diff options
| -rw-r--r-- | ChangeLog | 2532 |
1 files changed, 2526 insertions, 6 deletions
@@ -1,3 +1,2528 @@ +2010-10-14 Simon Josefsson <simon@josefsson.org> + + * NEWS: Version 2.11.3. + +2010-10-14 Simon Josefsson <simon@josefsson.org> + + * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4, + libextra/configure.ac: Bump versions. + +2010-10-14 Simon Josefsson <simon@josefsson.org> + + * doc/errcodes.c, doc/examples/ex-alert.c, + doc/examples/ex-cert-select-pkcs11.c, + doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c, + doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c, + doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c, + doc/examples/ex-client2.c, doc/examples/ex-crq.c, + doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c, + doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, + doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, + doc/examples/ex-serv1.c, doc/examples/ex-session-info.c, + doc/examples/ex-verify.c, doc/examples/ex-x509-info.c, + doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c, + guile/src/errors.c, guile/src/extra.c, guile/src/utils.c, + guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h, + lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h, + lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c, + lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c, + lib/debug.c, lib/debug.h, lib/ext_cert_type.c, + lib/ext_max_record.c, lib/ext_safe_renegotiation.c, + lib/ext_safe_renegotiation.h, lib/ext_server_name.c, + lib/ext_server_name.h, lib/ext_session_ticket.c, + lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h, + lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c, + lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c, + lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c, + lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h, + lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c, + lib/gnutls_cipher_int.h, lib/gnutls_compress.c, + lib/gnutls_compress.h, lib/gnutls_constate.c, + lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h, + lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c, + lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h, + lib/gnutls_handshake.c, lib/gnutls_handshake.h, + lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h, + lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, + lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h, + lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c, + lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c, + lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c, + lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c, + lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h, + lib/gnutls_supplemental.c, lib/gnutls_supplemental.h, + lib/gnutls_x509.c, lib/includes/gnutls/abstract.h, + lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h, + lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h, + lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h, + lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h, + lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c, + lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c, + lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c, + lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c, + lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c, + lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c, + lib/opencdk/read-packet.c, lib/opencdk/seskey.c, + lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h, + lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c, + lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c, + lib/openpgp/privkey.c, lib/pakchois/dlopen.c, + lib/pakchois/dlopen.h, lib/pakchois/errors.c, + lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, + lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c, + lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c, + lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c, + lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c, + lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h, + lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h, + lib/x509/x509_write.c, lib/x509_b64.c, + libextra/ext_inner_application.c, libextra/ext_inner_application.h, + libextra/gnutls_extra.c, libextra/gnutls_ia.c, + libextra/includes/gnutls/extra.h, libextra/openssl_compat.h, + src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h, + src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c, + src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c, + tests/anonself.c, tests/certder.c, + tests/certificate_set_x509_crl.c, tests/certuniqueid.c, + tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c, + tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c, + tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c, + tests/finished.c, tests/gc.c, tests/hostname-check.c, + tests/init_roundtrip.c, tests/mini-eagain.c, + tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c, + tests/moredn.c, tests/mpi.c, tests/netconf-psk.c, + tests/nul-in-x509-names.c, tests/openpgp-auth.c, + tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c, + tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c, + tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c, + tests/resume.c, tests/safe-renegotiation/srn0.c, + tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c, + tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c, + tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c, + tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c, + tests/utils.h, tests/x509_altname.c, tests/x509dn.c, + tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent + 2.2.11). + +2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, configure.ac, lib/m4/hooks.m4: bumped version + +2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: Revert "Applied last patch of Micah Anderson on + IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f. + +2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * libextra/fipsmd5.c: removed unneeded code. + +2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: Applied last patch of Micah Anderson on IKE + status. + +2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: Applied patch on IKE extension by Micah Anderson + +2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c, + lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev + code to support the linux cryptodev extensions. Removed the clone() + capability from HMAC. It was never used and having it prevents using + it with hardware accelerators that might not have this capability. + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * THANKS: Added Micah + +2010-10-01 Simon Josefsson <simon@josefsson.org> + + * doc/cha-cert-auth.texi, doc/cha-internals.texi, + doc/cha-library.texi, lib/ext_safe_renegotiation.c, + lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c, + lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c, + lib/system.c, lib/system.h, libextra/ext_inner_application.c, + src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some + syntax-check errors. + +2010-10-01 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in, + lib/includes/gnutls/pkcs11.h: Fix compiler warnings. + +2010-10-01 Simon Josefsson <simon@josefsson.org> + + * NEWS, doc/manpages/Makefile.am: Mention new APIs. + +2010-09-30 Simon Josefsson <simon@josefsson.org> + + * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by m.drochner@fz-juelich.de in + <http://savannah.gnu.org/support/?107449>. + +2010-09-30 Simon Josefsson <simon@josefsson.org> + + * lib/crypto-api.c: Don't return from void functions. Reported by Dagobert Michelsen <dam@opencsw.org> in + + <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>. + +2010-09-30 Simon Josefsson <simon@josefsson.org> + + * lib/includes/gnutls/gnutls.h.in: Remove spurious comma. + +2010-09-30 Simon Josefsson <simon@josefsson.org> + + * lib/includes/gnutls/x509.h: Remove spurious comma. + +2010-09-30 Simon Josefsson <simon@josefsson.org> + + * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make + pkcs8-decode test work on Windows. + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: updated + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_session_ticket.c: treat absence of parameters the same as + having them disabled. + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/resume.c: Corrected behavior on failure (don't crash). + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs + when restoring extensions during session resumtion. + +2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_extensions.c: Use more informative logging for + extensions. + +2010-09-29 Micah Anderson <micah@riseup.net> + + * NEWS, doc/certtool.cfg, doc/cha-programs.texi, + lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c, + src/certtool-cfg.h, src/certtool.c: Add new extended key usage + ipsecIKE According to RFC 4945 § 5.1.3.12 section title + "ExtendedKeyUsage"[0] the following extended key usage has been + added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY + be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is + intended to be used with both IKE and other applications, and one + of the other applications requires use of an EKU value, then such + certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA + issues multiple otherwise-similar certificates for multiple + applications including IKE, and it is intended that the IKE + certificate NOT be used with another application, the IKE + certificate MAY contain an EKU extension listing a keyPurposeID of + id-kp-ipsecIKE to discourage its use with the other application. + Recall, however, that EKU extensions in certificates meant for use + in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. + If a critical EKU extension appears in a certificate and EKU is + not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU + MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool + was renamed to --p11-*. + +2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_session_ticket.c: Added some comments and removed unused + code. + +2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for + session tickets. + +2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/TODO: cleanup of TODO list. Removed very old entries, entries + already fixed and added new ones. + +2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp. + +2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c, + lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest + priorities moved to crypto.c + +2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_errors.c: changed the fatality level of some errors. + +2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c: No longer use is_fatal() during handshake. + Explicitely treat EAGAIN and INTERRUPTED as non-fatal during + handshake. If the check_fatal flag is set then + GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well. + +2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/cli.c: fflush stdout and stderr before the call to setbuf. + This fixes issue in solaris where lines dissappeared from output. + Reported and suggested fix by Knut Anders Hatlen. + +2010-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: documented change + +2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was + importing DSA keys are RSA ones. + +2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code + +2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: updated revision + +2010-09-18 Ludovic Courtès <ludo@gnu.org> + + * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an + OpenPGP authentication unit test. * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add `srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/ext_session_ticket.c, lib/gnutls_alert.c, + lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h, + lib/gnutls_compress.c, lib/gnutls_compress.h, + lib/gnutls_constate.c, lib/gnutls_constate.h, + lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h, + lib/gnutls_record.c, lib/gnutls_record.h, + lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c: + Explicit symmetric cipher state versionning. This introduces the concept of a "cipher epoch". The epoch number is + the number of successful handshakes and is incremented by one each + time. This concept is native to DTLS and this patch makes the + symmetric cipher state explicit for TLS in preparation for DTLS. + This concept was implicit in plain TLS and ChangeCipherSpec messages + triggered a "pending state copy". Now, we the current epoch number + is simply incremented to the parameters negotiated by the handshake. The main side effects of this patch is a slightly more abstract + internal API and, in some cases, simpler code. The session blob + format is also changed a bit since this patch avoids storing + information that is now redundant. If this breaks library users' + expectations, this side effect can be negated. The cipher_specs structure has been removed. The conn_state has + become record_state_st. Only symmetric cipher information is + versioned. Things such as key exchange algorithm and the master + secret are not versioned and their handling is unchanged. I have tested this patch as much as I could. It introduces no test + suite regressions on my x64 Debian GNU/Linux system. Do not hesitate to point out shortcomings or suggest changes. Since + this is a big diff, I am expecting this to be an iterative process. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants being made in an inline function or macro since it is used throughout the code. This converts 4 line repetitive blocks + into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * AUTHORS, NEWS, configure.ac: updated for 2.11.1 + +2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS + #11 URLs. 1st level: Token level. Object is unique up to token. + 2nd level: Object is unique up to token and module used to access + it. 3rd level: Object is unique up to token and module and version + of module used to access it. + +2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: Documented changes. + +2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and + tabs are being skipped. + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and + _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h, + lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make + _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS code to make sure reads are stored + in segments that correspond to datagram boundaries. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_int.h: Parenthesize size calculations. This is standard practice and the DTLS code got bit by this. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add + mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation. maximum_size is the maximum size of the payload, not including + overhead. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return + a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer + API. After a year of not hacking GnuTLS, I needed to look at the code to + know how mbuffers work. This will make it much easier for anybody + not familiar with this code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org> + Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: updated NEWS. + +2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h, + src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c, + src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to + conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11 + provider library (module) can be specified thus restricting objects + within a single provider. + +2010-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c, + lib/gnutls_record.c: When the %COMPAT flag is specified, larger + records that would otherwise violate the TLS spec, are accepted. + +2010-08-28 Brad Hards <bradh@frogmouth.net> + + * src/certtool.c, src/pkcs11.c: Show which option is the default for + command line tools. We use "y/N" is most places - this just adapts two places that use + "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/x509.c: prevent a memory leak in the unique_id functions. + +2010-08-20 Brad Hards <bradh@frogmouth.net> + + * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c, + lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As + identified in a previous mail, I've added support for accessing / + displaying the subjectUniqueID and issuerUniqueID fields within an + X.509 certificate. This is provided (along with a test case) in the + attached patch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_int.h: By default lowat is set to zero. + +2010-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Revert "When scanning for terminator character for + PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1. + +2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * THANKS: Added Sjoerd. + +2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library. + +2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c: oldstate var removed. + +2010-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one + every two attempts. That is to remove probabilities. + +2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk> + + * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user + data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294. + gnutls_record_send needs to return the amount of user-data we sent, + so we need to keep this information somewhere to return it when we + succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk> + + * lib/gnutls_handshake.c: Check whether the error is fatal in more + cases When stressing the async API of gnutls a lot of internal errors are + hit as IMED_RET clears the handshake hash buffers as a result of + -EAGAIN even though it would never be re-initialized at that point, + but is still needed in later stages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk> + + * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing + the handshake buffer A seperate state is needed between flushing the handshake buffers + and sending the chipher spec change otherwise it's impossible to + determine whether _gnutls_send_change_cipher_spec is called for the + first time or again. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> + +2010-08-01 Simon Josefsson <simon@josefsson.org> + + * lib/nettle/mpi.c: Fix warning. + +2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is + no longer marked as unsupported. + +2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c, + lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c, + lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256, + SHA-224/384/512 and support for DSA2 when using nettle. + +2010-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: When scanning for terminator character for PKCS #11 + URLs ignore escaped \;. + +2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_priority.c: Modified the example to work in TLS 1.2. + +2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256 + ciphersuites. + +2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_signature.c: When signature algorithms extension is not + received allow SHA1 and SHA256. + +2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL + +2010-07-25 Simon Josefsson <simon@josefsson.org> + + * src/common.c: Avoid fixed size buffers (now handles the big >100 + SAN cert). + +2010-07-25 Simon Josefsson <simon@josefsson.org> + + * doc/manpages/Makefile.am: Generated. + +2010-07-25 Simon Josefsson <simon@josefsson.org> + + * NEWS: Re-add old NEWS entries. + +2010-07-25 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_buffers.c: Doc fix. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on + success. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c: + gnutls_x509_privkey_import() will fallback to + gnutls_x509_privkey_import_pkcs8() without a password, if it is + unable to decode the key. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, + lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c: + Added GNUTLS_PK_DH to differentiate in the generation of parameters + with PK_DSA that requires special treatment. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: Corrected wrong descriptions of security + levels. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA + certificates. + +2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating + normal and reporting them as low. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, + lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h, + lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c, + lib/x509/privkey.c, src/certtool.c, + tests/pathlen/no-ca-or-pathlen.pem: Better handling of security + parameters to key sizes matching (via a single table). Added + functions to return the security parameter of a private key. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Simplified documentation. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/mpi.c: Follow ECRYPT II recommendations. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi, + lib/gnutls_algorithms.c: Updated documentation and + gnutls_pk_params_t mappings to ECRYPT II recommendations. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II + yearly report (2009-2010) recommendations. + +2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem + +2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * gtk-doc.make: ignore html errors otherwise make dist doesn't work. + +2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: updated NEWS + +2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa: Added option for certtool to print + certificate public key. + +2010-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of + RSA. Some microsoft products were using it. Reported by Mads + Kiilerich. + +2010-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224. + +2010-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c: Added blinding to RSA decryption AND signing. + Will stay there until it is moved to nettle itself. + +2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/system.h: fixed + +2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h, + lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It + is used if /dev/urandom is not present. + +2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the + lowat behavior. Documented that it will be deprecated in later + versions. + +2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/serv.c: gnutls-serv: Do not print CR/LF if received, but + instead print LF only. + +2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c, + lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c, + lib/system.h: system specific functions were moved to system.c + +2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c, + lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c, + lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c, + lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h, + lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, + lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write + using writev(). This takes advantage of the new buffering layer and + allows queuing of packets and flushing them. This is currently used + for handshake messages only. Performance-wise the difference of + packing several TLS records in a single write doesn't seem to offer + anything over ethernet (that my tests were on). Probably on links + with higher latency there would be a benefit. + +2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-gtls-app.texi: Removed old reference. + +2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-gtls-app.texi, doc/examples/Makefile.am, + doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program + demonstrating the verification procedure. + +2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am, + doc/examples/ex-serv-export.c: Example with export ciphersuites was + removed. + +2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_pubkey.c: corrected typo + +2010-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the + fastest choice. + +2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool-cfg.c: Do not crash if input is redirected from + /dev/null. + +2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa: + Changed the default pkcs-cipher to AES-128. Allowed specifying the + 3des-pkcs12 cipher with the --pkcs-cipher option. + +2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/benchmark.c: Use double to count bytes. + +2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/rnd.c: Added a windows version of the RNG. + +2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/rnd.c: Corrected locking usage in nettle's random + subsystem. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c, + lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h: + Fixed to compile under mingw32. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c, + lib/pakchois/pakchois.c: Locks were converted to be in align with + posix locks to easier wrap around them. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c, + lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included + pakchois will use gnutls locks and will use a portable dlopen() to + allow compilation in win32 (untested). + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/x509/Makefile.am: Added missing files + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/crypto-api.c, lib/gnutls_cipher_int.c, + lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h, + lib/libgnutls.map: Allow encryption and decryption that are not + in-place only. + +2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/benchmark.c: Print values in a human-readable format and do + the calculations in fixed time to prevent stalling in slow systems. + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: corrected library version + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-cert-select-pkcs11.c, + lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The + callback function in common.c will cache PIN if requested for second + time. + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, + lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, + lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in + PIN callback. The new approach will be to provide enough information + for the callback to save the PIN itself. + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/init.c: removed unneeded function. + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/locks.c: Do not allow setting NULL lock functions + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/rnd.c: corrected lock usage. + +2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: bumped library version + +2010-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/Makefile.am: Include abstract.h in releases. + +2010-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/crypto-api.c: Correctly deinitialize crypto API handles. + +2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and + HANDSHAKE_MAC_TYPE_12. + +2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking + code. Locking functions always exist but are dummies if no locks + have been set. + +2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c, + lib/gnutls_global.c, lib/gnutls_global.h, + lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h, + lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c: + Initialization of crypto libraries moved outside main gnutls code. + +2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h, + lib/locks.c, lib/locks.h: Moved locking code to special file. + +2010-06-29 Simon Josefsson <simon@josefsson.org> + + * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules. + +2010-06-29 Simon Josefsson <simon@josefsson.org> + + * doc/manpages/Makefile.am: Generated. + +2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c: + When copying a private key the sensitive flag can be set or not. + This allows copying private keys that can be exported. + +2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c, + src/pkcs11.c: Combined object flags. No implicit login any more. + Login has to be specified with a flag on every call that could use + it. + +2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c, + lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented + code. + +2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c, + lib/gnutls_x509.c, lib/includes/gnutls/abstract.h, + lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c, + src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow + flags when importing objects from PKCS11 URLs. The only flag + supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login + before accessing object on a token. The reason is that some tokens + do not allow access of any data without login. + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/tests.c: Added AES-128 to block ciphers. + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_session_pack.c: Corrected writing and reading order of + security parameters. + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, doc/cha-gtls-app.texi, lib/configure.ac, + lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h, + lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, + lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to + allow setting alternative locking procedures. By default the system + available locking is used. In *NIX pthreads are used and in windows + the critical section API. As a side effect this change avoids any API dependance on libgcrypt + even if threads are used. + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test + was checking whether verification using a trusted insecurely signed + self signed certificate will fail against a chain that has this as + intermediate. However this test should have succeeded since the + insecure certificate is trusted. This isn't the purpose of this test however. It should have checked + whether using the same certificate as trusted and to be verified and + the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error. + +2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/chainverify.c: Fail on error. + +2010-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: When generating private key allow usage of + --pkcs-cipher flag. + +2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h, + lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h: + MAX_SRP_USERNAME -> MAX_USERNAME_SIZE + +2010-06-24 Simon Josefsson <simon@josefsson.org> + + * README-alpha: We also require GNU make. + +2010-06-24 Simon Josefsson <simon@josefsson.org> + + * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use + silent build rules. Suggested by Vincent Torri <vincent.torri@gmail.com> in + + <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>. + +2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension + functions. + +2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am: removed OPRFI from makefile. + +2010-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/verify.c: When verifying certificates use the same + algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before + we were shortening certificate list if the flag was not set by the + size of the first certificate found in the trusted list, and keep + the list intact otherwise. Now we shorten the list in the latter + case as well, except for the first certificate. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: Added news entry for EV-certificates. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests. + Added test to check whether the %COMPAT option is required for this + server. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in + the new session packing code. Saving absolute positions in buffers + is no longer done. Now we store only and offset to allow + reallocating the buffer and still do the correct reference. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h, + lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions + code that relate to SSL 3.0. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * configure.ac: version is 2.11.0 + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-cert-auth.texi: Some updates in the PKCS11 text. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Some updates on renegotiation text + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT + topic. I don't think they should be in the documentation. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Corrected example with %COMPAT. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits() + discussion. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: corrected text on AES + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Only save PIN if login was successful. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas + Metzler + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/benchmark.c: Allow setting debug level via cmd. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/cryptodev.c: Explicitely terminate cryptodev sessions. + +2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no + longer needed "active" variable. + +2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: documented some of the changes + +2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, + lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the + internal hash/hmac and cipher functions. + +2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, + src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only. + Certtool has now the --pkcs11-list-privkeya option. + +2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11_privkey.c: Send correct token name to callback. + +2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, + lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, + lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11 + actual errors. + +2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, + lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c: + Added option to the PKCS11 PIN callback to save PIN if the token is + being used with a single pkcs11_privkey structure. + +2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11_privkey.c: For Private key operations new sessions are + opened when are needed. This makes the usage of the PKCS11 API + thread safe. The only drawback is the requirement to enter PIN on + every operation. + +2010-06-15 Simon Josefsson <simon@josefsson.org> + + * src/cli.c: gnutls-cli: Make --starttls work again. Problem introduced in patch to use read() instead of fgets() + committed on 2010-01-27. + +2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c, tests/sha2/key-ca-dsa.pem, + tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa: + Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224 + for DSA. + +2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: Do not warn multiple times for the deprecation of + --bits. + +2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_session_ticket.c, lib/gnutls_handshake.c, + lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c, + lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in + mbuffers is now cheaper by avoiding realloc, at the cost of + requiring to specify a maximum mbuffer size at creation. + +2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_safe_renegotiation.c: Removed unused functions. + +2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket + length with the maximum extension data length. + +2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c, + lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h, + lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c, + lib/ext_safe_renegotiation.h, lib/ext_server_name.c, + lib/ext_server_name.h, lib/ext_session_ticket.c, + lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h, + lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c, + lib/gnutls_constate.c, lib/gnutls_extensions.c, + lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h, + lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, + lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c, + lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h, + lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c, + lib/x509/dn.c, libextra/ext_inner_application.c, + libextra/ext_inner_application.h, libextra/gnutls_extra.c, + libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am, + tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the + packing of data for session storage. Extensions use the internal API + to store/retrieve during resumption. Removed OPRFI since it was never standardized and was never actually + included in gnutls since it was in inactive ifdef. This was instead + of rewriting it to use the new API. + +2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h, + lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c, + lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c, + lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was + simplified and integrated with the buffer to avoid having two named + for the same thing. + +2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pakchois/pakchois.c: Properly handle fork() case. + +2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in + fips mode once gnutls_global_init_extra() is called. + +2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/tests.c: corrected tests. + +2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c: + Added new calls to pakchois to open an absolute filename. + +2010-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h: Removed several comments that + pointed to Alon's implementation comments. We use inline C comments + to generate documentation (not doxygen). + +2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/ext_session_ticket.c, + lib/gnutls_algorithms.c, lib/gnutls_buffers.c, + lib/gnutls_buffers.h, lib/gnutls_handshake.c, + lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c, + lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More + fixes for the rebase. + +2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * AUTHORS: Added Jonathan. + +2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pakchois/pakchois.c: Provider unref must be done after all + sessions have been closed. + +2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am: Several fixes for the broken rebase. + +2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-intro-tls.texi: Merged with master. + +2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h, + lib/gnutls_record.c: Some other changes to mbuffers to make gnutls + (a bit more) agnostic on their internal structure. + +2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/verify.c: Corrected prefered hash algorithm return value + on RSA. + +2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using + libgcrypt. + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * .gitignore: Ignore more files. + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/sha2/sha2-dsa: Remove the correct file + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing + files. + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c, + lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h, + lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The + get_preferred_hash_algorithm() functions have now an extra argument + to indicate whether it is mandatory to use this algorithm. + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h, + lib/libgnutls.map, lib/x509/crq.c: Added + gnutls_x509_crq_get_preferred_hash_algorithm(). + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, + lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c, + lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added + gnutls_pubkey_get_preferred_hash_algorithm() and + gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining + the hash algorithm to use during signing. This is needed in the case + of DSA that uses specific versions of SHA depending on the size of + the parameters. + +2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath, + lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c, + lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c, + lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c: + Several fixes after big rebase. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with + SHA256 as well. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/mpi.c: Print debugging information on error. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c, + lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c, + lib/opencdk/sig-check.c, lib/opencdk/verify.c, + lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c, + lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c, + lib/x509/x509_int.h: Nettle library can now parse the PGP integers. + Except for SHA-224/384/512 nettle seems to be fully working now. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c: use --sec-param to generate privkey. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/openpgpself.c: reduced log level to a sane one + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/pathlen/ca-no-pathlen.pem, + tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of + --print-certificate-info + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/sha2/sha2: Print information on failure. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are + available. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12, + tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if + something fails + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes. + +2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_global.c: Fixup to compile with nettle + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist + in debugging. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/pkcs12_encode.c: Added debugging + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in + TLS. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkix_asn1_tab.c: removed more stuff. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were + incorporated. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any + more. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/dn2.c: Corrected to support new EV_ values. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: + avoid calling gcrypt directly. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map, + lib/random.c, lib/random.h, src/crypt.c, src/psk.c, + tests/mini-eagain.c: exported gnutls_rnd(). + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The + recognition of DN elements is now self contained. It does not need + entries in pkix.asn. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added + support for EV certificate attributes. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and + AES. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_dh_primes.c: documentation updates + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool-common.h, src/certtool.c, src/prime.c: Generate + dh-params also used --sec-param. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/mpi.c: Document that the generator is the generator of + the subgroup and not the group. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/cli.c: Corrected certificate callback. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am, + lib/nettle/cipher.c: More AES stuff (still doesn't work). + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c: Correction in RSA encryption. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/cipher.c: Fixed issue with AES. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in, + lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c, + lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa: Added + gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for + private keys using a human understandable scale. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in, + lib/x509/common.h: Added support for SHA224 and SHA256 in DSA. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/m4/hooks.m4: Always use included pakchois. + +2010-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in + page. + +2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-cert-auth.texi: make example more compact by removing + error checking. + +2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic + reference to PKCS #11. + +2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage. + +2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/credentials/x509-server-dsa.pem, + doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key + +2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/opencdk/armor.c, lib/opencdk/read-packet.c, + lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log + level of several messages. + +2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/credentials/x509/key.pem: Corrected coefficient and exp[12] + values in key. + +2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/nettle/pk.c: Added blinding in RSA. Correct broken private + keys on import. Nettle uses more values than gcrypt does from RSA + decryption and it seemed that some values in our stored private keys + were messy (generated by very old gnutls). + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c, + lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified + internal API. The only question that remains now is how to handle + the gnutls_pkcs11_privkey_t. Currently it opens a session and + maintains a handle to the object. This will require locks to be + added on operations. Alternatively new sessions may be opened for + each operation performed. This is guarranteed by PKCS #11 to be + thread safe but will of course require to ask for the PIN again. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pakchois/pakchois.c: Removed debugging print. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4, + lib/pakchois/errors.c, lib/pakchois/pakchois.c, + lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified + pakchois library (to open arbitrary pkcs11 modules). Current gnutls + works only with this one. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/cha-gtls-app.texi: Added missing file. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/TODO: Removed finished items. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11_write.c: Noted that there things to be done. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on + abstract types. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h, + lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c: + Common code for calculation of RSA exp1 and exp2. Also update the + openpgp code to calculate those values. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c: + More fixes. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c: + Corrected nicely hidden bug that caused accesses to uninitialized + variables if the gcry_mpi_print() functions were pessimists and + returned more size than actually needed for the print. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gcrypt/pk.c: Added some sanity checks. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, doc/cha-auth.texi, doc/cha-bib.texi, + doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi, + doc/cha-copying.texi, doc/cha-functions.texi, + doc/cha-internals.texi, doc/cha-intro-tls.texi, + doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi, + doc/cha-tls-app.texi, doc/gnutls.texi, + lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: + Documentation updates. Separated big gnutls.texi to chapter to allow + easier maintainance. + +2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c, + lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h, + lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c, + lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, + lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h, + src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c: + Added support to copy certificates and private keys to tokens. New + functions: gnutls_pkcs11_copy_x509_crt() + gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys + to tokens. Deleting an object has issues (segfault) but it seems to + be related with libopensc and its pkcs11 API. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(), + gnutls_pubkey_get_verify_algorithm(). + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(), + gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(), + gnutls_pkcs11_obj_export(). + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS: Tried to document recent changes. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h, + src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added + gnutls_pubkey_t abstract type to handle public keys. It can + currently import/export public keys from existing certificate types + as well as from PKCS #11 URL. This allows generating a certificate + or certificate request from a given public key (currently one could + only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of + just certificates. Certtool updated to list those objects. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish + between hardware and soft tokens. + +2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am: Added support for libnettle backend. This uses + gmp for big number operations. It is not currently completed. It + lacks RSA blinding as well as optimizations. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/sign.c: Corrected bug in DSA signature generation. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/x509_int.h: Added operations to sign CRLs, certificates + and requests with an abstract key and thus with a PKCS #11 key as + well. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS + #11 URL. It can read gnome-keyring's certificates and use them in + the trusted list. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_x509.c: Corrections in openpgp private key usage. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * tests/x509self.c: Updated self tests and examples to avoid using + deprecated functions such as + gnutls_certificate_server_set_retrieve_function and the sign + callback. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added + documentation for most of the new functions. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Documented that it was initially based on neon + pkcs11 and got ideas from pkcs11-helper library. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Corrections to properly handle token removal and + insert. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, + lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added + gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an + abstract private key type that can be used to sign/encrypt any + private key of pkcs11,x509 or openpgp types. Added support for + PKCS11 in gnutls-cli/gnutls-serv. + +2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/certtool.c, src/pkcs11.c: Added several helper functions, to + allow printing of tokens. + +2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c, + src/certtool.gaa, src/pkcs11.c: Added ability to export certificates + from PKCS #11 tokens. Added ability to list trusted certificates, + or only certificates with a corresponding private key or just all. + +2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h, + lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support. + Certtool can now print lists of certificates available in system. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, + lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c, + lib/x509/x509.c, lib/x509/x509_int.h: Added + gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm(). + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, configure.ac, lib/gnutls_pubkey.c, + lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h, + lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c, + src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(), + gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(), + gnutls_pkcs11_obj_export(). + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * .gitignore: Ignore files that should be ignored. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document + recent changes. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c, + lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h, + lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h, + lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h, + src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added + gnutls_pubkey_t abstract type to handle public keys. It can + currently import/export public keys from existing certificate types + as well as from PKCS #11 URL. This allows generating a certificate + or certificate request from a given public key (currently one could + only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of + just certificates. Certtool updated to list those objects. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added + gnutls_pkcs11_token_get_flags() to distinguish between hardware and + soft tokens. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all + symbols from C++ library. This library doesn't contain any internal + symbols anyway and there is no reason to mess with the C++ ABI that + hasn't got the problems of C. + +2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * configure.ac, doc/examples/ex-serv-export.c, + doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c, + lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c, + lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c, + lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c, + lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c, + lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c, + lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c, + lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c, + lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c, + src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added + support for libnettle backend. This uses gmp for big number + operations. It is not currently completed. It lacks RSA blinding as + well as optimizations. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa, + src/serv-gaa.c, src/serv.gaa: Documented that the --file options in + gnutls-cli and gnutls-serv can accept a PKCS #11 URL. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/sign.c: Corrected bug in DSA signature generation. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, + lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c, + lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h, + lib/x509/x509_write.c: Added operations to sign CRLs, certificates + and requests with an abstract key and thus with a PKCS #11 key as + well. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c, + lib/gnutls_sig.h, lib/gnutls_x509.h, + lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h, + lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c: + The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read + gnome-keyring's certificates and use them in the trusted list. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Documented that gnutls_global_init calls + gnutls_pkcs11_init. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * src/cli.c: Only send termination request to avoid stalling on + servers that do not reply. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h: + Corrected issue on the %SSL3_RECORD_VERSION priority string. It now + works even when resuming a session. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c, + doc/gnutls.texi: Added initial example. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: + Corrections in openpgp private key usage. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/examples/ex-cert-select.c, tests/Makefile.am, + tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated + self tests and examples to avoid using deprecated functions such as + gnutls_certificate_server_set_retrieve_function and the sign + callback. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use + the new callback function. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h, + lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c, + lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added + documentation for most of the new functions. + +2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/pkcs11.c: Documented that it was initially based on neon + pkcs11 and got ideas from pkcs11-helper library. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c, + lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to + properly handle token removal and insert. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: + Deprecated the sign callback. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c, + lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c, + lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c, + lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h, + lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h, + lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c, + lib/gnutls_x509.h, lib/includes/gnutls/compat.h, + lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h, + lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h, + lib/includes/gnutls/x509.h, lib/libgnutls.map, + lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h, + lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h, + lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c, + lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c, + src/common.h, src/pkcs11.c, src/serv.c: Added + gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an + abstract private key type that can be used to sign/encrypt any + private key of pkcs11,x509 or openpgp types. Added support for + PKCS11 in gnutls-cli/gnutls-serv. + +2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * .gitignore: ignore unrelated to gnutls files. + +2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, + src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h, + src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper + functions, to allow printing of tokens. + +2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_errors.c, lib/gnutls_str.c, + lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h, + lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c, + src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c: + Added ability to export certificates from PKCS #11 tokens. Added + ability to list trusted certificates, or only certificates with a + corresponding private key or just all. + +2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac, + lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c, + lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c, + lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am, + lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, + lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c, + lib/x509/dn.c, src/Makefile.am, src/certtool-common.h, + src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c, + src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support. + Certtool can now print lists of certificates available in system. + +2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/verify.c: Optimized the check_if_same(). + +2010-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h: + Added a forgoten by god OID for RSA. Warn using the actual OID on + unknown public key algorithms. + +2009-12-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer + API. + +2009-08-16 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c, + lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for + handshake synthesis. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_buffers.h, + lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a + mbuffer_st. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_buffers.h, + lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: + Simplify handshake send buffer logic. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Fix interrupted write braino. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c: Avoid pointer warning. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c, + lib/gnutls_mbuffers.h: Remove now useless + _gnutls_mbuffer_enqueue{,copy} functions. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_buffers.h, + lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer + with mbuffer_st structure as suggested by Nikos. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer + allocation by the caller. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: GNUify some missed GNUification. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Harmonize read and write function names. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use + less lines. + +2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once again, I got bit by this pretty hard. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_record.c: Use a datum for ciphered data in + _gnutls_send_int. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.h: Remove the prototype for the non-existant + function _gnutls_io_write_buffered2. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining + internals.record_send_buffer mess. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Remove yet another !@#$% instance of + redundant hexadecimal dumping. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: + Modify slightly the contract of _gnutls_io_write_buffered as + suggested by Nikos Mavrogiannopoulos. + +2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c, + lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of + by value. + +2009-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where + handshake data were received during a session. It now stores them + for future use by a gnutls_handshake(). Reported by Peter + Hendrickson <pdh@wiredyne.com>. + +2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and + _gnutls_io_write_flush with mbuffers. + +2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_int.h, lib/gnutls_state.c: Change type of + internals.record_send_buffer to a mbuffer. + +2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Extract a simple_write function from + _gnutls_io_write_buffered. + +2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_buffers.c: Add dump_bytes function. + +2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c, + lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic + mbuffer operations. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_algorithms.c: Do not rely on version ordering; use + switch..case instead. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_state.c: Remove hardcoded version check in + gnutls_state.c. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_cipher.c: Remove hardcoded version checks in + gnutls_cipher.c. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_handshake.c: Remove hardcoded version checks in + gnutls_handshake.c. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_algorithms.c: Add version check function for selectable + signature/hash certificate algorithms. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_algorithms.c: Add version check functions for + non-minimal padding. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version + check function for explicit IV. + +2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org> + + * lib/gnutls_algorithms.h: Add version check functions for + selectable PRF and extension handling. + +2010-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1, + doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c, + lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c, + lib/gnutls_state.c, tests/safe-renegotiation/srn1.c, + tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn: + Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the + most secure and recommended option for clients. However this will + prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and + servers not supporting the safe renegotiation extension. (this is + the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones. + +2010-05-31 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Minor fix. + +2010-05-31 Simon Josefsson <simon@josefsson.org> + + * GNUmakefile, maint.mk: Update gnulib files. + +2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/gnutls.texi: Documented the defaults. + +2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small + updates. + +2010-05-28 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Update. + +2010-05-28 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/README: Add. + +2010-05-28 Simon Josefsson <simon@josefsson.org> + + * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h, + build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files, + configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c, + gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4, + gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4, + gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, + gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h, + gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh, + gl/tests/test-vc-list-files-cvs.sh, + gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c, + gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h, + gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make, + lib/build-aux/c++defs.h, lib/gl/Makefile.am, + lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4, + lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4, + lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4, + lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4, + lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c, + lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh, + lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c, + lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h, + lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h, + libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update + gnulib files, use valgrind-tests module, fix syntax-check problems. + +2010-05-28 Simon Josefsson <simon@josefsson.org> + + * doc/announce.txt: Doc fix. + +2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c, + lib/x509/verify.c: Use correct hashing algorithms for DSA with q + over 160 bits. + +2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_algorithms.c: Better checks in loops. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * lib/x509/crl.c: Doc fix. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * NEWS: Add. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * NEWS: Add. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support + GTK-DOC PDF file. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * cfg.mk: Also build PDF manual. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Fix node/section usage. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/srn5.c: Fix self test. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_handshake.c: Readd lost fix from Nikos. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * NEWS: Add. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h, + libextra/openssl_compat.c: Doc fixes. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * lib/x509/x509.c: Doc fix. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am, + doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c, + doc/examples/Makefile.am, doc/examples/ex-client-srp.c, + doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, + doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, + doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am, + doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am, + guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm, + guile/modules/gnutls/build/priorities.scm, + guile/modules/gnutls/build/smobs.scm, + guile/modules/gnutls/build/utils.scm, + guile/modules/gnutls/extra.scm, guile/src/Makefile.am, + guile/src/core.c, guile/src/errors.c, guile/src/errors.h, + guile/src/extra.c, guile/src/make-enum-header.scm, + guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm, + guile/src/make-smob-header.scm, guile/src/make-smob-types.scm, + guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am, + guile/tests/anonymous-auth.scm, guile/tests/errors.scm, + guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm, + guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm, + guile/tests/session-record-port.scm, guile/tests/srp-base64.scm, + guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm, + lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c, + lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h, + lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h, + lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c, + lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h, + lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c, + lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac, + lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c, + lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h, + lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c, + lib/ext_oprfi.h, lib/ext_safe_renegotiation.c, + lib/ext_safe_renegotiation.h, lib/ext_server_name.c, + lib/ext_server_name.h, lib/ext_session_ticket.c, + lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h, + lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c, + lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, + lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h, + lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c, + lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h, + lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, + lib/gnutls_compress.c, lib/gnutls_compress.h, + lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c, + lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h, + lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c, + lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c, + lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h, + lib/gnutls_handshake.c, lib/gnutls_handshake.h, + lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c, + lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h, + lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c, + lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h, + lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c, + lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c, + lib/gnutls_record.h, lib/gnutls_rsa_export.c, + lib/gnutls_rsa_export.h, lib/gnutls_session.c, + lib/gnutls_session_pack.c, lib/gnutls_session_pack.h, + lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c, + lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h, + lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c, + lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c, + lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h, + lib/includes/Makefile.am, lib/includes/gnutls/crypto.h, + lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h, + lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h, + lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4, + lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am, + lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am, + lib/openpgp/Makefile.am, lib/openpgp/compat.c, + lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c, + lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, + lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c, + lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am, + lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, + lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c, + lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c, + lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, + lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, + lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c, + lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c, + lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am, + libextra/configure.ac, libextra/ext_inner_application.c, + libextra/ext_inner_application.h, libextra/fipsmd5.c, + libextra/gl/Makefile.am, libextra/gnutls_extra.c, + libextra/gnutls_ia.c, libextra/gnutls_openssl.c, + libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h, + libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map, + libextra/m4/hooks.m4, libextra/openssl_compat.c, + libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c, + src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c, + src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c, + src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c, + tests/certder.c, tests/certificate_set_x509_crl.c, + tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c, + tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c, + tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c, + tests/finished.c, tests/gc.c, tests/hostname-check.c, + tests/init_roundtrip.c, tests/key-id/Makefile.am, + tests/key-id/key-id, tests/mini-eagain.c, + tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c, + tests/moredn.c, tests/mpi.c, tests/netconf-psk.c, + tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl, + tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12, + tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c, + tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts, + tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c, + tests/openpgpself.c, tests/openssl.c, tests/oprfi.c, + tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen, + tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am, + tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am, + tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c, + tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, + tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8, + tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test, + tests/rsa-md5-collision/Makefile.am, + tests/rsa-md5-collision/rsa-md5-collision, + tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c, + tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c, + tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c, + tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c, + tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2, + tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am, + tests/userid/userid, tests/utils.c, tests/utils.h, + tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain, + tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: + Change GNUTLS into GnuTLS. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS, + doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1, + doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1, + doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml, + lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c, + src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa, + src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS. + +2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore + parsing of ciphersuite or extensions when safe renegotiation is + disabled. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/srn5.c: Add test of self renegotiation + APIs. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c: + Add more rengotiation self tests. + +2010-05-22 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c: + Add more safe renegotiation self test. + +2010-05-21 Simon Josefsson <simon@josefsson.org> + + * NEWS, doc/announce.txt, doc/gnutls.texi, + doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c, + lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, + tests/safe-renegotiation/srn2.c: Remove + gnutls_safe_negotiation_set_initial and + gnutls_safe_renegotiation_set. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_priority.c: Documented behavioral change. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to + differentiate the behavior of server and client with regards to safe + renegotiation. If a server didn't have either SAFE_RENEGOTIATION or + UNSAFE_RENEGOTIATION set the safe renegotiation will be the default. + This (as well as the safe_renegotiation_set flag) has to be removed + once safe renegotiation is default in both server and client side. + +2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe + renegotiation if the priority_* functions are not called. + +2010-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org> + + * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint + Adams. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c: + tests: Add srn3 to test inverse of what srn1 is testing. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/srn2.c: tests: Add another safe + renegotiation self tests. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/srn1.c: Also test + gnutls_safe_renegotiation_status API. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/safe-renegotiation/Makefile.am, + tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe + renegotiation extension. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small + X.509 rehandshake test. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/mini-x509.c: Protect against infloops. + +2010-05-03 Simon Josefsson <simon@josefsson.org> + + * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509 + self-test. + +2010-04-30 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Improve text, based on suggestions from Tomas + Hoger <thoger@redhat.com>. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_handshake.c: Fix typo. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_handshake.c: Improve renegotiation debug messages. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * doc/announce.txt: Add. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * .gitignore: Add. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Add section on safe renegotiation. + +2010-04-29 Simon Josefsson <simon@josefsson.org> + + * lib/gnutls_record.c: Remove debug code. + +2010-04-25 Simon Josefsson <simon@josefsson.org> + + * doc/gnutls.texi: Mention shared library map file and GTK-DOC + guidelines. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * doc/announce.txt: Update URL. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * AUTHORS: Update my OpenPGP key. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * doc/announce.txt: Update my key. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * doc/announcement-template.txt: Remove. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * NEWS: Add 2.8.x NEWS entries. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * libextra/configure.ac: Also bump libgnutls-extra version. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump + versions. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * build-aux/gendocs.sh: Chmod +x. + +2010-04-22 Simon Josefsson <simon@josefsson.org> + + * ChangeLog: Generated. + 2010-04-22 Simon Josefsson <simon@josefsson.org> * NEWS: Version 2.9.10. @@ -20958,12 +23483,7 @@ 2005-11-07 Simon Josefsson <simon@josefsson.org> - * NEWS: Version 1.2.9. - -2005-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org> - - * corrected bug in pkcs 12 ID key setting. Found and reported by Fran - <e_agf@yahoo.es>. + * Version 1.2.9. ----- |