From bb0ccd89c7317b5704273f3e0c5a6d92ea8d3995 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 27 Mar 2014 11:16:43 +0100 Subject: reformatted NEWS entries --- NEWS | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/NEWS b/NEWS index edb1d37280..52b0f2a423 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,15 @@ constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. +** libgnutls: static libraries are not built by default. + +** libgnutls: PKCS #11 initialization is delayed to first usage. +That avoids long delays in gnutls initialization due to broken PKCS #11 +modules. + +** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" +on the first PKCS #11 API call after a fork. + ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t @@ -20,9 +29,6 @@ That allows a compile-time specified configuration file to be used to read the priorities. That can be used to impose system specific policies. -** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to -SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. - ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is @@ -32,6 +38,9 @@ introduced to set the old defaults. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). +** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to +SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. + ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. @@ -52,15 +61,21 @@ enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. -** libgnutls: PKCS #11 initialization is delayed to first usage. -That avoids long delays in gnutls initialization due to broken PKCS #11 -modules. +** libgnutls: Depend on p11-kit 0.20.0 or later. -** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" -on the first PKCS #11 API call after a fork. +** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has +been removed. It was not approved by IETF. -** libgnutls: Added --enable-fips140-mode configuration option. That -option enables (when running on FIPS140-enabled system): +** libgnutls: The experimental xssl library is removed from the gnutls +distribution. + +** libgnutls: Reduced the number of gnulib modules used. + +** certtool: Timestamps for serial numbers were increased to 8 bytes, +and in batch mode to 12 (appended with 4 random bytes). + +** libgnutls: Added --enable-fips140-mode configuration option (unsupported). +That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms @@ -74,21 +89,6 @@ option enables (when running on FIPS140-enabled system): o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). -** libgnutls: static libraries are not built by default. - -** libgnutls: Depend on p11-kit 0.20.0 or later. - -** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has -been removed. It was not approved by IETF. - -** libgnutls: The experimental xssl library is removed from the gnutls -distribution. - -** libgnutls: Reduced the number of gnulib modules used. - -** certtool: Timestamps for serial numbers were increased to 8 bytes, -and in batch mode to 12 (appended with 4 random bytes). - ** API and ABI modifications: gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added -- cgit v1.2.1