you can use +gnutls_transport_set_global_errno. Suggested by Tim Kosse +<tim.kosse@filezilla-project.org>. + +void gnutls_transport_set_errno (gnutls_session_t session, int err); +void gnutls_transport_set_global_errno (int err); + +** When calling `recv' or `send' Windows errors are handled properly. +The Windows recv/send functions doesn't use errno, and GnuTLS now use +WSAGetLastError to access the error condition instead. + +** Several OpenPGP API fixes. +All suggested by ludovic.courtes@laas.fr (Ludovic Courtès). The most +important fix is to change the return value of +gnutls_openpgp_privkey_get_pk_algorithm and +gnutls_openpgp_key_get_pk_algorithm from 'int' to +'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI +compatible with 'int'). + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by <Pasi.Eronen@nokia.com>. + +** Replace old constructs with use of gnulib modules. +For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in +the code. If the headers doesn't exist on the target system, gnulib +will make sure its replacement header files are used instead. + +** Fix SOVERSION computation for *.def files. +This fixes build errors similar to "No rule to make target +`libgnutls-`expr', needed by `all-am'." when building for Windows. + +** gnutls_check-version uses strverscmp from gnulib. + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_transport_set_errno: ADD +gnutls_transport_set_global_errno: ADD + +* Version 1.5.3 (released 2006-10-26) + +** Add new self-test of RSA-MD5 signature chains. +Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures +when verifying X.509 chains. The code is in tests/rsa-md5-collision/ +and is based on the work by Marc Stevens et al, see +<http://www.win.tue.nl/hashclash/TargetCollidingCertificates/>. + +** Re-factor self tests. + +** The include copy of Libtasn1 is updated to version 0.3.7. + +** The included copy of OpenCDK is updated to version 0.5.11. + +** Fix the filename of the *.def file on Windows after library version bump. + +** Separated the gnulib directory into one for LGPL modules and one for GPL. +This allows the GPL'd part of GnuTLS to take advantage of the GPL'd +gnulib modules. Earlier we could only use the LGPL'ed module from +gnulib, because two gnulib directories in the same project didn't +work. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.2 (released 2006-10-03) + +** Decrement the shared library version back to 13 (as in the 1.4.x branch). +Note that if you installed 1.5.0 or 1.5.1, they will have a higher +shared library version than this version, so you'll have to remove +them and possibly relink your applications. The reason for this is +that no API/ABI changes have been made since the 1.4.x branch, and +that incrementing the shared library version was a mistake. Reported +by Andreas Metzler <ametzler@downhill.at.eu.org>. + +** Fix off-by-one error when computing length to malloc. +The code is used by gnutls_openpgp_add_keyring_file and +gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley" +<agl@imperialviolet.org>. + +** Add version script for the GnuTLS C++ library. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org>. + +** Fix the C++ compiler detection logic. +Reported by Andreas Metzler <ametzler@downhill.at.eu.org>. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.1 (released 2006-09-21) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +missing or empty, to avoid that it can contain "garbage" that may be +used to alter the numeric properties of the signature. See +<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA <y.oiwa@aist.go.jp>. + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Add self test to test for above flaw. + +** Fix gnutls-cli-debug regarding resume support detection. +Earlier, if the session-id from the server had a length of 0, it would +indicate that the server supports resumption, which isn't the case. +Reported by Kataja Kai <kai.kataja@op.fi>. + +** Fix building of examples on FreeBSD by including netinet/in.h. +Reported by Roman Bogorodskiy <novel@FreeBSD.org>. + +** Fix certtool bug that caused the private key to not be loaded when +generating a certificate with --load-request, which in turn triggered +another unrelated bug in gnutls_x509_crt_sign2 (also fixed). Reported +by Sascha Ziemann <sascha.ziemann@secunet.com>. + +** gnutls-cli and gnutls-serv works on Windows. +The problem was the select() call that doesn't work on file +descriptors (stdin) on Windows. We borrowed some code from plibc to +solve this. It appears to be somewhat unreliable though. + +** Autoconf 2.60 is now used. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.0 (released 2006-08-13) + +** Change SRP and Cert-Type extensions to match IANA registry. + +** Fixed bug in OpenPGP authentication handshake. + +** Improvements for building under MinGW. +Provides internal inet_ntop and inet_pton functions and arpa/inet.h +header. Calls WSAStartup and WSACleanup in gnutls_global_init and +gnutls_global_deinit, respectively. Loads getaddrinfo and getnameinfo +at run-time from ws2_32.dll, and falls back on a simple replacement if +it is not available. Builds the library with -mms-bitfields +-Wl,--enable-runtime-pseudo-reloc. Links with --output-def, to +create *.def files, which are installed. + +** The examples now (conditionally) include config.h and link to gnulib. +No other source changes were necessary, so the examples should +continue to be possible to use stand-alone without any autoconf or +gnulib stuff. + +** Added C++ header "gnutlsxx.h" and library "libgnutlsxx". +You may unconditionally disable it with --disable-cxx. See +includes/gnutls/gnutlsxx.h and lib/gnutlsxx.cpp for the +implementation. + +** Made command line tool '--version' behave according to GNU Standards. +This enables 'make distcheck' to succeed. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black <dragonheart@gentoo.org>. + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +See http://www.gnu.org/software/gnutls/security.html regardging +GNUTLS-SA-2006-2 for more up to date information. Reported by +satyakumar <satyam_kkd@hyd.hellosoft.com>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.5 (released 2006-11-06) + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by <Pasi.Eronen@nokia.com>. + +** Fix typo in doc/examples/ex-serv-pgp.c. +Reported by Adam Langley" <agl@imperialviolet.org>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.4 (released 2006-09-12) + +** Relax the test that caught signatures that exploit the variant of +** Bleichenbacher's Crypto 06 rump session attack on our +** verification logic flaw. +In particular, we now permit the digestAlgorithm.parameters field to +be present but empty, whereas in 1.4.3 we actually checked that the +field was absent. + +** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. +The messages are only printed in debug mode, which is not recommended +for normal use, and thus logging this situation cannot be abused as an +oracle in typical recommended situations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.3 (released 2006-09-08) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +empty, to avoid that it can contain "garbage" that may be used to +alter the numeric properties of the signature. See +<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA <y.oiwa@aist.go.jp>. + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. +See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>. +Reported by Werner Koch <wk@gnupg.org>. + +See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.2 (released 2006-08-12) + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +This can happen if you call gnutls_certificate_verify_peers2 and have +a certain mix of local CA certificates and the peer send special +certificates, that together trigger certain behaviour. It is not +known at this point whether the crash can be triggered without the +special local CA certificate, and thus turn this into a remote crash +of clients that verify server certificates when they talk to a server +with the special server certificate. See GNUTLS-SA-2006-2 on +http://www.gnu.org/software/gnutls/security.html for more up to date +information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>. + +** Change SRP and Cert-Type extensions to match IANA registry. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black <dragonheart@gentoo.org>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.1 (released 2006-06-14) + +** Replaced inactive ifdefs to enable openpgp support in test programs. + +** Fixed bug in OpenPGP authentication handshake. + +** Fixed typographical in man pages. + +** Build fixes of the manual. + +** Added Swedish translation. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.0 (released 2006-05-15) + +** Remove GnuTLS 0.8.x compatibility functions. + +** The libgcrypt RNG is initialized in gnutls_global_init(). + +** TLS/IA API changes from Emile van Bergen. +A dummy credential structure is not needed now, if you wish to use the +low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on +a session. + +** The self-tests are now run under valgrind, if it is installed. + +** Libtasn1 is updated to 0.3.4, and that version is now required. + +** The command line tools now use getaddrinfo and support IPv6. + +** API and ABI modifications: +_gnutls_x509_get_raw_crt_activation_time, +_gnutls_x509_get_raw_crt_expiration_time: Removed. +gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable. +gnutls_ia_enable: Added. + +* Version 1.3.5 (released 2006-03-08) + +** Error messages are now translated using GNU Gettext. + +** The function gnutls_x509_crt_to_xml now return an internal error. +This means that the code to convert X.509 certificates to XML format +does not work any more. The reason is that the function called +libtasn1 internal functions. It seems unclean for libtasn1 to export +the APIs needed here. Instead it would be better to implement XML +support inside libtasn1 properly. If you need this functionality +strongly, please consider looking into implementing this suggested +approach instead. As a workaround, you may also modify lib/x509/xml.c +(change '#if 1' to '#if 0') and build using --with-included-libtasn1. + +** Libraries are now built with libtool's -no-undefined. +This helps producing libraries for Windows using mingw32. + +** Doc fixes to explain that gnutls_record_send can block. + +** Libtasn1 0.3.1 or later is now required. +The include copy has been updated too. + +** gnutls-cli can now recognize services and port numbers with the -p option. + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.4 (released 2006-02-09) + +** Fix read of out bounds bug in DER parser. +Reported by Evgeny Legerov <admin@gleg.net>, and debugging help from +Protover SSL. Libtasn1 0.2.18 is now required, which contains the +previous bug fix. The included libtasn1 version in GnuTLS has been +updated. + +** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no +longer invalidate a session if the underlying send fails, but it will +prevent future writes. That is to allow reading the already received data. +Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org> + +** Corrected bugs in gnutls_certificate_set_x509_crl() and +gnutls_certificate_set_x509_trust(), that caused memory corruption if +more than one certificates were added. Report and patch by Max Kellermann. + +** Fix build problems of OpenCDK on AIX. +Thanks to "Heiden, John" <JHeiden@UTNet.UToledo.Edu>. + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.3 (released 2006-01-12) + +** New API to access the TLS master secret. +When possible, you should use the TLS PRF functions instead. +Suggested by Jouni Malinen <jkmaline@cc.hut.fi>. + +** Improved handling when multiple libraries use GnuTLS at the same time. +Now gnutls_global_init() can be called multiple times, and +gnutls_global_deinit() will only deallocate the structure when it has +been called as many times as gnutls_global_init() was called. + +** Added a self test of TLS resume functionality. + +** Fix crash in TLS resume code, caused by TLS/IA changes. + +** Documentation fixes about thread unsafety, prompted by +** discussion with bryanh@giraffe-data.com (Bryan Henderson). +In particular, gnutls_global_init() and gnutls_global_deinit() are not +thread safe. Careful callers may want to protect the call using a +mutex. The problem could also be ignored, which would cause a memory +leak under rare conditions when two threads invoke the function +roughly at the same time. + +** Add 'const' keywords in various places, from Frediano ZIGLIO. + +** The code was indented again, including the external header files. + +** API and ABI modifications: +New functions to retrieve the master secret value: + gnutls_session_get_master_secret + +Add a 'const' keyword to existing API: + gnutls_x509_crq_get_challenge_password + +* Version 1.3.2 (released 2005-12-15) + +** GnuTLS now support TLS Inner application (TLS/IA). +This is per draft-funk-tls-inner-application-extension-01. This +functionality is added to libgnutls-extra, so it is licensed under the +GNU General Public License. + +** New APIs to access the TLS Pseudo-Random-Function (PRF). +The PRF is used by some protocols building on TLS, such as EAP-PEAP +and EAP-TTLS. One function to access the raw PRF and one to access +the PRF seeded with the client/server random fields are provided. +Suggested by Jouni Malinen <jkmaline@cc.hut.fi>. + +** New APIs to acceess the client and server random fields in a session. +These fields can be useful by protocols using TLS. Note that these +fields are typically used as input to the TLS PRF, and if this is your +intended use, you should use the TLS PRF API that use the +client/server random field directly. Suggested by Jouni Malinen +<jkmaline@cc.hut.fi>. + +** Internal type cleanups. +The uint8, uint16, uint32 types have been replaced by uint8_t, +uint16_t, uint32_t. Gnulib is used to guarantee the presence of +correct types on platforms that lack them. The uint type have been +replaced by unsigned. + +** API and ABI modifications: +New functions to invoke the TLS Pseudo-Random-Function (PRF): + gnutls_prf + gnutls_prf_raw + +New functions to retrieve the session's client and server random values: + gnutls_session_get_server_random + gnutls_session_get_client_random + +New function, to perform TLS/IA handshake: + gnutls_ia_handshake + +New function to decide whether to do a TLS/IA handshake: + gnutls_ia_handshake_p + +New functions to allocate a TLS/IA credential: + gnutls_ia_allocate_client_credentials + gnutls_ia_free_client_credentials + gnutls_ia_allocate_server_credentials + gnutls_ia_free_server_credentials + +New functions to handle the AVP callback: + gnutls_ia_set_client_avp_function + gnutls_ia_set_client_avp_ptr + gnutls_ia_get_client_avp_ptr + gnutls_ia_set_server_avp_function + gnutls_ia_set_server_avp_ptr + gnutls_ia_get_server_avp_ptr + +New functions, to toggle TLS/IA application phases: + gnutls_ia_require_inner_phase + +New function to mix session keys with inner secret: + gnutls_ia_permute_inner_secret + +Low-level API (used internally by gnutls_ia_handshake): + gnutls_ia_endphase_send + gnutls_ia_send + gnutls_ia_recv + +New functions that can be used after successful TLS/IA negotiation: + gnutls_ia_generate_challenge + gnutls_ia_extract_inner_secret + +Enum type with TLS/IA modes: + gnutls_ia_mode_t + +Enum type with TLS/IA packet types: + gnutls_ia_apptype_t + +Enum values for TLS/IA alerts: + GNUTLS_A_INNER_APPLICATION_FAILURE + GNUTLS_A_INNER_APPLICATION_VERIFICATION + +New error codes, to signal when an application phase has finished: + GNUTLS_E_WARNING_IA_IPHF_RECEIVED + GNUTLS_E_WARNING_IA_FPHF_RECEIVED + +New error code to signal TLS/IA verify failure: + GNUTLS_E_IA_VERIFY_FAILED + +* Version 1.3.1 (released 2005-12-08) + +** Support for DHE-PSK cipher suites has been added. +This method offers perfect forward secrecy. + +** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to +Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>. + +** Corrected a bug in certtool for 64 bit machines. Reported +by Max Kellermann <max@duempel.org>. + +** New function to set a X.509 private key and certificate pairs, and/or +CRLs, from an PKCS#12 file, suggested by Emile van Bergen +<emile@e-advies.nl>. + +The integrity of the PKCS#12 file is protected through a password +based MAC; public-key based signatures for integrity protection are +not supported. PKCS#12 bags may be encrypted using password derived +symmetric keys, public-key based encryption is not supported. The +PKCS#8 keys may be encrypted using passwords. The API use the same +password for all operations. We believe that any more flexibility +create too much complexity that would hurt overall security, but may +add more PKCS#12 related APIs if real-world experience indicate +otherwise. + +** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys, +reported by Emile van Bergen <emile@e-advies.nl>. +This will enable "certtool -k -8" to parse those keys. + +** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords. +Use "certtool -p -8" and press press enter at the prompt. Earlier, +certtool would have encrypted the key using an empty password. + +** Certtool now accept --password for --key-info and encrypted PKCS#8 keys. +Earlier it would have prompted the user for it, even if --password was +supplied. + +** Added self test of PKCS#8 parsing. +Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and +pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in +tests/pkcs8. + +** API and ABI modifications: +New function to set X.509 credentials from a PKCS#12 file: + gnutls_certificate_set_x509_simple_pkcs12_file + +New gnutls_kx_algorithm_t enum type: + GNUTLS_KX_DHE_PSK + +New API to return session data (basically same as gnutls_session_get_data): + gnutls_session_get_data2 + +New API to set PSK Diffie-Hellman parameters: + gnutls_psk_set_server_dh_params + +* Version 1.3.0 (2005-11-15) + +** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. +This add several new APIs, see below. Read the updated manual for +more information. A new self test "pskself" has been added, that will +test this functionality. + +** The session resumption data are now system independent. + +** The code has been re-indented to conform to the GNU coding style. + +** Removed the RIPEMD ciphersuites. + +** Added a discussion of the internals of gnutls in manual. + +** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin. + +** Remove trailing comma in enums, for IBM C v6, from Albert Chin. + +** Make sure config.h is included first in a few files, from Albert Chin. + +** Don't use C++ comments ("//") as they are invalid, from Albert Chin. + +** Don't install SRP programs and man pages if --disable-srp-authentication, +from Albert Chin. + +** API and ABI modifications: +New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK + +New gnutls_credentials_type_t credential type: + GNUTLS_CRD_PSK + +New credential types: + gnutls_psk_server_credentials_t + gnutls_psk_client_credentials_t + +New functions to allocate PSK credentials: + gnutls_psk_allocate_client_credentials + gnutls_psk_free_client_credentials + gnutls_psk_free_server_credentials + gnutls_psk_allocate_server_credentials + +New enum type for PSK key flags: + gnutls_psk_key_flags + +New function prototypes for credential callback: + gnutls_psk_client_credentials_function + gnutls_psk_server_credentials_function + +New function to set PSK username and key: + gnutls_psk_set_client_credentials + +New function to set PSK passwd file: + gnutls_psk_set_server_credentials_file + +New function to extract PSK user in server: + gnutls_psk_server_get_username + +New functions to set PSK callback: + gnutls_psk_set_server_credentials_function + gnutls_psk_set_client_credentials_function + +Use size_t instead of int for output size parameter: + gnutls_srp_base64_encode + gnutls_srp_base64_decode + +* Version 1.2.11 (2006-05-11) +- The function gnutls_x509_crt_to_xml is not supported any more, and + return an internal error. The reason is that the function called + internal libtasn1 functions which are no longer exported from + libtasn1. +- Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1. +- Updated gnulib compatibility files. +- Fixed _gnutls_x509_get_raw_crt_expiration_time and + _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.10 (2006-02-09) +- Fix read out bounds bug in DER parser. Reported by Evgeny Legerov + <admin@gleg.net>, and debugging help from Protover SSL. +- Libtasn1 0.2.18 is now required (contains the previous bug fix). + The included version has been updated too. +- Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to + Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>. +- Corrected a bug in certtool for 64 bit machines. Reported + by Max Kellermann <max@duempel.org>. +- Corrected bugs in gnutls_certificate_set_x509_crl() and + gnutls_certificate_set_x509_trust(), that caused memory corruption if + more than one certificates were added. Report and patch by Max Kellermann. +- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no + longer invalidate a session if the underlying send fails, but it will + prevent future writes. That is to allow reading the already received data. + Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org> + +* Version 1.2.9 (2005-11-07) +- Documentation was updated and improved. +- RSA-MD2 is now supported for verifying digital signatures. +- Due to cryptographic advances, verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. For + applications that must remain interoperable, you can use the + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 + flags when verifying certificates. Naturally, this is not + recommended default behaviour for applications. To enable the + broken algorithms, call gnutls_certificate_set_verify_flags with the + proper flag, to change the verification mode used by + gnutls_certificate_verify_peers2. +- Make it possible to send empty data through gnutls_record_send, + to align with the send(2) API. +- Some changes in the certificate receiving part of handshake to prevent + some possible errors with non-blocking servers. +- Added numeric version symbols to permit simple CPP-based feature + tests, suggested by Daniel Stenberg <daniel@haxx.se>. +- The (experimental) low-level crypto alternative to libgcrypt used + earlier (Nettle) has been replaced with crypto code from gnulib. + This leads to easier re-use of these components in other projects, + leading to more review and simpler maintenance. The new configure + parameter --with-builtin-crypto replace the old --with-nettle, and + must be used if you wish to enable this functionality. See README + under "Experimental" for more information. Internally, GnuTLS has + been updated to use the new "Generic Crypto" API in gl/gc.h. The + API is similar to the old crypto/gc.h, because the gnulib code were + based on GnuTLS's gc.h. +- Fix compiler warning in the "anonself" self test. +- API and ABI modifications: +gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>. + This doesn't reflect a change in behaviour, + so we don't break backwards compatibility. +GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value. +GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value. +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values. + Use when calling + gnutls_x509_crt_list_verify, + gnutls_x509_crt_verify, or + gnutls_certificate_set_verify_flags. +GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value, + used when broken signature algorithms + is used (currently RSA-MD2/MD5). +LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, +LIBGNUTLS_VERSION_PATCH, +LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS + version number, can be used for feature existence + tests. + +* Version 1.2.8 (2005-10-07) +- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers. +- Don't install the auxilliary libexamples library used by the + examples in doc/examples/ on "make install", report and tiny patch + from Thomas Klausner <tk@giga.or.at>. +- If you pass a X.509 CA or PGP trust database to the command line + tool, it will now abort the connection if the server certificate + validation fails. Use the parameter --insecure to continue even + after certificate validation failures. Inspired from discussion + with Alexander Kotelnikov <sacha@myxomop.com>. +- The test for socklen_t has been moved to gnulib. +- Link failures for duplicate or missing "program_name" symbol has been fixed, + patch from Martin Lambers <marlam@marlam.de>. +- The command line tool and the examples no longer uses mmap or bzero, + to make them more portable, patch from Martin Lambers + <marlam@marlam.de>. +- Made the PKCS #12 API handle null passwords. Based on patch by + Anton Altaparmakov <aia21@cam.ac.uk>. +- The GTK-DOC manual should build with current released tools. + (But a copy of the output is included, so the tools are not required.) +- The inet_ntop function is now used through gnulib. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.7 (2005-09-09) +- The GnuTLS and GnuTLS-extra libraries are now built with versioned symbols. +- Certtool now complains when reading out-of-range X.509 serial + numbers, suggested by Fran <e_agf@yahoo.es>. +- Certtool now uses the readline library (when available) when reading + X.509 serial numbers. +- Fixed build problems in getpass on uClibc and Mingw32 platforms. +- Fixed compile warning regarding socklen_t on Mingw32, reported by + Martin Lambers <marlam@marlam.de>. +- Fixed examples in doc/examples/, suggested by Fran <e_agf@yahoo.es>. +- Gnulib is now used for the core library, enabling future code cleanups. +- The gnutls-cli tool now use gnutls_certificate_verify_peers2, + suggested by Daniel Stenberg <daniel@haxx.se>. +- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull. +- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros). +- Disable zlib support if zlib.h is not present. +- A number of internal cleanups. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.6 (2005-07-16) +- MiniLZO updated to version 2.01 and moved to separate directory. +- Collision between system LZO header files and MiniLZO header file + fixed, reported by Matthias Urlichs <smurf@smurf.noris.de>. +- Will now test for liblzo functionality in liblzo2 too, reported by + Thomas Klausner <tk@giga.or.at>. +- Minilibtasn1 is now 0.2.14 (no code changes). +- Some code changes to avoid GTK-DOC warnings. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.5 (2005-07-03) +- More builddir != srcdir fixes, reported by Mike Castle + <dalgoda@ix.netcom.com>. +- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn, + reported by Adam Langley <alangley@gmail.com>. +- Corrected some stuff in minilzo detection. Pointed out by + Sergey Lipnevich. +- MiniLZO updated to version 2.00. +- gnutls_x509_crt_list_import now accept a DER formatted CRL. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.4 (2005-05-28) +- Corrected some bugs that could affect 64 bit systems. +- Some corrections in the header files to include the prototype + of memmem properly (affected 64 bit systems). Report and patch + by Yoann Vandoorselaere <yoann@prelude-ids.org>. +- Introduced the --fix-key option to certtool, which can be used to + regenerate the (optional) parameters in a private key. It should + be used together with --key-info. +- Corrected a bug in certificate chain verification that could lead + to marking a trusted chain as non trusted, if the last certificate in + the chain was a self signed one. +- Gnulib portability files were updated. +- License were updated to reflect new FSF address. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.3 (2005-04-28) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. Previously exported keys + can be fixed using certtool. Use certtool -k <infile >outfile +- API and ABI modifications: + gnutls_x509_privkey_fix(): Add. + +* Version 1.2.2 (2005-04-25) +- gnutls_error_to_alert() now considers + GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. +- Fixed error in session resuming that could cause a crash in a session. +- Fixed pkcs12 friendly name and local key identifier decoding. +- Internal cleanups, removed duplicate typedef/struct definitions, + and made source code include external include file, to check + function prototypes during compile time. +- API and ABI modifications: + No changes since last version. At least not intentional, but due + to the include header changes, there may be inadvertant changes, + please let us know if you find any. + +* Version 1.2.1 (2005-04-04) +- gnutls_bye() will no longer fail when RDWR is used and application + data are available for reading. +- Added more strict checks for the SRP parameters (g,n), when they + are not in the included list. +- Added warning to certtool when MD5 is being used for digital + signatures. +- Optimizations ("-O2 -finline-functions") are not enabled by default, + instead the standard autoconf defaults are used. Use `./configure + CFLAGS="-O2 -finline-functions"' to get the old optimizations. +- Added the option --get-dh-params to certtool, in order to get the + parameters included in the library primes and generators. +- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to + allow only trusted Version 1 CAs and introduced + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. +- Nettle self tests now build properly, reported by Pierre + <pierre42d@9online.fr>. +- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. + Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>. +- If the library has been compiled with features disabled, a warning is + issued during the compilation of any program. +- API and ABI modifications: + gnutls_x509_crt_list_import(): Add + gnutls_x509_crq_get_attribute_by_oid(): Add. + gnutls_x509_crq_set_attribute_by_oid(): Add + gnutls_x509_crt_set_extension_by_oid(): Add. + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Modify semantics. + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Add, old behaviour. + +* Version 1.2.0 (2005-01-27) +- Added the definitions and OIDs for the RIPEMD-160 hash algorithm. +- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and + gnutls_x509_crl_sign2(). +- Fixed license header in source code files. + +* Version 1.1.23 (2005-01-18) +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + <fabbe@paniq.net>. +- Certtool now prints information for the RSA and DSA parameters of + certificates and private keys. +- Corrected the write of CRL distribution points. +- The certificate chain verification function now checks certificates + in the reverse order to minimize the spent resources. +- Corrected several bugs found by Marcin Garski <mgarski@post.pl> +- The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn, + gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and + gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is + required, instead of the string length. That is, the value has been + incremented by 1 to account for the terminating zero. Reported by + Martin Lambers <marlam@web.de>. +- Debug output shouldn't crash on platforms that doesn't handle NULL + printf %s values. Reported by Michael.Ringe@aachen.utimaco.de. +- Sync included copy of libtasn1 with version 0.2.13. +- Client X.509 authenticated connections via gnutls-cli should now work again. + +* Version 1.1.22 (2004-11-04) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton <joe@manyfish.co.uk>. +- Documentation improvements. +- Code indented using 'indent -i4 -kr'. +- The API manual is included in Devhelp format. (Was in last release too, + but the NEWS entry was forgotten.) +- The OpenSSL compatibility code now use the internal crypto interface. +- Added simple self test of OpenSSL compatibility library. +- Internally, libtool convenience libraries are used. +- Cleanups to configure.ac. + +* Version 1.1.21 (2004-10-27) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Added second precision to the X.509 parsing and generation functions. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton <joe@manyfish.co.uk>. +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + <stephane.loeuillet@tiscali.fr>. +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>. +- Add self test of PKCS#12 functionality in "certtool", based on test + vectors from Joe Orton <joe@manyfish.co.uk>. +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + <yoann@prelude-ids.org>. + +* Version 1.1.20 (2004-10-12) +- Fix compile problem in gl/getpass.c on some systems. + +* Version 1.1.19 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak <simon.posnjak@cetrtapot.si>. +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + <gp@familiehaase.de>. +- Fixes faulty getpass implementation in libextra/opencdk/, reported + by Yoann Vandoorselaere <yoann@prelude-ids.org>. +- Uses memmem instead of strnstr in lib/. +- Using more GNULib portability files, although not yet inside lib/. +- Added gnutls_certificate_verify_peers to gnutls/compat.h. + Nikos deprecated gnutls_certificate_verify_peers in favor of + gnutls_certificate_verify_peers2 earlier in the 1.1 branch. +- Improvements to the manual. +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. This has not yet been + fixed, but will be handled via GNULib later on. + +* Version 1.1.18 (2004-08-24) +- Corrected handling of certificate with dates after year 2038. +- Corrected DER decoder which could incorrectly treat input as BER and fail. +- Correct certtool --smime-to-p7 end of line character handling. +- Added example client and server for anonymous authentication. +- Added self test that tests anonymous TLS client and server. +- Added self tests of Nettle and generic crypto layer. +- Added API reference manual in HTML format in doc/reference/ using GTK-DOC. + Online version at <http://www.gnu.org/software/gnutls/reference/>. +- Assume C89 or better; removed checks for size_t, ptrdiff_t and time_t. +- Man pages for API functions are included. + +* Version 1.1.17 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer <robey@danger.com>. +- Generic crypto interface for secret key ciphers, hashes and randomness added. + See section "Experimental" within section "COMPILATION ISSUES" in README. +- Removed length limit on passwords read by 'certtool'. +- Documentation fixes. + +* Version 1.1.16 (2004-08-15) +- Fix missing gnulib linker parameter when building certtool. +- Add gnulib module 'progname', needed by module 'error'. +- Improve building with srcdir != objdir. + +* Version 1.1.15 (2004-08-15) +- Certtool has simplistic --smime-to-p7 to translate RFC 2633 messages into + PKCS #7 format. +- Ported to Mac OS X / Darwin. +- Ported to FreeBSD. + +* Version 1.1.14 (2004-08-09) +- Documentation converted to Texinfo format. +- Bug fix of test suite. +- Configure now print build information, used by Autobuild. + +* Version 1.1.13 (2004-08-05) +- Added simple self test suite. + +* Version 1.1.12 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- SRP ciphersuites were moved to the gnutls library. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik <patrik@hornik.sk>. +- Added gnutls_certificate_verify_peers2(). + +* Version 1.1.11 (2004-07-16) +- Added the '_t' suffix to all exported symbols. +- Fixed bug in RSA encryption, report and patch by Martijn Koster + <mak@greenhills.co.uk>. +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere <yoann@prelude-ids.org> +- Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the + verification functions. +- The ephemeral DH and RSA parameters are no longer stored in the + session resume DB. +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. + +* Version 1.1.10 (2004-06-12) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. +- Corrected bug in OpenPGP key loading using a callback. +- gnutls-srpcrypt was renamed to srptool +- Allow handshake requests by the client. +- Automatically disable certificate types that do not have corresponding + certificates. +- Added gnutls_auth_client_get_type() and gnutls_auth_server_get_type() +- Opencdk library is being included if not found. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Better handling of EOF in gnutls_record_recv(). +- _gnutls_deinit() is no longer used. Sessions are not + automatically removed any more, on abnormal termination. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added new functions to allow access to the ephemeral + Diffie Hellman parameters. +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Added the functions gnutls_dh_get_group(), gnutls_dh_get_pubkey() and + gnutls_rsa_export_get_pubkey() to retrieve parameters of the DH or + RSA-EXPORT key exchange. +- Some fixes in the session resuming code. +- Added gnutls_openpgp_keyring_check_id(). + +* Version 1.1.9 (2004-04-14) +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- The RC2 cipher is no more included. The one in libgcrypt is now used. +- Added batch support to certtool. Now it can use templates. + +* Version 1.1.8 (2004-04-07) +- Implemented all the tests for the SRP group parameters in + client side. This may lead to incompatibility with very + old gnutls servers. +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Optimized the copying of rsa_params. + +* Version 1.1.7 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Deprecated: gnutls_srp_server_set_select_function(), + gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function(). + +* Version 1.1.6 (2004-02-24) +- Several bug fixes, by Arne Thomassen. +- Fixed a bug where 'server name' extension was always sent. + +* Version 1.1.5 (2004-01-06) +- Added the gnutls_sign_algorithm type. + +* Version 1.1.4 (2004-01-04) +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- Removed all references of missing files. +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- Corrected problem printing the DC attributes in a DN. + +* Version 1.1.3 (2003-12-30) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). + +* Version 1.1.2 (2003-12-28) +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. + +* Version 1.1.1 (2003-12-26) +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. + +* Version 1.1.0 (2003-12-21) +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. +- Added gnutls_x509_crt_set_key_usage() and certtool can now set the + certificate's key usage. +- Added gnutls_openpgp_key_get_key_usage(). + +* Version 1.0.25 (2005-04-27) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. + +* Version 1.0.24 (2005-01-18) +- Corrected several bugs found by Marcin Garski <mgarski@post.pl> + +* Version 1.0.23 (2004-11-13) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton <joe@manyfish.co.uk>. +- Copy libtasn1 has been updated to version 0.2.11. +- Corrected the write of CRL distribution points. +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + <fabbe@paniq.net>. + +* Version 1.0.22 (2004-10-28) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Added second precision to the X.509 parsing functions. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton <joe@manyfish.co.uk>. +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + <stephane.loeuillet@tiscali.fr>. +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>. +- Fix certtool --password for PKCS #12, back ported from 1.1.x branch. +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + <yoann@prelude-ids.org>. + +* Version 1.0.21 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak <simon.posnjak@cetrtapot.si>. +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + <gp@familiehaase.de>. +- Avoid redefining getpass if system already has it, reported by + Yoann Vandoorselaere <yoann@prelude-ids.org>. +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. + +* Version 1.0.20 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer <robey@danger.com>. + +* Version 1.0.19 (2004-08-09) +- Bug fix of test suite. + +* Version 1.0.18 (2004-08-05) +- Added simple self test suite. + +* Version 1.0.17 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik <patrik@hornik.sk>. +- Added gnutls_certificate_verify_peers2(). + +* Version 1.0.16 (2004-07-10) +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h. +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. +- Some fixes in the makefiles. + +* Version 1.0.15 (2004-06-29) +- Fixed bug in RSA encryption, report and patch by Martijn Koster + <mak@greenhills.co.uk>. +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere <yoann@prelude-ids.org>. + +* Version 1.0.14 (2004-06-12) +- Automatically disable certificate types that do not have corresponding + certificates. +- Updates in the documentation. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Opencdk library is being included if not found. +- Added gnutls_openpgp_keyring_check_id(). +- Corrected a serious bug in the included libtasn1 library. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Some fixes in the session resuming code. + +* Version 1.0.13 (2004-04-29) +- Some complilation fixes. +- Added the --xml parameter to the certtool utility. + +* Version 1.0.12 (2004-04-23) +- Corrected bug in OpenPGP key loading using a callback. +- Renamed gnutls-srpcrypt to srptool +- Allow handshake requests by the client. +* Things backported from the development branch: +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- Added batch support to certtool. Now it can use templates. +- The RC2 cipher is no more included. The one in libgcrypt is now used. + +* Version 1.0.11 (2004-04-17) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. + +* Version 1.0.10 (2004-04-03) +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Corrected bug in SSL 3.0 authentication. + +* Version 1.0.9 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Documented the changes need in multi-threaded application due + to the new libgcrypt. + +* Version 1.0.8 (2004-02-28) +- Corrected bug in mutual certificate authentication in SSL 3.0. + +* Version 1.0.7 (2004-02-25) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). +- Some updates in the documentation. + +* Version 1.0.6 (2004-02-12) +* Backported things from the development branch (while maintaining + backwards compatibility): +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. + +* Version 1.0.5 (2004-02-11) +- Fixed a bug where 'server name' extension was always sent. +* Backported things from the development branch: +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. +- Added the gnutls_sign_algorithm type. + +* Version 1.0.4 (2004-01-04) +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- certtool no longer asks the password in unencrypted private + keys. +- The source is now compiled to use the reentrant libc functions. + +* Version 1.0.3 (2003-12-21) +- Corrected bug in gnutls_bye() which made it return an error code + of INVALID_REQUEST instead of success. +- Corrected a bug in the GNUTLS_KEY key usage definitions. + +* Version 1.0.2 (2003-12-18) +- Corrected a bug in the RSA key generation. This was + generating unusable RSA keys. + +* Version 1.0.1 (2003-12-10) +- Some minor fixes in the makefiles. They now include CFLAGS + from libgcrypt or opencdk if installed in a non standard directory. +- Fixed the SRP detection test in gnutls-cli-debug. +- Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1(). + +* Version 1.0.0 (2003-12-04) +- Exported the static SRP group parameters. +- Some fixes in the certificate authenticated SRP ciphersuites. +- Improved the support for draft-ietf-tls-srp-05. The two-phase + handshake is now fully supported without any interaction with + the application layer (except for a callback). + +* Version 0.9.99 (2003-11-28) +- Some fixes in the gnutls.h header for the gnutls_server_name_set() + and gnutls_server_name_get() prototypes. +- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data() + and gnutls_x509_crt_verify_data(). +- Some fixes in the openpgp authentication. +- Removed the Twofish cipher. + +* Version 0.9.98 (2003-11-16) +- The openssl compatibility layer was moved to gnutls-openssl + library instead of being included in the gnutls-extra library. +- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04. +- Building with openpgp support is now mandatory. +- gnutls4 compatibility header is no longer included by default in + gnutls.h. +- gnutls8 function usage yelds a deprecation warning in gcc3. +- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid() + functions have a raw_flag parameter added. +- Added gnutls_x509_*_get_dn_oid() and gnutls_x509_crt_get_extension_oid() + functions which return the available OIDs. + +* Version 0.9.97 (2003-11-11) +- The certtool utility can now generate PKCS #12 structures + without specifying a certificate. +- Added capability to read CRLs to certtool. +- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER + to properly set the required buffer size. +- Corrected a bug in libgcrypt detection. + +* Version 0.9.96 (2003-11-09) +- Some changes to allow compilation with mingw32. +- Several code cleanups. + +* Version 0.9.95 (2003-11-02) +- Improved the verification functions. Added new verification + output flags and removed the unused and redundant ones. +- Improved the OpenPGP key support. +- The prime utility was removed, and its functionality was moved + to certtool. + +* Version 0.9.94 (2003-10-30) +- Added manpages for the included programs. +- Documented and improved the certtool utility. +- Added PKCS #12 support to certtool utility. + +* Version 0.9.93 (2003-10-26) +- Corrected some compilation issues. +- Improved the certtool command line utility. + +* Version 0.9.92 (2003-10-25) +- The RFC2818 hostname verification is now case insensitive. +- Added support for generating X.509 certificates. +- Added the certtool, a tool for generating X.509 certificates + +* Version 0.9.91 (2003-10-17) +- Fixed a compilation issue in the openpgp authentication part. + +* Version 0.9.90 (2003-10-08) +- Updated the openpgp key API (depends on the unreleased new + opencdk). + +* Version 0.9.8 (2003-10-02) +- Updated the SRP implementation to follow the latest draft + (draft-ietf-tls-srp-05). +- Improved the gnutls-cli behaviour in error handling, + and added a check for the peer's hostname. +- Use versioned symbols in the library (where available). +- RIJNDAEL ciphersuites were renamed to AES. + +* Version 0.9.7 (2003-08-25) +- The tex files are now included in the distribution. +- The library can now decrypt PKCS #12 files encrypted with + the RC2-40 cipher. +- The missing rfc2818_hostname object is now included. +- Several corrections and bug fixes in the library by + Arne Thomassen <arne@arne-thomassen.de>. +- CR is now allowed in the base64 decoder. + +* Version 0.9.6 (2003-06-28) +- Added gnutls_x509_privkey_get_key_id() and gnutls_x509_crt_get_key_id() + functions which return a unique (per public key) ID. These can + be used to check if the private key corresponds to a given certificate. +- Corrections in the TLS layer openpgp certificate packet parser. +- Corrected a bug in the record layer buffering, which affected + the case where external pull function was used. Report and patch + by Sergey Poznyakoff <gray@Mirddin.farlep.net>. +- Corrected a bug in gnutls-srpcrypt where a non allocated variable + was freed. +- SRP programs are now built by default. +- Added API to read and write to PKCS #12 structures. Prototypes + in gnutls/pkcs12.h. +- The gnutls_transport_ptr type was changed to a pointer type (void*). + +* Version 0.9.5 (2003-04-06) +- Several improvements in the PKCS #7 handling +- Eliminated several hard coded constants in MPI parameters. + +* Version 0.9.4 (2003-03-28) +- Corrected a parsing error in the Certificate request message. +- Corrected behaviour when a certificate request message is received. + Now a certificate packet is always sent, and in SSL 3.0 cipher suites + a no_certificate alert is sent instead. +- Added functionality to generate PKCS #7 structures (with certificates). + +* Version 0.9.3 (2003-03-24) +- Support for MD2 was dropped. +- Improved the error logging functions, by adding a level, and + by allowing debugging messages just by increasing the level. +- The diffie Hellman ciphersuites are now of higher priority than + the plain RSA. +- The RSA premaster secret version check can no longer be disabled. +- Implemented the counter measure discussed in the paper "Attacking + RSA-based Sessions in SSL/TLS", against the attack described in the + same paper. +- Added the functions: gnutls_handshake_get_last_in(), + gnutls_handshake_get_last_out(). +- The gnutls_certificate_set_rsa_params() was renamed to + gnutls_certificate_set_rsa_export_params(). +- Added the new functions: gnutls_certificate_set_x509_key() + gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(), + gnutls_x509_crt_export(), gnutls_x509_crl_export(). +- Added support for encoding and decoding PKCS #8 2.0 encrypted + RSA private keys. + +* Version 0.9.2 (2003-03-15) +- Some corrections in the memory mapping code (file is unmapped after + it is read). +- Added support for PKCS#10 certificate requests generation. + +* Version 0.9.1 (2003-03-12) +- Corrected a bug in 64 bit architectures, which affected the + serial number calculation in the record layer. +- Added gnutls_certificate_free_keys() which deletes all the + private keys and certificates from the credentials structure. +- Corrected a broken buffer check in _gnutls_io_read_buffered(), + which caused some unexpected packet length errors. Report and patch + by Ian Peters <itp@ximian.com>. +- Added ability to generate RSA keys. +- Increased the maximum parameter size in order to read some large keys + by some CAs. Patch by Ian Peters <itp@ximian.com>. +- Added an strnstr() function and the requirement in some functions to + use null terminated PEM structures is no more. +- Use mmap() if available to read files. +- Fixed a memory leak in SRP code reported by Rupert Kittinger + <r.kittinger@efkon.com>. + +* Version 0.9.0 (2003-03-03) +- This version is not binary compatible with the previous ones. +- The library notifies the application on empty and illegal SRP usernames, + so that proper notification (via an alert) is sent to the peer. +- Added ability to send some messages back to the application using + the gnutls_global_set_log_function(). +- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use + gnutls_malloc() to allocate the output parameters. +- Added support for MD2 algorithm in certificate signature verification. +- The RSA and DH parameter generation interface was changed. Added + ability to import and export from and to PKCS3 structures. This + was needed to read parameters generated using the openssl dhparam tool. +- Several changes in the temporary (DH/RSA) parameter codebase. No DH + parameters are now included in the library. Also the credentials structure + can now hold only one temporary parameter of a kind. +- Added a new Certificate, CRL, Private key and PKCS7 structures handling + API, defined in gnutls/x509.h +- Added gnutls_certificate_set_verify_flags() function to allow setting the + verification flags in the credentials structure. They will be used in the + *verify_peers functions. +- Added protection against the new TLS 1.0 record layer timing attack. +- Added support for Certificate revocation lists. Functions defined + in gnutls/x509.h +- The only functions that were removed are: + gnutls_x509_certificate_to_xml() + gnutls_x509_extract_dn_string() +- Ported to libtasn1 0.2.x + +* Version 0.8.1 (2003-01-22) +- Improved the SRP support, to prevent attackers guessing the + available usernames by brute force. +- Improved the SRP detection in gnutls-cli-debug +- Some fixes which now allow compilation. + +* Version 0.8.0 (2003-01-20) +- Added gnutls_x509_extract_dn_string() which returns a + distinguished name in a single string. +- Added gnutls_openpgp_extract_key_name_string() which returns + an openpgp user ID in a single string. +- Added gnutls_x509_extract_certificate_ca_status() which returns + the CA status of the given certificate. +- Added SRP-6 support. Follows draft-ietf-tls-srp-04. +- If libtasn1 is not present in the system, it is included in + the main gnutls library. +- If liblzo is present in the system, then the included minilzo + will not be used, and libgnutls-extra will depend on liblzo. +- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR, + and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also + replaced by GNUTLS_E_BASE64_DECODING_ERROR. + +* Version 0.6.0 (2002-12-08) +- Added "gnutls/compat4.h" header. This is included in gnutls.h + to emulate the old 0.4.x API. +- Example programs are now stored in doc/examples/ +- Several improvements and updates in the documentation. +- Added the certificate authenticated SRP cipher suites. +- gnutls_x509_extract_certificate_dn_string() was updated to return + an RFC2253 conforming string. +- Added the SRP related functions: + gnutls_srp_verifier() + gnutls_srp_base64_encode() + gnutls_srp_base64_decode() +- Added the function gnutls_srp_set_server_credentials_function() + to allow retrieving SRP parameters from an external backend - other + than password files. +- Added the function gnutls_openpgp_set_recv_key_function() + which can be used to set a callback, to get OpenPGP keys. +- Exported the functions: + gnutls_malloc() + gnutls_free() + which should be used by callback functions. +- Changed the semantics of gnutls_pem_base64_encode_alloc() + and gnutls_pem_base64_decode_alloc(). In the default case + were the gnutls library is used with malloc/realloc/free, + these are binary compatible. + +* Version 0.5.11 (2002-11-05) +- Some fixes in 'gnutls-cli' client program to prevent some segmentation + faults at exit. +- Example programs found in the documentation can now be generated by + running "make examples" in doc/tex directory. +- Added more descriptive error strings, to gnutls_strerror(). +- Documented error codes, and the function reference list is now sorted. +- Optimized buffering code. +- gnutls_x509_extract_certificate_dn_string() was rewritten. +- Added GNUTLS_E_SHORT_MEMORY_BUFFER error code, which is returned in the + case where the memory buffer provided is not long enough. +- Depends on the new OpenCDK 0.3.2. + +* Version 0.5.10 (2002-10-13) +- Updated documentation. +- Added server name extension. This allows clients to specify the + name of the server they connect to. Useful to HTTPS. +- Several corrections in the code base, mostly in signed/unsigned, + checkings. + +* Version 0.5.9 (2002-10-10) +- Corrected some code which worked fine in gcc 3.2, but not with any + other compiler. +- Updated 'gnutls-cli' with the '--starttls' option, to allow testing + starttls implementations. +- Added gnutls_x509_extract_key_pk_algorithm() function which extracts + the private key type, of a DER encoded key. +- Added gnutls_x509_extract_certificate_dn_string() which returns the + certificate's distinguished name in a single string. +- Added gnutls_set_default_priority() and gnutls_set_default_export_priority() + functions, to avoid calling all the *_priority() functions if the defaults + are acceptable. +- Added int gnutls_x509_check_certificates_hostname() which check whether + the given hostname matches the owner of the given X.509 certificate. + +* Version 0.5.8 (2002-09-25) +- Updated documentation. +- Added gnutls_record_get_direction() which replaces the obsolete + gnutls_handshake_get_direction(). +- Added function to convert error codes to alert descriptions +- Added LZO compression + +* Version 0.5.7 (2002-09-11) +- Some fixes in the memory allocation functions (realloc). +- Improved the string functions used in XML certificate generation. +- Removed dependency on libgdbm. +- Corrected bug in gnutls_dh_params_set() which affected + gnutls_dh_params_deinit(). +- Corrected bug in session resuming code in server side. + +* Version 0.5.6 (2002-09-06) +- Corrected bugs in SRP implementation, which prevented gnutls + to interoperate with other implementations. (interoperability testing + was done by David Taylor) +- Corrected bug in cert_type extension. +- Corrected extension type checks which used an 8 bit extension size, + instead of 16 bits. +- Added versioning in the XML output of certificate functions. +- Removed the X.509 test suite. + +* Version 0.5.5 (2002-09-03) +- Updated the SRP implementation to the latest draft. The blowfish + crypt implementation was removed, since the new draft does not allow + other hash algorithms except for the srpsha. +- Renamed all the constructed types in order to have more consistent + names. +- Improved the certificate and key read functions. Now they can read + the certificate and the private key from the same file. +- Updated and corrected documentation. + +* Version 0.5.4 (2002-08-27) +- Fixes in TLS 1.0 PRF and SSL3 random functions. +- gnutls_handshake_set_exportable_detection() was obsoleted. +- Added gnutls_openpgp_extract_key_id() which returns the key ID. +- Corrected bug in DHE key exchange +- Added support for temporary RSA keys which are needed for the + export cipher suites. +- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite. + +* Version 0.5.3 (2002-08-23) +- No changes. Replaces the tarball of 0.5.2 which accidentally contained + code from the unstable branch. + +* Version 0.5.2 (2002-08-22) +- Added an error code that is returned in clients which connect + to export only servers. This must be enabled using the + gnutls_handshake_set_exportable_detection() function. +- Updated openssl compatibility layer. +- Added gnutls_handshake_get_direction() function which returns + the state of the handshake when interrupted. + +* Version 0.5.1 (2002-07-17) +- Corrected the m4 macros which used <gnutls.h> instead of + <gnutls/gnutls.h> +- Documentation fixes +- Added gnutls_transport_set_ptr2() function, which accepts two + different pointers, to be used while receiving, and + while sending data. +- Semantic changes in gnutls_record_set_max_size(). The requested + size is now immediately enforced at the output buffers. +- gnutls_global_init_extra() now fails if the library versions do + not match. +- Fixes in client and server example programs. Null encryption can + be used in these programs, to assist in debuging. +- Fixes in zlib compression code. + +* Version 0.5.0 (2002-07-06) +- Added X.509 certificate tests in tests/ directory +- Removed stubs for SRP and Anonymous authentication. They served + no purpose since they are always included, unless it was requested + not to do so. +- Added gnutls_handshake_set_private_extensions() function. This + function can be used to enable private (gnutls specific) cipher suites + and compression algorithms. +- Added check for C99 macro support by the compiler. +- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2() +- Added the new libtasn1 library. +- Removed the gdbm backend. Applications are now responsible for the + session resuming backend. The gnutls-serv application contains an + simple example on how to use gdbm for resuming. +- Headers for the gnutls library are now installed in $(includedir)/gnutls +- Added an OpenSSL compatible interface (with some limitations). +- Added functions to convert DER encoded certificates to XML format. + +* Version 0.4.4 (2002-06-24) +- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt + using keys of some specific size. + +* Version 0.4.3 (2002-05-23) +- The gnutls-extra library now compiles fine, if the opencdk library is + not present. +- Several bug fixes. +- Added gnutls_global_set_mem_func() function, to set the memory allocation + functions, if other than the defaults are to be used. +- The default memory allocation functions are now the ones in libc. + +* Version 0.4.2 (2002-05-21) +- Separated ASN.1 structures parser documentation and TLS library + documentation. +- Added gnutls_handshake_set_rsa_pms() function, which disables the + version check in RSA premaster secret. +- Added gnutls_session_is_resumed() function, which reports if a session + is a resumed one. +- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to + assist in callback functions. +- Replaced the included 1024 bit prime for Diffie Hellman, with a new + random one. +- Relicensed the library under the GNU Lesser General Public License +- Added gnutls-extra library which contains the GPL covered code of gnutls. + +* Version 0.4.1 (2002-04-07) +- Now uses alloca() for temporary variables +- Optimized RSA signing +- Added functions to return the peer's certificate activation and + expiration time. +- Corrected time function's behaviour (the time value returned no longer + relate to local timezone). + +* Version 0.4.0 (2002-04-01) +- Added support for RFC2630 (PKCS7) X.509 certificate sets +- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(), + gnutls_openpgp_extract_key_pk_algorithm(). +- Several optimizations in the Handshake protocol +- Several optimizations in RSA algorithm +- Unified the return values because of small buffers. + +* Version 0.3.92 (2002-03-23) +- Updated documentation +- Combined error codes of ASN.1 parser and gnutls +- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration +- Added protection against CBC chosen plaintext attack (disabled by default) +- Improved and optimized compression support + +* Version 0.3.91 (2002-03-03) +- Added gnutls-cli-debug program +- Corrections in session resumption +- Rehandshake can now handle negotiation of different authentication + type. +- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are + now being installed. + +* Version 0.3.90 (2002-02-24) +- Handshake messages are not kept in memory any more. Now we use + less memory during a handshake +- Added support for certificates with DSA parameters +- Added DHE_DSS cipher suites +- Key exchange methods changed so they do not depend on the + certificate type. Added certificate type negotiation TLS extension. +- Added openpgp key support (EXPERIMENTAL) +- Improved Diffie Hellman key exchange support. +- Bug fixes in the RSA key exchange. +- Added check for the requested TLS extensions +- TLS extensions now use a 16 bit type field. +- Added a minimal string library to assist in ASN.1 parsing +- Changes in ASN.1 parser to work with the new bison +- Added gnutls_x509_extract_subject_alt_name(), which deprecates + gnutls_x509_extract_subject_dns_name() +- gnutls_x509_set_trust_(file/mem) can now be called multiple times +- gnutls_srp_server_set_cred_file() can now be called multiple times + +* Version 0.3.5 (2002-01-25) +- Corrected the RSA key exchange method, to avoid attacks against + PKCS-1 formating. + +* Version 0.3.4 (2002-01-20) +- Corrected bugs in DHE_RSA key exchange method + +* Version 0.3.3 (2002-01-19) +- Added gnutls_x509pki_verify_certificate() +- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem() +- Bug fixes in srpcrypt (based on patch by Marc Huber) +- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin) +- Corrected library versioning + +* Version 0.3.2 (2002-01-05) +- Corrected bug which did not allow a client to accept multiple CA names +- Added gnutls_fingerprint() +- Added gnutls_x509pki_extract_certificate_serial() +- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt() +- Corrected behaviour in version advertizing +- Updated documentation +- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions + +* Version 0.3.1 (2001-12-21) +- Corrections in the configuration files +- Fixes a bug in anonymous authentication + +* Version 0.3.0 (2001-12-17) +- Corrected bug in new integer formatting (now we use the old format again) +- Several corrections and usual cleanups + +* Version 0.2.91 (2001-12-10) +- Fixes in MPI handling (fixes possible bug with signed integers) +- Removed name indication extension +- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr() +- Optimizations in server certificate callback. +- Fixes in anonymous authentication +- Corrections in client ciphersuite selection + +* Version 0.2.90 (2001-12-07) +- gnutls_handshake(), gnutls_read() etc. functions no longer require + the 'SOCKET cd' argument. This argument is set using the function + gnutls_set_transport_ptr(). +- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns + a list containing peer's certificate and issuers DER encoded. +- Updated X.509 certificate handling API +- Added callback to select the server certificate +- More consistent function naming (changes in several function names) +- Buffer overflow checking in ASN.1 structures parser +- Updated documentation + +* Version 0.2.11 (2001-11-16) +- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value + is returned, then the caller should perform a handshake or send + an alert to the peer. +- Made receive buffer dynamic. Normally if no large chunks are received + it occupies less space. +- Added max_record_size extension +- Bugfixes in session handling +- Improved non blocking IO support in the Handshake Protocol +- Usual bugfixes and cleanups +- Documentation updated (includes ASN.1 documentation) + +* Version 0.2.10 (2001-11-05) +- Corrected bugs and improved non blocking IO +- Added hooks to use external database to store sessions +- Usual cleanups + +* Version 0.2.9 (2001-10-27) +- AUTH_INFO types and structures were moved to library internals +- AUTH_FAILED is no longer returned in SRP authentication + (any fatal error in SRP means auth failed) +- Introduced GNUTLS_E_INTERRUPTED +- Added support for non blocking IO +- gnutls_recv() and gnutls_send() are now obsolete +- Changed semantics of gnutls_rehandshake() + +* Version 0.2.4 (2001-10-12) +- Better handling of X.509 certificate extensions +- Added DHE_RSA ciphersuites +- Updated the Name Indication (dnsname) extension +- Improvements in Diffie Hellman primes handling + +* Version 0.2.3 (2001-09-19) +- Memory optimizations in gnutls_recv() +- Fixed several memory leaks +- Added ability to specify callback for x509 client certificate selection +- Better documentation + +* Version 0.2.2 (2001-08-21) +- Several bugfixes (library and documentation) + +* Version 0.2.1 (2001-08-07) +- SRP fixes + +* Version 0.2.0 (2001-08-07) +- Partial support for X.509v3 Certificate extensions. +- Added Internal memory handlers +- Removed gnutls_x509_set_cn() +- Added X.509 client authentication +- Several bug fixes and protocol fixes + +* Version 0.1.9 (2001-07-30) +- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate) +- SRP is updated to conform to the newest draft. +- Added support for DNSNAME extension. +- Reentracy fixes in ASN.1 Parsing. +- Optimizations in hash/hmac functions +- (Error) message handling has changed +- Better Protocol Version handling +- Added X.509 Certificate Verification +- gnutls_read() semantics are now closer to read(2) - added EOF +- Documented some part of gnutls in doc/tex/ using Latex + +* Version 0.1.4 (2001-06-22) +- Corrected (srp) base64 encoding. +- Changed bcrypt algorithm to include username. +- Added RSA Ciphersuites (no certificate checking). +- Fixes in SSL 2.0 client hello parsing. +- Added ASN.1 and DER parsers. +- Bugfixes in session resuming +- Updated Ciphersuite selection algorithm +- Added internal representation of X.509 structures. +- Added global state + +* Version 0.1.3 (2001-06-01) +- Updated API (and the way it is documented - we use inline documentation) +- Added function to access alert messages. +- Added support for renegotiating parameters. +- Better and Faster Resume Database handling. +- Several bugfixes + +* Version 0.1.2 (2001-05-14) +- Updated API +- Fixes in extension handling + +* Version 0.1.1 (2001-05-13) +- Added compatibility with Stanford's libsrp library + +* Version 0.1.0 (2001-05-09) +- Added SSL 2.0 client hello support +- GNUTLS is a gnu library +- Added support for TLS extensions. +- Added support for SRP + +* Version 0.0.7 (2001-01-11) +- Added server side session resuming (using gdbm) +- Added twofish algorithm + +* Version 0.0.6 (2000-12-20) +- Added client side session resuming +- Better documentation (check doc/API) +- Better socket handling (gnutls can be used with select()) +- Some primitive support for non blocking IO and socket options has been added. + +* Version 0.0.5 (2000-12-07) +- Added Compression (using ZLIB) +- Added SSL 3.0 support + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. +</pre></div> + +</body> +</html> diff --git a/abi-tracker/changelog/gnutls/current/log.html b/abi-tracker/changelog/gnutls/current/log.html index 84bda00418..b290bdb0dd 100644 --- a/abi-tracker/changelog/gnutls/current/log.html +++ b/abi-tracker/changelog/gnutls/current/log.html @@ -20,687 +20,763 @@ <br/> <h1>Changelog for <span class='version'>current</span> version (Git)</h1><br/><br/> <div class='changelog'> -<pre class='wrap'>commit 0a00b26b20c2999f8509c31dc5f8b6e81260e048 +<pre class='wrap'>commit d2a4cc28c7adfd811779a1cb16ae920300457940 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-02-03 09:20:05 +0100 +Date: 2016-03-13 11:39:22 +0100 - tests: pkcs11-pubkey-import-ecdsa will only work under softhsmv2 - -commit c479799cb30d9c0951dd225d252b2e9de7646224 -Author: Andreas Metzler <ametzler@bebt.de> -Date: 2016-01-31 17:59:37 +0100 - - Fix some more typos. + abi-check: corrected type of gnutls_x509_crl_get_issuer_dn - certifcate, funtion, withing, missmatch + That will avoid any accidental ABI breakage on that symbol. -commit a912e666cc53c1289b567c2217964e93c3786508 +commit 069b0770eb2adf295d14c0059af088eb9c740f7a Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-30 12:18:55 +0100 +Date: 2016-03-11 14:45:02 +0100 - tests: updated check to account for revert in 7d3caedb8df9d04eee9513cb5b3b417ae29927f5 + .gitlab-ci.yml: added abi-checker rule + + This allows to test ABI incompatibilities as soon as possible. -commit 48cbd6fb2c597a251207e1186f213283867bc5ad +commit 99b4b7bb53f6d36ee991e2a2679776faf433c9af Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-30 12:15:07 +0100 +Date: 2016-03-11 14:36:39 +0100 - Revert "tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" + Makefile: made abi-checks self-contained - This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b. + That is, they no longer assume a given directory structure to exist + outside git. It now includes a static dump of the symbols in 3.4.0 + for x86_64 and we compare with it. -commit 7d3caedb8df9d04eee9513cb5b3b417ae29927f5 +commit 1fcd82b7eee685bb77355e7386c525b915fc528b Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-30 11:15:13 +0100 +Date: 2016-03-11 11:52:17 +0100 - Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage" - - This was not really an out-of-bounds check. Added documentation - to make that clear. - - This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d. + certtool: better error handling in file_size() -commit 1b9b122830164059f6cab90d330c62adae840353 +commit 726c514201c0b843bfa88c6633cc7351f411780d Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-28 13:14:14 +0100 +Date: 2016-03-11 11:47:12 +0100 - certtool: corrected email escaping in texinfo + gnutls-cli: fix invalid initialization in cert_verify_ocsp() -commit f64fbce6e2ef574359b01ac6f89f5a6b9a125e28 +commit d50c05689de87a591b874d9349ac0f23c4040d69 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-28 10:45:17 +0100 +Date: 2016-03-11 11:45:23 +0100 - Replaced select() system call with poll() on POSIX systems + gnutls-serv: human_addr always returns a non-null argument - This allows to use the default gnutls functions with file descriptors - over the maximum supported by select. + This addresses issue with libc's which don't support printf() with + a NULL argument. -commit c58f4391ded0dc6ef282b6c6376fac3de25524c1 +commit 66b675c338479678b6e3f52d67551d97d5b28afa Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-25 11:08:21 +0100 +Date: 2016-03-08 15:10:07 +0100 - tests: windows: fixed check-output call + tests: testpkcs11: the test will always fail in code path failures -commit b927910880cff0a6cceca525f536df51e793a947 +commit b8555c09e80ec6211fbdbfc03de0e5fa401768e6 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-22 16:34:29 +0100 +Date: 2016-03-08 10:12:22 +0100 - tests: added dummy functions used by CAPI32 implementation + README: list the main branches build status [ci skip] -commit 4a516cbcd9b318effff6a1085e9536b870de606a +commit 67777d01cd234a279fdfcf742f4c2689d41fbf98 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-22 16:33:48 +0100 +Date: 2016-03-07 11:50:34 +0100 - tests: better checking for failure in windows cng check + gnutls_system_recv_timeout: restore poll on EINTR -commit c0dc4556e8d2e80c4f04c1655ed33e3bb659aa67 +commit d6a82ff09e15d2e76674562d2a1ebf6301efd064 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-22 12:59:47 +0100 - - system-key-win: call CertFreeCertificateContext() - -commit fc1e62399a296e7beb7a79081c32a6e086105c37 -Author: Bjørn Christensen <bhc@insight.dk> -Date: 2016-01-22 11:52:21 +0100 +Date: 2016-03-07 10:47:43 +0100 - system-key-win: added interface to CAPI, old style crypto api on windows + doc: corrected typo [ci skip] -commit 7a109d053fef7cc95be30c16e10528c7ae86d167 +commit 56944b142dfc54c116cd40953294a4914ba47aa9 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-21 14:45:56 +0100 +Date: 2016-03-07 10:42:14 +0100 - certtool: corrected texinfo output for krb5_principal + gnutls_ocsp_status_request_is_checked: document the version the flag was introduced at + + Relates: #75 -commit b9d2c7466f1e23105a87dd133ead5911de7277f8 +commit c1947fe1174c8b8cde70b0763cf4eb80fd0560f2 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-21 12:58:56 +0100 +Date: 2016-03-07 10:25:57 +0100 - tests: priorities: account for the addition of CHACHA20-POLY1305 + doc: generate manpages for all functions + + That addresses issue where certain manpages were created empty. + See https://bugzilla.redhat.com/show_bug.cgi?id=1306800 -commit 5b417325d4e9521490b55b6fdaf2ea3c7e99860c +commit 7e894ecdb401fc566556de551145fc6858f7e068 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-21 12:00:33 +0100 +Date: 2016-03-07 10:11:37 +0100 - CHACHA20_POLY1305 was added to the default priority strings + doc: mention gnutls_certificate_set_x509_trust_dir() + + It was not mentioned in the "Client or server certificate verification" + section. - That is the NORMAL and PERFORMANCE priority strings now will - enable CHACHA20-POLY1305 by default. + Resolves #76 -commit a7109322b071e8e76ee7ae82835b1f40ff89be74 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-18 18:38:36 +0100 +commit bbfde250fbbac0ce65569f9be1d2bc88925dcd4e +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-03-07 09:30:44 +0100 - gnutls_global_init: log gnutls' version on initialization + tests: mini-loss-time: improved timeout detection -commit 6856ffafa7b094d2db788a8213d8412f6421f803 +commit 58ca20e3d3a6eb4cd9dacd36f0c6e229c5bfcbb8 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-18 15:56:02 +0100 +Date: 2016-03-04 10:16:51 +0100 - doc: corrected typo [ci skip] + corrected typo in comment [ci skip] -commit 08612f4dc7c82fde791cf8d550e43f7e1b86f19f -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-16 20:54:20 +0100 +commit f5f37a8422ad869191e2c11f7a49cbd79f798365 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-03-01 16:23:55 +0100 - README: added trousers to list of dependencies [ci skip] + configure: silence clang's warnings -commit 367928578b651bc3252e8440993c02913eca046d +commit aa23adacd8b68124ef7fc055a2f05d2fb0a24220 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-16 20:43:42 +0100 +Date: 2016-03-03 14:24:13 +0100 - tests: added check for KRB5Principal output + tests: added check for version negotiation default prio string - Resolves #67 + That verifies whether the support versions are negotiated. -commit 92e140e074a77d9012119d81a6c6dd1da465203c +commit c30154ce66b2d1ffecba35e5311cc16a7c27a28d Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-14 17:16:00 +0100 +Date: 2016-03-03 09:05:32 +0100 - README.md -> README-alpha.md + tests: include test-hash-large into dist -commit 831d90e235eaf077a848b616dccd9c1bc7eed8d0 +commit 437571f00025c7bfcb8134de43bcb15a0129bb8b Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-14 17:09:23 +0100 +Date: 2016-03-03 08:50:48 +0100 - updated copyright info + Sync with TP [ci skip] -commit 08409b6a49569be125603ee58370452322213768 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-14 17:04:54 +0100 +commit 95504a934758b94d3daef69ef867314d86970971 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-03-02 09:59:19 +0100 - README: auto-generated from README-install.md + Update NEWS. -commit 912618905dc8eb6811e15aeff99b141ee0b680af +commit ce074f55f8aa6891ad7dd57e5729d77686f96d93 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-14 14:50:34 +0100 +Date: 2016-03-01 14:50:42 +0100 - gnutls_int.h: increased MAX_SERVER_NAME_SIZE to 256 bytes + Disable weak symbols for _gnutls_global_init_skip() under windows + + That is to avoid an issue with running gnutls under windows; + that renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows. + + Relates #74 -commit ecf3edb4e6b992b8df1bc9c878295c3daabe0369 +commit b8ce03e6db6ed13c021de69471fae332b1eadb11 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-13 13:14:55 +0100 +Date: 2016-03-01 13:19:29 +0100 - gnutls_pubkey_import_x509_raw: fixed memory leak + .gitlab-ci.yml: asan, clang and valgrind builds were made arch-independent -commit fccea4a3e84de3f4c52a9192efff413f6cc0e264 +commit 7c99351cf641abcf41f50c4e6392dbce627033c6 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 16:26:21 +0100 +Date: 2016-02-29 20:49:09 +0100 - tests: added check for the krb5_principal template option + tests: pkcs12: allow multiple in-place builds -commit 026f2445447cc4c56ec02adb5baf7ba552075b34 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-11 15:11:41 +0100 +commit 0a132efee4a5aa7802597a5e6e795ea3776fe8d4 +Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: 2016-02-29 19:41:33 +0100 - certtool: introduced the krb5_principal template option + tests: pkcs1-pad,rsa-md5-collision: allow multiple in-place builds -commit 332475e9cf8cf7afe117e93555dfe24df898bc4b -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-11 15:09:23 +0100 +commit 145cb5b565e7f71063990a513779b656f91fd3a1 +Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: 2016-02-29 17:12:49 +0100 + + doc update - x509: introduced GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL +commit eccfe8b41227f7c96900f01b5e80b2a2966e847d +Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: 2016-02-29 17:06:12 +0100 + + gnutls-cli: fail if gnutls is not compiled with DANE support and --dane is provided - That allows to print and write KRB5PrincipalName othernames - in subject alternative name. + Suggested by Bjorn Jacke. -commit 0a92ec601c3d33d6b939e2cd2e22302584fe8eea +commit b351bbf123586e0c115c201c0fc5aa9967d7571c Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-11 15:19:24 +0100 +Date: 2016-02-29 13:23:25 +0100 - x509: place newline when printing unsupported othernames + tests: always used the slow (portable) version of get16bits + + This prevents issues with misaligned addresses and undefined sanitizer. -commit 8339cc1a7d89e6fea65069810f5aec91dabd3fdd -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 16:05:41 +0100 +commit 1010496d4a1c101ab759bbea6c010503398554b5 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 12:46:47 +0100 - x509: moved virtual subject alternative name othername support to virt-san.c + timespec_sub_ms: fixed operation in 32-bit systems -commit a86c563a7a0033b5a1876c2f4969d62fae4fc5a6 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 14:46:16 +0100 +commit 8dfbfcb54f60401dc1e1d18b44ef7a4fa1e119f2 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 10:23:20 +0100 - gnutls_x509_crt_set_subject_alt_name: documented the version after which GNUTLS_SAN_OTHERNAME_XMPP is available + .gitlab-ci.yml: don't use the internal libtasn1 when compiling with libubsan + + This prevents build failures due to issues in libtasn1 -commit 11da583a2261e148db733e4b6e1543a3bfca44a6 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 14:45:03 +0100 +commit ac6046edd396d98fd426f922b85c392864b34f32 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 10:22:13 +0100 - tests: added check for XMPP othername generation + tests: Fixes to prevent undefined behavior (found with libubsan) -commit 32a1593c71b0aff90cd92ed0cea15fe9da2d2831 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 14:39:14 +0100 +commit 4bf89ef06091cd24d88fec19963b9c25b2e91e5e +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 10:18:58 +0100 - certtool: allow writing xmpp_name + pkcs11: Fixes to prevent undefined behavior (found with libubsan) -commit b992776d1e77309e9c11a7a1d9a1321caab768f6 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 14:30:56 +0100 +commit 60f3560ba5f2ccf3adf5ebf7e2eea9907d555cff +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:58:40 +0100 - Allow assigning 'virtual' SAN types via *_set_subject_alt_name() + cipher.c: Fixes to prevent undefined behavior (found with libubsan) -commit 66694906e6af8c606fb57d03a5ad0a3553baa47d -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 13:47:38 +0100 +commit c9a6fd2bf2c8e0b5efbc851460f7917be511d114 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:57:40 +0100 - NEWS: document newly added functions + ecc: optimized extension parsing -commit d6041385123411ec5485237e0e766ed992d49dec -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 08:17:51 +0100 +commit 63ac0b64a55ee9cb0df77c4174f42cd2c9ee4429 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:48:12 +0100 - alpn: when parsing the list of protocols return at the first mutually common - - That resolves an issue where the server wouldn't select the first mutually supported. - - Resolves #63 + opencdk: Fixes to prevent undefined behavior (found with libubsan) -commit b8313db56227e53bb87190432f89fd566d836c76 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 08:17:07 +0100 +commit e896f47f9710c9b15b353c63c0e3a01ee4f44835 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:48:02 +0100 - tests: mini-alpn: corrected protocol selection order + gnutls.h: Fixes to prevent undefined behavior (found with libubsan) -commit d2792c2079df4771403216812b4cb154fd997ed4 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-10 08:04:29 +0100 +commit 5bbe1ecbe4c6da8fd5015d0e4aceba580d16afa0 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:43:32 +0100 - tests: alpn: enhance the testing of ALPN negotiation + x509: Fixes to prevent undefined behavior (found with libubsan) -commit 92de93fb0492f5a5d27615ca0f1dbe068f5e563f -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-09 21:42:11 +0100 +commit e99499b0d81717279b790dbb98a149726ab502c0 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-29 09:27:23 +0100 - alpn: document how the selected protocol is selected [ci skip] + x509: cleanup in privkey.c -commit f7090ed8a9d80df08d03eff18c06e423fc4e0de7 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-09 21:20:00 +0100 +commit de39608309c03526d667a57ae77c2af84ddd0bbf +Author: Andreas Metzler <ametzler@bebt.de> +Date: 2016-02-28 15:35:01 +0100 - tests: verify that the selected ALPN protocol is the first advertised + Let p11tool --provider option accept filenames. + + Drop 'file-exists = yes;' to allow specifying either an absolute pathname + or a file in P11_MODULE_PATH. -commit 14becbb8f8a7aec87e049ab946705480fd929a92 +commit 0d897f1dd7e21891cefe04a146d83d045c7554b5 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 16:52:44 +0100 +Date: 2016-02-28 13:01:11 +0100 - gnutls_aead_cipher_decrypt: removed misleading text - - Reported by Fridolin Pokorny. + .gitlab-ci.yml: abort on ubsan errors -commit e2d69151e334946b0f67531a46c2cd89a58f9610 +commit 3bd37a4239769460c42f43ae932f304dd5132576 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 12:16:29 +0100 +Date: 2016-02-28 12:12:09 +0100 - tests: added check for certtool's othername writing functionality + p11tool: addressed memory leaks -commit 4a65b1a0ce58064b55c94c92dcc4445552827d37 +commit 4156885beac91ac45fc5853a8d034d0b7daab0c0 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 11:16:58 +0100 +Date: 2016-02-28 10:45:02 +0100 - certtool: added ability to generate othernames via template files + tests: use 'datefudge -s' to avoid loops - Relates #62 + This avoids repeated loops of the same test as well as + random failures in the test suite. -commit db6621c3a3ee626e4ccc9bade10e677c0fa3b318 +commit a7a5b886d38c5c2ffecbb7a5d1e3a62f397151ab Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 12:05:18 +0100 +Date: 2016-02-27 22:37:21 +0100 - x509: added flags to enable the encoding of othername data + tests: krb5-test: increased the number of loops + + This should prevent random failures in the test suite. -commit 3e8ba29e3fa535e106fa3a3205dc7b3e04956489 +commit 0919e73e9a79c98ff9f2be1b4e9bf665fa928295 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2016-01-08 11:05:36 +0100 +Date: 2016-02-27 22:23:34 +0100 - x509: introduced functions to set an othername alternative name - - That is, added, gnutls_x509_crt_set_subject_alt_othername, - gnutls_x509_crt_set_issuer_alt_othername, gnutls_x509_crq_set_subject_alt_othername - - Relates #62 + .gitlab-ci.yml: asan and ubsan include the suite/ -commit d1a9c629ace34bf715b590446ae83d82164e778e +commit bbaef09e45b57c783e26793ba6eb6b2e6a8a5226 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-07 14:35:59 +0100 +Date: 2016-02-23 10:35:14 +0100 - trust_list_get_issuer_by_dn: fixed check for DN or SPKI + .gitignore: more files to ignore -commit e037d042acc91191fb2c1a9b7fe12abf8e795634 +commit 7b56c641567c91175bab06cbe76925cecb3b0853 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-07 14:02:24 +0100 +Date: 2016-02-23 10:33:18 +0100 - configure: no longer distribute lzip tarballs + doc: documented false start functionality -commit d188c580b287648fb5bf9aefcc735ea3e6088d25 +commit 70c357b25f4222db7f8da6f173757ca27035b879 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-07 14:14:21 +0100 +Date: 2016-02-23 10:23:57 +0100 - symbols.last: don't include internal symbols into exported list + doc update -commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b +commit 945f10c436922abe41441e1754d343ff8ea3cbd2 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2016-01-05 11:21:43 +0100 +Date: 2016-02-23 10:14:53 +0100 - tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix + tests: Added checks for false start operation -commit 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 -Author: Tim Kosse <tim.kosse@filezilla-project.org> -Date: 2016-01-04 16:40:26 +0100 +commit dd8fb0e3e104836d69654d208129f7c762e3cdc0 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-23 09:40:26 +0100 - Fix out-of-bounds read in gnutls_x509_ext_export_key_usage + Added gnutls_handshake_set_false_start_function() + + This function allows to use TLS False-start, by using the provided + function to send data just after finished message. -commit 1b6b0bd3d8149663992b5992b442d860ad62eefb +commit 72fcf7dfe9f0388ea3ea9a03078b5ba1c183adcd Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 20:16:37 +0200 +Date: 2016-02-27 21:54:51 +0100 - .gitlab-ci.yml: optimized build process + tests: enable softhsmv2 test suite by default - That is, in slow asan and valgrind builds don't check the full test suite. + Also do not fatally fail with known softhsmv2 bugs. -commit 9b278dcadc49065d844755bade15c873ace3b040 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 14:35:45 +0200 +commit 85196f9fc98dd1a1426da4d7fd84e9397df05bb4 +Author: Jan Vcelak <jan.vcelak@nic.cz> +Date: 2016-02-26 16:17:48 +0100 - gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key + pkcs11: tests for RSA, ECC, DSA private key import + + Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> -commit 17f2c8f7f3ad2010ecf143dad8b249b0f58f5299 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 13:38:34 +0200 +commit 1b573fc2d00f0884041e3a009539f7074d2adafa +Author: Jan Vcelak <jan.vcelak@nic.cz> +Date: 2016-02-26 16:17:47 +0100 - tests: pkcs11-pubkey-import will check both RSA and ECDSA keys + pkcs11: tests for DSA key generating + + Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> -commit 3eeec745046d6048bba74cc96d92056aa2c0aec5 +commit 3cd9f45d01a0a56ef68cc6817b75a3ddabaf0a7c Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 13:35:30 +0200 +Date: 2016-02-27 17:56:36 +0100 - gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object - - Previously only RSA objects were correctly written. + added getpid() to the list of system calls used -commit e55b21d36bd563c8182b84c8c8fdc1163ddb4753 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 13:10:37 +0200 +commit 506ada3459b8e162865bfd7bb89698a457aaaae6 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-26 14:41:12 +0100 - tests: added ECDSA key in cert-common.h + .gitlab-ci.yml: added compilation rule with libubsan -commit 15a767133328601a5f10a759fd6e548c174d765f -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 12:20:41 +0200 +commit 7cf49a7e48a078e6c6a6cb1f1539621b7194742e +Author: Jan Vcelak <jan.vcelak@nic.cz> +Date: 2016-02-25 16:43:36 +0100 - pkcs11: moved default RSA public exponent out of stack + gnutls_x509_privkey_import: add missing algorithm setting for DSA keys + + The algorithm number was set only in the private key structure, not in + the nested structure with parameters. This made certain operations to + fail (e.g., copying the key into a PKCS #11 token). + + Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> -commit 9c32cfeb453aa81a4af955e5e8cbcb9ce7db59ed -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 12:17:21 +0200 +commit f9840c85dcbf9c6ad1bf53dc943a860bdb819dfe +Author: Jan Vcelak <jan.vcelak@nic.cz> +Date: 2016-02-25 15:21:30 +0100 - pkcs11: import public keys from any available object + pkcs11: implement correct DSA key pair generating - That is, load public keys from the public key object, or - the certificate object if they are present. That affects - non-RSA public keys which do not contain all required fields - on the private key object. + Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> -commit 0b28b3dde104d110d301a52ed8ed0f5c32a08361 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 01:02:30 +0200 +commit 88fbd274df32705424c2c752c3ac32b314ee2a94 +Author: Jan Vcelak <jan.vcelak@nic.cz> +Date: 2016-02-25 15:21:29 +0100 - session DB: made the magic number depending on gnutls' version + pkcs11: add interface for C_GenerateKey - That will make sure that sessions not stored by this version of - gnutls will not be resumed by another (which may be incompatible). + Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz> -commit 6fcdc3db628adfb24f2d218dec7fd199dde1d3c9 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:46:12 +0200 +commit dd8c145c9073f30c4e61eb519c3965054e889568 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-26 12:00:55 +0100 - ui.c -> fingerprint.c + better match with unknown_tls_aid -commit 15f8fcafa86cc7174aa6b0db6ad400b260a18593 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:45:43 +0200 +commit aa1cec5a54b1faedc794e30bf6fc65a6420ca663 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-26 11:54:05 +0100 - split OCSP functionality from ui.c + x509: moved time-specific functions to time.c -commit 879f5466fcb07e608825b59aac96c94e6954d24e -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:39:19 +0200 +commit 9a9a440efb2ae1808ebede141ba9909c58f4d2c6 +Author: Sebastian Dröge <sebastian@centricular.com> +Date: 2016-02-24 12:42:26 +0200 - split anon credentials functionality from ui.c + configure: Android is ELF too + + Without this, compiling Android for x86 or x86-64 fails because the assembly + optimizations are not compiled in. -commit a95807e14727a1ad53d2a65f70a8e2d2ed53e6ec -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:38:31 +0200 +commit 69be7ad81abd9aced5bb5b2c75b1480aadfb1ebd +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-25 15:45:04 +0100 - split psk functionality from ui.c + mentioned the public git URL for cloning [ci skip] -commit 1a776ff8c0ec1d1378295c231c46631cb8a0d536 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:37:22 +0200 +commit dee5a3158cf93f3c3d5ce930e2cac9d706961b59 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-24 15:12:23 +0100 - split session info functions from ui.c + doc update [ci skip] -commit 3c60327d27f4d63c9c66f1813da31d0db9beb6b5 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:34:25 +0200 +commit 1e7a9c095f726f6f4a713df3fdff51719b46229e +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-24 14:55:19 +0100 - split certificate credentials functions from ui.c + doc update -commit 4f27407b9bfcdc795db251dddfe610d5403e81f2 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:32:20 +0200 +commit 3fb514170d174aa4c98da99901d8431aee677b9c +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-24 14:53:59 +0100 - split dh API functions from ui.c + tests: check functions which export session parameters + + That is gnutls_session_get_random() and gnutls_session_get_master_secret(). -commit f3051205bc647d96136d8ef0936905f1c75a03e8 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-31 00:28:46 +0200 +commit fa09df03ed1784ae29bcdd2bb2245be7666a72d4 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-24 14:43:17 +0100 - split randomart functionality from ui.c + Added gnutls_session_get_master_secret + + This provides the ability to export all session parameters in various + formats. + + Resolves #64 -commit d1428c0f9e87655c5bb8543b443bb54979bf53be -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-30 23:18:32 +0200 +commit d37442db4f99a446de40dfac1166e28978b87ccf +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-22 15:51:11 +0100 - helper.c -> file.c + tests: gnutls_session_get_flags() is checked for extended master secret -commit 63726a76cc5fa56c3045d674212106f55c77e0c8 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-30 11:26:30 +0200 +commit 58637b017059a823b74e05dd583e4d11fb5ecd5d +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-22 15:49:25 +0100 - certtool: doc update [skip ci] + tests: check gnutls_session_get_flags() for EtM -commit 366260020123dc212dd776e05ff4f6220a6173e9 -Author: Andreas Metzler <ametzler@bebt.de> -Date: 2015-12-26 18:24:56 +0100 +commit 215eaeb3f5aac4f0ac13a48ac084bb8f2668069e +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-22 15:46:33 +0100 - Fix some typos [ci skip] + tests: check gnutls_session_get_flags() for safe renegotiation -commit 65002fce1c5cc68f90c898cd390189df6752da5c -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-24 11:54:21 +0200 +commit 59e256da3681b7a2ba61deef225589d045e07f7f +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-22 15:26:46 +0100 - NEWS: doc update [ci skip] + Added gnutls_session_get_flags() + + This function would allow to simplify handling of future + flags which we may want to indicate, and would not require + API additions for new flags. -commit eeb514a5b6b3be578ee779d6bfdaf4bf9521062f -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-24 11:44:00 +0200 +commit 9965ddc075df7033aa2786f921648d330cceb63f +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-22 11:57:30 +0100 - respect the max-record extension under DTLS + Revert ".gitlab-ci.yml: disable guile tests" - This resolves issue with max-record being negotiated but - ignored. Resolves #61 + This reverts commit 50ce516eebaf011f041002ecbfdb61b113159282. -commit 32f6aad0b09a4984f44b4219594fac0fa08e3197 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-24 11:42:58 +0200 +commit 3f98b1a874591c036675cce1f7380c5ad191ed1a +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-21 18:58:35 +0100 - tests: added check for max-record extension in TLS + guile: Fix out-of-tree builds. + + This fixes a regression introduced in 3045a96. + + * guile/Makefile.am (.in.scm): Make the parent directory of $@. -commit 421ee10a2156ada54763372444cbb21a4168054e -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-24 11:18:57 +0200 +commit f8a9d4248c8e1f2369358de9141483b01d70366f +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 17:04:24 +0100 - tests: check whether the max-record extension is usable with DTLS + Improved documentation in _gnutls_sort_clist -commit 2fe1ce16b06e473932ca08608b522b138a529d0b -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-24 11:13:28 +0200 +commit b0e2be6a28c5638af4415158d033ad99b8947d02 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 16:43:51 +0100 - dtls: print the MTU in debugging messages + gnutls_x509_crt_list_import: corrected memory leak + + This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was specified + and a failure occurred. -commit 66e31a847fcd13c0374fea719f1191c6411f2fa6 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-22 17:14:02 +0200 +commit 2408ca75d061856fd1d83389333e576df0e016b3 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 15:59:31 +0100 - updated documentation on supported algorithms [ci skip] + _gnutls_sort_clist: fixed issues when used with func option + + This function would incorrectly call func() on elements that were + included in the list, and would not call func() if the size of the + final chain was one. -commit 8d047c2551853717a65a2245b1b990f1c856e67b -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-22 11:30:52 +0200 +commit b9655b5f002ddd82d912b796a9db38be8771b8c5 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 15:10:54 +0100 - Added SHA384 to the list of TLS support MAC algorithms + tests: added tests for gnutls_pcert_list_import_x509_raw() -commit 149ed253d880a0c9232f1635b4c14e48feb2b7e1 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-21 12:46:09 +0200 +commit 611121584119434214e8208289375ff9cf5397af +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 14:29:20 +0100 + + ext master secret: ensure we disable ext master secret if requested + + That is, on rehandshakes, as on the standard handshakes it is disabled + by default. - documented the gitlab ci runner tags +commit 95537f79ba010a1b84e4f8eceee7a7b51a26f85a +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 14:18:04 +0100 -commit 8229a40c67294e56319c4687c2a19e3d14935418 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-20 11:11:38 +0200 + tests: verify that we do not allow rehandshakes without ext master + + That is, if we have an initial session which uses the extended master + secret do not allow subsequent rehandshakes to skip it. - tests: added timeout in long-running checks +commit dbe7970417c8c4eb3c1a6a3104df3dedb0f49a5c +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 11:53:20 +0100 -commit c71a1f2113d02cab604f10189197a0c9755bd03b -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-20 11:01:48 +0200 + tests: sha3-test: use different dates for generation and validation - certtool: eliminated various memory leaks +commit f93df7ca5170a3e3d2f6049326bc0b273f378f05 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 10:55:32 +0100 -commit 7192e7a8dd680e674a354839159007aa01c89de3 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-20 10:48:27 +0200 + certtool: eliminated memory leaks - certtool: prevented memory leak in pkcs8-info cmd +commit c79744971ff29ac4a367003a9d4c00095fb47627 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 10:28:33 +0100 -commit 70bbf4686f352a7ff557458b234bdeabe2749ac2 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-19 16:58:03 +0200 + bumped the version of max algorithm num to account for new signing algorithms - certtool: do not use signal() under win32 +commit 107e1df19715ffd4701bfcd3325c5cc80e5174b0 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-18 09:17:17 +0100 -commit 19758c412e50d444484b4483eec18848872ccf88 -Author: Alon Bar-Lev <alon.barlev@gmail.com> -Date: 2015-12-18 17:34:01 +0200 + src: added systemkey-args to BUILT_SOURCES - build: configure.ac: manpages cleanups - - Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> +commit b7b8e3b521fb900bb9dd060b181dc0c241c21e84 +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-17 15:19:08 +0100 -commit af385d1552c0d5854db6db03c82e1e9b89e80b94 -Author: Alon Bar-Lev <alon.barlev@gmail.com> -Date: 2015-12-18 12:14:08 +0200 + tests: simplified sha3-test - build: allow installing man(1) even with --disable-doc - - Currently these man pages are installed only if --enable-doc - is provided, while these are not actually docs, do not require any - special dependency, nor consume large space. - - This adds --enable-manpages to enable/disable manpages installation, and - install the man(1) regardless of --disable-doc. - - Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> - Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +commit 8a8790fc65644b1c59e078048d0a67d481ed1c8b +Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: 2016-02-17 05:43:24 +0100 + + cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp 6.1.0 and p11-kit 0.23.2 [ci skip] -commit 15127ff7aa674b25827c4017a4584261613d4cc9 +commit 50ce516eebaf011f041002ecbfdb61b113159282 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 14:32:25 +0100 +Date: 2016-02-16 16:46:54 +0100 - certtool: ignore sigpipe + .gitlab-ci.yml: disable guile tests - This signal was observed under certain cirquimstances + This prevents the test suite from failing. -commit ad7149073a68125cc56ddc8cba9642a4a93b0837 +commit a88ce61a36909bb087032e1e3725ff7f24efdcc7 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 14:29:05 +0100 +Date: 2016-02-16 16:40:09 +0100 - certtool: don't close stdout on exit + doc update [ci skip] -commit ec314874eabab1fbec551af826bd6d01b52fc735 +commit 4f083ddd0739c2aa6c295d14619b35ce71f75777 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 14:24:23 +0100 +Date: 2016-02-11 16:18:00 +0100 - pkcs7: eliminated leak in gnutls_pkcs7_print + doc update -commit af02825492b671a30e131f4a4e21b261b03c8b6b +commit ca7885241de90a0e9e80456203f3f49d941ec1c2 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 13:56:31 +0100 +Date: 2016-02-11 16:13:12 +0100 - gnutls_pubkey_import_privkey: document that this operation is not possible in certain keys + tests: resume: check whether the server does not resume in ext master secret mismatch + + Relates #69 -commit 5a27aaf40fcefd4654ccc78044e59dbeaf028760 +commit 87de44f70d9d848b91f4a6b86fb12b7b8a8633ac Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 11:40:59 +0100 +Date: 2016-02-11 16:10:31 +0100 - doc: replace writev with sendmsg in the list of system calls + Ensure that session resumption does not occur when ext master secret status changes + + That is we make sure the server doesn't resume when: + 1. Original session had extended master secret but not advertised in resumed + 2. Original session did not have extended master secret but is advertised in resumed + + Relates #69 -commit fad54f9abd90b8ef62a1bd6e8e06d4a3fa85ae2f +commit b0f739c644b4182742bbb5f1485897aabeda6169 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 10:23:22 +0100 +Date: 2016-02-11 14:45:40 +0100 - tests: don't run the no-signal test in systems which MSG_NOSIGNAL is not available + tests: resume: simplified structure assignment using C99 syntax -commit 3c626a48251ae361ba9823145a6234841322e896 +commit cc82a0942b1866830541e6b0d874a7c95d091525 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-18 10:15:10 +0100 +Date: 2016-02-15 10:52:55 +0100 - Reduce the number of used syscalls by using sendmsg() instead of writev() - - We relied on sendmsg() anyway for the MSG_NO_SIGNAL version of the calls, - thus it is a good idea to avoid calling writev() and use sendmsg(). That - way we reduce the number of calls required for seccomp. + tests: added certification generation tests with SHA-3 tests -commit d0899dbc4344d84a71a3901c489624439fdbe15a -Author: Alon Bar-Lev <alon.barlev@gmail.com> -Date: 2015-12-17 19:57:53 +0200 +commit 2b6214dd440b50f4488741b186876e0e52d19c2f +Author: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: 2016-02-15 10:37:57 +0100 - doc: manpages: remove generated tpmtool.1 page + Added NIST's OIDs for SHA3 signature algorithms - Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> + This allows to generate certificates signed with SHA3. -commit 6670c53068567cc4ace79c2ce28448a11789e719 -Author: Alon Bar-Lev <alon.barlev@gmail.com> -Date: 2015-12-17 19:57:52 +0200 +commit 72eed3e63486f756e4861febedf7050a786901ee +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:38 +0100 - .gitignore: add m4/extern-inline.m4 + guile: Work around lack of 'eval-when' on 1.8. + + * guile/modules/gnutls.in (eval-when) [!guile-2]: New macro. -commit 6f2dba875cab3b1ba209f4d23b6eb53be5c87016 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-17 14:19:04 +0100 +commit 3a93730169d7d4658ca1e788b17758a4356a0331 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:37 +0100 - tests: added check to verify that the PKCS#7 embedded data are recovered as expected + guile: Install modules in versioned directory by default. + + * configure.ac: Change default 'GUILE_SITE' value to include + $guile_effective_version. -commit f49e359fab2bb63eee7a2308d0258b3e2e25a48d -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-17 14:18:17 +0100 +commit 10030021114f9eb52c8dc4f1369a441b6163241b +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:36 +0100 - certtool: introduced the --p7-show-data option + guile: build: Make silent rules actually quiet. - This option allows printing the embedded data in a PKCS#7 signed - structure. + * guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at). + * guile/src/Makefile.am (enums.h, enum-map.i.c) + (smobs.h, smob-types.i.c, %.x): Likewise. -commit ed8fb55c01d18047c0b3a2e11cc43b965352fa01 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-17 14:17:23 +0100 +commit 3045a96d37f551f60482e9cc74513d60b0590600 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:35 +0100 - gnutls_pkcs7_get_embedded_data: added function + guile: Build and install .go files on Guile 2.x. - This function allows extracting the embedded data from a PKCS#7 signed - structure. + * configure.ac: Check for 'guild' and substitute 'GUILD'. Define + 'HAVE_GUILD'. Substitute 'guileobjectdir'. Don't output + guile/modules/Makefile and guile/tests/Makefile. + * guile/modules/Makefile.am, guile/tests/Makefile.am: Remove. Move + contents to... + * guile/Makefile.am: ... here. + (SUBDIRS): Remove 'modules' and 'tests'. -commit d7a42b3c5c2f5a346edeb8ad0986ea22d53dd389 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-16 16:13:41 +0100 +commit 92d471b8c10d09795737b695533a43dd08a6b693 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:34 +0100 - tests: updated pkcs7-gen to account for content-type attribute + guile: doc: Change prompt in examples. + + * doc/gnutls-guile.texi (Guile Preparations): Use the prompt found in + 2.0. Change "libguile-gnutls-v-0" to "guile-gnutls-v-2". -commit d6f842d5f5b99a39149ffd296633492273680b73 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-16 14:52:39 +0100 +commit cb5b3a38e0c91f6b4c6b9ce9770649c6486c331a +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:33 +0100 - tests: check whether the content-type attribute is set if we sign using time + guile: tests: Add Guile 2.2 compatibility layer. + + This allows tests to run with Guile 2.1/2.2. + + * guile/modules/gnutls/build/tests.scm (define-replacement) [guile-2]: + New macro. + (uniform-vector-read!, uniform-vector-write) [guile-2]: New procedures. + * doc/gnutls-guile.texi (Guile Preparations): Mention 2.2. -commit 7551f1b9d9de2908ab7a4d12b953d9caec497fc2 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-16 14:28:23 +0100 +commit fcf6f8427c55e8b068ada8735098b46597dadc71 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:32 +0100 - pkcs7: set by default the content type attribute + guile: tests: Make sure no processes are left behind. + + Before that, child processes would be left behind and become zombies. - That is a requirement of rfc5652. Relates #59 + * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, + guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: + Add (waitpid pid) call on the server side. -commit 6cc022a099f3d13a8da59850a553a050703a01e7 -Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-16 14:02:56 +0100 +commit 53b7d41a26b3d61a62b2576e30d93f9f8c9aaef6 +Author: Ludovic Courtès <ludo@gnu.org> +Date: 2016-02-11 23:04:31 +0100 - pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures + guile: tests: Add 'with-child-process'. + + This makes sure that child processes always exit no matter what. - That is because there are implementations which cannot cope with the - normal RSA signature OIDs. Relates #59 + * guile/modules/gnutls/build/tests.scm (define-syntax-rule) [!guile-2]: + New macro. + (call-with-child-process): New procedure. + (with-child-process): New macro. + * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, + guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use it + instead of an explicit 'primitive-fork' call. + * guile/.dir-locals.el: New file. + * guile/Makefile.am (EXTRA_DIST): New variable. -commit 0dd5c078ad6db71f60a107dc0cdf78637baeafe1 +commit e6dcb14dbbd3e9e40a1f193a7bf6657e82b88cb9 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: 2015-12-16 10:10:20 +0100 +Date: 2016-02-15 09:52:10 +0100 - pkcs7: Disable the optional fields prior to generating the PKCS#7 structure + tests: mini-loss-time: ensure client timeouts after the server is - This resolves issue with our PKCS#7 structures not being parsed by - MacOSX' tools. Relates #59 + This addresses issue with the server detecting the client disconnection + prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler. -commit 20323a763bccb048090e9e343b9012361b08bc91 -Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: 2015-12-15 22:28:55 +0100 +commit 20ba8633d7c5f8795d4913a017c70cd6d73b45a1 +Author: Jaak Ristioja <jaak.ristioja@cyber.ee> +Date: 2016-02-12 16:59:31 +0200 - certtool: corrected invalid free + Removed the invariant htype parameter of _gnutls_recv_int() + + All uses of _gnutls_recv_int() passed -1 as the htype argument of type + gnutls_handshake_description_t, which had been used for SSLv2 client + hellos. Introduced in 2001 with dc1122e7b6. ...</pre></div> diff --git a/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html b/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html new file mode 100644 index 0000000000..0e06556d67 --- /dev/null +++ b/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html @@ -0,0 +1,442 @@ +<!-- verdict:incompatible;affected:0.1;added:10;removed:1;type_problems_high:0;type_problems_medium:0;type_problems_low:0;interface_problems_high:0;interface_problems_medium:0;interface_problems_low:0;changed_constants:0;tool_version:1.99.14 --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="libgnutls, binary compatibility, API, report" /> + <meta name="description" content="Binary compatibility report for the libgnutls object between 3.4.10 and current versions on x86_64" /> + <title> + libgnutls: 3.4.10 to current binary compatibility report + </title> + <style type="text/css"> + body { + font-family:Arial, sans-serif; + background-color:White; + color:Black; +} +hr { + color:Black; + background-color:Black; + height:1px; + border:0; +} +h1 { + margin-bottom:0px; + padding-bottom:0px; + font-size:1.625em; +} +h2 { + margin-bottom:0px; + padding-bottom:0px; + font-size:1.25em; + white-space:nowrap; +} +span.section { + font-weight:bold; + cursor:pointer; + color:#003E69; + white-space:nowrap; + margin-left:5px; +} +span.new_sign { + font-weight:bold; + margin-left:26px; + color:#003E69; +} +span.new_sign_lbl { + margin-left:28px; + font-size:0.875em; + color:Black; +} +span:hover.section { + color:#336699; +} +span.section_affected { + cursor:pointer; + margin-left:7px; + padding-left:15px; + font-size:0.875em; + color:#cc3300; +} +span.section_info { + cursor:pointer; + margin-left:7px; + padding-left:15px; + font-size:0.875em; + color:Black; +} +span.extendable { + font-weight:100; +} +span.h_name { + color:#cc3300; + font-size:0.875em; + font-weight:bold; +} +div.h_list, div.lib_list { + font-size:0.94em; + padding-left:5px; +} +span.ns { + color:#408080; + font-size:0.94em; +} +span.lib_name { + color:Green; + font-size:0.875em; + font-weight:bold; +} +span.iname { + font-weight:bold; + color:#003E69; + margin-left:5px; +} +span.iname_b { + font-weight:bold; + font-size:1.1em; +} +span.iname_a { + color:#333333; + font-weight:bold; + font-size:0.94em; +} +span.sym_p { + font-weight:normal; + white-space:normal; +} +div.affect { + padding-left:15px; + padding-bottom:10px; + font-size:0.87em; + font-style:italic; + line-height:0.75em; +} +div.affected { + padding-left:30px; + padding-top:10px; +} +table.ptable { + border-collapse:collapse; + border:1px outset black; + line-height:1em; + margin-left:15px; + margin-top:3px; + margin-bottom:3px; + width:900px; + +} +table.ptable td { + border:1px solid gray; + padding: 3px; + font-size:0.875em; +} +table.vtable { + border-collapse:collapse; + border:1px outset black; + line-height:16px; + margin-left:30px; + margin-top:10px; +} +table.vtable td { + border:1px solid gray; + word-wrap:break-word; + padding: 3px; + font-size:0.875em; + max-width:450px; + vertical-align:top; +} +table.ptable th, table.vtable th { + background-color:#eeeeee; + font-weight:bold; + color:#333333; + font-family:Verdana, Arial; + font-size:0.81em; + border:1px solid gray; + text-align:center; + vertical-align:top; + white-space:nowrap; + padding: 3px; +} +table.summary { + border-collapse:collapse; + border:1px outset black; +} +table.summary th { + background-color:#eeeeee; + font-weight:100; + text-align:left; + font-size:0.94em; + white-space:nowrap; + border:1px inset gray; + padding: 3px; +} +table.summary td { + text-align:right; + white-space:nowrap; + border:1px inset gray; + padding: 3px 5px 3px 10px; +} +span.mangled { + padding-left:15px; + font-size:0.875em; + cursor:text; + color:#444444; +} +span.sym_ver { + color:#333333; + white-space:nowrap; + font-family:"DejaVu Sans Mono", Monospace; +} +span.attr { + color:#333333; + font-weight:100; +} +span.color_p { + font-style:italic; + color:Brown; +} +span.param { + font-style:italic; +} +span.focus_p { + font-style:italic; + /* color:Red; */ + background-color:#FFCCCC; +} +span.ttype { + font-weight:100; +} +span.nowrap { + white-space:nowrap; +} +span.value { + white-space:nowrap; + font-weight:bold; +} +td.passed { + background-color:#CCFFCC; +} +td.warning { + background-color:#F4F4AF; +} +td.failed { + background-color:#FFCCCC; +} +td.new { + background-color:#C6DEFF; +} +.top_ref { + font-size:0.69em; +} +.footer { + font-size:0.75em; +} + + </style> + <script type="text/javascript" language="JavaScript"> + <!-- + function showContent(header, id) +{ + e = document.getElementById(id); + if(e.style.display == 'none') + { + e.style.display = 'block'; + e.style.visibility = 'visible'; + header.innerHTML = header.innerHTML.replace(/\[[^0-9 ]\]/gi,"[−]"); + } + else + { + e.style.display = 'none'; + e.style.visibility = 'hidden'; + header.innerHTML = header.innerHTML.replace(/\[[^0-9 ]\]/gi,"[+]"); + } +} + --> + </script> + </head> +<body> +<div><a name='Top'></a> +<h1>Binary compatibility report for the <span style='color:Blue;'>libgnutls.so</span> object between <span style='color:Red;'>3.4.10</span> and <span style='color:Red;'>current</span> versions on <span style='color:Blue;'>x86_64</span></h1> + +<h2>Test Info</h2><hr/> +<table class='summary'> +<tr><th>Module Name</th><td>libgnutls</td></tr> +<tr><th>Version #1</th><td>3.4.10</td></tr> +<tr><th>Version #2</th><td>current</td></tr> +<tr><th>CPU Type</th><td>x86_64</td></tr> +</table> +<h2>Test Results</h2><hr/> +<table class='summary'><tr><th>Total Header Files</th><td><a href='#Headers' style='color:Blue;'>15</a></td></tr> +<tr><th>Total Source Files</th><td><a href='#Sources' style='color:Blue;'>100</a></td></tr> +<tr><th>Total Objects</th><td><a href='#Libs' style='color:Blue;'>1</a></td></tr> +<tr><th>Total Symbols / Types</th><td>935 / 453</td></tr> +<tr><th>Verdict</th><td><span style='color:Red;'><b>Incompatible<br/>(0.1%)</b></span></td></tr> +</table> +<h2>Problem Summary</h2><hr/> +<table class='summary'><tr><th></th><th style='text-align:center;'>Severity</th><th style='text-align:center;'>Count</th></tr><tr><th>Added Symbols</th><td>-</td><td class='new'><a href='#Added' style='color:Blue;'>10</a></td></tr> +<tr><th>Removed Symbols</th><td>High</td><td class='failed'><a href='#Removed' style='color:Blue;'>1</a></td></tr> +<tr><th rowspan='3'>Problems with<br/>Data Types</th><td>High</td><td>0</td></tr> +<tr><td>Medium</td><td>0</td></tr> +<tr><td>Low</td><td>0</td></tr> +<tr><th rowspan='3'>Problems with<br/>Symbols</th><td>High</td><td>0</td></tr> +<tr><td>Medium</td><td>0</td></tr> +<tr><td>Low</td><td>0</td></tr> +<tr><th>Problems with<br/>Constants</th><td>Low</td><td>0</td></tr> +</table> + +<a name='Added'></a><h2>Added Symbols (10)</h2><hr/> +<span class='h_name'>abstract.h</span>, <span class='lib_name'>libgnutls.so.30.6.0</span><br/> +<span class="iname">gnutls_privkey_generate2 <span class='sym_p'>( gnutls_privkey_t <span class='color_p'>pkey</span>, gnutls_pk_algorithm_t <span class='color_p'>algo</span>, unsigned int <span class='color_p'>bits</span>, unsigned int <span class='color_p'>flags</span>, gnutls_keygen_data_st const* <span class='color_p'>data</span>, <span class='nowrap'>unsigned int <span class='color_p'>data_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_privkey_get_seed <span class='sym_p'>( gnutls_privkey_t <span class='color_p'>key</span>, gnutls_digest_algorithm_t* <span class='color_p'>digest</span>, <span class='nowrap'>void* <span class='color_p'>seed</span>,</span> <span class='nowrap'>size_t* <span class='color_p'>seed_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_privkey_set_flags <span class='sym_p'>( gnutls_privkey_t <span class='color_p'>key</span>, <span class='nowrap'>unsigned int <span class='color_p'>flags</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_privkey_verify_seed <span class='sym_p'>( gnutls_privkey_t <span class='color_p'>key</span>, gnutls_digest_algorithm_t <span class='color_p'>digest</span>, void const* <span class='color_p'>seed</span>, <span class='nowrap'>size_t <span class='color_p'>seed_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<br/> +<span class='h_name'>crypto.h</span>, <span class='lib_name'>libgnutls.so.30.6.0</span><br/> +<span class="iname">gnutls_decode_ber_digest_info <span class='sym_p'>( gnutls_datum_t const* <span class='color_p'>info</span>, gnutls_digest_algorithm_t* <span class='color_p'>hash</span>, unsigned char* <span class='color_p'>digest</span>, <span class='nowrap'>unsigned int* <span class='color_p'>digest_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_encode_ber_digest_info <span class='sym_p'>( gnutls_digest_algorithm_t <span class='color_p'>hash</span>, gnutls_datum_t const* <span class='color_p'>digest</span>, <span class='nowrap'>gnutls_datum_t* <span class='color_p'>output</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<br/> +<span class='h_name'>x509.h</span>, <span class='lib_name'>libgnutls.so.30.6.0</span><br/> +<span class="iname">gnutls_x509_privkey_generate2 <span class='sym_p'>( gnutls_x509_privkey_t <span class='color_p'>key</span>, gnutls_pk_algorithm_t <span class='color_p'>algo</span>, unsigned int <span class='color_p'>bits</span>, unsigned int <span class='color_p'>flags</span>, gnutls_keygen_data_st const* <span class='color_p'>data</span>, <span class='nowrap'>unsigned int <span class='color_p'>data_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_x509_privkey_get_seed <span class='sym_p'>( gnutls_x509_privkey_t <span class='color_p'>key</span>, gnutls_digest_algorithm_t* <span class='color_p'>digest</span>, <span class='nowrap'>void* <span class='color_p'>seed</span>,</span> <span class='nowrap'>size_t* <span class='color_p'>seed_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_x509_privkey_set_flags <span class='sym_p'>( gnutls_x509_privkey_t <span class='color_p'>key</span>, <span class='nowrap'>unsigned int <span class='color_p'>flags</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<span class="iname">gnutls_x509_privkey_verify_seed <span class='sym_p'>( gnutls_x509_privkey_t <span class='color_p'>key</span>, gnutls_digest_algorithm_t <span class='color_p'>digest</span>, void const* <span class='color_p'>seed</span>, <span class='nowrap'>size_t <span class='color_p'>seed_size</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<br/> +<a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Removed'></a><a name='Withdrawn'></a><h2>Removed Symbols (1)</h2><hr/> +<span class='h_name'>pkcs7.h</span>, <span class='lib_name'>libgnutls.so.30.6.2</span><br/> +<span class="iname">gnutls_pkcs7_get_embedded_data <span class='sym_p'>( gnutls_pkcs7_t <span class='color_p'>pkcs7</span>, unsigned int <span class='color_p'>idx</span>, <span class='nowrap'>gnutls_datum_t* <span class='color_p'>data</span> )</span></span><span class='sym_ver'> @@ GNUTLS_3_4</span></span><br/> +<br/> +<a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Headers'></a><h2>Header Files (15)</h2><hr/> +<div class='h_list'> +abstract.h<br/> +compat.h<br/> +crypto.h<br/> +dtls.h<br/> +gnutls.h<br/> +ocsp.h<br/> +openpgp.h<br/> +pkcs11.h<br/> +pkcs12.h<br/> +pkcs7.h<br/> +system-keys.h<br/> +tpm.h<br/> +urls.h<br/> +x509-ext.h<br/> +x509.h<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Sources'></a><h2>Source Files (100)</h2><hr/> +<div class='h_list'> +alpn.c<br/> +auto-verify.c<br/> +cert_types.c<br/> +ciphers.c<br/> +ciphersuites.c<br/> +common.c<br/> +crl.c<br/> +crl_write.c<br/> +crq.c<br/> +crypto-api.c<br/> +crypto-backend.c<br/> +debug.c<br/> +dn.c<br/> +ecc.c<br/> +email-verify.c<br/> +etm.c<br/> +ext_master_secret.c<br/> +extensions.c<br/> +extras.c<br/> +fips.c<br/> +gnutls_alert.c<br/> +gnutls_anon_cred.c<br/> +gnutls_auth.c<br/> +gnutls_buffers.c<br/> +gnutls_cert.c<br/> +gnutls_compress.c<br/> +gnutls_db.c<br/> +gnutls_dh.c<br/> +gnutls_dtls.c<br/> +gnutls_errors.c<br/> +gnutls_extensions.c<br/> +gnutls_global.c<br/> +gnutls_handshake.c<br/> +gnutls_mem.c<br/> +gnutls_openpgp.c<br/> +gnutls_pcert.c<br/> +gnutls_priority.c<br/> +gnutls_privkey.c<br/> +gnutls_privkey_raw.c<br/> +gnutls_psk.c<br/> +gnutls_pubkey.c<br/> +gnutls_range.c<br/> +gnutls_record.c<br/> +gnutls_session.c<br/> +gnutls_session_pack.c<br/> +gnutls_srp.c<br/> +gnutls_state.c<br/> +gnutls_str.c<br/> +gnutls_supplemental.c<br/> +gnutls_ui.c<br/> +gnutls_x509.c<br/> +heartbeat.c<br/> +hostname-verify.c<br/> +kx.c<br/> +locks.c<br/> +mac.c<br/> +max_record.c<br/> +name_constraints.c<br/> +ocsp.c<br/> +ocsp_output.c<br/> +output.c<br/> +pgp.c<br/> +pgpverify.c<br/> +pin.c<br/> +pkcs12.c<br/> +pkcs12_bag.c<br/> +pkcs7-attrs.c<br/> +pkcs7-output.c<br/> +pkcs7.c<br/> +privkey.c<br/> +privkey_openssl.c<br/> +privkey_pkcs8.c<br/> +protocols.c<br/> +publickey.c<br/> +random.c<br/> +safe-memfuncs.c<br/> +safe_renegotiation.c<br/> +secparams.c<br/> +server_name.c<br/> +session_ticket.c<br/> +sign.c<br/> +signature.c<br/> +srp.c<br/> +srp_sb64.c<br/> +srtp.c<br/> +status_request.c<br/> +system-keys-dummy.c<br/> +system.c<br/> +system_override.c<br/> +tpm.c<br/> +urls.c<br/> +verify-high.c<br/> +verify-high2.c<br/> +verify-tofu.c<br/> +verify.c<br/> +x509.c<br/> +x509_b64.c<br/> +x509_dn.c<br/> +x509_ext.c<br/> +x509_write.c<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Libs'></a><h2>Objects (1)</h2><hr/> +<div class='lib_list'> +libgnutls.so.30.6.2<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +</div> +<br/><br/><br/> +<hr/><div class='footer' align='right'><i>Generated by <a href='http://lvc.github.io/abi-compliance-checker/'>ABI Compliance Checker</a> 1.99.14  </i></div><br/> + +</body></html> diff --git a/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/meta.json b/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/meta.json new file mode 100644 index 0000000000..6c266a59ee --- /dev/null +++ b/abi-tracker/compat_report/gnutls/3.4.10/current/2455a/meta.json @@ -0,0 +1,8 @@ +{ + "Affected": "0.1", + "Added": 10, + "Removed": 1, + "TotalProblems": 0, + "Object1": "lib/libgnutls.so.30.6.2", + "Object2": "lib/libgnutls.so.30.6.0" +}
\ No newline at end of file diff --git a/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/abi_compat_report.html b/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/abi_compat_report.html new file mode 100644 index 0000000000..bf896630f9 --- /dev/null +++ b/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/abi_compat_report.html @@ -0,0 +1,419 @@ +<!-- verdict:compatible;affected:0;added:0;removed:0;type_problems_high:0;type_problems_medium:0;type_problems_low:0;interface_problems_high:0;interface_problems_medium:0;interface_problems_low:0;changed_constants:0;tool_version:1.99.14 --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="libgnutls, binary compatibility, API, report" /> + <meta name="description" content="Binary compatibility report for the libgnutls object between 3.4.9 and 3.4.10 versions on x86_64" /> + <title> + libgnutls: 3.4.9 to 3.4.10 binary compatibility report + </title> + <style type="text/css"> + body { + font-family:Arial, sans-serif; + background-color:White; + color:Black; +} +hr { + color:Black; + background-color:Black; + height:1px; + border:0; +} +h1 { + margin-bottom:0px; + padding-bottom:0px; + font-size:1.625em; +} +h2 { + margin-bottom:0px; + padding-bottom:0px; + font-size:1.25em; + white-space:nowrap; +} +span.section { + font-weight:bold; + cursor:pointer; + color:#003E69; + white-space:nowrap; + margin-left:5px; +} +span.new_sign { + font-weight:bold; + margin-left:26px; + color:#003E69; +} +span.new_sign_lbl { + margin-left:28px; + font-size:0.875em; + color:Black; +} +span:hover.section { + color:#336699; +} +span.section_affected { + cursor:pointer; + margin-left:7px; + padding-left:15px; + font-size:0.875em; + color:#cc3300; +} +span.section_info { + cursor:pointer; + margin-left:7px; + padding-left:15px; + font-size:0.875em; + color:Black; +} +span.extendable { + font-weight:100; +} +span.h_name { + color:#cc3300; + font-size:0.875em; + font-weight:bold; +} +div.h_list, div.lib_list { + font-size:0.94em; + padding-left:5px; +} +span.ns { + color:#408080; + font-size:0.94em; +} +span.lib_name { + color:Green; + font-size:0.875em; + font-weight:bold; +} +span.iname { + font-weight:bold; + color:#003E69; + margin-left:5px; +} +span.iname_b { + font-weight:bold; + font-size:1.1em; +} +span.iname_a { + color:#333333; + font-weight:bold; + font-size:0.94em; +} +span.sym_p { + font-weight:normal; + white-space:normal; +} +div.affect { + padding-left:15px; + padding-bottom:10px; + font-size:0.87em; + font-style:italic; + line-height:0.75em; +} +div.affected { + padding-left:30px; + padding-top:10px; +} +table.ptable { + border-collapse:collapse; + border:1px outset black; + line-height:1em; + margin-left:15px; + margin-top:3px; + margin-bottom:3px; + width:900px; + +} +table.ptable td { + border:1px solid gray; + padding: 3px; + font-size:0.875em; +} +table.vtable { + border-collapse:collapse; + border:1px outset black; + line-height:16px; + margin-left:30px; + margin-top:10px; +} +table.vtable td { + border:1px solid gray; + word-wrap:break-word; + padding: 3px; + font-size:0.875em; + max-width:450px; + vertical-align:top; +} +table.ptable th, table.vtable th { + background-color:#eeeeee; + font-weight:bold; + color:#333333; + font-family:Verdana, Arial; + font-size:0.81em; + border:1px solid gray; + text-align:center; + vertical-align:top; + white-space:nowrap; + padding: 3px; +} +table.summary { + border-collapse:collapse; + border:1px outset black; +} +table.summary th { + background-color:#eeeeee; + font-weight:100; + text-align:left; + font-size:0.94em; + white-space:nowrap; + border:1px inset gray; + padding: 3px; +} +table.summary td { + text-align:right; + white-space:nowrap; + border:1px inset gray; + padding: 3px 5px 3px 10px; +} +span.mangled { + padding-left:15px; + font-size:0.875em; + cursor:text; + color:#444444; +} +span.sym_ver { + color:#333333; + white-space:nowrap; + font-family:"DejaVu Sans Mono", Monospace; +} +span.attr { + color:#333333; + font-weight:100; +} +span.color_p { + font-style:italic; + color:Brown; +} +span.param { + font-style:italic; +} +span.focus_p { + font-style:italic; + /* color:Red; */ + background-color:#FFCCCC; +} +span.ttype { + font-weight:100; +} +span.nowrap { + white-space:nowrap; +} +span.value { + white-space:nowrap; + font-weight:bold; +} +td.passed { + background-color:#CCFFCC; +} +td.warning { + background-color:#F4F4AF; +} +td.failed { + background-color:#FFCCCC; +} +td.new { + background-color:#C6DEFF; +} +.top_ref { + font-size:0.69em; +} +.footer { + font-size:0.75em; +} + + </style> + <script type="text/javascript" language="JavaScript"> + <!-- + function showContent(header, id) +{ + e = document.getElementById(id); + if(e.style.display == 'none') + { + e.style.display = 'block'; + e.style.visibility = 'visible'; + header.innerHTML = header.innerHTML.replace(/\[[^0-9 ]\]/gi,"[−]"); + } + else + { + e.style.display = 'none'; + e.style.visibility = 'hidden'; + header.innerHTML = header.innerHTML.replace(/\[[^0-9 ]\]/gi,"[+]"); + } +} + --> + </script> + </head> +<body> +<div><a name='Top'></a> +<h1>Binary compatibility report for the <span style='color:Blue;'>libgnutls.so</span> object between <span style='color:Red;'>3.4.9</span> and <span style='color:Red;'>3.4.10</span> versions on <span style='color:Blue;'>x86_64</span></h1> + +<h2>Test Info</h2><hr/> +<table class='summary'> +<tr><th>Module Name</th><td>libgnutls</td></tr> +<tr><th>Version #1</th><td>3.4.9</td></tr> +<tr><th>Version #2</th><td>3.4.10</td></tr> +<tr><th>CPU Type</th><td>x86_64</td></tr> +</table> +<h2>Test Results</h2><hr/> +<table class='summary'><tr><th>Total Header Files</th><td><a href='#Headers' style='color:Blue;'>15</a></td></tr> +<tr><th>Total Source Files</th><td><a href='#Sources' style='color:Blue;'>100</a></td></tr> +<tr><th>Total Objects</th><td><a href='#Libs' style='color:Blue;'>1</a></td></tr> +<tr><th>Total Symbols / Types</th><td>986 / 473</td></tr> +<tr><th>Verdict</th><td><span style='color:Green;'><b>Compatible</b></span></td></tr> +</table> +<h2>Problem Summary</h2><hr/> +<table class='summary'><tr><th></th><th style='text-align:center;'>Severity</th><th style='text-align:center;'>Count</th></tr><tr><th>Added Symbols</th><td>-</td><td>0</td></tr> +<tr><th>Removed Symbols</th><td>High</td><td>0</td></tr> +<tr><th rowspan='3'>Problems with<br/>Data Types</th><td>High</td><td>0</td></tr> +<tr><td>Medium</td><td>0</td></tr> +<tr><td>Low</td><td>0</td></tr> +<tr><th rowspan='3'>Problems with<br/>Symbols</th><td>High</td><td>0</td></tr> +<tr><td>Medium</td><td>0</td></tr> +<tr><td>Low</td><td>0</td></tr> +<tr><th>Problems with<br/>Constants</th><td>Low</td><td>0</td></tr> +</table> + +<a name='Headers'></a><h2>Header Files (15)</h2><hr/> +<div class='h_list'> +abstract.h<br/> +compat.h<br/> +crypto.h<br/> +dtls.h<br/> +gnutls.h<br/> +ocsp.h<br/> +openpgp.h<br/> +pkcs11.h<br/> +pkcs12.h<br/> +pkcs7.h<br/> +system-keys.h<br/> +tpm.h<br/> +urls.h<br/> +x509-ext.h<br/> +x509.h<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Sources'></a><h2>Source Files (100)</h2><hr/> +<div class='h_list'> +alpn.c<br/> +auto-verify.c<br/> +cert_types.c<br/> +ciphers.c<br/> +ciphersuites.c<br/> +common.c<br/> +crl.c<br/> +crl_write.c<br/> +crq.c<br/> +crypto-api.c<br/> +crypto-backend.c<br/> +debug.c<br/> +dn.c<br/> +ecc.c<br/> +email-verify.c<br/> +etm.c<br/> +ext_master_secret.c<br/> +extensions.c<br/> +extras.c<br/> +fips.c<br/> +gnutls_alert.c<br/> +gnutls_anon_cred.c<br/> +gnutls_auth.c<br/> +gnutls_buffers.c<br/> +gnutls_cert.c<br/> +gnutls_compress.c<br/> +gnutls_db.c<br/> +gnutls_dh.c<br/> +gnutls_dtls.c<br/> +gnutls_errors.c<br/> +gnutls_extensions.c<br/> +gnutls_global.c<br/> +gnutls_handshake.c<br/> +gnutls_mem.c<br/> +gnutls_openpgp.c<br/> +gnutls_pcert.c<br/> +gnutls_priority.c<br/> +gnutls_privkey.c<br/> +gnutls_privkey_raw.c<br/> +gnutls_psk.c<br/> +gnutls_pubkey.c<br/> +gnutls_range.c<br/> +gnutls_record.c<br/> +gnutls_session.c<br/> +gnutls_session_pack.c<br/> +gnutls_srp.c<br/> +gnutls_state.c<br/> +gnutls_str.c<br/> +gnutls_supplemental.c<br/> +gnutls_ui.c<br/> +gnutls_x509.c<br/> +heartbeat.c<br/> +hostname-verify.c<br/> +kx.c<br/> +locks.c<br/> +mac.c<br/> +max_record.c<br/> +name_constraints.c<br/> +ocsp.c<br/> +ocsp_output.c<br/> +output.c<br/> +pgp.c<br/> +pgpverify.c<br/> +pin.c<br/> +pkcs12.c<br/> +pkcs12_bag.c<br/> +pkcs7-attrs.c<br/> +pkcs7-output.c<br/> +pkcs7.c<br/> +privkey.c<br/> +privkey_openssl.c<br/> +privkey_pkcs8.c<br/> +protocols.c<br/> +publickey.c<br/> +random.c<br/> +safe-memfuncs.c<br/> +safe_renegotiation.c<br/> +secparams.c<br/> +server_name.c<br/> +session_ticket.c<br/> +sign.c<br/> +signature.c<br/> +srp.c<br/> +srp_sb64.c<br/> +srtp.c<br/> +status_request.c<br/> +system-keys-dummy.c<br/> +system.c<br/> +system_override.c<br/> +tpm.c<br/> +urls.c<br/> +verify-high.c<br/> +verify-high2.c<br/> +verify-tofu.c<br/> +verify.c<br/> +x509.c<br/> +x509_b64.c<br/> +x509_dn.c<br/> +x509_ext.c<br/> +x509_write.c<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +<a name='Libs'></a><h2>Objects (1)</h2><hr/> +<div class='lib_list'> +libgnutls.so.30.6.1<br/> +</div> +<br/><a class='top_ref' href='#Top'>to the top</a><br/> +</div> +<br/><br/><br/> +<hr/><div class='footer' align='right'><i>Generated by <a href='http://lvc.github.io/abi-compliance-checker/'>ABI Compliance Checker</a> 1.99.14  </i></div><br/> + +</body></html> diff --git a/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/meta.json b/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/meta.json new file mode 100644 index 0000000000..a47fb139f9 --- /dev/null +++ b/abi-tracker/compat_report/gnutls/3.4.9/3.4.10/ab52f/meta.json @@ -0,0 +1,8 @@ +{ + "Affected": "0", + "Added": 0, + "Removed": 0, + "TotalProblems": 0, + "Object1": "lib/libgnutls.so.30.6.1", + "Object2": "lib/libgnutls.so.30.6.2" +}
\ No newline at end of file diff --git a/abi-tracker/gnutls.json b/abi-tracker/gnutls.json index 4cc296dcda..6b231e8df9 100644 --- a/abi-tracker/gnutls.json +++ b/abi-tracker/gnutls.json @@ -22,6 +22,16 @@ "PublicTypes": "public_types/gnutls/current/list" }, { + "Number": "3.4.10", + "Installed": "installed/gnutls/3.4.10", + "Source": "src/gnutls/3.4.10/gnutls-3.4.10.tar.xz", + "Changelog": "NEWS", + "HeadersDiff": "On", + "PkgDiff": "Off", + "ABIView": "Off", + "ABIDiff": "Off" + }, + { "Number": "3.4.9", "Installed": "installed/gnutls/3.4.9", "Source": "src/gnutls/3.4.9/gnutls-3.4.9.tar.xz", diff --git a/abi-tracker/headers_diff/gnutls/3.4.10/current/diff.html b/abi-tracker/headers_diff/gnutls/3.4.10/current/diff.html new file mode 100644 index 0000000000..6a6d094327 --- /dev/null +++ b/abi-tracker/headers_diff/gnutls/3.4.10/current/diff.html @@ -0,0 +1,912 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="GnuTLS, header, diff" /> + <meta name="description" content="Diff for header files between 3.4.10 and current versions of gnutls" /> + <link rel="stylesheet" type="text/css" href="../../../../css/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../../css/headers_diff.css" /> + + + <title> + GnuTLS: headers diff between 3.4.10 and current versions + </title> + + </head> + +<body> +<table width='100%' cellpadding='0' cellspacing='0'><tr><td><table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for GnuTLS' href='../../../../timeline/gnutls/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(GnuTLS)</h1></td></tr></table><hr/> +<br/> +<br/> +<h1>Headers diff: <span class='version'>3.4.10</span> vs <span class='version'>current</span></h1><br/><br/> + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> abstract.h (3.4.10) </th><th> </th><th> abstract.h (current) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 246</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 246</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * and gnutls_x509_privkey_generate() */</td><td> </td><td class="right"> * and gnutls_x509_privkey_generate() */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_SUBGROUP_TO_BITS(group, subgroup) (unsigned int)((subgroup<< +16)|(group))</td><td> </td><td class="right">#define GNUTLS_SUBGROUP_TO_BITS(group, subgroup) (unsigned int)((subgroup<< +16)|(group))</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_TO_SUBGROUP(bits) ((bits >> 16) & 0xFFFF)</td><td> </td><td class="right">#define GNUTLS_BITS_TO_SUBGROUP(bits) ((bits >> 16) & 0xFFFF)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_TO_GROUP(bits) (bits & 0xFFFF)</td><td> </td><td class="right">#define GNUTLS_BITS_TO_GROUP(bits) (bits & 0xFFFF)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_HAVE_SUBGROUP(bits) ((bits) & 0xFFFF0000)</td><td> </td><td class="right">#define GNUTLS_BITS_HAVE_SUBGROUP(bits) ((bits) & 0xFFFF0000)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int</td><td> </td><td class="right">int</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_privkey_generate (gnutls_privkey_t key,</td><td> </td><td class="right">gnutls_privkey_generate (gnutls_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_pk_algorithm_t algo, unsigned int bits,</td><td> </td><td class="right"> gnutls_pk_algorithm_t algo, unsigned int bits,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int flags);</td><td> </td><td class="right"> unsigned int flags);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_privkey_generate2(gnutls_privkey_t pkey,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_algorithm_t algo, unsigned int bits,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> unsigned int flags, const gnutls_keygen_data_st *da</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">ta, unsigned data_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int gnutls_privkey_verify_seed(gnutls_privkey_t key, gnutls_digest_algorith</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">m_t, const void *seed, size_t seed_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">*, void *seed, size_t *seed_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_verify_params(gnutls_privkey_t key);</td><td> </td><td class="right">int gnutls_privkey_verify_params(gnutls_privkey_t key);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0002" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_privkey_set_pin_function (gnutls_privkey_t key,</td><td> </td><td class="right">void gnutls_privkey_set_pin_function (gnutls_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_pin_callback_t fn, void *userd +ata);</td><td> </td><td class="right"> gnutls_pin_callback_t fn, void *userd +ata);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,</td><td> </td><td class="right">int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int *bits);</td><td> </td><td class="right"> unsigned int *bits);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key);</td><td> </td><td class="right">gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_status(gnutls_privkey_t key);</td><td> </td><td class="right">int gnutls_privkey_status(gnutls_privkey_t key);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_privkey_flags:</td><td> </td><td class="right"> * gnutls_privkey_flags:</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed +data as in the TLS protocol.</td><td> </td><td class="right"> * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed +data as in the TLS protocol.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, autom +atically</td><td> </td><td class="right"> * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, autom +atically</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * release it when the structure it was imported is released.</td><td> </td><td class="right"> * release it when the structure it was imported is released.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import.</td><td> </td><td class="right"> * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_PRIVKEY_DISABLE_CALLBACKS: The following flag disables call to P +IN callbacks etc.</td><td> </td><td class="right"> * @GNUTLS_PRIVKEY_DISABLE_CALLBACKS: The following flag disables call to P +IN callbacks etc.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * Only relevant to TPM keys.</td><td> </td><td class="right"> * Only relevant to TPM keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0003" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">* @GNUTLS_PRIVKEY_FLAG_PROVABLE: When generating a key involving prime num</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">bers, use provable primes; a seed may be required.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provab</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">le require an extended format which cannot be read by previous versions</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * of gnutls or other applications. By setting this flag the key will be </span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">exported in a backwards compatible way,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * even if the information about the seed used will be lost.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> *</td><td> </td><td class="right"> *</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * Enumeration of different certificate import flags.</td><td> </td><td class="right"> * Enumeration of different certificate import flags.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef enum gnutls_privkey_flags {</td><td> </td><td class="right">typedef enum gnutls_privkey_flags {</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,</td><td> </td><td class="right"> GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1,</td><td> </td><td class="right"> GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2,</td><td> </td><td class="right"> GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2,</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0004" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << <span class="delete">4</span></td><td> </td><td class="rblock"> GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << <span class="insert">4,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_PRIVKEY_FLAG_PROVABLE = 1 << 5,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT = 1 << 6</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">} gnutls_privkey_flags_t;</td><td> </td><td class="right">} gnutls_privkey_flags_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,</td><td> </td><td class="right">int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_pkcs11_privkey_t key,</td><td> </td><td class="right"> gnutls_pkcs11_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int flags);</td><td> </td><td class="right"> unsigned int flags);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_import_x509(gnutls_privkey_t pkey,</td><td> </td><td class="right">int gnutls_privkey_import_x509(gnutls_privkey_t pkey,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_privkey_t key,</td><td> </td><td class="right"> gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int flags);</td><td> </td><td class="right"> unsigned int flags);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,</td><td> </td><td class="right">int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_openpgp_privkey_t key,</td><td> </td><td class="right"> gnutls_openpgp_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 4 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>1 lines changed or deleted</i></th><th><i> </i></th><th><i>22 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><br/> + + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> crypto.h (3.4.10) </th><th> </th><th> crypto.h (current) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 59</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 59</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,</td><td> </td><td class="right">void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t ivlen);</td><td> </td><td class="right"> size_t ivlen);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,</td><td> </td><td class="right">int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t tag_size);</td><td> </td><td class="right"> size_t tag_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,</td><td> </td><td class="right">int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *text, size_t text_size);</td><td> </td><td class="right"> const void *text, size_t text_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);</td><td> </td><td class="right">void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t <span class="delete">algorithm);</span></td><td> </td><td class="rblock">int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t <span class="insert">algorithm) __GNU</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t <span class="delete">algorithm);</span></td><td> </td><td class="rblock"><span class="insert">TLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t <span class="delete">algorithm);</span></td><td> </td><td class="rblock">int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t <span class="insert">algorithm) __GNUTLS</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t <span class="insert">algorithm) __GNUTL</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">S_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* AEAD API</td><td> </td><td class="right">/* AEAD API</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t;</td><td> </td><td class="right">typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle,</td><td> </td><td class="right">int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_cipher_algorithm_t cipher,</td><td> </td><td class="right"> gnutls_cipher_algorithm_t cipher,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const gnutls_datum_t * key);</td><td> </td><td class="right"> const gnutls_datum_t * key);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int</td><td> </td><td class="right">int</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle,</td><td> </td><td class="right">gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> line 92</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> line 92</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *ptext, size_t ptext_len,</td><td> </td><td class="right"> const void *ptext, size_t ptext_len,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> void *ctext, size_t *ctext_len);</td><td> </td><td class="right"> void *ctext, size_t *ctext_len);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle);</td><td> </td><td class="right">void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Hash - MAC API */</td><td> </td><td class="right">/* Hash - MAC API */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef struct hash_hd_st *gnutls_hash_hd_t;</td><td> </td><td class="right">typedef struct hash_hd_st *gnutls_hash_hd_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef struct hmac_hd_st *gnutls_hmac_hd_t;</td><td> </td><td class="right">typedef struct hmac_hd_st *gnutls_hmac_hd_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0002" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm);</td><td> </td><td class="rblock">size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm)<span class="insert"> __GNUTLS +_CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hmac_init(gnutls_hmac_hd_t * dig,</td><td> </td><td class="right">int gnutls_hmac_init(gnutls_hmac_hd_t * dig,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_mac_algorithm_t algorithm,</td><td> </td><td class="right"> gnutls_mac_algorithm_t algorithm,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *key, size_t keylen);</td><td> </td><td class="right"> const void *key, size_t keylen);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,</td><td> </td><td class="right">void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *nonce, size_t nonce_len);</td><td> </td><td class="right"> const void *nonce, size_t nonce_len);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen);</td><td> </td><td class="right">int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest);</td><td> </td><td class="right">void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest);</td><td> </td><td class="right">void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0003" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm);</td><td> </td><td class="rblock">int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm)<span class="insert"> __GNUTLS_CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,</td><td> </td><td class="right">int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *key, size_t keylen,</td><td> </td><td class="right"> const void *key, size_t keylen,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *text, size_t textlen, void *digest);</td><td> </td><td class="right"> const void *text, size_t textlen, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hash_init(gnutls_hash_hd_t * dig,</td><td> </td><td class="right">int gnutls_hash_init(gnutls_hash_hd_t * dig,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_algorithm_t algorithm);</td><td> </td><td class="right"> gnutls_digest_algorithm_t algorithm);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen);</td><td> </td><td class="right">int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest);</td><td> </td><td class="right">void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest);</td><td> </td><td class="right">void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0004" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm);</td><td> </td><td class="rblock">int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm)<span class="insert"> __GNUTLS_CONST +__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,</td><td> </td><td class="right">int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *text, size_t textlen, void *digest);</td><td> </td><td class="right"> const void *text, size_t textlen, void *digest);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* register ciphers */</td><td> </td><td class="right">/* register ciphers */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_rnd_level_t:</td><td> </td><td class="right"> * gnutls_rnd_level_t:</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts</td><td> </td><td class="right"> * @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * of session if broken, i.e., vulnerable to statistical analysis.</td><td> </td><td class="right"> * of session if broken, i.e., vulnerable to statistical analysis.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number.</td><td> </td><td class="right"> * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> line 223</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> line 223</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int</td><td> </td><td class="right">int</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest,</td><td> </td><td class="right">gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> int priority,</td><td> </td><td class="right"> int priority,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_init_func init,</td><td> </td><td class="right"> gnutls_digest_init_func init,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_hash_func hash,</td><td> </td><td class="right"> gnutls_digest_hash_func hash,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_output_func output,</td><td> </td><td class="right"> gnutls_digest_output_func output,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_deinit_func deinit,</td><td> </td><td class="right"> gnutls_digest_deinit_func deinit,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_fast_func hash_fast);</td><td> </td><td class="right"> gnutls_digest_fast_func hash_fast);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0005" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">/* RSA-PKCS#1 1.5 helper functions */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> const gnutls_datum_t * digest,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_datum_t * output);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_decode_ber_digest_info(const gnutls_datum_t * info,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_digest_algorithm_t *hash,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> unsigned char *digest, unsigned int *digest_si</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">ze);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-OFF* */</td><td> </td><td class="right">/* *INDENT-OFF* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#ifdef __cplusplus</td><td> </td><td class="right">#ifdef __cplusplus</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">}</td><td> </td><td class="right">}</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-ON* */</td><td> </td><td class="right">/* *INDENT-ON* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 5 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>6 lines changed or deleted</i></th><th><i> </i></th><th><i>21 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><br/> + + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> gnutls.h (3.4.10) </th><th> </th><th> gnutls.h (current) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 56</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 56</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Get time_t. */</td><td> </td><td class="right">/* Get time_t. */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#include <time.h></td><td> </td><td class="right">#include <time.h></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-OFF* */</td><td> </td><td class="right">/* *INDENT-OFF* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#ifdef __cplusplus</td><td> </td><td class="right">#ifdef __cplusplus</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">extern "C" {</td><td> </td><td class="right">extern "C" {</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-ON* */</td><td> </td><td class="right">/* *INDENT-ON* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION "3.<span class="delete">4.1</span>0"</td><td> </td><td class="rblock">#define GNUTLS_VERSION "3.<span class="insert">5.</span>0"</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_VERSION_MAJOR 3</td><td> </td><td class="right">#define GNUTLS_VERSION_MAJOR 3</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0002" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION_MINOR <span class="delete">4</span></td><td> </td><td class="rblock">#define GNUTLS_VERSION_MINOR <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION_PATCH <span class="delete">10</span></td><td> </td><td class="rblock">#define GNUTLS_VERSION_PATCH <span class="insert">0</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0003" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION_NUMBER 0x030<span class="delete">40a</span></td><td> </td><td class="rblock">#define GNUTLS_VERSION_NUMBER 0x030<span class="insert">500</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128</td><td> </td><td class="right">#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)</td><td> </td><td class="right">#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"># define _SYM_EXPORT __declspec(dllimport)</td><td> </td><td class="right"># define _SYM_EXPORT __declspec(dllimport)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#else</td><td> </td><td class="right">#else</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"># define _SYM_EXPORT</td><td> </td><td class="right"># define _SYM_EXPORT</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0004" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#ifdef __GNUC__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"># define __GNUTLS_CONST__ __attribute__((const))</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"># define __GNUTLS_PURE__ __attribute__((pure))</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#else</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"># define __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"># define __GNUTLS_PURE__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#endif</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Use the following definition globally in your program to disable</td><td> </td><td class="right">/* Use the following definition globally in your program to disable</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * implicit initialization of gnutls. */</td><td> </td><td class="right"> * implicit initialization of gnutls. */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \</td><td> </td><td class="right">#define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> int _gnutls_global_init_skip(void) {return 1;}</td><td> </td><td class="right"> int _gnutls_global_init_skip(void) {return 1;}</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_cipher_algorithm_t:</td><td> </td><td class="right"> * gnutls_cipher_algorithm_t:</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0005" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_UNKNOWN: <span class="delete">Value to identify an unknown/unsupported algorit</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_UNKNOWN: <span class="insert">Unknown algorithm.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">hm.</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_NULL: NULL algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_NULL: <span class="delete">The</span> NULL <span class="delete">(identity) encryption</span> algorithm.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> line 106</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> line 114</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bi +t keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bi +t keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bi +t keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bi +t keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-b +it keys.</td><td> </td><td class="right"> * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-b +it keys.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 +authenticator (AEAD).</td><td> </td><td class="right"> * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 +authenticator (AEAD).</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0006" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB <span class="delete">mode (placeholder - unsupported</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB <span class="insert">mode.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">).</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB <span class="insert">mode.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB <span class="delete">mode (placeholder - unsupported</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB <span class="insert">mode.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">).</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB <span class="insert">mode.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB <span class="delete">mode (placeholder - unsupport</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">ed).</span></td><td> </td><td class="rblock"><span class="insert">ys.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB <span class="delete">mode (placeholder - uns</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit <span class="insert">keys.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">upported).</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit <span class="insert">keys.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit ke</td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit <span class="insert">keys.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">ys (placeholder - unsupported).</span></td><td> </td><td class="rblock"> * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB <span class="insert">mode.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit <span class="delete">keys (placeh</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">older - unsupported).</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit <span class="delete">keys (placeh</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">older - unsupported).</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit <span class="delete">keys (placeh</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">older - unsupported).</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB <span class="delete">mode (placeholder - unsup</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">ported).</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> *</td><td> </td><td class="right"> *</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * Enumeration of different symmetric encryption algorithms.</td><td> </td><td class="right"> * Enumeration of different symmetric encryption algorithms.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef enum gnutls_cipher_algorithm {</td><td> </td><td class="right">typedef enum gnutls_cipher_algorithm {</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_UNKNOWN = 0,</td><td> </td><td class="right"> GNUTLS_CIPHER_UNKNOWN = 0,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_NULL = 1,</td><td> </td><td class="right"> GNUTLS_CIPHER_NULL = 1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_ARCFOUR_128 = 2,</td><td> </td><td class="right"> GNUTLS_CIPHER_ARCFOUR_128 = 2,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_3DES_CBC = 3,</td><td> </td><td class="right"> GNUTLS_CIPHER_3DES_CBC = 3,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_AES_128_CBC = 4,</td><td> </td><td class="right"> GNUTLS_CIPHER_AES_128_CBC = 4,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_CIPHER_AES_256_CBC = 5,</td><td> </td><td class="right"> GNUTLS_CIPHER_AES_256_CBC = 5,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> line 262</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> line 270</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_UNKNOWN = 0,</td><td> </td><td class="right"> GNUTLS_MAC_UNKNOWN = 0,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_NULL = 1,</td><td> </td><td class="right"> GNUTLS_MAC_NULL = 1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_MD5 = 2,</td><td> </td><td class="right"> GNUTLS_MAC_MD5 = 2,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_SHA1 = 3,</td><td> </td><td class="right"> GNUTLS_MAC_SHA1 = 3,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_RMD160 = 4,</td><td> </td><td class="right"> GNUTLS_MAC_RMD160 = 4,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_MD2 = 5,</td><td> </td><td class="right"> GNUTLS_MAC_MD2 = 5,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_SHA256 = 6,</td><td> </td><td class="right"> GNUTLS_MAC_SHA256 = 6,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_SHA384 = 7,</td><td> </td><td class="right"> GNUTLS_MAC_SHA384 = 7,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_SHA512 = 8,</td><td> </td><td class="right"> GNUTLS_MAC_SHA512 = 8,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_SHA224 = 9,</td><td> </td><td class="right"> GNUTLS_MAC_SHA224 = 9,</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0007" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">GNUTLS_MAC_SHA3_224 = 10, /* reserved: no implementation */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_MAC_SHA3_256 = 11, /* reserved: no implementation */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_MAC_SHA3_384 = 12, /* reserved: no implementation */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_MAC_SHA3_512 = 13, /* reserved: no implementation */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* If you add anything here, make sure you align with</td><td> </td><td class="right"> /* If you add anything here, make sure you align with</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_digest_algorithm_t. */</td><td> </td><td class="right"> gnutls_digest_algorithm_t. */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */</td><td> </td><td class="right"> GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_UMAC_96 = 201,</td><td> </td><td class="right"> GNUTLS_MAC_UMAC_96 = 201,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_MAC_UMAC_128 = 202</td><td> </td><td class="right"> GNUTLS_MAC_UMAC_128 = 202</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">} gnutls_mac_algorithm_t;</td><td> </td><td class="right">} gnutls_mac_algorithm_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_digest_algorithm_t:</td><td> </td><td class="right"> * gnutls_digest_algorithm_t:</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).</td><td> </td><td class="right"> * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_MD5: MD5 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_MD5: MD5 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_SHA1: SHA-1 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_SHA1: SHA-1 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_RMD160: RMD160 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_RMD160: RMD160 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_MD2: MD2 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_MD2: MD2 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_SHA256: SHA-256 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_SHA256: SHA-256 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_SHA384: SHA-384 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_SHA384: SHA-384 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_SHA512: SHA-512 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_SHA512: SHA-512 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_DIG_SHA224: SHA-224 algorithm.</td><td> </td><td class="right"> * @GNUTLS_DIG_SHA224: SHA-224 algorithm.</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0008" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">* @GNUTLS_DIG_SHA3_224: SHA3-224 algorithm.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_DIG_SHA3_256: SHA3-256 algorithm.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_DIG_SHA3_384: SHA3-384 algorithm.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_DIG_SHA3_512: SHA3-512 algorithm.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> *</td><td> </td><td class="right"> *</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * Enumeration of different digest (hash) algorithms.</td><td> </td><td class="right"> * Enumeration of different digest (hash) algorithms.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">typedef enum {</td><td> </td><td class="right">typedef enum {</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,</td><td> </td><td class="right"> GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,</td><td> </td><td class="right"> GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,</td><td> </td><td class="right"> GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,</td><td> </td><td class="right"> GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,</td><td> </td><td class="right"> GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,</td><td> </td><td class="right"> GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,</td><td> </td><td class="right"> GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,</td><td> </td><td class="right"> GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,</td><td> </td><td class="right"> GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0009" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> GNUTLS_DIG_SHA224 = <span class="delete">GNUTLS_MAC_SHA224</span></td><td> </td><td class="rblock"> GNUTLS_DIG_SHA224 = <span class="insert">GNUTLS_MAC_SHA224,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_DIG_SHA3_224 = GNUTLS_MAC_SHA3_224,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_DIG_SHA3_256 = GNUTLS_MAC_SHA3_256,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_DIG_SHA3_384 = GNUTLS_MAC_SHA3_384,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_DIG_SHA3_512 = GNUTLS_MAC_SHA3_512</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* If you add anything here, make sure you align with</td><td> </td><td class="right"> /* If you add anything here, make sure you align with</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_mac_algorithm_t. */</td><td> </td><td class="right"> gnutls_mac_algorithm_t. */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">} gnutls_digest_algorithm_t;</td><td> </td><td class="right">} gnutls_digest_algorithm_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* exported for other gnutls headers. This is the maximum number of</td><td> </td><td class="right"> /* exported for other gnutls headers. This is the maximum number of</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * algorithms (ciphers, kx or macs).</td><td> </td><td class="right"> * algorithms (ciphers, kx or macs).</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_MAX_ALGORITHM_NUM 32</td><td> </td><td class="right">#define GNUTLS_MAX_ALGORITHM_NUM 32</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_MAX_SESSION_ID_SIZE 32</td><td> </td><td class="right">#define GNUTLS_MAX_SESSION_ID_SIZE 32</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> line 727</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> line 747</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_INVALID = 0,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_INVALID = 0,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP224R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP224R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP256R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP256R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP384R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP384R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP521R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP521R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP192R1</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP192R1</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">} gnutls_ecc_curve_t;</td><td> </td><td class="right">} gnutls_ecc_curve_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* macros to allow specifying a specific curve in gnutls_privkey_generate()</td><td> </td><td class="right">/* macros to allow specifying a specific curve in gnutls_privkey_generate()</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * and gnutls_x509_privkey_generate() */</td><td> </td><td class="right"> * and gnutls_x509_privkey_generate() */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0010" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((<span class="delete">(unsigned int)1<<31)|(( +unsigned int)(</span>curve)))</td><td> </td><td class="rblock">#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((<span class="insert">1<<31)|((unsigned int)( +</span>curve)))</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)</td><td> </td><td class="right">#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)</td><td> </td><td class="right">#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_sec_param_t:</td><td> </td><td class="right"> * gnutls_sec_param_t:</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> line 820</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> line 840</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_init(gnutls_session_t * session, unsigned int flags);</td><td> </td><td class="right">int gnutls_init(gnutls_session_t * session, unsigned int flags);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_deinit(gnutls_session_t session);</td><td> </td><td class="right">void gnutls_deinit(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define _gnutls_deinit(x) gnutls_deinit(x)</td><td> </td><td class="right">#define _gnutls_deinit(x) gnutls_deinit(x)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how);</td><td> </td><td class="right">int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_handshake(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_handshake(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)</td><td> </td><td class="right">#define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0011" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#define GNUTLS_INDEFINITE_TIMEOUT ((unsigned int)-2)</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_handshake_set_timeout(gnutls_session_t session,</td><td> </td><td class="right">void gnutls_handshake_set_timeout(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int ms);</td><td> </td><td class="right"> unsigned int ms);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_rehandshake(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_rehandshake(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_alert_send(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_alert_send(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_alert_level_t level,</td><td> </td><td class="right"> gnutls_alert_level_t level,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_alert_description_t desc);</td><td> </td><td class="right"> gnutls_alert_description_t desc);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_alert_send_appropriate(gnutls_session_t session, int err);</td><td> </td><td class="right">int gnutls_alert_send_appropriate(gnutls_session_t session, int err);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">const char *gnutls_alert_get_name(gnutls_alert_description_t alert);</td><td> </td><td class="right">const char *gnutls_alert_get_name(gnutls_alert_description_t alert);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);</td><td> </td><td class="right">const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,</td><td> </td><td class="right">gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int bits);</td><td> </td><td class="right"> unsigned int bits);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);</td><td> </td><td class="right">const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,</td><td> </td><td class="right">unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_sec_param_t param);</td><td> </td><td class="right"> gnutls_sec_param_t param);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">unsigned int</td><td> </td><td class="right">unsigned int</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0012" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param)</span>;</td><td> </td><td class="rblock"><span class="insert"> gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) __GNUTL +S_CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Elliptic curves */</td><td> </td><td class="right">/* Elliptic curves */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0013" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0014" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t <span class="delete">curve);</span></td><td> </td><td class="rblock">int</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_ecc_curve_get_size(gnutls_ecc_curve_t <span class="insert">curve) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* get information on the current session */</td><td> </td><td class="right">/* get information on the current session */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_compression_method_t</td><td> </td><td class="right">gnutls_compression_method_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_compression_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_compression_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_certificate_type_t</td><td> </td><td class="right">gnutls_certificate_type_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_certificate_type_get(gnutls_session_t session);</td><td> </td><td class="right">gnutls_certificate_type_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_sign_algorithm_get(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_sign_algorithm_get(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_sign_algorithm_get_client(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_sign_algorithm_get_client(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_sign_algorithm_get_requested(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_sign_algorithm_get_requested(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t indx,</td><td> </td><td class="right"> size_t indx,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_sign_algorithm_t * algo);</td><td> </td><td class="right"> gnutls_sign_algorithm_t * algo);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* the name of the specified algorithms */</td><td> </td><td class="right">/* the name of the specified algorithms */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0015" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) __GNUTLS</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0016" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) __GNUTLS</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) __GNUTLS_</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0017" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_compression_get_name(gnutls_compression_method_t</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> algorithm);</span></td><td> </td><td class="rblock"><span class="insert">gnutls_compression_get_name(gnutls_compression_method_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm);</span></td><td> </td><td class="rblock"><span class="insert"> algorithm) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_certificate_type_get_name(gnutls_certificate_type_t</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> type);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm);</span></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_certificate_type_get_name(gnutls_certificate_type_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> type) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0018" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) __GNUTLS_CON</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">ST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONS</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">T__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0019" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t <span class="delete">algorithm);</span></td><td> </td><td class="rblock">size_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t <span class="delete">algorithm);</span></td><td> </td><td class="rblock"> gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t <span class="insert">algorithm) __GN</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">UTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">size_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_mac_get_key_size(gnutls_mac_algorithm_t <span class="insert">algorithm) __GNUTLS_C</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">ONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0020" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_digest_algorithm_t</td><td> </td><td class="right">gnutls_digest_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0021" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign)</span>;</td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTL +S_CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_pk_algorithm_t</td><td> </td><td class="right">gnutls_pk_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0022" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)</span>;</td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_ +CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_sign_algorithm_t</td><td> </td><td class="right">gnutls_sign_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0023" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,</td><td> </td><td class="rblock"> gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_digest_algorithm_t <span class="delete">hash);</span></td><td> </td><td class="rblock"> gnutls_digest_algorithm_t <span class="insert">hash) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define gnutls_sign_algorithm_get_name gnutls_sign_get_name</td><td> </td><td class="right">#define gnutls_sign_algorithm_get_name gnutls_sign_get_name</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0024" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_mac_algorithm_t gnutls_mac_get_id(const char <span class="delete">*name);</span></td><td> </td><td class="rblock">gnutls_mac_algorithm_t gnutls_mac_get_id(const char <span class="insert">*name) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_digest_algorithm_t gnutls_digest_get_id(const char <span class="delete">*name);</span></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">gnutls_digest_algorithm_t gnutls_digest_get_id(const char <span class="insert">*name) __GNUTLS_C</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">ONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0025" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_compression_method_t gnutls_compression_get_id(const char <span class="delete">*name);</span></td><td> </td><td class="rblock">gnutls_compression_method_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char <span class="delete">*name);</span></td><td> </td><td class="rblock"> gnutls_compression_get_id(const char <span class="insert">*name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name);</span></td><td> </td><td class="rblock">gnutls_cipher_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_protocol_t gnutls_protocol_get_id(const char *name);</span></td><td> </td><td class="rblock"> gnutls_cipher_get_id(const char <span class="insert">*name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0026" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_digest_algorithm_t gnutls_oid_to_digest(const char <span class="delete">*oid);</span></td><td> </td><td class="rblock"><span class="insert">gnutls_kx_algorithm_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_pk_algorithm_t gnutls_oid_to_pk(const char <span class="delete">*oid);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_kx_get_id(const char *name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_sign_algorithm_t gnutls_oid_to_sign(const char <span class="delete">*oid);</span></td><td> </td><td class="rblock"><span class="insert">gnutls_protocol_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const char <span class="delete">*oid);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_protocol_get_id(const char *name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_certificate_type_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_certificate_type_get_id(const char *name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_pk_algorithm_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_get_id(const char *name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_sign_algorithm_t</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_get_id(const char *name) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) __GNUTLS_CONS</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">T__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">gnutls_digest_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_oid_to_digest(const char <span class="insert">*oid) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">gnutls_pk_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_oid_to_pk(const char <span class="insert">*oid) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">gnutls_sign_algorithm_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_oid_to_sign(const char <span class="insert">*oid) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">gnutls_ecc_curve_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_oid_to_ecc_curve(const char <span class="insert">*oid) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* list supported algorithms */</td><td> </td><td class="right"> /* list supported algorithms */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0027" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_ecc_curve_t <span class="delete">*gnutls_ecc_curve_list(void);</span></td><td> </td><td class="rblock">const gnutls_ecc_curve_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_cipher_algorithm_t <span class="delete">*gnutls_cipher_list(void);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_ecc_curve_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_mac_algorithm_t <span class="delete">*gnutls_mac_list(void);</span></td><td> </td><td class="rblock">const gnutls_cipher_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_digest_algorithm_t <span class="delete">*gnutls_digest_list(void);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_cipher_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_compression_method_t <span class="delete">*gnutls_compression_list(void);</span></td><td> </td><td class="rblock">const gnutls_mac_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_protocol_t <span class="delete">*gnutls_protocol_list(void);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_mac_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_certificate_type_t <span class="delete">*gnutls_certificate_type_list(void);</span></td><td> </td><td class="rblock">const gnutls_digest_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_kx_algorithm_t <span class="delete">*gnutls_kx_list(void);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_digest_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_pk_algorithm_t <span class="delete">*gnutls_pk_list(void);</span></td><td> </td><td class="rblock">const gnutls_compression_method_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const gnutls_sign_algorithm_t <span class="delete">*gnutls_sign_list(void);</span></td><td> </td><td class="rblock"><span class="insert"> gnutls_compression_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_cipher_suite_info(size_t</span> idx,</td><td> </td><td class="rblock">const gnutls_protocol_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> unsigned char *cs_id,</td><td> </td><td class="rblock"><span class="insert"> gnutls_protocol_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_kx_algorithm_t * kx,</td><td> </td><td class="rblock">const gnutls_certificate_type_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_cipher_algorithm_t * cipher,</td><td> </td><td class="rblock"><span class="insert"> gnutls_certificate_type_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_mac_algorithm_t * mac,</td><td> </td><td class="rblock">const gnutls_kx_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_protocol_t * min_version);</td><td> </td><td class="rblock"><span class="insert"> gnutls_kx_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const gnutls_pk_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const gnutls_sign_algorithm_t <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_sign_list(void) __GNUTLS_PURE__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_cipher_suite_info(size_t</span> idx,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> unsigned char *cs_id,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_kx_algorithm_t * kx,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_cipher_algorithm_t * cipher,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_mac_algorithm_t * mac,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> gnutls_protocol_t * min_version);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* error functions */</td><td> </td><td class="right"> /* error functions */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0028" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">int gnutls_error_is_fatal(int error);</td><td> </td><td class="rblock">int gnutls_error_is_fatal(int error)<span class="insert"> __GNUTLS_CONST__</span>;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_error_to_alert(int err, int *level);</td><td> </td><td class="right">int gnutls_error_to_alert(int err, int *level);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_perror(int error);</td><td> </td><td class="right">void gnutls_perror(int error);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0029" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_strerror(int error);</span></td><td> </td><td class="rblock">const char <span class="insert">* gnutls_strerror(int error) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_strerror_name(int error);</span></td><td> </td><td class="rblock">const char <span class="insert">* gnutls_strerror_name(int error) __GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Semi-internal functions.</td><td> </td><td class="right">/* Semi-internal functions.</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_handshake_set_private_extensions(gnutls_session_t session,</td><td> </td><td class="right">void gnutls_handshake_set_private_extensions(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> int allow);</td><td> </td><td class="right"> int allow);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_handshake_set_random(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_handshake_set_random(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const gnutls_datum_t * random);</td><td> </td><td class="right"> const gnutls_datum_t * random);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_handshake_description_t</td><td> </td><td class="right">gnutls_handshake_description_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_handshake_get_last_out(gnutls_session_t session);</td><td> </td><td class="right">gnutls_handshake_get_last_out(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l6" /><small>skipping to change at</small><em> line 1012</em></th><th> </th><th><a name="part-r6" /><small>skipping to change at</small><em> line 1073</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsign +ed char *sequence);</td><td> </td><td class="right">void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsign +ed char *sequence);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_packet_deinit(gnutls_packet_t packet);</td><td> </td><td class="right">void gnutls_packet_deinit(gnutls_packet_t packet);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define gnutls_read gnutls_record_recv</td><td> </td><td class="right">#define gnutls_read gnutls_record_recv</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define gnutls_write gnutls_record_send</td><td> </td><td class="right">#define gnutls_write gnutls_record_send</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data,</td><td> </td><td class="right">ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t data_size, unsigned char *seq);</td><td> </td><td class="right"> size_t data_size, unsigned char *seq);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">size_t gnutls_record_overhead_size(gnutls_session_t session);</td><td> </td><td class="right">size_t gnutls_record_overhead_size(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0030" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,</td><td> </td><td class="rblock">size_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_cipher_algorithm_t cipher,</td><td> </td><td class="rblock"> gnutls_est_record_overhead_size(gnutls_protocol_t version,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_mac_algorithm_t mac,</td><td> </td><td class="rblock"> gnutls_cipher_algorithm_t cipher,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_compression_method_t comp,</td><td> </td><td class="rblock"> gnutls_mac_algorithm_t mac,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> unsigned int <span class="delete">flags);</span></td><td> </td><td class="rblock"> gnutls_compression_method_t comp,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> unsigned int <span class="insert">flags) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_session_enable_compatibility_mode(gnutls_session_t session);</td><td> </td><td class="right">void gnutls_session_enable_compatibility_mode(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define gnutls_record_set_max_empty_records(session, x)</td><td> </td><td class="right">#define gnutls_record_set_max_empty_records(session, x)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_record_can_use_length_hiding(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_record_can_use_length_hiding(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_record_get_direction(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_record_get_direction(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">size_t gnutls_record_get_max_size(gnutls_session_t session);</td><td> </td><td class="right">size_t gnutls_record_get_max_size(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);</td><td> </td><td class="right">ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l7" /><small>skipping to change at</small><em> line 1199</em></th><th> </th><th><a name="part-r7" /><small>skipping to change at</small><em> line 1261</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_priority_cipher_list(gnutls_priority_t pcache,</td><td> </td><td class="right">int gnutls_priority_cipher_list(gnutls_priority_t pcache,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const unsigned int **list);</td><td> </td><td class="right"> const unsigned int **list);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_priority_mac_list(gnutls_priority_t pcache,</td><td> </td><td class="right">int gnutls_priority_mac_list(gnutls_priority_t pcache,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const unsigned int **list);</td><td> </td><td class="right"> const unsigned int **list);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> /* for compatibility</td><td> </td><td class="right"> /* for compatibility</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_set_default_priority(gnutls_session_t session);</td><td> </td><td class="right">int gnutls_set_default_priority(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Returns the name of a cipher suite */</td><td> </td><td class="right">/* Returns the name of a cipher suite */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0031" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> kx_algorithm,</td><td> </td><td class="rblock"><span class="insert"> gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t</span> kx_algorithm,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_cipher_algorithm_t</td><td> </td><td class="rblock"> gnutls_cipher_algorithm_t <span class="insert">cipher_algori</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">cipher_algorithm,</span></td><td> </td><td class="rblock"><span class="insert">thm,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> gnutls_mac_algorithm_t</td><td> </td><td class="rblock"> gnutls_mac_algorithm_t <span class="insert">mac_algorithm) _</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">mac_algorithm);</span></td><td> </td><td class="rblock"><span class="insert">_GNUTLS_CONST__;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* get the currently used protocol version */</td><td> </td><td class="right">/* get the currently used protocol version */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);</td><td> </td><td class="right">gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0032" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_protocol_get_name(gnutls_protocol_t version);</span></td><td> </td><td class="rblock">const char <span class="insert">*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* get/set session</td><td> </td><td class="right">/* get/set session</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_session_set_data(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_session_set_data(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const void *session_data,</td><td> </td><td class="right"> const void *session_data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t session_data_size);</td><td> </td><td class="right"> size_t session_data_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_session_get_data(gnutls_session_t session, void *session_data,</td><td> </td><td class="right">int gnutls_session_get_data(gnutls_session_t session, void *session_data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t * session_data_size);</td><td> </td><td class="right"> size_t * session_data_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_session_get_data2(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_session_get_data2(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_datum_t * data);</td><td> </td><td class="right"> gnutls_datum_t * data);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l8" /><small>skipping to change at</small><em> line 1354</em></th><th> </th><th><a name="part-r8" /><small>skipping to change at</small><em> line 1415</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void</td><td> </td><td class="right">void</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,</td><td> </td><td class="right">gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_handshake_post_client +_hello_func</td><td> </td><td class="right"> gnutls_handshake_post_client +_hello_func</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> func);</td><td> </td><td class="right"> func);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_handshake_set_max_packet_length(gnutls_session_t session,</td><td> </td><td class="right">void gnutls_handshake_set_max_packet_length(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t max);</td><td> </td><td class="right"> size_t max);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* returns libgnutls version (call it with a NULL argument)</td><td> </td><td class="right">/* returns libgnutls version (call it with a NULL argument)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0033" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">const char <span class="delete">*gnutls_check_version(const</span> char <span class="delete">*req_version);</span></td><td> </td><td class="rblock">const char <span class="insert">* gnutls_check_version(const</span> char <span class="insert">*req_version) __GNUTLS_CONST__</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">/* A macro which will allow optimizing out calls to gnutls_check_version()</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * when the version being compiled with is sufficient.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * Used as:</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * if (gnutls_check_version_numerc(3,3,16)) {</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#define gnutls_check_version_numeric(a,b,c) \</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> ((GNUTLS_VERSION_MAJOR >= (a)) && \</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> ((GNUTLS_VERSION_NUMBER >= ( ((a) << 16) + ((b) << 8) + (c) )) || \</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_check_version(#a "." #b "." #c)))</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Functions for setting/clearing credentials</td><td> </td><td class="right">/* Functions for setting/clearing credentials</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">void gnutls_credentials_clear(gnutls_session_t session);</td><td> </td><td class="right">void gnutls_credentials_clear(gnutls_session_t session);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* cred is a structure defined by the kx algorithm</td><td> </td><td class="right">/* cred is a structure defined by the kx algorithm</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> */</td><td> </td><td class="right"> */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_credentials_set(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_credentials_set(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_credentials_type_t type, void *cred);</td><td> </td><td class="right"> gnutls_credentials_type_t type, void *cred);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_credentials_get(gnutls_session_t session,</td><td> </td><td class="right">int gnutls_credentials_get(gnutls_session_t session,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l9" /><small>skipping to change at</small><em> line 2559</em></th><th> </th><th><a name="part-r9" /><small>skipping to change at</small><em> line 2630</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_NO_CERTIFICATE_STATUS -340</td><td> </td><td class="right">#define GNUTLS_E_NO_CERTIFICATE_STATUS -340</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_OCSP_RESPONSE_ERROR -341</td><td> </td><td class="right">#define GNUTLS_E_OCSP_RESPONSE_ERROR -341</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_RANDOM_DEVICE_ERROR -342</td><td> </td><td class="right">#define GNUTLS_E_RANDOM_DEVICE_ERROR -342</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_AUTH_ERROR -343</td><td> </td><td class="right">#define GNUTLS_E_AUTH_ERROR -343</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344</td><td> </td><td class="right">#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_SOCKETS_INIT_ERROR -345</td><td> </td><td class="right">#define GNUTLS_E_SOCKETS_INIT_ERROR -345</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_KEY_IMPORT_FAILED -346</td><td> </td><td class="right">#define GNUTLS_E_KEY_IMPORT_FAILED -346</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLB +ACK*/</td><td> </td><td class="right">#define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLB +ACK*/</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348</td><td> </td><td class="right">#define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0034" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#define GNUTLS_E_PRIVKEY_VERIFICATION_ERROR -349</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">#define GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH -350 /*GNUTLS_A_DECODE_ERROR*</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">/</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_SELF_TEST_ERROR -400</td><td> </td><td class="right">#define GNUTLS_E_SELF_TEST_ERROR -400</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_NO_SELF_TEST -401</td><td> </td><td class="right">#define GNUTLS_E_NO_SELF_TEST -401</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_LIB_IN_ERROR_STATE -402</td><td> </td><td class="right">#define GNUTLS_E_LIB_IN_ERROR_STATE -402</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_PK_GENERATION_ERROR -403</td><td> </td><td class="right">#define GNUTLS_E_PK_GENERATION_ERROR -403</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_IDNA_ERROR -404</td><td> </td><td class="right">#define GNUTLS_E_IDNA_ERROR -404</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_NEED_FALLBACK -405</td><td> </td><td class="right">#define GNUTLS_E_NEED_FALLBACK -405</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250</td><td> </td><td class="right">#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250</td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 34 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>97 lines changed or deleted</i></th><th><i> </i></th><th><i>183 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><br/> + + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> pkcs7.h (3.4.10) </th><th> </th><th> pkcs7.h (current) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 58</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 58</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const gnutls_datum_t * data,</td><td> </td><td class="right"> const gnutls_datum_t * data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_crt_fmt_t format);</td><td> </td><td class="right"> gnutls_x509_crt_fmt_t format);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,</td><td> </td><td class="right">int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_crt_fmt_t format,</td><td> </td><td class="right"> gnutls_x509_crt_fmt_t format,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> void *output_data, size_t * output_data_size);</td><td> </td><td class="right"> void *output_data, size_t * output_data_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,</td><td> </td><td class="right">int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_crt_fmt_t format,</td><td> </td><td class="right"> gnutls_x509_crt_fmt_t format,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_datum_t * out);</td><td> </td><td class="right"> gnutls_datum_t * out);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7);</td><td> </td><td class="right">int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned idx, gnut +ls_datum_t *data);</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);</td><td> </td><td class="right">int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,</td><td> </td><td class="right">int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> void *certificate, size_t * certificate_size);</td><td> </td><td class="right"> void *certificate, size_t * certificate_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,</td><td> </td><td class="right">int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> const gnutls_datum_t * crt);</td><td> </td><td class="right"> const gnutls_datum_t * crt);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);</td><td> </td><td class="right">int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);</td><td> </td><td class="right">int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 1 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>1 lines changed or deleted</i></th><th><i> </i></th><th><i>0 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><br/> + + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> x509.h (3.4.10) </th><th> </th><th> x509.h (current) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 1060</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 1060</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t</td><td> </td><td class="right">int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> key, unsigned int *bits);</td><td> </td><td class="right"> key, unsigned int *bits);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,</td><td> </td><td class="right">int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int flags,</td><td> </td><td class="right"> unsigned int flags,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned char *output_data,</td><td> </td><td class="right"> unsigned char *output_data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t * output_data_size);</td><td> </td><td class="right"> size_t * output_data_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,</td><td> </td><td class="right">int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_pk_algorithm_t algo,</td><td> </td><td class="right"> gnutls_pk_algorithm_t algo,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> unsigned int bits, unsigned int flags);</td><td> </td><td class="right"> unsigned int bits, unsigned int flags);</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">void gnutls_x509_privkey_set_flags(gnutls_x509_privkey_t key, unsigned int </span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">flags);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">/**</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * gnutls_keygen_types_t:</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_KEYGEN_SEED: Specifies the seed to be used in key generation.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * @GNUTLS_KEYGEN_DIGEST: The size field specifies the hash algorithm to be</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> used in key generation.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> *</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> * Enumeration of different key exchange algorithms.</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> */</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">typedef enum {</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_KEYGEN_SEED = 1,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> GNUTLS_KEYGEN_DIGEST = 2,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">} gnutls_keygen_types_t;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">typedef struct {</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_keygen_types_t type;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> unsigned char *data;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> unsigned int size;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">} gnutls_keygen_data_st;</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> gnutls_pk_algorithm_t algo, unsigned int bits,</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> unsigned int flags, const gnutls_keygen_data_s</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">t *data, unsigned data_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_diges</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">t_algorithm_t, const void *seed, size_t seed_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">int gnutls_x509_privkey_get_seed(gnutls_x509_privkey_t key, gnutls_digest_a</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">lgorithm_t*, void *seed, size_t *seed_size);</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key);</td><td> </td><td class="right">int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,</td><td> </td><td class="right">int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_crt_fmt_t format,</td><td> </td><td class="right"> gnutls_x509_crt_fmt_t format,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> void *output_data,</td><td> </td><td class="right"> void *output_data,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> size_t * output_data_size);</td><td> </td><td class="right"> size_t * output_data_size);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,</td><td> </td><td class="right">int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_x509_crt_fmt_t format,</td><td> </td><td class="right"> gnutls_x509_crt_fmt_t format,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> gnutls_datum_t * out);</td><td> </td><td class="right"> gnutls_datum_t * out);</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,</td><td> </td><td class="right">int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,</td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 1 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>0 lines changed or deleted</i></th><th><i> </i></th><th><i>34 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><div style='width:100%;' align='left' class='small'>This html diff was produced by rfcdiff 1.41.The latest version is available from <a href='http://tools.ietf.org/tools/rfcdiff/'>http://tools.ietf.org/tools/rfcdiff/</a></div> +</td></tr></table> +</body> +</html> diff --git a/abi-tracker/headers_diff/gnutls/3.4.10/current/meta.json b/abi-tracker/headers_diff/gnutls/3.4.10/current/meta.json new file mode 100644 index 0000000000..5dc8ef1245 --- /dev/null +++ b/abi-tracker/headers_diff/gnutls/3.4.10/current/meta.json @@ -0,0 +1,3 @@ +{ + "Total": 5 +}
\ No newline at end of file diff --git a/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/diff.html b/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/diff.html new file mode 100644 index 0000000000..c2c1dab7d9 --- /dev/null +++ b/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/diff.html @@ -0,0 +1,91 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="GnuTLS, header, diff" /> + <meta name="description" content="Diff for header files between 3.4.9 and 3.4.10 versions of gnutls" /> + <link rel="stylesheet" type="text/css" href="../../../../css/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../../css/headers_diff.css" /> + + + <title> + GnuTLS: headers diff between 3.4.9 and 3.4.10 versions + </title> + + </head> + +<body> +<table width='100%' cellpadding='0' cellspacing='0'><tr><td><table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for GnuTLS' href='../../../../timeline/gnutls/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(GnuTLS)</h1></td></tr></table><hr/> +<br/> +<br/> +<h1>Headers diff: <span class='version'>3.4.9</span> vs <span class='version'>3.4.10</span></h1><br/><br/> + <table class='diff_tbl' border="0" cellpadding="0" cellspacing="0"> + <tr bgcolor="orange"><th></th><th> gnutls.h (3.4.9) </th><th> </th><th> gnutls.h (3.4.10) </th><th></th></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> line 56</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> line 56</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* Get time_t. */</td><td> </td><td class="right">/* Get time_t. */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#include <time.h></td><td> </td><td class="right">#include <time.h></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-OFF* */</td><td> </td><td class="right">/* *INDENT-OFF* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#ifdef __cplusplus</td><td> </td><td class="right">#ifdef __cplusplus</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">extern "C" {</td><td> </td><td class="right">extern "C" {</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#endif</td><td> </td><td class="right">#endif</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* *INDENT-ON* */</td><td> </td><td class="right">/* *INDENT-ON* */</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0001" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION "3.4.<span class="delete">9</span>"</td><td> </td><td class="rblock">#define GNUTLS_VERSION "3.4.<span class="insert">10</span>"</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_VERSION_MAJOR 3</td><td> </td><td class="right">#define GNUTLS_VERSION_MAJOR 3</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_VERSION_MINOR 4</td><td> </td><td class="right">#define GNUTLS_VERSION_MINOR 4</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0002" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION_PATCH <span class="delete">9</span></td><td> </td><td class="rblock">#define GNUTLS_VERSION_PATCH <span class="insert">10</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0003" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_VERSION_NUMBER 0x03040<span class="delete">9</span></td><td> </td><td class="rblock">#define GNUTLS_VERSION_NUMBER 0x03040<span class="insert">a</span></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC</td><td> </td><td class="right">#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128</td><td> </td><td class="right">#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)</td><td> </td><td class="right">#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"># define _SYM_EXPORT __declspec(dllimport)</td><td> </td><td class="right"># define _SYM_EXPORT __declspec(dllimport)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#else</td><td> </td><td class="right">#else</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"># define _SYM_EXPORT</td><td> </td><td class="right"># define _SYM_EXPORT</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> + <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> line 727</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> line 727</em></th><td></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_INVALID = 0,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_INVALID = 0,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP224R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP224R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP256R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP256R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP384R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP384R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP521R1,</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP521R1,</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> GNUTLS_ECC_CURVE_SECP192R1</td><td> </td><td class="right"> GNUTLS_ECC_CURVE_SECP192R1</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">} gnutls_ecc_curve_t;</td><td> </td><td class="right">} gnutls_ecc_curve_t;</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/* macros to allow specifying a specific curve in gnutls_privkey_generate()</td><td> </td><td class="right">/* macros to allow specifying a specific curve in gnutls_privkey_generate()</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * and gnutls_x509_privkey_generate() */</td><td> </td><td class="right"> * and gnutls_x509_privkey_generate() */</td><td class="lineno" valign="top"></td></tr> + <tr><td><a name="diff0004" /></td></tr> + <tr><td class="lineno" valign="top"></td><td class="lblock">#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((<span class="delete">1<<31)|((unsigned int)( +</span>curve)))</td><td> </td><td class="rblock">#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((<span class="insert">(unsigned int)1<<31)|(( +unsigned int)(</span>curve)))</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)</td><td> </td><td class="right">#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)</td><td> </td><td class="right">#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left">/**</td><td> </td><td class="right">/**</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * gnutls_sec_param_t:</td><td> </td><td class="right"> * gnutls_sec_param_t:</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security</td><td class="lineno" valign="top"></td></tr> + <tr><td class="lineno" valign="top"></td><td class="left"> * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security</td><td> </td><td class="right"> * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security</td><td class="lineno" valign="top"></td></tr> + + <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> + <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 4 change blocks. </a></th></tr> + <tr class="stats"><td></td><th><i>4 lines changed or deleted</i></th><th><i> </i></th><th><i>4 lines changed or added</i></th><td></td></tr> + <tr><td colspan="5" align="center" class="small"></td></tr> + </table> + <br/><div style='width:100%;' align='left' class='small'>This html diff was produced by rfcdiff 1.41.The latest version is available from <a href='http://tools.ietf.org/tools/rfcdiff/'>http://tools.ietf.org/tools/rfcdiff/</a></div> +</td></tr></table> +</body> +</html> diff --git a/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/meta.json b/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/meta.json new file mode 100644 index 0000000000..82953d0507 --- /dev/null +++ b/abi-tracker/headers_diff/gnutls/3.4.9/3.4.10/meta.json @@ -0,0 +1,3 @@ +{ + "Total": 1 +}
\ No newline at end of file diff --git a/abi-tracker/objects_report/gnutls/3.4.10/current/meta.json b/abi-tracker/objects_report/gnutls/3.4.10/current/meta.json new file mode 100644 index 0000000000..25bae00ceb --- /dev/null +++ b/abi-tracker/objects_report/gnutls/3.4.10/current/meta.json @@ -0,0 +1,9 @@ +{ + "BC": "99.9", + "Added": 10, + "Removed": 1, + "ObjectsAdded": 0, + "ObjectsRemoved": 0, + "ChangedSoname": 0, + "TotalObjects": 1 +}
\ No newline at end of file diff --git a/abi-tracker/objects_report/gnutls/3.4.10/current/report.html b/abi-tracker/objects_report/gnutls/3.4.10/current/report.html new file mode 100644 index 0000000000..5822843d07 --- /dev/null +++ b/abi-tracker/objects_report/gnutls/3.4.10/current/report.html @@ -0,0 +1,44 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="GnuTLS, ABI, changes, compatibility, report" /> + <meta name="description" content="ABI changes/compatibility report between 3.4.10 and current versions of the gnutls" /> + <link rel="stylesheet" type="text/css" href="../../../../css/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../../css/report.css" /> + + + <title> + GnuTLS: Objects ABI report between 3.4.10 and current versions + </title> + + </head> + +<body> +<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for GnuTLS' href='../../../../timeline/gnutls/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(GnuTLS)</h1></td></tr></table><hr/> +<br/> +<br/> +<h1>Objects ABI report: <span class='version'>3.4.10</span> vs <span class='version'>current</span></h1> +<br/> +<br/> +<table class='summary'> +<tr><th>Object</th> +<th>Backward<br/>Compatibility</th> +<th>Added<br/>Symbols</th> +<th>Removed<br/>Symbols</th> +</tr> +<tr> +<td class='object'>libgnutls.so.30.6.2</td> +<td class='warning'><a href='../../../../compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html'>99.9%</a></td> +<td class='added'><a class='num' href='../../../../compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html#Added'>10 new</td> +<td class='removed'><a class='num' href='../../../../compat_report/gnutls/3.4.10/current/2455a/abi_compat_report.html#Removed'>1 removed</td> +</tr> +</table> +<br/> +<br/> +<hr/> +<div align='right'><a class='home' title="Andrey Ponomarenko's ABI laboratory" href='https://github.com/lvc'>github.com/lvc</a></div> +<br/> + +</body> +</html> diff --git a/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/meta.json b/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/meta.json new file mode 100644 index 0000000000..91022d4b42 --- /dev/null +++ b/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/meta.json @@ -0,0 +1,9 @@ +{ + "BC": "100", + "Added": 0, + "Removed": 0, + "ObjectsAdded": 0, + "ObjectsRemoved": 0, + "ChangedSoname": 0, + "TotalObjects": 1 +}
\ No newline at end of file diff --git a/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/report.html b/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/report.html new file mode 100644 index 0000000000..d30ccfe895 --- /dev/null +++ b/abi-tracker/objects_report/gnutls/3.4.9/3.4.10/report.html @@ -0,0 +1,44 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="keywords" content="GnuTLS, ABI, changes, compatibility, report" /> + <meta name="description" content="ABI changes/compatibility report between 3.4.9 and 3.4.10 versions of the gnutls" /> + <link rel="stylesheet" type="text/css" href="../../../../css/common.css" /> + <link rel="stylesheet" type="text/css" href="../../../../css/report.css" /> + + + <title> + GnuTLS: Objects ABI report between 3.4.9 and 3.4.10 versions + </title> + + </head> + +<body> +<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for GnuTLS' href='../../../../timeline/gnutls/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(GnuTLS)</h1></td></tr></table><hr/> +<br/> +<br/> +<h1>Objects ABI report: <span class='version'>3.4.9</span> vs <span class='version'>3.4.10</span></h1> +<br/> +<br/> +<table class='summary'> +<tr><th>Object</th> +<th>Backward<br/>Compatibility</th> +<th>Added<br/>Symbols</th> +<th>Removed<br/>Symbols</th> +</tr> +<tr> +<td class='object'>libgnutls.so.30.6.1</td> +<td class='ok'><a href='../../../../compat_report/gnutls/3.4.9/3.4.10/ab52f/abi_compat_report.html'>100%</a></td> +<td class='ok'>0</td> +<td class='ok'>0</td> +</tr> +</table> +<br/> +<br/> +<hr/> +<div align='right'><a class='home' title="Andrey Ponomarenko's ABI laboratory" href='https://github.com/lvc'>github.com/lvc</a></div> +<br/> + +</body> +</html> diff --git a/abi-tracker/timeline/gnutls/index.html b/abi-tracker/timeline/gnutls/index.html index fe06cae05e..5a0a06aa9b 100644 --- a/abi-tracker/timeline/gnutls/index.html +++ b/abi-tracker/timeline/gnutls/index.html @@ -31,13 +31,23 @@ <th>Package<br/>Diff</th> </tr> <tr><td>current</td> -<td>2016-02-03<br/>09:20</td> +<td>2016-03-13<br/>11:39</td> <td>30</td> <td><a href='../../changelog/gnutls/current/log.html'>changelog</a></td> -<td class='warning'><a href='../../objects_report/gnutls/3.4.9/current/report.html'>99.9%</a></td> -<td class='added'><a class='num' href='../../objects_report/gnutls/3.4.9/current/report.html'>10 new</a></td> -<td class='removed'><a class='num' href='../../objects_report/gnutls/3.4.9/current/report.html'>1 removed</a></td> -<td><a href='../../headers_diff/gnutls/3.4.9/current/diff.html'>5</a></td> +<td class='warning'><a href='../../objects_report/gnutls/3.4.10/current/report.html'>99.9%</a></td> +<td class='added'><a class='num' href='../../objects_report/gnutls/3.4.10/current/report.html'>10 new</a></td> +<td class='removed'><a class='num' href='../../objects_report/gnutls/3.4.10/current/report.html'>1 removed</a></td> +<td><a href='../../headers_diff/gnutls/3.4.10/current/diff.html'>5</a></td> +<td>N/A</td> +</tr> +<tr><td>3.4.10</td> +<td>2016-03-03</td> +<td>30</td> +<td><a href='../../changelog/gnutls/3.4.10/log.html'>changelog</a></td> +<td class='ok'><a href='../../objects_report/gnutls/3.4.9/3.4.10/report.html'>100%</a></td> +<td class='ok'>0</td> +<td class='ok'>0</td> +<td><a href='../../headers_diff/gnutls/3.4.9/3.4.10/diff.html'>1</a></td> <td>N/A</td> </tr> <tr><td>3.4.9</td> @@ -132,7 +142,7 @@ </tr> <tr><td>3.4.1</td> <td>2015-05-03</td> -<td>N/A</td> +<td>30</td> <td><a href='../../changelog/gnutls/3.4.1/log.html'>changelog</a></td> <td class='ok'><a href='../../objects_report/gnutls/3.4.0/3.4.1/report.html'>100%</a></td> <td class='added'><a class='num' href='../../objects_report/gnutls/3.4.0/3.4.1/report.html'>1 new</a></td> @@ -1231,7 +1241,7 @@ <td>N/A</td> <td>N/A</td> </tr> -</table><br/>Maintained by <a href='http://www.gnutls.org/'>Nikos Mavrogiannopoulos</a>. Last updated on Wed Feb 3 09:33:48 2016.<br/> +</table><br/>Maintained by <a href='http://www.gnutls.org/'>Nikos Mavrogiannopoulos</a>. Last updated on Sun Mar 13 18:16:25 2016.<br/> <br/> <hr/> <div align='right'><a class='home' title="Andrey Ponomarenko's ABI laboratory" href='http://abi-laboratory.pro/'>abi-laboratory.pro</a></div> |