summaryrefslogtreecommitdiff
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Do not export the non-existant symbols gnutls_pkcs11_privkey_sign_hash and ↵Nikos Mavrogiannopoulos2010-12-151-0/+2
| | | | gnutls_privkey_sign_hash.
* documented new functionsNikos Mavrogiannopoulos2010-12-131-1/+8
|
* Added new functions.Nikos Mavrogiannopoulos2010-12-131-0/+7
|
* documented deprecated functions.Nikos Mavrogiannopoulos2010-12-111-1/+5
|
* documented previous update.Nikos Mavrogiannopoulos2010-12-081-0/+3
|
* Add.Simon Josefsson2010-12-071-0/+3
|
* Bump versions.Simon Josefsson2010-12-071-0/+5
|
* Version 2.11.6.Simon Josefsson2010-12-061-1/+1
|
* documented SSL 3.0 record version change.Nikos Mavrogiannopoulos2010-12-061-0/+4
|
* Use ASN1_NULL when writing parameters for RSA signatures. This makes us ↵Nikos Mavrogiannopoulos2010-12-051-0/+3
| | | | comply with RFC3279. Reported by Michael Rommel.
* Corrected buffer overflow in gnutls-serv by Tomas Mraz.Nikos Mavrogiannopoulos2010-12-051-0/+7
| | | | | | | | | | | | | The gnutls-serv uses fixed allocated buffer for the response which can be pretty long if a client certificate is presented to it and the http header is large. This causes buffer overflow and heap corruption which then leads to random segfaults or aborts. It was reported originally here: https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to snprintf so the buffer is never overflowed.
* released 2.11.5Nikos Mavrogiannopoulos2010-12-011-1/+1
|
* Reverted default behavior for verification and introduced ↵Nikos Mavrogiannopoulos2010-11-261-0/+4
| | | | | | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
* Typo.Simon Josefsson2010-11-251-1/+1
|
* added infoNikos Mavrogiannopoulos2010-11-161-0/+3
|
* Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL priority strings.Nikos Mavrogiannopoulos2010-11-161-0/+4
|
* Added gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to enableNikos Mavrogiannopoulos2010-11-071-1/+4
| | | | manipulating tokens purely from PKCS #11.
* gnutls-cli: Print channel binding only in verbose mode.Simon Josefsson2010-10-161-0/+4
| | | | | Before it printed it after the 'Compression:' output, thus breaking Emacs starttls.el string searches.
* Bump versions.Simon Josefsson2010-10-151-0/+5
|
* Version 2.11.4.Simon Josefsson2010-10-151-1/+1
|
* Add.Simon Josefsson2010-10-151-0/+2
|
* Document channel binding API.Simon Josefsson2010-10-151-1/+2
|
* Add gnutls_session_channel_binding API.Simon Josefsson2010-10-141-1/+9
|
* Add.Simon Josefsson2010-10-141-2/+6
|
* Add.Simon Josefsson2010-10-141-0/+4
|
* Bump versions.Simon Josefsson2010-10-141-0/+5
|
* Version 2.11.3.Simon Josefsson2010-10-141-1/+1
|
* Bump versions.Simon Josefsson2010-10-141-0/+10
|
* bumped versionNikos Mavrogiannopoulos2010-10-081-1/+1
|
* Mention new APIs.Simon Josefsson2010-10-011-1/+2
|
* updatedNikos Mavrogiannopoulos2010-09-291-0/+3
|
* Add new extended key usage ipsecIKEMicah Anderson2010-09-291-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* --pkcs11-* in certtool was renamed to --p11-*.Nikos Mavrogiannopoulos2010-09-271-0/+7
|
* Corrected advertizing issue for session tickets.Nikos Mavrogiannopoulos2010-09-251-0/+2
|
* documented changeNikos Mavrogiannopoulos2010-09-201-0/+8
|
* updated for 2.11.1Nikos Mavrogiannopoulos2010-09-141-9/+11
|
* Documented changes.Nikos Mavrogiannopoulos2010-09-101-0/+3
|
* updated NEWS.Nikos Mavrogiannopoulos2010-09-081-0/+2
|
* When the %COMPAT flag is specified, larger records that would otherwise ↵Nikos Mavrogiannopoulos2010-09-011-0/+3
| | | | violate the TLS spec, are accepted.
* By default lowat is set to zero.Nikos Mavrogiannopoulos2010-08-201-0/+4
|
* libnettle is the default crypto library.Nikos Mavrogiannopoulos2010-08-181-1/+9
|
* Added Camellia-128/256, SHA-224/384/512 and support for DSA2 when using nettle.Nikos Mavrogiannopoulos2010-07-291-0/+3
|
* Added RSA_NULL_SHA1 and SHA256 ciphersuites.Nikos Mavrogiannopoulos2010-07-261-0/+2
|
* Re-add old NEWS entries.Simon Josefsson2010-07-251-0/+57
|
* gnutls_x509_privkey_import() will fallback to ↵Nikos Mavrogiannopoulos2010-07-241-0/+4
| | | | gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to decode the key.
* Better handling of security parameters to key sizes matching (via a single ↵Nikos Mavrogiannopoulos2010-07-231-3/+5
| | | | | | table). Added functions to return the security parameter of a private key.
* Updated documentation and gnutls_pk_params_t mappings to ECRYPT II ↵Nikos Mavrogiannopoulos2010-07-231-0/+11
| | | | recommendations.
* updated NEWSNikos Mavrogiannopoulos2010-07-221-1/+4
|
* Added support for EGD daemon in nettle's RNG. It is used if /dev/urandomNikos Mavrogiannopoulos2010-07-111-1/+3
| | | | is not present.
* Support scattered write using writev(). This takesNikos Mavrogiannopoulos2010-07-101-3/+11
| | | | | | | | | advantage of the new buffering layer and allows queuing of packets and flushing them. This is currently used for handshake messages only. Performance-wise the difference of packing several TLS records in a single write doesn't seem to offer anything over ethernet (that my tests were on). Probably on links with higher latency there would be a benefit.
View Lorry Controller Status