[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-133-g4ca034d

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4ca034dab1e9e6323814da53d0edb4cdabbebb16

The branch, gnutls_2_12_x has been updated
       via  4ca034dab1e9e6323814da53d0edb4cdabbebb16 (commit)
      from  786d7ec0a1c0967a671c5f9415f5a07c0cc6d787 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4ca034dab1e9e6323814da53d0edb4cdabbebb16
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Feb 24 17:54:38 2011 +0100

    updated for 2.12

-----------------------------------------------------------------------

Summary of changes:
 doc/announce.txt |  566 ++++++++++++++++++++++--------------------------------
 1 files changed, 226 insertions(+), 340 deletions(-)

diff --git a/doc/announce.txt b/doc/announce.txt
index 0e6b61f..5a881d8 100644
--- a/doc/announce.txt
+++ b/doc/announce.txt
@@ -1,7 +1,7 @@
 To: address@hidden, address@hidden, address@hidden
-Subject: GnuTLS 2.10.0 released
+Subject: GnuTLS 2.12.0 released
 <#part sign=pgpmime>
-We are proud to announce a new stable GnuTLS release: Version 2.10.0.
+We are proud to announce a new stable GnuTLS release: Version 2.12.0.
 
 GnuTLS is a modern C library that implements the standard network
 security protocol Transport Layer Security (TLS), for use by network
@@ -22,301 +22,143 @@ The project page of the library is available at:
 What's New
 ==========
 
-Version 2.10.0 is the first stable release on the 2.10.x branch and is
-the result of 11 months of work on the experimental 2.9.x branch.  The
-GnuTLS 2.10.x branch replaces the GnuTLS 2.8.x branch as the supported
-stable branch, although we will continue to support GnuTLS 2.8.x for
+Version 2.12.0 is the first stable release on the 2.12.x branch and is
+the result of 12 months of work on the experimental 2.11.x branch.  The
+GnuTLS 2.12.x branch replaces the GnuTLS 2.10.x branch as the supported
+stable branch, although we will continue to support GnuTLS 2.10.x for
 some time.
 
-** libgnutls: Time verification extended to trusted certificate list.
-Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is
-specified.
-
-** certtool: Display postalCode and Name X.509 DN attributes correctly.
-Based on patch by Pavan Konjarla.  Adds new constant
-GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME.
-
-** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746)
-Solves the issue discussed in:
-<http://www.ietf.org/mail-archive/web/tls/current/msg03928.html> and
-<http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>.
-Note that to allow connecting to unpatched servers the full protection
-is only enabled if the priority string %SAFE_RENEGOTIATION is
-specified. You can check whether protection is in place by querying
-gnutls_safe_renegotiation_status().  New error codes
-GNUTLS_E_SAFE_RENEGOTIATION_FAILED and
-GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added.
-
-** libgnutls: When checking openpgp self signature also check the signatures
-** of all subkeys.
-Ilari Liusvaara noticed and reported the issue and provided test
-vectors as well.
+** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt
+to use the libgcrypt back end.
+
+** libgnutls: Added PKCS #11 support and an API to access objects in
+gnutls/pkcs11.h. Certificates and public keys can be
+imported from tokens, and operations can be performed on private keys.
+
+** p11tool: Introduced. It allows manipulating pkcs 11 tokens.
 
-** libgnutls: Added cryptodev support (/dev/crypto).
-Tested with http://home.gna.org/cryptodev-linux/.  Added
-benchmark utility for AES.  Adds new error codes
-GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR.
-
-** libgnutls: Exported API to access encryption and hash algorithms.
-The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit,
-gnutls_cipher_encrypt, gnutls_cipher_get_block_size,
-gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast,
-gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output,
-gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast,
-gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output.  New API
-constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224.
-
-** libgnutls: Added gnutls_certificate_set_verify_function() to allow
-verification of certificate upon receipt rather than waiting until the
-end of the handshake.
-
-** libgnutls: Don't send alerts during handshake.
-Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added.
-
-** certtool: Corrected two issues that affected certificate request generation.
-(1) Null padding is added on integers (found thanks to Wilankar Trupti),
-(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA
-parameters were added. Those were rejected by Verisign. Gnutls no longer adds 
-those parameters there since other implementations don't do either and having 
-them does not seem to offer anything (anyway you need the signer's certificate
-to verify thus public key will be available). Found thanks to Boyan Kasarov.
-This however has the side-effect that public key IDs shown by certtool are
-now different than previous gnutls releases.
-(3) the option --pgp-certificate-info will verify self signatures
-
-** certtool: Allow exporting of Certificate requests on DER format.
-
-** certtool: New option --no-crq-extensions to avoid extensions in CSRs.
-
-** gnutls-cli: Handle reading binary data from server.
-Reported by and tiny patch from Vitaly Mayatskikh
-<address@hidden> in
-<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
-
-** minitasn1: Upgraded to libtasn1 version 2.6.
-
-** doc: The GTK-DOC manual is significantly improved.
-
-** libgnutls: Cleanups and several bug fixes.
-Found by Steve Grubb and Tomas Mraz.
-
-** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
-
-** Fix --disable-valgrind-tests.
-Reported by Ingmar Vanhassel in
-<https://savannah.gnu.org/support/?107029>.
-
-** libgnutls: Fix for memory leaks on interrupted handshake.
-Reported by Tang Tong.
-
-** libgnutls: Addition of support for TLS 1.2 signature algorithms
-** extension and certificate verify field.
-This requires changes for TLS 1.2 servers and clients that use
-callbacks for certificate retrieval.  They are now required to check
-with gnutls_sign_algorithm_get_requested() whether the certificate
-they send complies with the peer's preferences in signature
-algorithms.
-
-** libgnutls: In server side when resuming a session do not overwrite the 
-** initial session data with the resumed session data.
-
-** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8
-** encryption.
-This affects also PKCS #12 encoded files.  This adds the following new
-enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128,
-GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256.
-
-** libgnutls: Fix PKCS#12 encoding.
-The error you would get was "The OID is not supported.".  Problem
-introduced for the v2.8.x branch in 2.7.6.
-
-** certtool: Added the --pkcs-cipher option.
-To explicitely specify the encryption algorithm to use.
-
-** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions.
-
-** tests: Fix time bomb in chainverify self-test.
-Reported by Andreas Metzler <address@hidden> in
-<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
-
-** tests: Fix expired cert in chainverify self-test.
-
-** libgnutls: TLS 1.2 server mode fixes.
-Now interoperates against Opera.  Contributed by Daiki Ueno.
-
-** libgnutlsxx: Fix link problems.
-Tiny patch from Boyan Kasarov <address@hidden>.
-
-** guile: Compatibility with guile 2.x.
-By Ludovic Courtes <address@hidden>.
-
-** libgnutls: Enable Camellia ciphers by default.
-
-** libgnutls: Add new functions to extract X.509 Issuer Alternative Names.
-The new functions are gnutls_x509_crt_get_issuer_alt_name2,
-gnutls_x509_crt_get_issuer_alt_name, and
-gnutls_x509_crt_get_issuer_alt_othername_oid.  Contributed by Brad
-Hards <address@hidden>.
-
-** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
-The new supported ciphersuites are AES-128/256 in CBC mode with
-ANON-DH/RSA/DHE-DSS/DHE-RSA.  Contributed by Daiki Ueno.  Further,
-SHA-256 is now the preferred default MAC (however it is only used with
-TLS 1.2).
-
-** libgnutls: Make OpenPGP hostname checking work again.
-The patch to resolve the X.509 CN/SAN issue accidentally broken
-OpenPGP hostname comparison.
-
-** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
-Reported by Howard Chu <address@hidden> in
-<https://savannah.gnu.org/support/?106975>.
-
-** Fix use of deprecated types internally.
-Use of deprecated types in GnuTLS from now on will lead to a compile
-error, to prevent this from happening again.
-
-** libgnutls: Support for TLS tickets was contributed by Daiki Ueno.
-The new APIs are gnutls_session_ticket_enable_client,
-gnutls_session_ticket_enable_server, and
-gnutls_session_ticket_key_generate.
-
-** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets.
-
-** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
-By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
-into 1) not printing the entire CN/SAN field value when printing a
-certificate and 2) cause incorrect positive matches when matching a
-hostname against a certificate.  Some CAs apparently have poor
-checking of CN/SAN values and issue these (arguable invalid)
-certificates.  Combined, this can be used by attackers to become a
-MITM on server-authenticated TLS sessions.  The problem is mitigated
-since attackers needs to get one certificate per site they want to
-attack, and the attacker reveals his tracks by applying for a
-certificate at the CA.  It does not apply to client authenticated TLS
-sessions.  Research presented independently by Dan Kaminsky and Moxie
-Marlinspike at BlackHat09.  Thanks to Tomas Hoger <address@hidden>
-for providing one part of the patch.  [GNUTLS-SA-2009-4] [CVE-2009-2730].
-
-** libgnutls: Fix rare failure in gnutls_x509_crt_import.
-The function may fail incorrectly when an earlier certificate was
-imported to the same gnutls_x509_crt_t structure.
-
-** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
-Before it always returned false.  Reported by Peter Hendrickson
-<address@hidden> in
-<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
-
-** libgnutls: Fix off-by-one size computation error in unknown DN printing.
-The error resulted in truncated strings when printing unknown OIDs in
-X.509 certificate DNs.  Reported by Tim Kosse
-<address@hidden> in
-<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
-
-** libgnutls: Fix PKCS#12 decryption from password.
-The encryption key derived from the password was incorrect for (on
-average) 1 in every 128 input for random inputs.  Reported by "Kukosa,
-Tomas" <address@hidden> in
-<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
-
-** libgnutls: Return correct bit lengths of some MPIs.
-gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
-gnutls_dh_get_peers_public_bits.  Before the reported value was
-overestimated.  Reported by Peter Hendrickson <address@hidden> in
-<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
-
-** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
-Report and patch by Tim Kosse <address@hidden> in
-<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
-and
-<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
-
-** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
-Before we required that the runtime library used the same (or more
-recent) libgcrypt/libtasn1 as it was compiled with.  Now we just check
-that the runtime usage is above the minimum required.  Reported by
-Marco d'Itri <address@hidden> via Andreas Metzler
-<address@hidden> in <http://bugs.debian.org/540449>.
-
-** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error.
-
-** tests: Improved test vectors in self-test pkcs12_s2k.
-
-** tests: Added new self-test dn2 to detect off-by-one size error.
-
-** tests: Fix failure in "chainverify" because a certificate have expired.
-
-** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
-Forwarded by Martin von Gagern <address@hidden> from
-<http://bugs.gentoo.org/272388>.
-
-** Reduce stack usage for some CRQ functions.
-
-** Doc fixes for CRQ functions.
-
-TLS Renegotiation Attack
-========================
-
-This releases supports the new extension that hardens TLS
-renegotiation, prompted by the recent discovery of a security flaw in
-the protocol.  We quote the manual which contains a discussion of the
-problem and how the solution is implemented in GnuTLS:
-
-Some application protocols and implementations uses the TLS
-renegotiation feature in a manner that enables attackers to insert
-content of his choice in the beginning of a TLS session.
-
-The simplest example is HTTP.  For HTTP one attack works by having the
-attacker simulate a client and connect to a server, with server-only
-authentication, and send some data intended to cause harm.  When the
-proper client attempts to contact the server, the attacker hijacks that
-connection and uses the TLS renegotiation feature with the server and
-splices in the client connection to the already established connection
-between the client and server.  The attacker will not be able to read
-the data exchanged between the client and the server.  However, some
-server implementations will (incorrectly) assume that the data sent by
-the attacker was sent by the now authenticated client.  The result is a
-prefix plain-text injection attack.
-
-While fixing these application protocols and implementations would be
-one natural reaction, an extension to TLS has been designed that
-cryptographically binds together any renegotiated handshakes with the
-initial negotiation.  When the extension is used, the attack is
-detected and the session can be terminated.  The extension is
-specified in [RFC5746].
-
-GnuTLS supports the safe renegotiation extension.  By default, GnuTLS
-clients will attempt to negotiate the safe renegotiation extension when
-talking to servers.  Also by default, GnuTLS servers will accept the
-extension when presented by clients.  However, by default GnuTLS client
-and servers will not refuse renegotiation attempts when the extension
-has not been negotiated, as this would break backwards compatibility
-and cause too much operational problems.  We will likely reconsider
-these defaults in the future.
-
-To modify the default behaviour, we have introduced three new priority
-strings.  The priority strings can be used by applications
-(gnutls_priority_set) and end users (e.g., `--priority' parameter to
-`gnutls-cli' and `gnutls-serv').
-
-The `%PARTIAL_RENEGOTIATION' priority string requests what is today the
-default behaviour, i.e., that handshakes without the safe renegotiation
-extension is permitted.  To make more use of the extension, you may
-provide the `%SAFE_RENEGOTIATION' priority string.  In this mode,
-clients and servers will require that the peer supports the extension for 
-the initial handshakes.  To allow unsafe rengotiation the 
-`%UNSAFE_RENEGOTIATION' priority string is available. This will send
-the extension if supported by peer but will never mandate it.
-It is possible to disable use of the extension completely by using the
-`%DISABLE_SAFE_RENEGOTIATION' priority string however this is
-recommended against except for debugging.
-
-For applications we have introduced a new API related to safe
-renegotiation.  The gnutls_safe_renegotiation_status function is used
-to check if the extension has been negotiated on a session, and can be
-used both by clients and servers.
-
-API/ABI changes in GnuTLS 2.10
+** libgnutls: Added an abstract interface to access public keys
+and private keys in gnutls/abstract.h. It allows easy handling
+of private keys and public keys of all subsystems such as pkcs11, openpgp
+and x509.
+
+** libgnutls: Added functions to ease selection of bit length in public
+key algorithm key generation. Those are
+gnutls_sec_param_to_pk_bits(), gnutls_pk_bits_to_sec_param(),
+and gnutls_sec_param_get_name().
+
+** libgnutls: Add new API gnutls_session_channel_binding.
+The function is used to get the channel binding data.  Currently only
+the "tls-unique" (RFC 5929) channel binding type is supported, through
+the GNUTLS_CB_TLS_UNIQUE type.  See new section "Channel Bindings" in
+the manual.
+
+** libgnutls: Added gnutls_global_set_mutex() to allow setting
+alternative locking procedures. By default the system available
+locking is used. In *NIX pthreads are used and in windows the
+critical section API. This follows a different approach than the
+previous versions that depended on libgcrypt initialization. The
+locks are now set by default in systems that support it. Programs
+that used gcry_control() to set thread locks should insert it into
+a block of
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
+       gcry_control(...)
+#endif
+
+** libgnutls: Added support for reading DN from EV-certificates.
+New DN values:
+jurisdictionOfIncorporationLocalityName,
+jurisdictionOfIncorporationStateOrProvinceName,
+jurisdictionOfIncorporationCountryName
+
+** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings.
+
+** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites.
+
+** libgnutls: Is now more liberal in the PEM decoding. That is spaces and 
+tabs are being skipped.
+
+** libgnutls: The %COMPAT flag now allows larger records that violate the
+TLS spec.
+
+** libgnutls: Corrected signature generation and verification
+in the Certificate Verify message when in TLS 1.2. Reported
+by Todd A. Ouska.
+
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
+** libgnutls: HMAC-MD5 no longer used by default.
+
+** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
+the PSK callback.
+
+** libgnutls: SRP and PSK are no longer set on the default priorities. 
+They have to be explicitly set.
+
+** libgnutls: During TLS 1.2 handshake message verification using DSS
+use the hash algorithm required by it. In TLS 1.0, 1.1 and SSL 3.0
+SHA-1 is used always.
+
+** libgnutls: gnutls_x509_privkey_sign_hash() is deprecated.
+Use gnutls_privkey_sign_hash() instead.
+
+** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash,
+gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, 
+gnutls_x509_crt_verify_hash return the negative error code 
+GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error 
+checking.
+
+** libgnutls: Added helper functions for signature verification:
+gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey().
+
+** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2()
+gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(),
+gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were
+deprecated for gnutls_x509_crl_privkey_sign(),
+gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(),
+gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash()
+gnutls_pubkey_verify_data() respectively.
+
+** libgnutls: gnutls_*_export_raw() functions now add leading zero in
+integers.
+
+** libgnutls: Added gnutls_transport_set_vec_push_function() that
+can be used to specify a writev() like function. Using that gnutls
+can provide more efficient writes to network layer in systems that 
+support it.
+
+** libgnutls: Record version of Client Hellos is now set by default to
+SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION
+priority string.
+
+** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. 
+This makes us comply with RFC3279. Reported by Michael Rommel.
+
+** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
+
+** libgnutls: Reverted default behavior for verification and
+introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
+V1 trusted CAs are allowed, unless the new flag is specified.
+
+** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
+Reported by Jeffrey Walton.
+
+** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL
+as priority strings. Those allow to set all the supported algorithms
+at once.
+
+** libgnutls: Added support for DSA signing/verifying with bit 
+length over 1024.
+
+** libgnutls-extra: When in FIPS mode gnutls_global_init_extra()
+has to be called to register any required md5 handlers.
+
+
+
+
+API/ABI changes in GnuTLS 2.12
 ==============================
 
 No offically supported interfaces have been modified or removed.  The
@@ -325,56 +167,100 @@ and binary level.
 
 The following symbols have been added to the library:
 
-gnutls_certificate_set_verify_function: ADDED.
-gnutls_cipher_decrypt: ADDED.
-gnutls_cipher_deinit: ADDED.
-gnutls_cipher_encrypt: ADDED.
-gnutls_cipher_get_block_size: ADDED.
-gnutls_cipher_init: ADDED.
-gnutls_hash: ADDED.
-gnutls_hash_deinit: ADDED.
-gnutls_hash_fast: ADDED.
-gnutls_hash_get_len: ADDED.
-gnutls_hash_init: ADDED.
-gnutls_hash_output: ADDED.
-gnutls_hmac: ADDED.
-gnutls_hmac_deinit: ADDED.
-gnutls_hmac_fast: ADDED.
-gnutls_hmac_get_len: ADDED.
-gnutls_hmac_init: ADDED.
-gnutls_hmac_output: ADDED.
-gnutls_safe_renegotiation_status: ADDED.
-gnutls_sign_algorithm_get_requested: ADDED.
-
-gnutls_x509_crt_get_issuer_alt_name2: ADDED.
-gnutls_x509_crt_get_issuer_alt_name: ADDED.
-gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED.
-
-gnutls_session_ticket_key_generate: ADDED.
-gnutls_session_ticket_enable_client: ADDED.
-gnutls_session_ticket_enable_server: ADDED.
+gnutls_transport_set_push_function2: ADDED
+gnutls_x509_crl_get_raw_issuer_dn: ADDED
+gnutls_session_channel_binding: New function.
+gnutls_channel_binding_t: New enumeration.
+gnutls_pkcs11_token_init: New function
+gnutls_pkcs11_token_set_pin: New function
+gnutls_x509_crt_get_subject_unique_id: ADDED.
+gnutls_x509_crt_get_issuer_unique_id: ADDED.
+gnutls_x509_crt_get_preferred_hash_algorithm: ADDED
+gnutls_x509_privkey_export_rsa_raw2: ADDED
+gnutls_openpgp_privkey_sec_param: ADDED
+gnutls_x509_privkey_sec_param: ADDED
+gnutls_global_set_mutex: ADDED
+gnutls_rnd: ADDED
+gnutls_sec_param_to_pk_bits: ADDED
+gnutls_pk_bits_to_sec_param: ADDED
+gnutls_sec_param_get_name: ADDED
+gnutls_certificate_set_retrieve_function: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_pkcs11_init: ADDED
+gnutls_pkcs11_deinit: ADDED
+gnutls_pkcs11_set_pin_function: ADDED
+gnutls_pkcs11_set_token_function: ADDED
+gnutls_pkcs11_add_provider: ADDED
+gnutls_pkcs11_obj_init: ADDED
+gnutls_pkcs11_obj_import_url: ADDED
+gnutls_pkcs11_obj_export_url: ADDED
+gnutls_pkcs11_obj_deinit: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_pkcs11_obj_list_import_url: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_pkcs11_obj_get_type: ADDED
+gnutls_pkcs11_obj_get_info: ADDED
+gnutls_pkcs11_token_get_info: ADDED
+gnutls_pkcs11_token_get_url: ADDED
+gnutls_pkcs11_privkey_init: ADDED
+gnutls_pkcs11_privkey_deinit: ADDED
+gnutls_pkcs11_privkey_get_pk_algorithm: ADDED
+gnutls_pkcs11_privkey_get_info: ADDED
+gnutls_pkcs11_privkey_import_url: ADDED
+gnutls_pkcs11_privkey_sign_data: ADDED
+gnutls_pkcs11_privkey_sign_hash: ADDED
+gnutls_pkcs11_privkey_decrypt_data: ADDED
+gnutls_x509_crt_import_pkcs11: ADDED
+gnutls_x509_crt_list_import_pkcs11: ADDED
+gnutls_x509_crt_import_pkcs11_url: ADDED
+gnutls_privkey_init: ADDED
+gnutls_privkey_sign_hash: ADDED
+gnutls_privkey_sign_data: ADDED
+gnutls_privkey_deinit: ADDED
+gnutls_privkey_get_pk_algorithm: ADDED
+gnutls_privkey_get_type: ADDED
+gnutls_privkey_import_pkcs11: ADDED
+gnutls_privkey_import_x509: ADDED
+gnutls_privkey_import_openpgp: ADDED
+gnutls_privkey_sign_data: ADDED
+gnutls_privkey_sign_hash: ADDED
+gnutls_privkey_decrypt_data: ADDED
+gnutls_pkcs11_privkey_export_url: ADDED
+gnutls_x509_crq_privkey_sign: ADDED
+gnutls_x509_crl_privkey_sign: ADDED
+gnutls_x509_crt_privkey_sign: ADDED
+gnutls_pubkey_init: ADDED
+gnutls_pubkey_import_privkey: ADDED
+gnutls_pubkey_verify_data: ADDED
+gnutls_pubkey_get_preferred_hash_algorithm: ADDED
+gnutls_pubkey_deinit: ADDED
+gnutls_pubkey_get_pk_algorithm: ADDED
+gnutls_pubkey_import_x509: ADDED
+gnutls_pubkey_import_openpgp: ADDED
+gnutls_pubkey_get_pk_rsa_raw: ADDED
+gnutls_pubkey_get_pk_dsa_raw: ADDED
+gnutls_pubkey_export: ADDED
+gnutls_pubkey_get_key_id: ADDED
+gnutls_pubkey_get_key_usage: ADDED
+gnutls_pubkey_verify_hash: ADDED
+gnutls_pubkey_get_verify_algorithm: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_pubkey_import_pkcs11_url: ADDED
+gnutls_pubkey_import: ADDED
+gnutls_pubkey_import_pkcs11: ADDED
+gnutls_pubkey_import_dsa_raw: ADDED
+gnutls_pubkey_import_rsa_raw: ADDED
+gnutls_x509_crt_set_pubkey: ADDED
+gnutls_x509_crq_set_pubkey: ADDED
+gnutls_pkcs11_copy_x509_crt: ADDED
+gnutls_pkcs11_copy_x509_privkey: ADDED
+gnutls_pkcs11_delete_url: ADDED
 
 In addition to the functions above, the following non-function
 definitions have been added to the header files:
 
-GNUTLS_DIG_SHA224: ADDED.
-GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED.
-GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED.
-GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED.
-GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED.
-GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED.
-GNUTLS_MAC_SHA224: ADDED.
-GNUTLS_OID_X520_NAME: ADDED.
-GNUTLS_OID_X520_POSTALCODE: ADDED.
-GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED.
-GNUTLS_VERSION_MAX: ADDED.
-
-GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h.
-GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h.
-GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h.
-GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h.
-GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h.
-GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h.
+GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member.
+GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code.
 
 Getting the Software
 ====================


hooks/post-receive
-- 
GNU gnutls