Version 0.5.7 (11/09/2002) - Some fixes in the memory allocation functions (realloc). - Improved the string functions used in XML certificate generation. - Removed dependency on libgdbm. - Corrected bug in gnutls_dh_params_set() which affected gnutls_dh_params_deinit(). - Corrected bug in session resuming code in server side. Version 0.5.6 (6/09/2002) - Corrected bugs in SRP implementation, which prevented gnutls to interoperate with other implementations. (interoperability testing was done by David Taylor) - Corrected bug in cert_type extension. - Corrected extension type checks which used an 8 bit extension size, instead of 16 bits. - Added versioning in the XML output of certificate functions. - Removed the X.509 test suite. Version 0.5.5 (3/09/2002) - Updated the SRP implementation to the latest draft. The blowfish crypt implementation was removed, since the new draft does not allow other hash algorithms except for the srpsha. - Renamed all the constructed types in order to have more consistent names. - Improved the certificate and key read functions. Now they can read the certificate and the private key from the same file. - Updated and corrected documentation. Version 0.5.4 (27/08/2002) - Fixes in TLS 1.0 PRF and SSL3 random functions. - gnutls_handshake_set_exportable_detection() was obsoleted. - Added gnutls_openpgp_extract_key_id() which returns the key ID. - Corrected bug in DHE key exchange - Added support for temporary RSA keys which are needed for the export cipher suites. - Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite. Version 0.5.3 (23/08/2002) - No changes. Replaces the tarball of 0.5.2 which accidentaly contained code from the unstable branch. Version 0.5.2 (22/08/2002) - Added an error code that is returned in clients which connect to export only servers. This must be enabled using the gnutls_handshake_set_exportable_detection() function. - Updated openssl compatibility layer. - Added gnutls_handshake_get_direction() function which returns the state of the handshake when interrupted. Version 0.5.1 (17/07/2002) - Corrected the m4 macros which used instead of - Documentation fixes - Added gnutls_transport_set_ptr2() function, which accepts two different pointers, to be used while receiving, and while sending data. - Semantic changes in gnutls_record_set_max_size(). The requested size is now immediately enforced at the output buffers. - gnutls_global_init_extra() now fails if the library versions do not match. - Fixes in client and server example programs. Null encryption can be used in these programs, to assist in debuging. - Fixes in zlib compression code. Version 0.5.0 (6/07/2002) - Added X.509 certificate tests in tests/ directory - Removed stubs for SRP and Anonymous authentication. They served no purpose since they are always included, unless it was requested not to do so. - Added gnutls_handshake_set_private_extensions() function. This function can be used to enable private (gnutls specific) cipher suites and compression algorithms. - Added check for C99 macro support by the compiler. - Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2() - Added the new libtasn1 library. - Removed the gdbm backend. Applications are now responsible for the session resuming backend. The gnutls-serv application contains an simple example on how to use gdbm for resuming. - Headers for the gnutls library are now installed in $(includedir)/gnutls - Added an OpenSSL compatible interface (with some limitations). - Added functions to convert DER encoded certificates to XML format. Version 0.4.4 (24/06/2002) - Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt using keys of some specific size. Version 0.4.3 (23/05/2002) - The gnutls-extra library now compiles fine, if the opencdk library is not present. - Several bug fixes. - Added gnutls_global_set_mem_func() function, to set the memory allocation functions, if other than the defaults are to be used. - The default memory allocation functions are now the ones in libc. Version 0.4.2 (21/05/2002) - Separated ASN.1 structures parser documentation and TLS library documentation. - Added gnutls_handshake_set_rsa_pms() function, which disables the version check in RSA premaster secret. - Added gnutls_session_is_resumed() function, which reports if a session is a resumed one. - Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to assist in callback functions. - Replaced the included 1024 bit prime for Diffie Hellman, with a new random one. - Relicensed the library under the GNU Lesser General Public License - Added gnutls-extra library which contains the GPL covered code of gnutls. Version 0.4.1 (7/04/2002) - Now uses alloca() for temporary variables - Optimized RSA signing - Added functions to return the peer's certificate activation and expiration time. - Corrected time function's behaviour (the time value returned no longer relate to local timezone). Version 0.4.0 (1/04/2002) - Added support for RFC2630 (PKCS7) X.509 certificate sets - Added new functions: gnutls_x509_extract_certificate_pk_algorithm(), gnutls_openpgp_extract_key_pk_algorithm(). - Several optimizations in the Handshake protocol - Several optimizations in RSA algorithm - Unified the return values because of small buffers. Version 0.3.92 (23/03/2002) - Updated documentation - Combined error codes of ASN.1 parser and gnutls - Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration - Added protection against CBC chosen plaintext attack (disabled by default) - Improved and optimized compression support Version 0.3.91 (3/03/2002) - Added gnutls-cli-debug program - Corrections in session resumption - Rehandshake can now handle negotiation of different authentication type. - gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are now being installed. Version 0.3.90 (24/02/2002) - Handshake messages are not kept in memory any more. Now we use less memory during a handshake - Added support for certificates with DSA parameters - Added DHE_DSS cipher suites - Key exchange methods changed so they do not depend on the certificate type. Added certificate type negotiation TLS extension. - Added openpgp key support (EXPERIMENTAL) - Improved Diffie Hellman key exchange support. - Bug fixes in the RSA key exchange. - Added check for the requested TLS extensions - TLS extensions now use a 16 bit type field. - Added a minimal string library to assist in ASN.1 parsing - Changes in ASN.1 parser to work with the new bison - Added gnutls_x509_extract_subject_alt_name(), which deprecates gnutls_x509_extract_subject_dns_name() - gnutls_x509_set_trust_(file/mem) can now be called multiple times - gnutls_srp_server_set_cred_file() can now be called multiple times Version 0.3.5 (25/01/2002) - Corrected the RSA key exchange method, to avoid attacks against PKCS-1 formating. Version 0.3.4 (20/01/2002) - Corrected bugs in DHE_RSA key exchange method Version 0.3.3 (19/01/2002) - Added gnutls_x509pki_verify_certificate() - Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem() - Bug fixes in srpcrypt (based on patch by Marc Huber) - Bug fixes in the Handshake protocol (based on patch by Guillaume Morin) - Corrected library versioning Version 0.3.2 (5/01/2002) - Corrected bug which did not allow a client to accept multiple CA names - Added gnutls_fingerprint() - Added gnutls_x509pki_extract_certificate_serial() - Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt() - Corrected behaviour in version advertizing - Updated documentation - Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions Version 0.3.1 (21/12/2001) - Corrections in the configuration files - Fixes a bug in anonymous authentication Version 0.3.0 (17/12/2001) - Corrected bug in new integer formatting (now we use the old format again) - Several corrections and usual cleanups Version 0.2.91 (10/12/2001) - Fixes in MPI handling (fixes possible bug with signed integers) - Removed name indication extension - Added gnutls_transport_get_ptr() and gnutls_db_get_ptr() - Optimizations in server certificate callback. - Fixes in anonymous authentication - Corrections in client ciphersuite selection Version 0.2.90 (7/12/2001) - gnutls_handshake(), gnutls_read() etc. functions no longer require the 'SOCKET cd' argument. This argument is set using the function gnutls_set_transport_ptr(). - introduced gnutls_x509pki_get_peer_certificate_list(). This function returns a list containing peer's certificate and issuers DER encoded. - Updated X.509 certificate handling API - Added callback to select the server certificate - More consistent function naming (changes in several function names) - Buffer overflow checking in ASN.1 structures parser - Updated documentation Version 0.2.11 (16/11/2001) - Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value is returned, then the caller should perform a handshake or send an alert to the peer. - Made receive buffer dynamic. Normaly if no large chunks are received it occupies less space. - Added max_record_size extension - Bugfixes in session handling - Improved non blocking IO support in the Handshake Protocol - Usual bugfixes and cleanups - Documentation updated (includes ASN.1 documentation) Version 0.2.10 (5/11/2001) - Corrected bugs and improved non blocking IO - Added hooks to use external database to store sessions - Usual cleanups Version 0.2.9 (27/10/2001) - AUTH_INFO types and structures were moved to library internals - AUTH_FAILED is no longer returned in SRP authentication (any fatal error in SRP means auth failed) - Introduced GNUTLS_E_INTERRUPTED - Added support for non blocking IO - gnutls_recv() and gnutls_send() are now obsolete - Changed semantics of gnutls_rehandshake() Version 0.2.4 (12/10/2001) - Better handling of X.509 certificate extensions - Added DHE_RSA ciphersuites - Updated the Name Indication (dnsname) extension - Improvements in Diffie Hellman primes handling Version 0.2.3 (19/09/2001) - Memory optimizations in gnutls_recv() - Fixed several memory leaks - Added ability to specify callback for x509 client certificate selection - Better documentation Version 0.2.2 (21/08/2001) - Several bugfixes (library and documentation) Version 0.2.1 (07/08/2001) - SRP fixes Version 0.2.0 (07/08/2001) - Partial support for X.509v3 Certificate extensions. - Added Internal memory handlers - Removed gnutls_x509_set_cn() - Added X.509 client authentication - Several bug fixes and protocol fixes Version 0.1.9 (30/07/2001) - Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate) - SRP is updated to conform to the newest draft. - Added support for DNSNAME extension. - Reentracy fixes in ASN.1 Parsing. - Optimizations in hash/hmac functions - (Error) message handling has changed - Better Protocol Version handling - Added X.509 Certificate Verification - gnutls_read() semantics are now closer to read(2) - added EOF - Documented some part of gnutls in doc/tex/ using Latex Version 0.1.4 (22/06/2001) - Corrected (srp) base64 encoding. - Changed bcrypt algorithm to include username. - Added RSA Ciphersuites (no certificate checking). - Fixes in SSL 2.0 client hello parsing. - Added ASN.1 and DER parsers. - Bugfixes in session resuming - Updated Ciphersuite selection algorithm - Added internal representation of X.509 structures. - Added global state Version 0.1.3 (01/06/2001) - Updated API (and the way it is documented - we use inline documentation) - Added function to access alert messages. - Added support for renegotiating parameters. - Better and Faster Resume Database handling. - Several bugfixes Version 0.1.2 (14/05/2001) - Updated API - Fixes in extension handling Version 0.1.1 (13/05/2001) - Added compatibility with Stanford's libsrp library Version 0.1.0 (09/05/2001) - Added SSL 2.0 client hello support - GNUTLS is a gnu library - Added support for TLS extensions. - Added support for SRP Version 0.0.7 (11/01/2001) - Added server side session resuming (using gdbm) - Added twofish algorithm Version 0.0.6 (20/12/2000) - Added client side session resuming - Better documentation (check doc/API) - Better socket handling (gnutls can be used with select()) - Some primitive support for non blocking IO and socket options has been added. Version 0.0.5 (7/12/2000) - Added Compression (using ZLIB) - Added SSL 3.0 support