path: root/doc/TODO

If you want to contribute (implement something from the current list, or
anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org),
in order to avoid having people working on the same thing. 



Current list:
* Convert the current sexp stuff to the gcrypt ac API. 
* Check opera and DHE-RSA
* Check opera (which sends an closure alert during the handshake
  which we do not read).
* Make the current ciphering code a bit more abstract to
  allow easy integration with TLS hardware.
* Allow adding multiple subject alternative names.
* Allow verifying of certificates on their reception.
* Verify added CRLs (is it really needed?)
* Document the format for the supported DN attributes.
* Audit the code
* Add gnutls_certificate_set_openpgp_keyring()
  function, similar to gnutls_certificate_set_openpgp_key().
* Use subkeys with the 0x20 flag in openpgp keys (if present),
  instead of the main key.
* Add function to extract the signers of an openpgp key. Should
  be similar to gnutls_x509_crt_get_dn_oid().
* Add function to verify an openpgp key against a plain key.
- Clean up name space of helper functions in library (memmem,
   firstElement, bit_mask, ...) for platforms that libtool's
   -export-symbols-regex doesn't work.
- Allow sending V2 Hello messages. It seems that some (old) broken 
  implementations require that.
- Add Kerberos support
- Certificate chain validation improvements:
  - Implement "correct" DN comparison (instead of memcmp).
  - Support critical key usage KeyCertSign and cRLSign.
  - Support path length constraints.
- RFC 3280 compliant certificate path validation.
- Add Pre-Shared-Key support.
- Add progress handler gnutls_{dh,rsa}_params_generate2, to allow
  application to give progress feedback to user.
- Support non-blocking gnutls_{dh,rsa}_params_generate2 for when there
  is not enough entropy available. 
- Implement Datagram-TLS (DTLS).

(+) Means high priority 
(*) Means medium priority
(-) Means low priority (ie. nobody is interested to develop that)