[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-1-ga2c6a10
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-1-ga2c6a10 |
|
Date: |
Tue, 13 Dec 2011 22:37:28 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a2c6a106b63a3846358d1e2cd5638504000194ec
The branch, master has been updated
via a2c6a106b63a3846358d1e2cd5638504000194ec (commit)
from ac69913558b8beec381ef8f2a7a4df493e108480 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a2c6a106b63a3846358d1e2cd5638504000194ec
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Dec 13 23:37:10 2011 +0100
make dist forces regeneration of ChangeLog and manpages.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog |14622 +++++++++++++++++++++++++++--------------------------------
Makefile.am | 5 +
cfg.mk | 2 +-
3 files changed, 6715 insertions(+), 7914 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 76d3868..bfcdbbc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9800 +1,8832 @@
-2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * README, README-alpha: simplified README
+ * ChangeLog, Makefile.am: make dist forces regeneration of ChangeLog
+ and manpages.
-2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-x86.h: documented extra alignment
+ * doc/Makefile.am: Added missing file
-2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_record.c: cleaned-up code
+ * NEWS, configure.ac, m4/hooks.m4: bumped version
-2011-09-04 Andreas Metzler <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: Add p11-kit-1 to gnutls.pc Requires.private. If
building with PKCS#11 support append p11-kit-1 to gnutls.pc
- Requires.private. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * doc/cha-gtls-app.texi: documented new priority strings.
-2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: more files to ignore
+ * lib/gnutls_handshake.c: server precedence also used in compression
+ methods.
-2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: documentation updates
+ * lib/algorithms.h, lib/algorithms/ciphersuites.c,
+ lib/auth/dh_common.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
+ lib/gnutls_auth.c, lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/gnutls_v2_compat.c: cipher_suite_st is no longer used
+ internally. We only use a point to 2 bytes.
-2011-09-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutlsxx.cpp: updated for lowat
+ * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c: Added new priority string %SERVER_PRECEDENCE.
-2011-09-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi,
- doc/cha-functions.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi: documentation updates. @acronym was removed
- from the cindex.
+ * lib/gnutls_priority.c: Removed 128-bit ciphers from secure192, but
+ added SHA256 (or no ciphersuites are there).
-2011-09-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h: set_lowat was removed as a macro.
+ * NEWS, src/Makefile.am, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/dh.c,
+ src/prime.c: Added the --dh-info parameter to certtool.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-programs.texi: simplified examples
+ * NEWS, doc/manpages/Makefile.am, lib/algorithms/ciphersuites.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/common.c:
+ gnutls_priority_get_cipher_suite was renamed to
+ gnutls_priority_get_cipher_suite_index. This makes a more
+ consistent API at the cost of requiring
+ gnutls_get_cipher_suite_info(). An advantage however is that more
+ information can now be accessed.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-serv-pgp.c, tests/openpgp-certs/testcerts:
- explicitly enable openpgp certtype in tests.
+ * NEWS, lib/auth/anon.c, lib/auth/dh_common.c,
+ lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
+ lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/nettle/mpi.c,
+ src/benchmark-tls.c, src/benchmark.c, src/prime.c: Diffie Hellman
+ PKCS #3 parameters now contain the recommended private key size. By
+ using the recommended key size the calculations for the server side
+ are reduced, giving a 50% increase in DH calculations.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: updated
+ * lib/nettle/mpi.c: small cleanups.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, m4/hooks.m4: bumped version
+ * lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
+ lib/auth/srp_passwd.c, lib/crypto-api.c, lib/ext/session_ticket.c,
+ lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_mpi.c,
+ lib/gnutls_pk.c, lib/nettle/gnettle.h, lib/nettle/mpi.c,
+ lib/nettle/pk.c, lib/nettle/rnd.c, lib/opencdk/misc.c,
+ lib/pkcs11_secret.c, lib/random.c, lib/random.h, lib/x509/pkcs12.c,
+ lib/x509/privkey_pkcs8.c: Optimizations in DH parameter generation.
The larger prime is find first and the big loop needs to find a
+ smaller prime, increasing performance. The _gnutls_rnd() function
+ is now inline and GNUTLS_RND_NONCE doesn't update random generator
+ state.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib:
- more doc on MTU.
+ * NEWS: updated
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-11 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgpself.c: explicitly enable openpgp certtype in tests.
+ * lib/ext/session_ticket.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h: If a ticket is sent to client then don't store the
+ session information in the session cache.
-2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi, lib/system_override.c: Added documentation
- on asynchronous operation.
+ * NEWS, lib/algorithms/ciphersuites.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-gaa.c,
+ src/cli.gaa, src/common.c, src/common.h, src/serv-gaa.c,
+ src/serv.gaa: Added gnutls_priority_get_cipher_suite(). This allows
+ listing the ciphersuites enabled in a priority structure. The
+ certtool -l option was overloaded so if combined with --priority it
+ will only list the ciphersuites that are enabled by the given
+ priority string.
-2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-11 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: do not exit configure if p11-kit is not found.
+ * lib/nettle/ecc_mulmod.c: removed unused variables.
-2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_priority.c: OpenPGP certificate type priority is
- not enabled by default.
+ * lib/gnutls_priority.c: Added 192-bit curve in normal priorities.
-2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-gtls-app.texi, lib/gnutls_handshake.c,
- lib/gnutls_int.h, lib/gnutls_priority.c: Added %NO_EXTENSIONS
- priority string.
+ * NEWS: documented updates
-2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-10 Nikos Mavrogiannopoulos <address@hidden>
- * doc/printlist.c: doc fixes
+ * src/common.c: Print ephemeral information after certificate
+ information.
-2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-10 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/testcompat-main: disabled test
+ * lib/algorithms.h, lib/algorithms/ciphersuites.c,
+ lib/gnutls_handshake.c: Optimized ciphersuite sorting.
-2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/openssl_compat.c, libextra/openssl_compat.h: removed old
- and unused compatibility functions.
+ * src/benchmark-tls.c: modified the test to a level of 80bits of
+ security.
-2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
- lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/output.c,
- lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h,
- libextra/gnutls_openssl.c, src/crywrap/crywrap.c: corrected sign
- type errors for integers.
+ * lib/algorithms/ecc.c, lib/includes/gnutls/gnutls.h.in: Added
+ SECP192R1 curve.
-2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_record.c: Corrected error checking in
- _gnutls_send_int().
+ * tests/x509cert.c: be less verbose.
-2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: doc updates
+ * NEWS: documented fix
-2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/certtool-cfg.c, src/common.h: removed unneeded header.
- Documented updates.
+ * src/benchmark-tls.c: Added ECDHE-ECDSA test.
-2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/ecc.h, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
- lib/nettle/ecc_mulmod.c, lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_verify_hash.c: Avoid assert() and do not include
- needless headers.
+ * lib/nettle/Makefile.am, lib/nettle/ecc.h,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_mulmod.c,
+ lib/nettle/ecc_mulmod_timing.c, lib/nettle/ecc_sign_hash.c: The
+ timing resistant ecc_mulmod() is only used when signing using the
+ ECDSA private key. This improves performance in all other cases that
+ do not require timing resistance.
-2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/testcompat: skip if datefudge is not available
+ * lib/accelerated/x86/x86.h: corrected have_cpuid for x86-64.
-2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/x86.h: Modified cpuid for 32-bit x86 to avoid a
- gcc issue (not finding a register).
+ * doc/Makefile.am, doc/cha-cert-auth2.texi: renamed hardware tokens
+ to security modules.
-2011-08-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/Makefile.am, src/benchmark-cipher.c,
- src/benchmark-tls.c, src/benchmark.h, src/cli-gaa.c, src/cli-gaa.h,
- src/cli.gaa: Benchmark applications were incorporated to gnutls-cli
+ * doc/cha-cert-auth2.texi: Added section 'Managing encrypted keys'
+ to include PKCS 12 structures.
-2011-08-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/algorithms/ciphersuites.c: Corrected DH-ANON ciphersuite
- names.
+ * src/benchmark-tls.c: Added RSA key exchange to comparison.
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/gnutls-pgp.eps, doc/gnutls-x509.eps:
- updated figures.
+ * devel/perlasm/cpuid-x86.pl, devel/perlasm/cpuid-x86_64.pl,
+ lib/accelerated/accelerated.c, lib/accelerated/x86/aes-padlock.c,
+ lib/accelerated/x86/aes-x86.c,
+ lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
+ lib/accelerated/x86/asm/cpuid-x86-64.s,
+ lib/accelerated/x86/asm/cpuid-x86.s, lib/accelerated/x86/x86.h:
+ Exported gnutls_cpuid() and gnutls_have_cpuid().
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-06 Simon Josefsson <address@hidden>
- * NEWS, lib/x509/x509.c: XmppAddr -> UTF8String
+ * doc/Makefile.am: Fix descriptive text.
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-06 Simon Josefsson <address@hidden>
- * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c,
- lib/x509/x509.c: more updates in private key copy.
+ * doc/manpages/Makefile.am, doc/scripts/getfuncs.pl: Fix getfuncs.pl
+ parse bug; require non-empty list of function parameters. Otherwise it
would detect a comment like '* foo()' as another
+ function.
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-12-06 Simon Josefsson <address@hidden>
+
+ * doc/manpages/gnutls_init.3,
+ doc/manpages/gnutls_pk_algorithm_get_name.3: Really remove manpages.
+
+2011-12-06 Simon Josefsson <address@hidden>
+
+ * .gitignore, doc/manpages/Makefile.am: Fix whitespace in last
+ commit.
+
+2011-12-06 Simon Josefsson <address@hidden>
+
+ * doc/manpages/Makefile.am: Don't rebuild man pages on every 'make'
+ invocation.
+
+2011-12-06 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/manpages/Makefile.am, doc/manpages/gnutls_alert_get.3,
+ doc/manpages/gnutls_alert_get_name.3,
+ doc/manpages/gnutls_alert_get_strname.3,
+ doc/manpages/gnutls_alert_send.3,
+ doc/manpages/gnutls_alert_send_appropriate.3,
+ doc/manpages/gnutls_anon_allocate_client_credentials.3,
+ doc/manpages/gnutls_anon_allocate_server_credentials.3,
+ doc/manpages/gnutls_anon_free_client_credentials.3,
+ doc/manpages/gnutls_anon_free_server_credentials.3,
+ doc/manpages/gnutls_anon_set_params_function.3,
+ doc/manpages/gnutls_anon_set_server_dh_params.3,
+ doc/manpages/gnutls_anon_set_server_params_function.3,
+ doc/manpages/gnutls_auth_client_get_type.3,
+ doc/manpages/gnutls_auth_get_type.3,
+ doc/manpages/gnutls_auth_server_get_type.3,
+ doc/manpages/gnutls_bye.3,
+ doc/manpages/gnutls_certificate_activation_time_peers.3,
+ doc/manpages/gnutls_certificate_allocate_credentials.3,
+ doc/manpages/gnutls_certificate_client_get_request_status.3,
+ doc/manpages/gnutls_certificate_expiration_time_peers.3,
+ doc/manpages/gnutls_certificate_free_ca_names.3,
+ doc/manpages/gnutls_certificate_free_cas.3,
+ doc/manpages/gnutls_certificate_free_credentials.3,
+ doc/manpages/gnutls_certificate_free_crls.3,
+ doc/manpages/gnutls_certificate_free_keys.3,
+ doc/manpages/gnutls_certificate_get_issuer.3,
+ doc/manpages/gnutls_certificate_get_openpgp_keyring.3,
+ doc/manpages/gnutls_certificate_get_ours.3,
+ doc/manpages/gnutls_certificate_get_peers.3,
+ doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3,
+ doc/manpages/gnutls_certificate_server_set_request.3,
+ doc/manpages/gnutls_certificate_set_dh_params.3,
+ doc/manpages/gnutls_certificate_set_key.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_file.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_file2.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_mem.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3,
+ doc/manpages/gnutls_certificate_set_params_function.3,
+ doc/manpages/gnutls_certificate_set_rsa_export_params.3,
+ doc/manpages/gnutls_certificate_set_verify_flags.3,
+ doc/manpages/gnutls_certificate_set_verify_function.3,
+ doc/manpages/gnutls_certificate_set_verify_limits.3,
+ doc/manpages/gnutls_certificate_set_x509_crl.3,
+ doc/manpages/gnutls_certificate_set_x509_crl_file.3,
+ doc/manpages/gnutls_certificate_set_x509_crl_mem.3,
+ doc/manpages/gnutls_certificate_set_x509_key.3,
+ doc/manpages/gnutls_certificate_set_x509_key_file.3,
+ doc/manpages/gnutls_certificate_set_x509_key_mem.3,
+ doc/manpages/gnutls_certificate_set_x509_trust.3,
+ doc/manpages/gnutls_certificate_set_x509_trust_file.3,
+ doc/manpages/gnutls_certificate_set_x509_trust_mem.3,
+ doc/manpages/gnutls_certificate_type_get.3,
+ doc/manpages/gnutls_certificate_type_get_id.3,
+ doc/manpages/gnutls_certificate_type_get_name.3,
+ doc/manpages/gnutls_certificate_type_list.3,
+ doc/manpages/gnutls_certificate_type_set_priority.3,
+ doc/manpages/gnutls_certificate_verify_peers2.3,
+ doc/manpages/gnutls_check_version.3,
+ doc/manpages/gnutls_cipher_add_auth.3,
+ doc/manpages/gnutls_cipher_decrypt.3,
+ doc/manpages/gnutls_cipher_decrypt2.3,
+ doc/manpages/gnutls_cipher_deinit.3,
+ doc/manpages/gnutls_cipher_encrypt.3,
+ doc/manpages/gnutls_cipher_encrypt2.3,
+ doc/manpages/gnutls_cipher_get.3,
+ doc/manpages/gnutls_cipher_get_block_size.3,
+ doc/manpages/gnutls_cipher_get_id.3,
+ doc/manpages/gnutls_cipher_get_key_size.3,
+ doc/manpages/gnutls_cipher_get_name.3,
+ doc/manpages/gnutls_cipher_init.3,
+ doc/manpages/gnutls_cipher_list.3,
+ doc/manpages/gnutls_cipher_set_iv.3,
+ doc/manpages/gnutls_cipher_set_priority.3,
+ doc/manpages/gnutls_cipher_suite_get_name.3,
+ doc/manpages/gnutls_cipher_suite_info.3,
+ doc/manpages/gnutls_cipher_tag.3,
+ doc/manpages/gnutls_compression_get.3,
+ doc/manpages/gnutls_compression_get_id.3,
+ doc/manpages/gnutls_compression_get_name.3,
+ doc/manpages/gnutls_compression_list.3,
+ doc/manpages/gnutls_compression_set_priority.3,
+ doc/manpages/gnutls_credentials_clear.3,
+ doc/manpages/gnutls_credentials_set.3,
+ doc/manpages/gnutls_db_check_entry.3,
+ doc/manpages/gnutls_db_get_ptr.3,
+ doc/manpages/gnutls_db_remove_session.3,
+ doc/manpages/gnutls_db_set_cache_expiration.3,
+ doc/manpages/gnutls_db_set_ptr.3,
+ doc/manpages/gnutls_db_set_remove_function.3,
+ doc/manpages/gnutls_db_set_retrieve_function.3,
+ doc/manpages/gnutls_db_set_store_function.3,
+ doc/manpages/gnutls_deinit.3, doc/manpages/gnutls_dh_get_group.3,
+ doc/manpages/gnutls_dh_get_peers_public_bits.3,
+ doc/manpages/gnutls_dh_get_prime_bits.3,
+ doc/manpages/gnutls_dh_get_pubkey.3,
+ doc/manpages/gnutls_dh_get_secret_bits.3,
+ doc/manpages/gnutls_dh_params_cpy.3,
+ doc/manpages/gnutls_dh_params_deinit.3,
+ doc/manpages/gnutls_dh_params_export_pkcs3.3,
+ doc/manpages/gnutls_dh_params_export_raw.3,
+ doc/manpages/gnutls_dh_params_generate2.3,
+ doc/manpages/gnutls_dh_params_import_pkcs3.3,
+ doc/manpages/gnutls_dh_params_import_raw.3,
+ doc/manpages/gnutls_dh_params_init.3,
+ doc/manpages/gnutls_dh_set_prime_bits.3,
+ doc/manpages/gnutls_dtls_cookie_send.3,
+ doc/manpages/gnutls_dtls_cookie_verify.3,
+ doc/manpages/gnutls_dtls_get_data_mtu.3,
+ doc/manpages/gnutls_dtls_get_mtu.3,
+ doc/manpages/gnutls_dtls_prestate_set.3,
+ doc/manpages/gnutls_dtls_set_mtu.3,
+ doc/manpages/gnutls_dtls_set_timeouts.3,
+ doc/manpages/gnutls_ecc_curve_get.3,
+ doc/manpages/gnutls_ecc_curve_get_name.3,
+ doc/manpages/gnutls_ecc_curve_get_size.3,
+ doc/manpages/gnutls_error_is_fatal.3,
+ doc/manpages/gnutls_error_to_alert.3,
+ doc/manpages/gnutls_fingerprint.3,
+ doc/manpages/gnutls_global_deinit.3,
+ doc/manpages/gnutls_global_init.3,
+ doc/manpages/gnutls_global_set_audit_log_function.3,
+ doc/manpages/gnutls_global_set_log_function.3,
+ doc/manpages/gnutls_global_set_log_level.3,
+ doc/manpages/gnutls_global_set_mem_functions.3,
+ doc/manpages/gnutls_global_set_mutex.3,
+ doc/manpages/gnutls_global_set_time_function.3,
+ doc/manpages/gnutls_handshake.3,
+ doc/manpages/gnutls_handshake_get_last_in.3,
+ doc/manpages/gnutls_handshake_get_last_out.3,
+ doc/manpages/gnutls_handshake_set_max_packet_length.3,
+ doc/manpages/gnutls_handshake_set_post_client_hello_function.3,
+ doc/manpages/gnutls_handshake_set_private_extensions.3,
+ doc/manpages/gnutls_hash.3, doc/manpages/gnutls_hash_deinit.3,
+ doc/manpages/gnutls_hash_fast.3,
+ doc/manpages/gnutls_hash_get_len.3,
+ doc/manpages/gnutls_hash_init.3, doc/manpages/gnutls_hash_output.3,
+ doc/manpages/gnutls_hex2bin.3, doc/manpages/gnutls_hex_decode.3,
+ doc/manpages/gnutls_hex_encode.3, doc/manpages/gnutls_hmac.3,
+ doc/manpages/gnutls_hmac_deinit.3, doc/manpages/gnutls_hmac_fast.3,
+ doc/manpages/gnutls_hmac_get_len.3,
+ doc/manpages/gnutls_hmac_init.3, doc/manpages/gnutls_hmac_output.3,
+ doc/manpages/gnutls_init.3, doc/manpages/gnutls_key_generate.3,
+ doc/manpages/gnutls_kx_get.3, doc/manpages/gnutls_kx_get_id.3,
+ doc/manpages/gnutls_kx_get_name.3, doc/manpages/gnutls_kx_list.3,
+ doc/manpages/gnutls_kx_set_priority.3,
+ doc/manpages/gnutls_mac_get.3, doc/manpages/gnutls_mac_get_id.3,
+ doc/manpages/gnutls_mac_get_key_size.3,
+ doc/manpages/gnutls_mac_get_name.3, doc/manpages/gnutls_mac_list.3,
+ doc/manpages/gnutls_mac_set_priority.3,
+ doc/manpages/gnutls_openpgp_crt_check_hostname.3,
+ doc/manpages/gnutls_openpgp_crt_deinit.3,
+ doc/manpages/gnutls_openpgp_crt_export.3,
+ doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3,
+ doc/manpages/gnutls_openpgp_crt_get_creation_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_expiration_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_fingerprint.3,
+ doc/manpages/gnutls_openpgp_crt_get_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_key_usage.3,
+ doc/manpages/gnutls_openpgp_crt_get_name.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_revoked_status.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_count.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3,
+ doc/manpages/gnutls_openpgp_crt_get_version.3,
+ doc/manpages/gnutls_openpgp_crt_import.3,
+ doc/manpages/gnutls_openpgp_crt_init.3,
+ doc/manpages/gnutls_openpgp_crt_print.3,
+ doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_verify_ring.3,
+ doc/manpages/gnutls_openpgp_crt_verify_self.3,
+ doc/manpages/gnutls_openpgp_keyring_check_id.3,
+ doc/manpages/gnutls_openpgp_keyring_deinit.3,
+ doc/manpages/gnutls_openpgp_keyring_get_crt.3,
+ doc/manpages/gnutls_openpgp_keyring_get_crt_count.3,
+ doc/manpages/gnutls_openpgp_keyring_import.3,
+ doc/manpages/gnutls_openpgp_keyring_init.3,
+ doc/manpages/gnutls_openpgp_privkey_deinit.3,
+ doc/manpages/gnutls_openpgp_privkey_export.3,
+ doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3,
+ doc/manpages/gnutls_openpgp_privkey_get_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3,
+ doc/manpages/gnutls_openpgp_privkey_import.3,
+ doc/manpages/gnutls_openpgp_privkey_init.3,
+ doc/manpages/gnutls_openpgp_privkey_sec_param.3,
+ doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_sign_hash.3,
+ doc/manpages/gnutls_openpgp_send_cert.3,
+ doc/manpages/gnutls_openpgp_set_recv_key_function.3,
+ doc/manpages/gnutls_pcert_deinit.3,
+ doc/manpages/gnutls_pcert_import_openpgp.3,
+ doc/manpages/gnutls_pcert_import_openpgp_raw.3,
+ doc/manpages/gnutls_pcert_import_x509.3,
+ doc/manpages/gnutls_pcert_import_x509_raw.3,
+ doc/manpages/gnutls_pcert_list_import_x509_raw.3,
+ doc/manpages/gnutls_pem_base64_decode.3,
+ doc/manpages/gnutls_pem_base64_decode_alloc.3,
+ doc/manpages/gnutls_pem_base64_encode.3,
+ doc/manpages/gnutls_pem_base64_encode_alloc.3,
+ doc/manpages/gnutls_perror.3,
+ doc/manpages/gnutls_pk_algorithm_get_name.3,
+ doc/manpages/gnutls_pk_bits_to_sec_param.3,
+ doc/manpages/gnutls_pk_get_id.3, doc/manpages/gnutls_pk_get_name.3,
+ doc/manpages/gnutls_pk_list.3,
+ doc/manpages/gnutls_pkcs11_add_provider.3,
+ doc/manpages/gnutls_pkcs11_copy_secret_key.3,
+ doc/manpages/gnutls_pkcs11_copy_x509_crt.3,
+ doc/manpages/gnutls_pkcs11_copy_x509_privkey.3,
+ doc/manpages/gnutls_pkcs11_deinit.3,
+ doc/manpages/gnutls_pkcs11_delete_url.3,
+ doc/manpages/gnutls_pkcs11_init.3,
+ doc/manpages/gnutls_pkcs11_obj_deinit.3,
+ doc/manpages/gnutls_pkcs11_obj_export.3,
+ doc/manpages/gnutls_pkcs11_obj_export_url.3,
+ doc/manpages/gnutls_pkcs11_obj_get_info.3,
+ doc/manpages/gnutls_pkcs11_obj_get_type.3,
+ doc/manpages/gnutls_pkcs11_obj_import_url.3,
+ doc/manpages/gnutls_pkcs11_obj_init.3,
+ doc/manpages/gnutls_pkcs11_obj_list_import_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_deinit.3,
+ doc/manpages/gnutls_pkcs11_privkey_export_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_generate.3,
+ doc/manpages/gnutls_pkcs11_privkey_get_info.3,
+ doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_pkcs11_privkey_import_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_init.3,
+ doc/manpages/gnutls_pkcs11_set_pin_function.3,
+ doc/manpages/gnutls_pkcs11_set_token_function.3,
+ doc/manpages/gnutls_pkcs11_token_get_flags.3,
+ doc/manpages/gnutls_pkcs11_token_get_info.3,
+ doc/manpages/gnutls_pkcs11_token_get_mechanism.3,
+ doc/manpages/gnutls_pkcs11_token_get_url.3,
+ doc/manpages/gnutls_pkcs11_token_init.3,
+ doc/manpages/gnutls_pkcs11_token_set_pin.3,
+ doc/manpages/gnutls_pkcs11_type_get_name.3,
+ doc/manpages/gnutls_pkcs12_bag_decrypt.3,
+ doc/manpages/gnutls_pkcs12_bag_deinit.3,
+ doc/manpages/gnutls_pkcs12_bag_encrypt.3,
+ doc/manpages/gnutls_pkcs12_bag_get_count.3,
+ doc/manpages/gnutls_pkcs12_bag_get_data.3,
+ doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3,
+ doc/manpages/gnutls_pkcs12_bag_get_key_id.3,
+ doc/manpages/gnutls_pkcs12_bag_get_type.3,
+ doc/manpages/gnutls_pkcs12_bag_init.3,
+ doc/manpages/gnutls_pkcs12_bag_set_crl.3,
+ doc/manpages/gnutls_pkcs12_bag_set_crt.3,
+ doc/manpages/gnutls_pkcs12_bag_set_data.3,
+ doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3,
+ doc/manpages/gnutls_pkcs12_bag_set_key_id.3,
+ doc/manpages/gnutls_pkcs12_deinit.3,
+ doc/manpages/gnutls_pkcs12_export.3,
+ doc/manpages/gnutls_pkcs12_generate_mac.3,
+ doc/manpages/gnutls_pkcs12_get_bag.3,
+ doc/manpages/gnutls_pkcs12_import.3,
+ doc/manpages/gnutls_pkcs12_init.3,
+ doc/manpages/gnutls_pkcs12_set_bag.3,
+ doc/manpages/gnutls_pkcs12_verify_mac.3,
+ doc/manpages/gnutls_pkcs7_deinit.3,
+ doc/manpages/gnutls_pkcs7_delete_crl.3,
+ doc/manpages/gnutls_pkcs7_delete_crt.3,
+ doc/manpages/gnutls_pkcs7_export.3,
+ doc/manpages/gnutls_pkcs7_get_crl_count.3,
+ doc/manpages/gnutls_pkcs7_get_crl_raw.3,
+ doc/manpages/gnutls_pkcs7_get_crt_count.3,
+ doc/manpages/gnutls_pkcs7_get_crt_raw.3,
+ doc/manpages/gnutls_pkcs7_import.3,
+ doc/manpages/gnutls_pkcs7_init.3,
+ doc/manpages/gnutls_pkcs7_set_crl.3,
+ doc/manpages/gnutls_pkcs7_set_crl_raw.3,
+ doc/manpages/gnutls_pkcs7_set_crt.3,
+ doc/manpages/gnutls_pkcs7_set_crt_raw.3, doc/manpages/gnutls_prf.3,
+ doc/manpages/gnutls_prf_raw.3,
+ doc/manpages/gnutls_priority_deinit.3,
+ doc/manpages/gnutls_priority_init.3,
+ doc/manpages/gnutls_priority_set.3,
+ doc/manpages/gnutls_priority_set_direct.3,
+ doc/manpages/gnutls_privkey_decrypt_data.3,
+ doc/manpages/gnutls_privkey_deinit.3,
+ doc/manpages/gnutls_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_privkey_get_type.3,
+ doc/manpages/gnutls_privkey_import_ext.3,
+ doc/manpages/gnutls_privkey_import_openpgp.3,
+ doc/manpages/gnutls_privkey_import_pkcs11.3,
+ doc/manpages/gnutls_privkey_import_x509.3,
+ doc/manpages/gnutls_privkey_init.3,
+ doc/manpages/gnutls_privkey_sign_data.3,
+ doc/manpages/gnutls_privkey_sign_hash.3,
+ doc/manpages/gnutls_protocol_get_id.3,
+ doc/manpages/gnutls_protocol_get_name.3,
+ doc/manpages/gnutls_protocol_get_version.3,
+ doc/manpages/gnutls_protocol_list.3,
+ doc/manpages/gnutls_protocol_set_priority.3,
+ doc/manpages/gnutls_psk_allocate_client_credentials.3,
+ doc/manpages/gnutls_psk_allocate_server_credentials.3,
+ doc/manpages/gnutls_psk_client_get_hint.3,
+ doc/manpages/gnutls_psk_free_client_credentials.3,
+ doc/manpages/gnutls_psk_free_server_credentials.3,
+ doc/manpages/gnutls_psk_server_get_username.3,
+ doc/manpages/gnutls_psk_set_client_credentials.3,
+ doc/manpages/gnutls_psk_set_params_function.3,
+ doc/manpages/gnutls_psk_set_server_credentials_file.3,
+ doc/manpages/gnutls_psk_set_server_credentials_hint.3,
+ doc/manpages/gnutls_psk_set_server_dh_params.3,
+ doc/manpages/gnutls_psk_set_server_params_function.3,
+ doc/manpages/gnutls_pubkey_deinit.3,
+ doc/manpages/gnutls_pubkey_export.3,
+ doc/manpages/gnutls_pubkey_get_key_id.3,
+ doc/manpages/gnutls_pubkey_get_key_usage.3,
+ doc/manpages/gnutls_pubkey_get_openpgp_key_id.3,
+ doc/manpages/gnutls_pubkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3,
+ doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3,
+ doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3,
+ doc/manpages/gnutls_pubkey_get_verify_algorithm.3,
+ doc/manpages/gnutls_pubkey_import.3,
+ doc/manpages/gnutls_pubkey_import_dsa_raw.3,
+ doc/manpages/gnutls_pubkey_import_ecc_raw.3,
+ doc/manpages/gnutls_pubkey_import_ecc_x962.3,
+ doc/manpages/gnutls_pubkey_import_openpgp.3,
+ doc/manpages/gnutls_pubkey_import_pkcs11.3,
+ doc/manpages/gnutls_pubkey_import_pkcs11_url.3,
+ doc/manpages/gnutls_pubkey_import_privkey.3,
+ doc/manpages/gnutls_pubkey_import_rsa_raw.3,
+ doc/manpages/gnutls_pubkey_import_x509.3,
+ doc/manpages/gnutls_pubkey_init.3,
+ doc/manpages/gnutls_pubkey_set_key_usage.3,
+ doc/manpages/gnutls_pubkey_verify_data.3,
+ doc/manpages/gnutls_pubkey_verify_data2.3,
+ doc/manpages/gnutls_pubkey_verify_hash.3,
+ doc/manpages/gnutls_record_check_pending.3,
+ doc/manpages/gnutls_record_disable_padding.3,
+ doc/manpages/gnutls_record_get_direction.3,
+ doc/manpages/gnutls_record_get_discarded.3,
+ doc/manpages/gnutls_record_get_max_size.3,
+ doc/manpages/gnutls_record_recv.3,
+ doc/manpages/gnutls_record_recv_seq.3,
+ doc/manpages/gnutls_record_send.3,
+ doc/manpages/gnutls_record_set_max_size.3,
+ doc/manpages/gnutls_rehandshake.3, doc/manpages/gnutls_rnd.3,
+ doc/manpages/gnutls_rsa_export_get_modulus_bits.3,
+ doc/manpages/gnutls_rsa_export_get_pubkey.3,
+ doc/manpages/gnutls_rsa_params_cpy.3,
+ doc/manpages/gnutls_rsa_params_deinit.3,
+ doc/manpages/gnutls_rsa_params_export_pkcs1.3,
+ doc/manpages/gnutls_rsa_params_export_raw.3,
+ doc/manpages/gnutls_rsa_params_generate2.3,
+ doc/manpages/gnutls_rsa_params_import_pkcs1.3,
+ doc/manpages/gnutls_rsa_params_import_raw.3,
+ doc/manpages/gnutls_rsa_params_init.3,
+ doc/manpages/gnutls_safe_renegotiation_status.3,
+ doc/manpages/gnutls_sec_param_get_name.3,
+ doc/manpages/gnutls_sec_param_to_pk_bits.3,
+ doc/manpages/gnutls_server_name_get.3,
+ doc/manpages/gnutls_server_name_set.3,
+ doc/manpages/gnutls_session_channel_binding.3,
+ doc/manpages/gnutls_session_enable_compatibility_mode.3,
+ doc/manpages/gnutls_session_get_data.3,
+ doc/manpages/gnutls_session_get_data2.3,
+ doc/manpages/gnutls_session_get_id.3,
+ doc/manpages/gnutls_session_get_ptr.3,
+ doc/manpages/gnutls_session_is_resumed.3,
+ doc/manpages/gnutls_session_set_data.3,
+ doc/manpages/gnutls_session_set_ptr.3,
+ doc/manpages/gnutls_session_ticket_enable_client.3,
+ doc/manpages/gnutls_session_ticket_enable_server.3,
+ doc/manpages/gnutls_session_ticket_key_generate.3,
+ doc/manpages/gnutls_set_default_export_priority.3,
+ doc/manpages/gnutls_set_default_priority.3,
+ doc/manpages/gnutls_sign_algorithm_get_requested.3,
+ doc/manpages/gnutls_sign_callback_get.3,
+ doc/manpages/gnutls_sign_callback_set.3,
+ doc/manpages/gnutls_sign_get_id.3,
+ doc/manpages/gnutls_sign_get_name.3,
+ doc/manpages/gnutls_sign_list.3,
+ doc/manpages/gnutls_srp_allocate_client_credentials.3,
+ doc/manpages/gnutls_srp_allocate_server_credentials.3,
+ doc/manpages/gnutls_srp_base64_decode.3,
+ doc/manpages/gnutls_srp_base64_decode_alloc.3,
+ doc/manpages/gnutls_srp_base64_encode.3,
+ doc/manpages/gnutls_srp_base64_encode_alloc.3,
+ doc/manpages/gnutls_srp_free_client_credentials.3,
+ doc/manpages/gnutls_srp_free_server_credentials.3,
+ doc/manpages/gnutls_srp_server_get_username.3,
+ doc/manpages/gnutls_srp_set_client_credentials.3,
+ doc/manpages/gnutls_srp_set_prime_bits.3,
+ doc/manpages/gnutls_srp_set_server_credentials_file.3,
+ doc/manpages/gnutls_srp_verifier.3, doc/manpages/gnutls_strerror.3,
+ doc/manpages/gnutls_strerror_name.3,
+ doc/manpages/gnutls_supplemental_get_name.3,
+ doc/manpages/gnutls_transport_get_ptr.3,
+ doc/manpages/gnutls_transport_get_ptr2.3,
+ doc/manpages/gnutls_transport_set_errno.3,
+ doc/manpages/gnutls_transport_set_errno_function.3,
+ doc/manpages/gnutls_transport_set_ptr.3,
+ doc/manpages/gnutls_transport_set_ptr2.3,
+ doc/manpages/gnutls_transport_set_pull_function.3,
+ doc/manpages/gnutls_transport_set_pull_timeout_function.3,
+ doc/manpages/gnutls_transport_set_push_function.3,
+ doc/manpages/gnutls_transport_set_vec_push_function.3,
+ doc/manpages/gnutls_x509_crl_check_issuer.3,
+ doc/manpages/gnutls_x509_crl_deinit.3,
+ doc/manpages/gnutls_x509_crl_export.3,
+ doc/manpages/gnutls_x509_crl_get_authority_key_id.3,
+ doc/manpages/gnutls_x509_crl_get_crt_count.3,
+ doc/manpages/gnutls_x509_crl_get_crt_serial.3,
+ doc/manpages/gnutls_x509_crl_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crl_get_extension_data.3,
+ doc/manpages/gnutls_x509_crl_get_extension_info.3,
+ doc/manpages/gnutls_x509_crl_get_extension_oid.3,
+ doc/manpages/gnutls_x509_crl_get_issuer_dn.3,
+ doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crl_get_next_update.3,
+ doc/manpages/gnutls_x509_crl_get_number.3,
+ doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3,
+ doc/manpages/gnutls_x509_crl_get_signature.3,
+ doc/manpages/gnutls_x509_crl_get_signature_algorithm.3,
+ doc/manpages/gnutls_x509_crl_get_this_update.3,
+ doc/manpages/gnutls_x509_crl_get_version.3,
+ doc/manpages/gnutls_x509_crl_import.3,
+ doc/manpages/gnutls_x509_crl_init.3,
+ doc/manpages/gnutls_x509_crl_list_import.3,
+ doc/manpages/gnutls_x509_crl_list_import2.3,
+ doc/manpages/gnutls_x509_crl_print.3,
+ doc/manpages/gnutls_x509_crl_privkey_sign.3,
+ doc/manpages/gnutls_x509_crl_set_authority_key_id.3,
+ doc/manpages/gnutls_x509_crl_set_crt.3,
+ doc/manpages/gnutls_x509_crl_set_crt_serial.3,
+ doc/manpages/gnutls_x509_crl_set_next_update.3,
+ doc/manpages/gnutls_x509_crl_set_number.3,
+ doc/manpages/gnutls_x509_crl_set_this_update.3,
+ doc/manpages/gnutls_x509_crl_set_version.3,
+ doc/manpages/gnutls_x509_crl_sign.3,
+ doc/manpages/gnutls_x509_crl_sign2.3,
+ doc/manpages/gnutls_x509_crl_verify.3,
+ doc/manpages/gnutls_x509_crq_deinit.3,
+ doc/manpages/gnutls_x509_crq_export.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_data.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_info.3,
+ doc/manpages/gnutls_x509_crq_get_basic_constraints.3,
+ doc/manpages/gnutls_x509_crq_get_challenge_password.3,
+ doc/manpages/gnutls_x509_crq_get_dn.3,
+ doc/manpages/gnutls_x509_crq_get_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crq_get_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_extension_data.3,
+ doc/manpages/gnutls_x509_crq_get_extension_info.3,
+ doc/manpages/gnutls_x509_crq_get_key_id.3,
+ doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3,
+ doc/manpages/gnutls_x509_crq_get_key_usage.3,
+ doc/manpages/gnutls_x509_crq_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_crq_get_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crq_get_version.3,
+ doc/manpages/gnutls_x509_crq_import.3,
+ doc/manpages/gnutls_x509_crq_init.3,
+ doc/manpages/gnutls_x509_crq_print.3,
+ doc/manpages/gnutls_x509_crq_privkey_sign.3,
+ doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3,
+ doc/manpages/gnutls_x509_crq_set_basic_constraints.3,
+ doc/manpages/gnutls_x509_crq_set_challenge_password.3,
+ doc/manpages/gnutls_x509_crq_set_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crq_set_key.3,
+ doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3,
+ doc/manpages/gnutls_x509_crq_set_key_usage.3,
+ doc/manpages/gnutls_x509_crq_set_pubkey.3,
+ doc/manpages/gnutls_x509_crq_set_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crq_set_version.3,
+ doc/manpages/gnutls_x509_crq_sign.3,
+ doc/manpages/gnutls_x509_crq_sign2.3,
+ doc/manpages/gnutls_x509_crq_verify.3,
+ doc/manpages/gnutls_x509_crt_check_hostname.3,
+ doc/manpages/gnutls_x509_crt_check_issuer.3,
+ doc/manpages/gnutls_x509_crt_check_revocation.3,
+ doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_deinit.3,
+ doc/manpages/gnutls_x509_crt_export.3,
+ doc/manpages/gnutls_x509_crt_get_activation_time.3,
+ doc/manpages/gnutls_x509_crt_get_authority_info_access.3,
+ doc/manpages/gnutls_x509_crt_get_authority_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_basic_constraints.3,
+ doc/manpages/gnutls_x509_crt_get_ca_status.3,
+ doc/manpages/gnutls_x509_crt_get_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_get_dn.3,
+ doc/manpages/gnutls_x509_crt_get_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crt_get_expiration_time.3,
+ doc/manpages/gnutls_x509_crt_get_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_extension_data.3,
+ doc/manpages/gnutls_x509_crt_get_extension_info.3,
+ doc/manpages/gnutls_x509_crt_get_extension_oid.3,
+ doc/manpages/gnutls_x509_crt_get_fingerprint.3,
+ doc/manpages/gnutls_x509_crt_get_issuer.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3,
+ doc/manpages/gnutls_x509_crt_get_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crt_get_key_usage.3,
+ doc/manpages/gnutls_x509_crt_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_proxy.3,
+ doc/manpages/gnutls_x509_crt_get_raw_dn.3,
+ doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3,
+ doc/manpages/gnutls_x509_crt_get_serial.3,
+ doc/manpages/gnutls_x509_crt_get_signature.3,
+ doc/manpages/gnutls_x509_crt_get_signature_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_subject.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crt_get_subject_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_subject_unique_id.3,
+ doc/manpages/gnutls_x509_crt_get_verify_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_version.3,
+ doc/manpages/gnutls_x509_crt_import.3,
+ doc/manpages/gnutls_x509_crt_import_pkcs11.3,
+ doc/manpages/gnutls_x509_crt_import_pkcs11_url.3,
+ doc/manpages/gnutls_x509_crt_init.3,
+ doc/manpages/gnutls_x509_crt_list_import.3,
+ doc/manpages/gnutls_x509_crt_list_import2.3,
+ doc/manpages/gnutls_x509_crt_list_import_pkcs11.3,
+ doc/manpages/gnutls_x509_crt_list_verify.3,
+ doc/manpages/gnutls_x509_crt_print.3,
+ doc/manpages/gnutls_x509_crt_privkey_sign.3,
+ doc/manpages/gnutls_x509_crt_set_activation_time.3,
+ doc/manpages/gnutls_x509_crt_set_authority_key_id.3,
+ doc/manpages/gnutls_x509_crt_set_basic_constraints.3,
+ doc/manpages/gnutls_x509_crt_set_ca_status.3,
+ doc/manpages/gnutls_x509_crt_set_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3,
+ doc/manpages/gnutls_x509_crt_set_crq.3,
+ doc/manpages/gnutls_x509_crt_set_crq_extensions.3,
+ doc/manpages/gnutls_x509_crt_set_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_expiration_time.3,
+ doc/manpages/gnutls_x509_crt_set_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_key.3,
+ doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crt_set_key_usage.3,
+ doc/manpages/gnutls_x509_crt_set_proxy.3,
+ doc/manpages/gnutls_x509_crt_set_proxy_dn.3,
+ doc/manpages/gnutls_x509_crt_set_pubkey.3,
+ doc/manpages/gnutls_x509_crt_set_serial.3,
+ doc/manpages/gnutls_x509_crt_set_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3,
+ doc/manpages/gnutls_x509_crt_set_subject_key_id.3,
+ doc/manpages/gnutls_x509_crt_set_version.3,
+ doc/manpages/gnutls_x509_crt_sign.3,
+ doc/manpages/gnutls_x509_crt_sign2.3,
+ doc/manpages/gnutls_x509_crt_verify.3,
+ doc/manpages/gnutls_x509_crt_verify_data.3,
+ doc/manpages/gnutls_x509_crt_verify_hash.3,
+ doc/manpages/gnutls_x509_dn_deinit.3,
+ doc/manpages/gnutls_x509_dn_export.3,
+ doc/manpages/gnutls_x509_dn_get_rdn_ava.3,
+ doc/manpages/gnutls_x509_dn_import.3,
+ doc/manpages/gnutls_x509_dn_init.3,
+ doc/manpages/gnutls_x509_dn_oid_known.3,
+ doc/manpages/gnutls_x509_privkey_cpy.3,
+ doc/manpages/gnutls_x509_privkey_deinit.3,
+ doc/manpages/gnutls_x509_privkey_export.3,
+ doc/manpages/gnutls_x509_privkey_export_dsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_ecc_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_pkcs8.3,
+ doc/manpages/gnutls_x509_privkey_export_rsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3,
+ doc/manpages/gnutls_x509_privkey_fix.3,
+ doc/manpages/gnutls_x509_privkey_generate.3,
+ doc/manpages/gnutls_x509_privkey_get_key_id.3,
+ doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_privkey_import.3,
+ doc/manpages/gnutls_x509_privkey_import_dsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_ecc_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_pkcs8.3,
+ doc/manpages/gnutls_x509_privkey_import_rsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3,
+ doc/manpages/gnutls_x509_privkey_init.3,
+ doc/manpages/gnutls_x509_privkey_sec_param.3,
+ doc/manpages/gnutls_x509_privkey_sign_data.3,
+ doc/manpages/gnutls_x509_privkey_sign_hash.3,
+ doc/manpages/gnutls_x509_privkey_verify_params.3,
+ doc/manpages/gnutls_x509_rdn_get.3,
+ doc/manpages/gnutls_x509_rdn_get_by_oid.3,
+ doc/manpages/gnutls_x509_rdn_get_oid.3,
+ doc/manpages/gnutls_x509_trust_list_add_cas.3,
+ doc/manpages/gnutls_x509_trust_list_add_crls.3,
+ doc/manpages/gnutls_x509_trust_list_add_named_crt.3,
+ doc/manpages/gnutls_x509_trust_list_deinit.3,
+ doc/manpages/gnutls_x509_trust_list_get_issuer.3,
+ doc/manpages/gnutls_x509_trust_list_init.3,
+ doc/manpages/gnutls_x509_trust_list_verify_crt.3,
+ doc/manpages/gnutls_x509_trust_list_verify_named_crt.3: manpages
+ don't need to be in the repository.
+
+2011-12-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * tests/Makefile.am, tests/cipher-test.c, tests/slow/Makefile.am,
+ tests/slow/cipher-test.c: cipher-test is now run without valgrind
+
+2011-11-29 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_errors.h: removed superfluous check.
+
+2011-11-29 Simon Josefsson <address@hidden>
+
+ * cfg.mk, tests/suite/chain: Fix syntax-check nits.
+
+2011-11-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-x86.h: removed unused variable.
+ * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/scripts/mytexi2latex: documentation updates.
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-25 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
- lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/gnutls_openpgp.h, lib/openpgp/privkey.c,
- lib/x509/x509.c: gnutls_certificate_set_x509_key() and
- gnutls_certificate_set_openpgp_key() operate as in gnutls 2.10.x and
- do not require to hold the structures.
+ * doc/gnutls.texi: use emph instead of cite since cite produces bad
+ output in texi2html.
-2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-24 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-gcm-x86.c,
- lib/accelerated/intel/aes-x86.c: removed unused variables.
+ * doc/cha-cert-auth2.texi, doc/scripts/mytexi2latex: updates in
+ sectioning. Subheading was used instead of subsection in few cases.
-2011-08-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-25 Ludovic Courtès <address@hidden>
- * lib/gnutls_record.c: Allow out-of-order change_cipher_spec in
- DTLS.
+ * guile/modules/system/documentation/output.scm: guile: Fix the
+ (unused) `output-procedure-texi-documentation-from-c-file'. Reported
by Mike Gran <address@hidden>.
-2011-08-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-24 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi, doc/examples/ex-cert-select-pkcs11.c,
- lib/gnutls_buffers.c, lib/gnutls_pubkey.c, lib/gnutls_record.c:
- documentation changes.
+ * cfg.mk: copy images to html_node
-2011-08-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-24 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
- gnutls/extra.h is not required for SRP.
+ * doc/cha-cert-auth2.texi: added missing node
-2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-24 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/gnutls.tex: leave an empty page
+ * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-programs.texi, doc/scripts/gdoc,
+ doc/scripts/mytexi2latex: updates in texi and tex documentation.
-2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-24 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-bib.texi, doc/cha-cert-auth.texi,
- doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
- doc/latex/gnutls.bib, doc/latex/gnutls.tex: documentation updates
+ * lib/opencdk/Makefile.am, lib/opencdk/dummy.c, lib/opencdk/main.h:
+ dropped unneeded function.
-2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/rnd.c: unlock rnd mutex on error.
+ * .gitignore, doc/Makefile.am, doc/cha-functions.texi,
+ doc/cha-gtls-app.texi, doc/gnutls.texi, doc/scripts/gdoc,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/openpgp.h: Separated API reference to header
+ files in the texi manual.
+
+2011-11-22 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-gtls-examples.texi: removed text for tcp functions.
+
+2011-11-20 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, cfg.mk, doc/manpages/Makefile.am,
+ doc/manpages/gnutls_alert_get.3,
+ doc/manpages/gnutls_alert_get_name.3,
+ doc/manpages/gnutls_alert_get_strname.3,
+ doc/manpages/gnutls_alert_send.3,
+ doc/manpages/gnutls_alert_send_appropriate.3,
+ doc/manpages/gnutls_anon_allocate_client_credentials.3,
+ doc/manpages/gnutls_anon_allocate_server_credentials.3,
+ doc/manpages/gnutls_anon_free_client_credentials.3,
+ doc/manpages/gnutls_anon_free_server_credentials.3,
+ doc/manpages/gnutls_anon_set_params_function.3,
+ doc/manpages/gnutls_anon_set_server_dh_params.3,
+ doc/manpages/gnutls_anon_set_server_params_function.3,
+ doc/manpages/gnutls_auth_client_get_type.3,
+ doc/manpages/gnutls_auth_get_type.3,
+ doc/manpages/gnutls_auth_server_get_type.3,
+ doc/manpages/gnutls_bye.3,
+ doc/manpages/gnutls_certificate_activation_time_peers.3,
+ doc/manpages/gnutls_certificate_allocate_credentials.3,
+ doc/manpages/gnutls_certificate_client_get_request_status.3,
+ doc/manpages/gnutls_certificate_expiration_time_peers.3,
+ doc/manpages/gnutls_certificate_free_ca_names.3,
+ doc/manpages/gnutls_certificate_free_cas.3,
+ doc/manpages/gnutls_certificate_free_credentials.3,
+ doc/manpages/gnutls_certificate_free_crls.3,
+ doc/manpages/gnutls_certificate_free_keys.3,
+ doc/manpages/gnutls_certificate_get_issuer.3,
+ doc/manpages/gnutls_certificate_get_openpgp_keyring.3,
+ doc/manpages/gnutls_certificate_get_ours.3,
+ doc/manpages/gnutls_certificate_get_peers.3,
+ doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3,
+ doc/manpages/gnutls_certificate_server_set_request.3,
+ doc/manpages/gnutls_certificate_set_dh_params.3,
+ doc/manpages/gnutls_certificate_set_key.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_file.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_file2.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_mem.3,
+ doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3,
+ doc/manpages/gnutls_certificate_set_params_function.3,
+ doc/manpages/gnutls_certificate_set_rsa_export_params.3,
+ doc/manpages/gnutls_certificate_set_verify_flags.3,
+ doc/manpages/gnutls_certificate_set_verify_function.3,
+ doc/manpages/gnutls_certificate_set_verify_limits.3,
+ doc/manpages/gnutls_certificate_set_x509_crl.3,
+ doc/manpages/gnutls_certificate_set_x509_crl_file.3,
+ doc/manpages/gnutls_certificate_set_x509_crl_mem.3,
+ doc/manpages/gnutls_certificate_set_x509_key.3,
+ doc/manpages/gnutls_certificate_set_x509_key_file.3,
+ doc/manpages/gnutls_certificate_set_x509_key_mem.3,
+ doc/manpages/gnutls_certificate_set_x509_trust.3,
+ doc/manpages/gnutls_certificate_set_x509_trust_file.3,
+ doc/manpages/gnutls_certificate_set_x509_trust_mem.3,
+ doc/manpages/gnutls_certificate_type_get.3,
+ doc/manpages/gnutls_certificate_type_get_id.3,
+ doc/manpages/gnutls_certificate_type_get_name.3,
+ doc/manpages/gnutls_certificate_type_list.3,
+ doc/manpages/gnutls_certificate_type_set_priority.3,
+ doc/manpages/gnutls_certificate_verify_peers2.3,
+ doc/manpages/gnutls_check_version.3,
+ doc/manpages/gnutls_cipher_add_auth.3,
+ doc/manpages/gnutls_cipher_decrypt.3,
+ doc/manpages/gnutls_cipher_decrypt2.3,
+ doc/manpages/gnutls_cipher_deinit.3,
+ doc/manpages/gnutls_cipher_encrypt.3,
+ doc/manpages/gnutls_cipher_encrypt2.3,
+ doc/manpages/gnutls_cipher_get.3,
+ doc/manpages/gnutls_cipher_get_block_size.3,
+ doc/manpages/gnutls_cipher_get_id.3,
+ doc/manpages/gnutls_cipher_get_key_size.3,
+ doc/manpages/gnutls_cipher_get_name.3,
+ doc/manpages/gnutls_cipher_init.3,
+ doc/manpages/gnutls_cipher_list.3,
+ doc/manpages/gnutls_cipher_set_iv.3,
+ doc/manpages/gnutls_cipher_set_priority.3,
+ doc/manpages/gnutls_cipher_suite_get_name.3,
+ doc/manpages/gnutls_cipher_suite_info.3,
+ doc/manpages/gnutls_cipher_tag.3,
+ doc/manpages/gnutls_compression_get.3,
+ doc/manpages/gnutls_compression_get_id.3,
+ doc/manpages/gnutls_compression_get_name.3,
+ doc/manpages/gnutls_compression_list.3,
+ doc/manpages/gnutls_compression_set_priority.3,
+ doc/manpages/gnutls_credentials_clear.3,
+ doc/manpages/gnutls_credentials_set.3,
+ doc/manpages/gnutls_db_check_entry.3,
+ doc/manpages/gnutls_db_get_ptr.3,
+ doc/manpages/gnutls_db_remove_session.3,
+ doc/manpages/gnutls_db_set_cache_expiration.3,
+ doc/manpages/gnutls_db_set_ptr.3,
+ doc/manpages/gnutls_db_set_remove_function.3,
+ doc/manpages/gnutls_db_set_retrieve_function.3,
+ doc/manpages/gnutls_db_set_store_function.3,
+ doc/manpages/gnutls_deinit.3, doc/manpages/gnutls_dh_get_group.3,
+ doc/manpages/gnutls_dh_get_peers_public_bits.3,
+ doc/manpages/gnutls_dh_get_prime_bits.3,
+ doc/manpages/gnutls_dh_get_pubkey.3,
+ doc/manpages/gnutls_dh_get_secret_bits.3,
+ doc/manpages/gnutls_dh_params_cpy.3,
+ doc/manpages/gnutls_dh_params_deinit.3,
+ doc/manpages/gnutls_dh_params_export_pkcs3.3,
+ doc/manpages/gnutls_dh_params_export_raw.3,
+ doc/manpages/gnutls_dh_params_generate2.3,
+ doc/manpages/gnutls_dh_params_import_pkcs3.3,
+ doc/manpages/gnutls_dh_params_import_raw.3,
+ doc/manpages/gnutls_dh_params_init.3,
+ doc/manpages/gnutls_dh_set_prime_bits.3,
+ doc/manpages/gnutls_dtls_cookie_send.3,
+ doc/manpages/gnutls_dtls_cookie_verify.3,
+ doc/manpages/gnutls_dtls_get_data_mtu.3,
+ doc/manpages/gnutls_dtls_get_mtu.3,
+ doc/manpages/gnutls_dtls_prestate_set.3,
+ doc/manpages/gnutls_dtls_set_mtu.3,
+ doc/manpages/gnutls_dtls_set_timeouts.3,
+ doc/manpages/gnutls_ecc_curve_get.3,
+ doc/manpages/gnutls_ecc_curve_get_name.3,
+ doc/manpages/gnutls_ecc_curve_get_size.3,
+ doc/manpages/gnutls_error_is_fatal.3,
+ doc/manpages/gnutls_error_to_alert.3,
+ doc/manpages/gnutls_fingerprint.3,
+ doc/manpages/gnutls_global_deinit.3,
+ doc/manpages/gnutls_global_init.3,
+ doc/manpages/gnutls_global_set_audit_log_function.3,
+ doc/manpages/gnutls_global_set_log_function.3,
+ doc/manpages/gnutls_global_set_log_level.3,
+ doc/manpages/gnutls_global_set_mem_functions.3,
+ doc/manpages/gnutls_global_set_mutex.3,
+ doc/manpages/gnutls_global_set_time_function.3,
+ doc/manpages/gnutls_handshake.3,
+ doc/manpages/gnutls_handshake_get_last_in.3,
+ doc/manpages/gnutls_handshake_get_last_out.3,
+ doc/manpages/gnutls_handshake_set_max_packet_length.3,
+ doc/manpages/gnutls_handshake_set_post_client_hello_function.3,
+ doc/manpages/gnutls_handshake_set_private_extensions.3,
+ doc/manpages/gnutls_hash.3, doc/manpages/gnutls_hash_deinit.3,
+ doc/manpages/gnutls_hash_fast.3,
+ doc/manpages/gnutls_hash_get_len.3,
+ doc/manpages/gnutls_hash_init.3, doc/manpages/gnutls_hash_output.3,
+ doc/manpages/gnutls_hex2bin.3, doc/manpages/gnutls_hex_decode.3,
+ doc/manpages/gnutls_hex_encode.3, doc/manpages/gnutls_hmac.3,
+ doc/manpages/gnutls_hmac_deinit.3, doc/manpages/gnutls_hmac_fast.3,
+ doc/manpages/gnutls_hmac_get_len.3,
+ doc/manpages/gnutls_hmac_init.3, doc/manpages/gnutls_hmac_output.3,
+ doc/manpages/gnutls_init.3, doc/manpages/gnutls_key_generate.3,
+ doc/manpages/gnutls_kx_get.3, doc/manpages/gnutls_kx_get_id.3,
+ doc/manpages/gnutls_kx_get_name.3, doc/manpages/gnutls_kx_list.3,
+ doc/manpages/gnutls_kx_set_priority.3,
+ doc/manpages/gnutls_mac_get.3, doc/manpages/gnutls_mac_get_id.3,
+ doc/manpages/gnutls_mac_get_key_size.3,
+ doc/manpages/gnutls_mac_get_name.3, doc/manpages/gnutls_mac_list.3,
+ doc/manpages/gnutls_mac_set_priority.3,
+ doc/manpages/gnutls_openpgp_crt_check_hostname.3,
+ doc/manpages/gnutls_openpgp_crt_deinit.3,
+ doc/manpages/gnutls_openpgp_crt_export.3,
+ doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3,
+ doc/manpages/gnutls_openpgp_crt_get_creation_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_expiration_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_fingerprint.3,
+ doc/manpages/gnutls_openpgp_crt_get_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_key_usage.3,
+ doc/manpages/gnutls_openpgp_crt_get_name.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_revoked_status.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_count.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_id.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3,
+ doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3,
+ doc/manpages/gnutls_openpgp_crt_get_version.3,
+ doc/manpages/gnutls_openpgp_crt_import.3,
+ doc/manpages/gnutls_openpgp_crt_init.3,
+ doc/manpages/gnutls_openpgp_crt_print.3,
+ doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_crt_verify_ring.3,
+ doc/manpages/gnutls_openpgp_crt_verify_self.3,
+ doc/manpages/gnutls_openpgp_keyring_check_id.3,
+ doc/manpages/gnutls_openpgp_keyring_deinit.3,
+ doc/manpages/gnutls_openpgp_keyring_get_crt.3,
+ doc/manpages/gnutls_openpgp_keyring_get_crt_count.3,
+ doc/manpages/gnutls_openpgp_keyring_import.3,
+ doc/manpages/gnutls_openpgp_keyring_init.3,
+ doc/manpages/gnutls_openpgp_privkey_deinit.3,
+ doc/manpages/gnutls_openpgp_privkey_export.3,
+ doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3,
+ doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3,
+ doc/manpages/gnutls_openpgp_privkey_get_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3,
+ doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3,
+ doc/manpages/gnutls_openpgp_privkey_import.3,
+ doc/manpages/gnutls_openpgp_privkey_init.3,
+ doc/manpages/gnutls_openpgp_privkey_sec_param.3,
+ doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3,
+ doc/manpages/gnutls_openpgp_privkey_sign_hash.3,
+ doc/manpages/gnutls_openpgp_send_cert.3,
+ doc/manpages/gnutls_openpgp_set_recv_key_function.3,
+ doc/manpages/gnutls_pcert_deinit.3,
+ doc/manpages/gnutls_pcert_import_openpgp.3,
+ doc/manpages/gnutls_pcert_import_openpgp_raw.3,
+ doc/manpages/gnutls_pcert_import_x509.3,
+ doc/manpages/gnutls_pcert_import_x509_raw.3,
+ doc/manpages/gnutls_pcert_list_import_x509_raw.3,
+ doc/manpages/gnutls_pem_base64_decode.3,
+ doc/manpages/gnutls_pem_base64_decode_alloc.3,
+ doc/manpages/gnutls_pem_base64_encode.3,
+ doc/manpages/gnutls_pem_base64_encode_alloc.3,
+ doc/manpages/gnutls_perror.3,
+ doc/manpages/gnutls_pk_algorithm_get_name.3,
+ doc/manpages/gnutls_pk_bits_to_sec_param.3,
+ doc/manpages/gnutls_pk_get_id.3, doc/manpages/gnutls_pk_get_name.3,
+ doc/manpages/gnutls_pk_list.3,
+ doc/manpages/gnutls_pkcs11_add_provider.3,
+ doc/manpages/gnutls_pkcs11_copy_secret_key.3,
+ doc/manpages/gnutls_pkcs11_copy_x509_crt.3,
+ doc/manpages/gnutls_pkcs11_copy_x509_privkey.3,
+ doc/manpages/gnutls_pkcs11_deinit.3,
+ doc/manpages/gnutls_pkcs11_delete_url.3,
+ doc/manpages/gnutls_pkcs11_init.3,
+ doc/manpages/gnutls_pkcs11_obj_deinit.3,
+ doc/manpages/gnutls_pkcs11_obj_export.3,
+ doc/manpages/gnutls_pkcs11_obj_export_url.3,
+ doc/manpages/gnutls_pkcs11_obj_get_info.3,
+ doc/manpages/gnutls_pkcs11_obj_get_type.3,
+ doc/manpages/gnutls_pkcs11_obj_import_url.3,
+ doc/manpages/gnutls_pkcs11_obj_init.3,
+ doc/manpages/gnutls_pkcs11_obj_list_import_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_deinit.3,
+ doc/manpages/gnutls_pkcs11_privkey_export_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_generate.3,
+ doc/manpages/gnutls_pkcs11_privkey_get_info.3,
+ doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_pkcs11_privkey_import_url.3,
+ doc/manpages/gnutls_pkcs11_privkey_init.3,
+ doc/manpages/gnutls_pkcs11_set_pin_function.3,
+ doc/manpages/gnutls_pkcs11_set_token_function.3,
+ doc/manpages/gnutls_pkcs11_token_get_flags.3,
+ doc/manpages/gnutls_pkcs11_token_get_info.3,
+ doc/manpages/gnutls_pkcs11_token_get_mechanism.3,
+ doc/manpages/gnutls_pkcs11_token_get_url.3,
+ doc/manpages/gnutls_pkcs11_token_init.3,
+ doc/manpages/gnutls_pkcs11_token_set_pin.3,
+ doc/manpages/gnutls_pkcs11_type_get_name.3,
+ doc/manpages/gnutls_pkcs12_bag_decrypt.3,
+ doc/manpages/gnutls_pkcs12_bag_deinit.3,
+ doc/manpages/gnutls_pkcs12_bag_encrypt.3,
+ doc/manpages/gnutls_pkcs12_bag_get_count.3,
+ doc/manpages/gnutls_pkcs12_bag_get_data.3,
+ doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3,
+ doc/manpages/gnutls_pkcs12_bag_get_key_id.3,
+ doc/manpages/gnutls_pkcs12_bag_get_type.3,
+ doc/manpages/gnutls_pkcs12_bag_init.3,
+ doc/manpages/gnutls_pkcs12_bag_set_crl.3,
+ doc/manpages/gnutls_pkcs12_bag_set_crt.3,
+ doc/manpages/gnutls_pkcs12_bag_set_data.3,
+ doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3,
+ doc/manpages/gnutls_pkcs12_bag_set_key_id.3,
+ doc/manpages/gnutls_pkcs12_deinit.3,
+ doc/manpages/gnutls_pkcs12_export.3,
+ doc/manpages/gnutls_pkcs12_generate_mac.3,
+ doc/manpages/gnutls_pkcs12_get_bag.3,
+ doc/manpages/gnutls_pkcs12_import.3,
+ doc/manpages/gnutls_pkcs12_init.3,
+ doc/manpages/gnutls_pkcs12_set_bag.3,
+ doc/manpages/gnutls_pkcs12_verify_mac.3,
+ doc/manpages/gnutls_pkcs7_deinit.3,
+ doc/manpages/gnutls_pkcs7_delete_crl.3,
+ doc/manpages/gnutls_pkcs7_delete_crt.3,
+ doc/manpages/gnutls_pkcs7_export.3,
+ doc/manpages/gnutls_pkcs7_get_crl_count.3,
+ doc/manpages/gnutls_pkcs7_get_crl_raw.3,
+ doc/manpages/gnutls_pkcs7_get_crt_count.3,
+ doc/manpages/gnutls_pkcs7_get_crt_raw.3,
+ doc/manpages/gnutls_pkcs7_import.3,
+ doc/manpages/gnutls_pkcs7_init.3,
+ doc/manpages/gnutls_pkcs7_set_crl.3,
+ doc/manpages/gnutls_pkcs7_set_crl_raw.3,
+ doc/manpages/gnutls_pkcs7_set_crt.3,
+ doc/manpages/gnutls_pkcs7_set_crt_raw.3, doc/manpages/gnutls_prf.3,
+ doc/manpages/gnutls_prf_raw.3,
+ doc/manpages/gnutls_priority_deinit.3,
+ doc/manpages/gnutls_priority_init.3,
+ doc/manpages/gnutls_priority_set.3,
+ doc/manpages/gnutls_priority_set_direct.3,
+ doc/manpages/gnutls_privkey_decrypt_data.3,
+ doc/manpages/gnutls_privkey_deinit.3,
+ doc/manpages/gnutls_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_privkey_get_type.3,
+ doc/manpages/gnutls_privkey_import_ext.3,
+ doc/manpages/gnutls_privkey_import_openpgp.3,
+ doc/manpages/gnutls_privkey_import_pkcs11.3,
+ doc/manpages/gnutls_privkey_import_x509.3,
+ doc/manpages/gnutls_privkey_init.3,
+ doc/manpages/gnutls_privkey_sign_data.3,
+ doc/manpages/gnutls_privkey_sign_hash.3,
+ doc/manpages/gnutls_protocol_get_id.3,
+ doc/manpages/gnutls_protocol_get_name.3,
+ doc/manpages/gnutls_protocol_get_version.3,
+ doc/manpages/gnutls_protocol_list.3,
+ doc/manpages/gnutls_protocol_set_priority.3,
+ doc/manpages/gnutls_psk_allocate_client_credentials.3,
+ doc/manpages/gnutls_psk_allocate_server_credentials.3,
+ doc/manpages/gnutls_psk_client_get_hint.3,
+ doc/manpages/gnutls_psk_free_client_credentials.3,
+ doc/manpages/gnutls_psk_free_server_credentials.3,
+ doc/manpages/gnutls_psk_server_get_username.3,
+ doc/manpages/gnutls_psk_set_client_credentials.3,
+ doc/manpages/gnutls_psk_set_params_function.3,
+ doc/manpages/gnutls_psk_set_server_credentials_file.3,
+ doc/manpages/gnutls_psk_set_server_credentials_hint.3,
+ doc/manpages/gnutls_psk_set_server_dh_params.3,
+ doc/manpages/gnutls_psk_set_server_params_function.3,
+ doc/manpages/gnutls_pubkey_deinit.3,
+ doc/manpages/gnutls_pubkey_export.3,
+ doc/manpages/gnutls_pubkey_get_key_id.3,
+ doc/manpages/gnutls_pubkey_get_key_usage.3,
+ doc/manpages/gnutls_pubkey_get_openpgp_key_id.3,
+ doc/manpages/gnutls_pubkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3,
+ doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3,
+ doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3,
+ doc/manpages/gnutls_pubkey_get_verify_algorithm.3,
+ doc/manpages/gnutls_pubkey_import.3,
+ doc/manpages/gnutls_pubkey_import_dsa_raw.3,
+ doc/manpages/gnutls_pubkey_import_ecc_raw.3,
+ doc/manpages/gnutls_pubkey_import_ecc_x962.3,
+ doc/manpages/gnutls_pubkey_import_openpgp.3,
+ doc/manpages/gnutls_pubkey_import_pkcs11.3,
+ doc/manpages/gnutls_pubkey_import_pkcs11_url.3,
+ doc/manpages/gnutls_pubkey_import_privkey.3,
+ doc/manpages/gnutls_pubkey_import_rsa_raw.3,
+ doc/manpages/gnutls_pubkey_import_x509.3,
+ doc/manpages/gnutls_pubkey_init.3,
+ doc/manpages/gnutls_pubkey_set_key_usage.3,
+ doc/manpages/gnutls_pubkey_verify_data.3,
+ doc/manpages/gnutls_pubkey_verify_data2.3,
+ doc/manpages/gnutls_pubkey_verify_hash.3,
+ doc/manpages/gnutls_record_check_pending.3,
+ doc/manpages/gnutls_record_disable_padding.3,
+ doc/manpages/gnutls_record_get_direction.3,
+ doc/manpages/gnutls_record_get_discarded.3,
+ doc/manpages/gnutls_record_get_max_size.3,
+ doc/manpages/gnutls_record_recv.3,
+ doc/manpages/gnutls_record_recv_seq.3,
+ doc/manpages/gnutls_record_send.3,
+ doc/manpages/gnutls_record_set_max_size.3,
+ doc/manpages/gnutls_rehandshake.3, doc/manpages/gnutls_rnd.3,
+ doc/manpages/gnutls_rsa_export_get_modulus_bits.3,
+ doc/manpages/gnutls_rsa_export_get_pubkey.3,
+ doc/manpages/gnutls_rsa_params_cpy.3,
+ doc/manpages/gnutls_rsa_params_deinit.3,
+ doc/manpages/gnutls_rsa_params_export_pkcs1.3,
+ doc/manpages/gnutls_rsa_params_export_raw.3,
+ doc/manpages/gnutls_rsa_params_generate2.3,
+ doc/manpages/gnutls_rsa_params_import_pkcs1.3,
+ doc/manpages/gnutls_rsa_params_import_raw.3,
+ doc/manpages/gnutls_rsa_params_init.3,
+ doc/manpages/gnutls_safe_renegotiation_status.3,
+ doc/manpages/gnutls_sec_param_get_name.3,
+ doc/manpages/gnutls_sec_param_to_pk_bits.3,
+ doc/manpages/gnutls_server_name_get.3,
+ doc/manpages/gnutls_server_name_set.3,
+ doc/manpages/gnutls_session_channel_binding.3,
+ doc/manpages/gnutls_session_enable_compatibility_mode.3,
+ doc/manpages/gnutls_session_get_data.3,
+ doc/manpages/gnutls_session_get_data2.3,
+ doc/manpages/gnutls_session_get_id.3,
+ doc/manpages/gnutls_session_get_ptr.3,
+ doc/manpages/gnutls_session_is_resumed.3,
+ doc/manpages/gnutls_session_set_data.3,
+ doc/manpages/gnutls_session_set_ptr.3,
+ doc/manpages/gnutls_session_ticket_enable_client.3,
+ doc/manpages/gnutls_session_ticket_enable_server.3,
+ doc/manpages/gnutls_session_ticket_key_generate.3,
+ doc/manpages/gnutls_set_default_export_priority.3,
+ doc/manpages/gnutls_set_default_priority.3,
+ doc/manpages/gnutls_sign_algorithm_get_requested.3,
+ doc/manpages/gnutls_sign_callback_get.3,
+ doc/manpages/gnutls_sign_callback_set.3,
+ doc/manpages/gnutls_sign_get_id.3,
+ doc/manpages/gnutls_sign_get_name.3,
+ doc/manpages/gnutls_sign_list.3,
+ doc/manpages/gnutls_srp_allocate_client_credentials.3,
+ doc/manpages/gnutls_srp_allocate_server_credentials.3,
+ doc/manpages/gnutls_srp_base64_decode.3,
+ doc/manpages/gnutls_srp_base64_decode_alloc.3,
+ doc/manpages/gnutls_srp_base64_encode.3,
+ doc/manpages/gnutls_srp_base64_encode_alloc.3,
+ doc/manpages/gnutls_srp_free_client_credentials.3,
+ doc/manpages/gnutls_srp_free_server_credentials.3,
+ doc/manpages/gnutls_srp_server_get_username.3,
+ doc/manpages/gnutls_srp_set_client_credentials.3,
+ doc/manpages/gnutls_srp_set_prime_bits.3,
+ doc/manpages/gnutls_srp_set_server_credentials_file.3,
+ doc/manpages/gnutls_srp_verifier.3, doc/manpages/gnutls_strerror.3,
+ doc/manpages/gnutls_strerror_name.3,
+ doc/manpages/gnutls_supplemental_get_name.3,
+ doc/manpages/gnutls_transport_get_ptr.3,
+ doc/manpages/gnutls_transport_get_ptr2.3,
+ doc/manpages/gnutls_transport_set_errno.3,
+ doc/manpages/gnutls_transport_set_errno_function.3,
+ doc/manpages/gnutls_transport_set_ptr.3,
+ doc/manpages/gnutls_transport_set_ptr2.3,
+ doc/manpages/gnutls_transport_set_pull_function.3,
+ doc/manpages/gnutls_transport_set_pull_timeout_function.3,
+ doc/manpages/gnutls_transport_set_push_function.3,
+ doc/manpages/gnutls_transport_set_vec_push_function.3,
+ doc/manpages/gnutls_x509_crl_check_issuer.3,
+ doc/manpages/gnutls_x509_crl_deinit.3,
+ doc/manpages/gnutls_x509_crl_export.3,
+ doc/manpages/gnutls_x509_crl_get_authority_key_id.3,
+ doc/manpages/gnutls_x509_crl_get_crt_count.3,
+ doc/manpages/gnutls_x509_crl_get_crt_serial.3,
+ doc/manpages/gnutls_x509_crl_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crl_get_extension_data.3,
+ doc/manpages/gnutls_x509_crl_get_extension_info.3,
+ doc/manpages/gnutls_x509_crl_get_extension_oid.3,
+ doc/manpages/gnutls_x509_crl_get_issuer_dn.3,
+ doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crl_get_next_update.3,
+ doc/manpages/gnutls_x509_crl_get_number.3,
+ doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3,
+ doc/manpages/gnutls_x509_crl_get_signature.3,
+ doc/manpages/gnutls_x509_crl_get_signature_algorithm.3,
+ doc/manpages/gnutls_x509_crl_get_this_update.3,
+ doc/manpages/gnutls_x509_crl_get_version.3,
+ doc/manpages/gnutls_x509_crl_import.3,
+ doc/manpages/gnutls_x509_crl_init.3,
+ doc/manpages/gnutls_x509_crl_list_import.3,
+ doc/manpages/gnutls_x509_crl_list_import2.3,
+ doc/manpages/gnutls_x509_crl_print.3,
+ doc/manpages/gnutls_x509_crl_privkey_sign.3,
+ doc/manpages/gnutls_x509_crl_set_authority_key_id.3,
+ doc/manpages/gnutls_x509_crl_set_crt.3,
+ doc/manpages/gnutls_x509_crl_set_crt_serial.3,
+ doc/manpages/gnutls_x509_crl_set_next_update.3,
+ doc/manpages/gnutls_x509_crl_set_number.3,
+ doc/manpages/gnutls_x509_crl_set_this_update.3,
+ doc/manpages/gnutls_x509_crl_set_version.3,
+ doc/manpages/gnutls_x509_crl_sign.3,
+ doc/manpages/gnutls_x509_crl_sign2.3,
+ doc/manpages/gnutls_x509_crl_verify.3,
+ doc/manpages/gnutls_x509_crq_deinit.3,
+ doc/manpages/gnutls_x509_crq_export.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_data.3,
+ doc/manpages/gnutls_x509_crq_get_attribute_info.3,
+ doc/manpages/gnutls_x509_crq_get_basic_constraints.3,
+ doc/manpages/gnutls_x509_crq_get_challenge_password.3,
+ doc/manpages/gnutls_x509_crq_get_dn.3,
+ doc/manpages/gnutls_x509_crq_get_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crq_get_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crq_get_extension_data.3,
+ doc/manpages/gnutls_x509_crq_get_extension_info.3,
+ doc/manpages/gnutls_x509_crq_get_key_id.3,
+ doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3,
+ doc/manpages/gnutls_x509_crq_get_key_usage.3,
+ doc/manpages/gnutls_x509_crq_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_crq_get_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crq_get_version.3,
+ doc/manpages/gnutls_x509_crq_import.3,
+ doc/manpages/gnutls_x509_crq_init.3,
+ doc/manpages/gnutls_x509_crq_print.3,
+ doc/manpages/gnutls_x509_crq_privkey_sign.3,
+ doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3,
+ doc/manpages/gnutls_x509_crq_set_basic_constraints.3,
+ doc/manpages/gnutls_x509_crq_set_challenge_password.3,
+ doc/manpages/gnutls_x509_crq_set_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crq_set_key.3,
+ doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3,
+ doc/manpages/gnutls_x509_crq_set_key_usage.3,
+ doc/manpages/gnutls_x509_crq_set_pubkey.3,
+ doc/manpages/gnutls_x509_crq_set_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crq_set_version.3,
+ doc/manpages/gnutls_x509_crq_sign.3,
+ doc/manpages/gnutls_x509_crq_sign2.3,
+ doc/manpages/gnutls_x509_crq_verify.3,
+ doc/manpages/gnutls_x509_crt_check_hostname.3,
+ doc/manpages/gnutls_x509_crt_check_issuer.3,
+ doc/manpages/gnutls_x509_crt_check_revocation.3,
+ doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_deinit.3,
+ doc/manpages/gnutls_x509_crt_export.3,
+ doc/manpages/gnutls_x509_crt_get_activation_time.3,
+ doc/manpages/gnutls_x509_crt_get_authority_info_access.3,
+ doc/manpages/gnutls_x509_crt_get_authority_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_basic_constraints.3,
+ doc/manpages/gnutls_x509_crt_get_ca_status.3,
+ doc/manpages/gnutls_x509_crt_get_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_get_dn.3,
+ doc/manpages/gnutls_x509_crt_get_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_dn_oid.3,
+ doc/manpages/gnutls_x509_crt_get_expiration_time.3,
+ doc/manpages/gnutls_x509_crt_get_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_extension_data.3,
+ doc/manpages/gnutls_x509_crt_get_extension_info.3,
+ doc/manpages/gnutls_x509_crt_get_extension_oid.3,
+ doc/manpages/gnutls_x509_crt_get_fingerprint.3,
+ doc/manpages/gnutls_x509_crt_get_issuer.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3,
+ doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3,
+ doc/manpages/gnutls_x509_crt_get_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crt_get_key_usage.3,
+ doc/manpages/gnutls_x509_crt_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3,
+ doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3,
+ doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_proxy.3,
+ doc/manpages/gnutls_x509_crt_get_raw_dn.3,
+ doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3,
+ doc/manpages/gnutls_x509_crt_get_serial.3,
+ doc/manpages/gnutls_x509_crt_get_signature.3,
+ doc/manpages/gnutls_x509_crt_get_signature_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_subject.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3,
+ doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3,
+ doc/manpages/gnutls_x509_crt_get_subject_key_id.3,
+ doc/manpages/gnutls_x509_crt_get_subject_unique_id.3,
+ doc/manpages/gnutls_x509_crt_get_verify_algorithm.3,
+ doc/manpages/gnutls_x509_crt_get_version.3,
+ doc/manpages/gnutls_x509_crt_import.3,
+ doc/manpages/gnutls_x509_crt_import_pkcs11.3,
+ doc/manpages/gnutls_x509_crt_import_pkcs11_url.3,
+ doc/manpages/gnutls_x509_crt_init.3,
+ doc/manpages/gnutls_x509_crt_list_import.3,
+ doc/manpages/gnutls_x509_crt_list_import2.3,
+ doc/manpages/gnutls_x509_crt_list_import_pkcs11.3,
+ doc/manpages/gnutls_x509_crt_list_verify.3,
+ doc/manpages/gnutls_x509_crt_print.3,
+ doc/manpages/gnutls_x509_crt_privkey_sign.3,
+ doc/manpages/gnutls_x509_crt_set_activation_time.3,
+ doc/manpages/gnutls_x509_crt_set_authority_key_id.3,
+ doc/manpages/gnutls_x509_crt_set_basic_constraints.3,
+ doc/manpages/gnutls_x509_crt_set_ca_status.3,
+ doc/manpages/gnutls_x509_crt_set_crl_dist_points.3,
+ doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3,
+ doc/manpages/gnutls_x509_crt_set_crq.3,
+ doc/manpages/gnutls_x509_crt_set_crq_extensions.3,
+ doc/manpages/gnutls_x509_crt_set_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_expiration_time.3,
+ doc/manpages/gnutls_x509_crt_set_extension_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3,
+ doc/manpages/gnutls_x509_crt_set_key.3,
+ doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3,
+ doc/manpages/gnutls_x509_crt_set_key_usage.3,
+ doc/manpages/gnutls_x509_crt_set_proxy.3,
+ doc/manpages/gnutls_x509_crt_set_proxy_dn.3,
+ doc/manpages/gnutls_x509_crt_set_pubkey.3,
+ doc/manpages/gnutls_x509_crt_set_serial.3,
+ doc/manpages/gnutls_x509_crt_set_subject_alt_name.3,
+ doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3,
+ doc/manpages/gnutls_x509_crt_set_subject_key_id.3,
+ doc/manpages/gnutls_x509_crt_set_version.3,
+ doc/manpages/gnutls_x509_crt_sign.3,
+ doc/manpages/gnutls_x509_crt_sign2.3,
+ doc/manpages/gnutls_x509_crt_verify.3,
+ doc/manpages/gnutls_x509_crt_verify_data.3,
+ doc/manpages/gnutls_x509_crt_verify_hash.3,
+ doc/manpages/gnutls_x509_dn_deinit.3,
+ doc/manpages/gnutls_x509_dn_export.3,
+ doc/manpages/gnutls_x509_dn_get_rdn_ava.3,
+ doc/manpages/gnutls_x509_dn_import.3,
+ doc/manpages/gnutls_x509_dn_init.3,
+ doc/manpages/gnutls_x509_dn_oid_known.3,
+ doc/manpages/gnutls_x509_privkey_cpy.3,
+ doc/manpages/gnutls_x509_privkey_deinit.3,
+ doc/manpages/gnutls_x509_privkey_export.3,
+ doc/manpages/gnutls_x509_privkey_export_dsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_ecc_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_pkcs8.3,
+ doc/manpages/gnutls_x509_privkey_export_rsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3,
+ doc/manpages/gnutls_x509_privkey_fix.3,
+ doc/manpages/gnutls_x509_privkey_generate.3,
+ doc/manpages/gnutls_x509_privkey_get_key_id.3,
+ doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3,
+ doc/manpages/gnutls_x509_privkey_import.3,
+ doc/manpages/gnutls_x509_privkey_import_dsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_ecc_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_pkcs8.3,
+ doc/manpages/gnutls_x509_privkey_import_rsa_raw.3,
+ doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3,
+ doc/manpages/gnutls_x509_privkey_init.3,
+ doc/manpages/gnutls_x509_privkey_sec_param.3,
+ doc/manpages/gnutls_x509_privkey_sign_data.3,
+ doc/manpages/gnutls_x509_privkey_sign_hash.3,
+ doc/manpages/gnutls_x509_privkey_verify_params.3,
+ doc/manpages/gnutls_x509_rdn_get.3,
+ doc/manpages/gnutls_x509_rdn_get_by_oid.3,
+ doc/manpages/gnutls_x509_rdn_get_oid.3,
+ doc/manpages/gnutls_x509_trust_list_add_cas.3,
+ doc/manpages/gnutls_x509_trust_list_add_crls.3,
+ doc/manpages/gnutls_x509_trust_list_add_named_crt.3,
+ doc/manpages/gnutls_x509_trust_list_deinit.3,
+ doc/manpages/gnutls_x509_trust_list_get_issuer.3,
+ doc/manpages/gnutls_x509_trust_list_init.3,
+ doc/manpages/gnutls_x509_trust_list_verify_crt.3,
+ doc/manpages/gnutls_x509_trust_list_verify_named_crt.3,
+ doc/scripts/getfuncs.pl, lib/gnutls_cert.c, lib/gnutls_str.c: Added
+ a more robust manpage generation method.
+
+2011-11-19 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c:
+ updated/fixed SRP and PSK examples.
+
+2011-11-18 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth/cert.c: updated client certificate signature algorithm
+ indication, to allow holding 3 algorithms.
+
+2011-11-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * cfg.mk: use texi2html to generate documentation
+
+2011-11-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/scripts/gdoc: corrected texinfo and manpage generation of
+ documentation.
+
+2011-11-17 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_record.c: count all discarded packets as dropped.
+
+2011-11-15 Martin Storsjo <address@hidden>
+
+ * extra/Makefile.am, lib/Makefile.am: Add dependencies from the def
+ files to the libraries that generate them This avoids build failures in
parallel builds, where builds could
+ fail with this error message: make[2]: *** No rule to make target
`libgnutls-26.def', needed by
+ `all-am'. Stop. There is no direct rules that generate it, but it is
generated as a
+ byproduct when building libgnutls.la. By marking the la file as a
+ dependency, make won't bail out by not finding the file until that
+ dependency is built, and at that point, the def file exists.
Signed-off-by: Simon Josefsson <address@hidden>
+
+2011-11-13 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
+ doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
+ doc/cha-gtls-examples.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
+ doc/latex/.gitignore, doc/latex/Makefile.am, doc/latex/gnutls.tex,
+ doc/scripts/mytexi2latex: reorganized documentation
+
+2011-11-13 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
+ lib/accelerated/x86/asm-coff/padlock-x86-coff.s,
+ lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86.s,
+ lib/accelerated/x86/asm/cpuid-x86-64.s,
+ lib/accelerated/x86/asm/cpuid-x86.s,
+ lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: Commited new assembler files.
+
+2011-11-13 Nikos Mavrogiannopoulos <address@hidden>
+
+ * cfg.mk, devel/perlasm/aesni-x86.pl,
+ devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
+ devel/perlasm/cpuid-x86.pl, devel/perlasm/cpuid-x86_64.pl,
+ devel/perlasm/e_padlock-x86.pl, devel/perlasm/e_padlock-x86_64.pl,
+ devel/perlasm/ghash-x86.pl, devel/perlasm/ghash-x86_64.pl,
+ devel/perlasm/license-gnutls.txt, devel/perlasm/license.txt,
+ devel/perlasm/ppc-xlate.pl, devel/perlasm/readme,
+ devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
+ devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
+ devel/perlasm/x86nasm.pl: Added rules to auto-generate the assembler
+ files.
-2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-bib.texi, doc/latex/gnutls.bib: bibliography updated
+ * .gitignore: more files to ignore
-2011-08-22 Andreas Metzler <address@hidden>
+2011-11-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/libgnutls.map: Export export_gnutls_openpgp_privkey_sign_hash.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-cert-auth.texi: updated
-2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c, lib/system.c: AIX check moved to system.c.
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-programs.texi,
+ doc/gnutls.texi: Tools are discussed in the relevant chapters and
+ sections.
-2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Nikos Mavrogiannopoulos <address@hidden>
- * src/crywrap/crywrap.c: Handle memory allocation errors.
+ * NEWS: released 3.0.8
-2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Simon Josefsson <address@hidden>
- * doc/manpages/Makefile.am, doc/manpages/crywrap.8: The crywrap
- manpage was removed due to license reasons.
+ * configure.ac: Add tests/slow/Makfile and sort config files.
-2011-08-22 Ludovic Courtès <address@hidden>
+2011-11-12 Simon Josefsson <address@hidden>
- * guile/tests/priorities.scm: guile: Fix `priorities' test to use
- `run-test'. This is a followup to commit
- cd7b8102316cd4151356c4b2b7909c7435593890 ("guile: Fix tests to match
- the `exit' behavior introduced in Guile 2.0.1.").
+ * cfg.mk: Fix wordwrap.
-2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Simon Josefsson <address@hidden>
- * src/crywrap/Makefile.am: include README to distribution.
+ * lib/x509/verify-high.c, lib/x509/verify-high.h: Don't export
+ verify-high structs internally.
-2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_ui.c: documentation fixes.
+ * cfg.mk: document the gpl modules used by gnulib
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/cha-internals.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/scripts/mytexi2latex: Use texinfo's word break.
+ * tests/Makefile.am, tests/gendh.c, tests/keygen.c,
+ tests/slow/Makefile.am, tests/slow/README, tests/slow/gendh.c,
+ tests/slow/keygen.c: slow tests are not being run using valgrind
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, m4/hooks.m4: updated for release
+ * tests/ecdsa/Makefile.am: distribute pem file
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * src/crywrap/Makefile.am: Added missing file
+ * tests/ecdsa/bad-key.pem, tests/ecdsa/ecdsa: Added test to detect a
+ wrong ECDSA key.
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
- po/uk.po.in: Sync with TP.
+ * lib/gnutls_errors.h, lib/gnutls_int.h: define likely() and
+ unlikely() and use them to prevent debugging code from being
+ prioritized in branch prediction.
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am: corrected typo
+ * .gitignore: more files to ignore
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Added hack for AIX systems that may not set
- errno property on EAGAIN.
+ * NEWS, m4/hooks.m4: bumped library version and documented updates.
-2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-cert-select-pkcs11.c: simplified PKCS #11 token
- example.
+ * lib/crypto-backend.h, lib/gnutls_errors.c, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
+ lib/x509/privkey.c, src/certtool.c, tests/Makefile.am,
+ tests/keygen.c: Added gnutls_x509_privkey_verify_params() which
+ verifies the parameters of a private key. Added test case for
+ private key generation.
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
- lib/gnutls_record.c, lib/system_override.c: documentation updates
+ * src/certtool-cfg.c, src/certtool-common.c, src/certtool.c,
+ src/psk.c, src/srptool.c, src/tests.c, src/tls_test.c: simplified
+ copyright years.
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: updated ignored files.
+ * configure.ac, m4/hooks.m4: bumped library versions
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * tests/resume.c: Corrected session resumption test.
+ * doc/cha-cert-auth.texi, doc/scripts/mytexi2latex,
+ lib/x509/crl_write.c: Added documentation on revocation lists.
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * tests/utils.c: Avoid using vfprintf() and use a combination of
- vsnprintf and fputs instead. My gnulib has issues with them.
+ * tests/suite/chain: account for error code 1 in certtool.
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * gl/Makefile.am, gl/m4/gnulib-cache.m4: added vfprintf-posix
- (needed by tests)
+ * NEWS: document updates
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: depend on p11-kit 0.4+.
+ * lib/gnutls_cipher.c: Reduce pad.
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/Makefile.am, lib/auth/cert.c, lib/auth/cert.h,
- lib/gnutls_cert.c, lib/gnutls_str_array.h, lib/gnutls_x509.c,
- lib/openpgp/gnutls_openpgp.c: Removed the limitation of one name per
- certificate.
+ * configure.ac: added missing dir
-2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi: rephrased text on anonymous authentication.
+ * lib/gnutls_int.h, lib/gnutls_record.c: Revert "periodically print
+ messages that might be used in timing attacks." This reverts commit
a333d71762903ff5b716d1e3967017b1baf61bd2.
-2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-programs.texi: small update in psktool
+ * lib/gnutls_state.c: Revert "dropped packets are also reported on
+ gnutls_deinit() to ensure that they are not lost." This reverts commit
41a73fb4a147dc4773d4b546d5d8b5cfdae255d9.
-2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: updated crywrap
+ * NEWS: updated
-2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented changes
+ * lib/gnutls_cipher.c: provide less timing information during packet
+ MAC verification.
-2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
- lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
- lib/openpgp/gnutls_openpgp.c: gnutls_certificate_set_x509_key_file()
- and friends support server name indication. If multiple
- certificates are set using this function the proper one will be
- selected during a handshake, with the limitation of a single name
- per certificate.
+ * tests/ecdsa/ecdsa: silence test
-2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/x509.c: Documentation fixes.
+ * lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_pubkey.c,
+ lib/nettle/pk.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
+ lib/x509/key_encode.c, lib/x509/privkey.c: Corrected ECC key
+ generation.
-2011-08-17 Simon Josefsson <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk, src/crywrap/crywrap.c: Fix syntax-check nits.
+ * src/certtool.c: fail on certificate verification
-2011-08-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/algorithms/ciphers.c: Added AES-256-GCM. Reported by
- Benjamin Hof.
+ * tests/Makefile.am, tests/ecdsa/Makefile.am, tests/ecdsa/ecdsa:
+ Added ECDSA key generation, signing and verification tests.
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented fix
+ * src/certtool.c: verify the self signature of a CRQ when --crq-info
+ parameter is given.
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/p11common.c:
- Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously
- given PIN is wrong.
+ * lib/x509/verify-high.h: Add verify-high.h, to export some structs
+ (for OCSP).
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * NEWS: documented fix
+ * lib/algorithms.h, lib/algorithms/mac.c: Add explicit digest
+ mapping functions (for OCSP).
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * doc/cha-programs.texi: some discussion on tokens.
+ * lib/x509/Makefile.am, lib/x509/verify-high.c: Make verify-high
+ structures internally accessible (for OCSP).
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * lib/pkcs11.c: Corrected issue when asking multiple times for PIN.
+ * lib/libgnutls.map: Indent.
-2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * configure.ac: corrected configure test
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/extensions.c: Make
+ more functions available internally (for OCSP).
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * src/crywrap/crywrap.c: dhparams have now the 'r' option.
+ * lib/gnutls_str.c, lib/gnutls_str.h, lib/x509/output.c: Make
+ asciiprint a globally available function.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Simon Josefsson <address@hidden>
- * src/crywrap/crywrap.c: use audit_log
+ * .gitignore: Add.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * src/crywrap/crywrap.c, src/crywrap/crywrap.h: removed unneeded
- defintions.
+ * lib/gnutls_state.c: dropped packets are also reported on
+ gnutls_deinit() to ensure that they are not lost.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-10 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: unload_file was modified to accept a pointer.
+ * lib/gnutls_int.h, lib/gnutls_record.c: periodically print messages
+ that might be used in timing attacks.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/crywrap/Makefile.am, src/crywrap/crywrap.c: corrected
- child process cleanup and added option to specify diffie hellman
- parameters file.
+ * COPYING.LESSER, lib/COPYING: LGPLv3 license was moved to root.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * .gitignore: more files to ignore
+ * configure.ac, doc/reference/gnutls-docs.sgml,
+ doc/reference/version.xml.in: Update gtk-doc template.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/crywrap.8, src/crywrap/crywrap.c,
- src/crywrap/crywrap.h: Corrected crywrap's verification procedure.
+ * doc/cha-gtls-app.texi: updated
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * src/serv.c: use gnutls_sec_param_to_pk_bits() for DH parameter
- generation.
+ * lib/includes/gnutls/pkcs11.h: Remove redundant const keyword in
+ (confuses gtk-doc parser).
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * .gitignore, configure.ac, doc/manpages/Makefile.am,
- doc/manpages/crywrap.8, gl/Makefile.am, gl/alphasort.c,
- gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
- gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
- gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
- gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/basename-lgpl.c,
- gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h,
- gl/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseeko.c, gl/fseterr.c,
- gl/fseterr.h, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c,
- gl/getopt_int.h, gl/getsubopt.c, gl/isnan.c, gl/isnand-nolibm.h,
- gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
- gl/isnanl.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/dirent_h.m4,
- gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
- gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/exponentd.m4,
- gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
- gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getopt.m4,
- gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
- gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
- gl/m4/lstat.m4, gl/m4/malloca.m4, gl/m4/math_h.m4,
- gl/m4/mempcpy.m4, gl/m4/mode_t.m4, gl/m4/nocrash.m4, gl/m4/open.m4,
- gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/putenv.m4,
- gl/m4/rawmemchr.m4, gl/m4/scandir.m4, gl/m4/setenv.m4,
- gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4,
- gl/m4/strchrnul.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
- gl/m4/symlink.m4, gl/m4/sysexits.m4, gl/m4/vfprintf-posix.m4,
- gl/m4/vprintf-posix.m4, gl/math.in.h, gl/mempcpy.c,
- gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c,
- gl/printf-frexpl.h, gl/rawmemchr.c, gl/rawmemchr.valgrind,
- gl/scandir.c, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
- gl/sleep.c, gl/strchrnul.c, gl/strchrnul.valgrind, gl/stripslash.c,
- gl/strndup.c, gl/strnlen.c, gl/sysexits.in.h, gl/tests/Makefile.am,
- gl/tests/dummy.c, gl/tests/dup2.c, gl/tests/fpucw.h,
- gl/tests/getcwd-lgpl.c, gl/tests/ignore-value.h, gl/tests/lstat.c,
- gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind,
- gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
- gl/tests/putenv.c, gl/tests/same-inode.h, gl/tests/setenv.c,
- gl/tests/stat.c, gl/tests/symlink.c, gl/tests/test-argp-2.sh,
- gl/tests/test-argp.c, gl/tests/test-dirent.c, gl/tests/test-dup2.c,
- gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
- gl/tests/test-frexp.c, gl/tests/test-frexpl.c,
- gl/tests/test-fseeko3.c, gl/tests/test-fseeko3.sh,
- gl/tests/test-fseterr.c, gl/tests/test-getcwd-lgpl.c,
- gl/tests/test-getopt.c, gl/tests/test-getopt.h,
- gl/tests/test-getopt_long.h, gl/tests/test-ignore-value.c,
- gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
- gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
- gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
- gl/tests/test-lstat.c, gl/tests/test-lstat.h,
- gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
- gl/tests/test-math.c, gl/tests/test-open.c, gl/tests/test-open.h,
- gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
- gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
- gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
- gl/tests/test-signbit.c, gl/tests/test-sleep.c,
- gl/tests/test-stat.c, gl/tests/test-stat.h,
- gl/tests/test-strchrnul.c, gl/tests/test-strnlen.c,
- gl/tests/test-symlink.c, gl/tests/test-symlink.h,
- gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
- gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
- gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
- gl/tests/unsetenv.c, gl/vfprintf.c, gl/vprintf.c, m4/hooks.m4,
- src/Makefile.am, src/crywrap/Makefile.am, src/crywrap/README,
- src/crywrap/crywrap.c, src/crywrap/crywrap.h, src/crywrap/primes.h:
- Added crywrap to the distributed programs.
+ * README-alpha: Mention libidn dependency for crywrap.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/.gitignore: files to ignore
+ * lib/gnutls_pubkey.c: Don't crash if gnutls_pubkey_deinit is given
+ a NULL key.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-internals.texi: doc updates
+ * lib/x509_b64.c, lib/x509_b64.h: Remove dead code and use more
+ static.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi,
- doc/cha-ciphersuites.texi, doc/cha-errors.texi,
- doc/cha-functions.texi, doc/cha-gtls-app.texi,
- doc/cha-internals.texi, doc/cha-intro-tls.texi,
- doc/cha-library.texi, doc/cha-support.texi: do not use capitals in
- index names.
+ * cfg.mk: Fix code coverage rules.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * .gitignore, doc/latex/.gitignore: more files to ignore.
+ * .gitignore: Ignore coverage related stuff.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * NEWS, lib/pkcs11.c: If a module is dlopened twice, then
- deinitialize the second load.
+ * configure.ac, lib/Makefile.am: Don't add p11-kit to CFLAGS/LIBS
+ globally, just where it is needed.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
- doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_record.c:
- documentation updates
+ * doc/cyclo/Makefile.am: The build rule didn't really work before,
+ now fixed. Update copyright years.
-2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-library.texi: memory handling section is no longer
- applicable
+ * .gitignore: Remove unneeded stuff.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: Added discussion on DTLS functionality
+ * lib/debug.c: enable _gnutls_dump_mpi() when debugging.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-programs.texi, doc/cha-support.texi, doc/cha-tls-app.texi:
- corrected typos
+ * lib/debug.c, lib/debug.h: Revert "Remove dead code." This reverts
commit e5d8a79fcc429902e8fb9b7cec91d66b965df5bb.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: updated openssl text
+ * configure.ac, lib/Makefile.am, lib/gcrypt/Makefile.am,
+ lib/gcrypt/cipher.c, lib/gcrypt/init.c, lib/gcrypt/mac.c,
+ lib/gcrypt/mpi.c, lib/gcrypt/pk.c, lib/gcrypt/rnd.c: No need to
+ distribute the libgcrypt backend (which cannot even be compiled).
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: correct typos
+ * lib/accelerated/x86/README: updated to include padlock.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/gnutls-cli.1: do not escape \#
+ * lib/nettle/cipher.c, lib/nettle/mac.c: release allocated memory on
+ a cipher or mac failure to initialize.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: more updates
+ * doc/cha-gtls-app.texi: clarified usage of
+ gnutls_record_check_pending().
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-bib.texi, doc/cha-preface.texi, doc/latex/gnutls.bib:
- Added reference to anderson's book
+ * lib/debug.c, lib/debug.h: Remove dead code.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
- doc/gnutls-certificate-user-use-case.eps,
- doc/gnutls-extensions.eps, doc/gnutls.texi,
- doc/scripts/mytexi2latex, lib/x509/crl_write.c, lib/x509/crq.c,
- lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c:
- Internals section updated.
+ * .gitignore: Sort and add.
-2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/examples/ex-crq.c,
- lib/gnutls_pubkey.c, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/x509.h, lib/pkcs11.c, lib/pkcs11_write.c,
- lib/x509/crq.c: Documentation updates. gnutls_x509_crq_sign2() and
- gnutls_x509_crl_sign2() were removed from the deprecate list to ease
- generation of crl and crq structures.
+ * lib/gnutls_db.c, lib/gnutls_db.h: Remove some redundant prototypes
+ and use more static.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/alert-printlist.c, doc/cha-intro-tls.texi,
- doc/cha-library.texi, doc/cha-programs.texi, doc/errcodes.c,
- doc/printlist.c: updates
+ * lib/gnutls_db.c, lib/gnutls_db.h: Simplify redundant code.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/latex/gnutls.tex: changed paper size.
+ * build-aux/pmccabe2html, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4: Add pmccabe2html gnulib module.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * lib/gnutls_global.c: doc update
+ * gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
+ gl/override/lib/memxor.h.diff: Remove obsolete files.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: reduced
- space taken by descriptions.
+ * configure.ac, gl/override/lib/read-file.c.diff,
+ gl/override/lib/read-file.h.diff,
+ gl/override/tests/test-read-file.c.diff, gl/read-file.c,
+ gl/read-file.h, gl/tests/test-read-file.c, lib/gnutls_x509.c,
+ lib/openpgp/gnutls_openpgp.c, src/certtool-common.c,
+ src/certtool.c, src/cli.c, src/crywrap/crywrap.c: Simplify static
+ library renaming hack.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: more updates.
+ * tests/suite/Makefile.am: Cleanup and fix authorship notice (I
+ didn't write this file).
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * NEWS: documented fixes
+ * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
+ tests/suite/testcompat-main, tests/suite/testsrn: Fix
+ srcdir!=builddir builds.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-09 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h:
- Force alignment for AES-NI to the runtime rather than on the
- structures. Corrects issue on some systems (reported by Andreas
- Radke).
+ * Makefile.am: Allow distcheck to work, the suppressions.valgrind
+ file caused problems.
-2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
- doc/cha-library.texi, lib/system_override.c: Added session
- initialization discussion
+ * doc/Makefile.am: enums.texi: Look in builddir too for gnutls.h.
-2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * doc/cha-cert-auth.texi: more updates
+ * NEWS, doc/manpages/Makefile.am: doc: man pages for API functions
+ were removed.
-2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * doc/cha-auth.texi, doc/cha-gtls-app.texi, lib/gnutls_psk.c,
- lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: updated
- documentation
+ * GNUmakefile, gl/Makefile.am, gl/alignof.h, gl/argp-parse.c,
+ gl/closedir.c, gl/m4/gnulib-comp.m4, gl/m4/math_h.m4,
+ gl/m4/stdalign.m4, gl/math.in.h, gl/stdalign.in.h, gl/stdlib.in.h,
+ gl/sys_socket.in.h, gl/tests/Makefile.am, gl/tests/putenv.c,
+ gl/tests/test-stdalign.c, maint.mk: Update gnulib files.
-2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/pkcs11.c: document flags
+ * cfg.mk: Improve syntax-check rules.
-2011-08-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * NEWS: corrected typo
+ * tests/Makefile.am: Re-indent.
-2011-08-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/README: removed reference to pakchois
+ * doc/Makefile.am: Fix syntax-check whitespace nit.
-2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/pkcs11.c: Prevent from loading twice the same module.
+ * configure.ac: Fix portability quirk.
-2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86.s: Added note.GNU-stack to
- prevent marking the library as using an executable stack. Reported
- by Andreas Metzler.
+ * tests/rsa-md5-collision/README: Fix 'the the' double use.
-2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * configure.ac: bumped version
+ * lib/accelerated/x86/hmac-padlock.c: Remove unneeded assert.h
+ inclusion.
-2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/asm/appro-aes-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86.s: Included appro's updates
- to AES-NI.
+ * .gitattributes: Drop unneeded .gitattributes.
-2011-08-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/auth/cert.c: better placement of ifdefs.
+ * doc/reference/Makefile.am, gtk-doc.make: Update gtk-doc files.
-2011-08-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
- doc/gnutls-extensions.eps, doc/gnutls-extensions_st.eps,
- doc/gnutls-mod_auth_st.eps, doc/gnutls-modauth.eps,
- doc/latex/Makefile.am, doc/latex/gnutls.tex,
- doc/scripts/mytexi2latex: Added discussion of the provided
- cryptographic functions. Internals is now included in the latex
- document (needs rewrite though)
+ * doc/reference/gnutls-docs.sgml: Drop openssl API from GnuTLS API
+ manual to avoid build errors.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/Makefile.am, lib/accelerated/Makefile.am,
- lib/accelerated/accelerated.c, lib/accelerated/cryptodev.c,
- lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/aes-gcm-x86.c,
- lib/accelerated/intel/aes-x86.c, lib/algorithms.h,
- lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
- lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
- lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
- lib/algorithms/protocols.c, lib/algorithms/publickey.c,
- lib/algorithms/secparams.c, lib/algorithms/sign.c,
- lib/auth/Makefile.am, lib/auth/anon.c, lib/auth/anon.h,
- lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h,
- lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
- lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
- lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c,
- lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c,
- lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c,
- lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
- lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h,
- lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
- lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
- lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
- lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
- lib/ext/server_name.c, lib/ext/server_name.h,
- lib/ext/session_ticket.c, lib/ext/session_ticket.h,
- lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
- lib/ext/srp.h, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
- lib/gcrypt/init.c, lib/gcrypt/mac.c, lib/gcrypt/mpi.c,
- lib/gcrypt/pk.c, lib/gcrypt/rnd.c, lib/gnutls_alert.c,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
- lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
- lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
- lib/gnutls_compress.h, lib/gnutls_constate.c,
- lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
- lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
- lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
- lib/gnutls_ecc.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
- lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
- lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h,
- lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c,
- lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c,
- lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c,
- lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
- lib/gnutls_record.h, lib/gnutls_rsa_export.c,
- lib/gnutls_rsa_export.h, lib/gnutls_session.c,
- lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
- lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
- lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
- lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
- lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
- lib/hash.c, lib/includes/Makefile.am,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
- lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
- lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/libgnutlsxx.map, lib/locks.c,
- lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
- lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
- lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
- lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
- lib/nettle/rnd.c, lib/opencdk/Makefile.am, lib/opencdk/armor.c,
- lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
- lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
- lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
- lib/opencdk/packet.h, lib/opencdk/pubkey.c,
- lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
- lib/opencdk/sig-check.c, lib/opencdk/stream.c,
- lib/opencdk/stream.h, lib/opencdk/types.h,
- lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
- lib/openpgp/compat.c, lib/openpgp/extras.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
- lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
- lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
- lib/pkcs11_write.c, lib/random.c, lib/random.h, lib/system.c,
- lib/system_override.c, lib/x509/Makefile.am, lib/x509/common.c,
- lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
- lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
- lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
- lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
- lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
- lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c,
- lib/x509_b64.h: Clarify license and copyright.
+ * doc/reference/Makefile.am: Drop more extra stuff.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * README: Clarify licensing.
+ * extra/gnutls-extra.pc.in, extra/libgnutls-extra.map: Remove
+ obsolete libgnutls-extra stuff.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/AUTHORS, lib/ChangeLog, lib/NEWS, lib/autogen.sh,
- lib/build-aux/arg-nonnull.h, lib/build-aux/c++defs.h,
- lib/build-aux/config.rpath, lib/build-aux/warn-on-use.h,
- libextra/AUTHORS, libextra/COPYING, libextra/ChangeLog,
- libextra/NEWS, libextra/README, libextra/build-aux/config.rpath:
- Remove unused files.
+ * doc/examples/verify.c: Include examples.h to get
+ verify_certificate_callback prototype.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * libextra/includes/gnutls/extra.h: Finish removal of inner
- application extension support.
+ * doc/reference/Makefile.am: Improve header ignoring.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * lib/includes/gnutls/abstract.h, lib/includes/gnutls/dtls.h: More
- GTK-DOC fixes.
+ * configure.ac: Use gettext 0.18 to avoid build error.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * .x-sc_GPL_version, .x-sc_avoid_if_before_free,
- .x-sc_bindtextdomain, .x-sc_cast_of_alloca_return_value,
- .x-sc_cast_of_argument_to_free, .x-sc_file_system,
- .x-sc_m4_quote_check, .x-sc_makefile_check, .x-sc_program_name,
- .x-sc_prohibit_HAVE_MBRTOWC, .x-sc_prohibit_S_IS_definition,
- .x-sc_prohibit_empty_lines_at_EOF,
- .x-sc_prohibit_strings_without_use, .x-sc_space_tab, .x-sc_the_the,
- .x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens,
- GNUmakefile, THANKS, build-aux/arg-nonnull.h, build-aux/c++defs.h,
- build-aux/config.rpath, build-aux/snippet/_Noreturn.h,
- build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
- build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
- build-aux/vc-list-files, build-aux/warn-on-use.h, cfg.mk,
- configure.ac, doc/Makefile.am, gl/Makefile.am, gl/alignof.h,
- gl/alloca.c, gl/errno.in.h, gl/error.c, gl/float.c, gl/float.in.h,
- gl/fseek.c, gl/fseeko.c, gl/ftell.c, gl/intprops.h,
- gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
- gl/m4/extensions.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
- gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
- gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4,
- gl/m4/getpass.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
- gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
- gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/include_next.m4,
- gl/m4/largefile.m4, gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/md5.m4,
- gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/memxor.m4,
- gl/m4/mmap-anon.m4, gl/m4/po.m4, gl/m4/printf.m4,
- gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/snprintf.m4,
- gl/m4/strcase.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
- gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
- gl/m4/time_r.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
- gl/m4/warnings.m4, gl/netdb.in.h, gl/netinet_in.in.h,
- gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h,
- gl/stdlib.in.h, gl/strerror-override.c, gl/strerror-override.h,
- gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/sys_socket.in.h,
- gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_uio.in.h,
- gl/tests/Makefile.am, gl/tests/fcntl.in.h, gl/tests/fpucw.h,
- gl/tests/init.sh, gl/tests/macros.h, gl/tests/test-float.c,
- gl/tests/test-fseek.c, gl/tests/test-fseek.sh,
- gl/tests/test-fseek2.sh, gl/tests/test-ftell.c,
- gl/tests/test-ftell.sh, gl/tests/test-ftell2.sh,
- gl/tests/test-ftell3.c, gl/tests/test-intprops.c,
- gl/tests/test-snprintf.c, gl/tests/test-strerror.c,
- gl/tests/test-vc-list-files-cvs.sh,
- gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
- gl/tests/test-vsnprintf.c, gl/time.in.h, gl/timespec.h,
- gl/unistd.in.h, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
- lib/hash.c, lib/pkcs11_privkey.c, maint.mk, src/benchmark-cipher.c,
- src/certtool.c, src/cli.c, src/serv.c, tests/Makefile.am,
- tests/scripts/common.sh: Update gnulib files. Fix syntax-check
- usage.
+ * lib/nettle/ecc_mulmod.c: Fix compile warnings.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Simon Josefsson <address@hidden>
- * NEWS, README: Add NEWS entries. Use copyright ranges (now
- permitted).
+ * po/it.po.in: Sync with TP.
-2011-08-03 Simon Josefsson <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * po/LINGUAS, po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in,
- po/sv.po.in, po/uk.po.in: Sync with TP.
+ * NEWS, configure.ac, m4/hooks.m4: released 3.0.7
-2011-08-02 Simon Josefsson <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am, doc/reference/Makefile.am,
- doc/reference/gnutls-docs.sgml, lib/algorithms/secparams.c,
- lib/crypto-api.c, lib/gnutls_cert.c, lib/gnutls_db.c,
- lib/gnutls_global.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/pkcs11.h, lib/locks.c, lib/openpgp/privkey.c,
- lib/pkcs11.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
- lib/random.c, lib/system_override.c, lib/x509/crl_write.c,
- lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: More GTK-DOC
- improvements.
+ * lib/algorithms/ciphersuites.c: Corrected ciphersuite
+ GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256. Reported by Fabrice Gautier.
-2011-08-02 Simon Josefsson <address@hidden>
+2011-11-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Simplify GTK-DOC makefile
- IGNORE_HFILES.
+ * lib/gnutls_session.c: bug fix in gnutls_session_get_data().
-2011-08-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: updated
+ * NEWS, configure.ac, m4/hooks.m4: bumped version
-2011-08-02 Simon Josefsson <address@hidden>
+2011-11-07 Alban Crequy <address@hidden>
- * lib/algorithms/sign.c, lib/gnutls_dtls.c, lib/gnutls_pubkey.c,
- lib/gnutls_record.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs11.h, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
- lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
- lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_verify_hash.c, lib/pkcs11.c: Fix GTK-DOC manual.
+ * lib/gnutls_session.c: gnutls_session_get_data: fix possible buffer
+ overflow The test to avoid the buffer overflow was always false because
+ session_data_size was set at the wrong place. This problem has been
+ introduced by this commit: |commit
ad4ed44c65e753e6d3a00104c049dd81826ccbf3 |Author: Nikos
+ Mavrogiannopoulos <address@hidden> |Date: Mon Nov 7 22:24:48 2005
+ +0000 | | This is the initial commit in the 1.3 branch. Ported
+ from the PSK branch: | * PSK ciphersuites have been added. |
+ * The session resumption data are now system independent.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_record.c: detect premature termination of connection
+ * NEWS: documented changes.
-2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: the
- deprecated_config_file from 2.12.x was incorporated.
+ * lib/auth/ecdh_common.c, lib/crypto-backend.h, lib/gnutls_ecc.c,
+ lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
+ lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
+ lib/nettle/ecc_projective_check_point.c,
+ lib/nettle/ecc_projective_dbl_point.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/pk.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
+ lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
+ lib/x509/x509_int.h: Verify that received ECDH public key lies on
+ the curve.
-2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: documentation update
+ * lib/gnutls_priority.c: ECDHE ciphersuites take precendence to
+ plain DHE
-2011-08-02 Simon Josefsson <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml,
- lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
- lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
- lib/gnutls_pcert.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
- lib/gnutls_state.c, lib/system_override.c, lib/x509/crl.c,
- lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: Add
- GTK-DOC Since: tags for 3.0.0 additions.
+ * NEWS, THANKS: documented fixes
-2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_privkey.c: added asserts.
+ * lib/nettle/ecc_test.c: re-removed file
-2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * README, README-alpha: Refer to nettle alone and p11-kit.
+ * lib/x509/privkey_pkcs8.c: Report correct error on ECC key parsing
+ error.
-2011-08-01 Stef Walter <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Don't try to do PKCS#11 login if session is already
- logged in. * It is possible for new PKCS#11 sessions to be logged in
if another logged in session already exists. * In these cases, don't log
in, but detect the condition and return success. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * lib/nettle/ecc.h, lib/nettle/ecc_mulmod.c,
+ lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c, lib/nettle/ecc_test.c:
+ converted more things to native gmp. This solves issue noticed in
+ mips64 by Joseph Graham.
-2011-08-01 Stef Walter <address@hidden>
+2011-11-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_privkey.c: When finding private keys fail, return error
- code. * Previously this would result in an endless loop.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/testcompat-main: Added tests for null ciphersuites.
-2011-08-01 Stef Walter <address@hidden>
+2011-11-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Mark the config
- argument of gnutls_pkcs11_init() as unused * Since its no longer used.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: documented fix
-2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_str.h, lib/gnutls_x509.c,
- lib/includes/gnutls/x509.h, lib/x509/x509.c, tests/x509cert.c: Added
- GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
- gnutls_x509_crt_list_import. It checks whether the list to be
- imported is properly sorted.
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-client-udp.c, doc/examples/ex-client2.c,
+ doc/examples/ex-rfc2818.c, doc/examples/examples.h,
+ doc/examples/verify.c: Include only a single example with X.509
+ client. This example includes certificate verification.
-2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_errors.c, lib/gnutls_x509.c,
- lib/includes/gnutls/gnutls.h.in: Added
- GNUTLS_E_CERTIFICATE_LIST_UNSORTED. If a certificate list is loaded
- then verify that it is sorted with order to starts with the subject
- and finished with the trusted root. That way we make sure we don't
- send data that violate the TLS protocol.
+ * doc/latex/Makefile.am: no libextra in doc
-2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-04 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/latex/macros.tex: documentation
- updates.
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: corrected NULL
+ cipher encryption. Reported by Fabrice Gautier.
-2011-07-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-04 Ludovic Courtès <address@hidden>
- * ChangeLog: updated changelog
+ * configure.ac, guile/modules/gnutls.in, guile/pre-inst-guile.in,
+ guile/src/Makefile.am: guile: Rename `libguile-gnutls-v-2.la' to
+ `guile-gnutls-v-2.la'.
-2011-07-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-04 Ludovic Courtès <address@hidden>
- * NEWS: released 3.0.0
+ * .gitignore, configure.ac, guile/modules/Makefile.am,
+ guile/modules/gnutls.in, guile/modules/gnutls.scm,
+ guile/pre-inst-guile.in, guile/src/Makefile.am: guile: Install
+ libguile-gnutls under $(libdir)/guile/X.Y.
-2011-07-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * configure.ac: updated version
+ * guile/modules/gnutls.scm, guile/pre-inst-guile.in,
+ guile/src/Makefile.am: guile: Rename to `libguile-gnutls-v-2'.
-2011-07-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * src/certtool-gaa.c, src/certtool.gaa: Corrected typo.
+ * doc/gnutls-guile.texi: doc: Make it clear that both Guile 1.8 and
+ 2.0 are supported.
-2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * NEWS: documented updates.
+ * doc/Makefile.am, doc/gnutls-guile.texi: guile: Update doc to
+ reflect the removal of (gnutls extra).
-2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * THANKS: Added Petr.
+ * guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm: guile: Remove uses of (gnutls extra)
+ from the tests.
-2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * lib/gnutls_pcert.c, lib/gnutls_privkey.c,
- lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
- gnutls_pcert_list_import_x509_raw() and few doc fixes.
+ * guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/extra.scm, guile/pre-inst-guile.in,
+ guile/src/Makefile.am, guile/src/core.c, guile/src/extra.c,
+ guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm:
+ guile: Merge the (gnutls extra) module in (gnutls); deprecate it.
-2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-03 Ludovic Courtès <address@hidden>
- * lib/gnutls.pc.in: corrected for libnettle.
+ * guile/pre-inst-guile.in, guile/src/Makefile.am: Reverting "Drop
+ guile libgnutls-extra stuff."
-2011-06-24 Andreas Metzler <address@hidden>
+2011-11-02 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: fix zlib handling in gnutls.pc Only add zlib to
gnutls.pc's Requies.private if zlib ships a
- pkg-config file. Ancient (<< 1.2.3.1) versions don't. Otherwise add
- -lz to Libs.private. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/output.c,
+ lib/x509/output.c: removed duplicate code.
-2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-02 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
- gnutls_global_init_extra() is not needed for SRP.
+ * guile/modules/gnutls/build/enums.scm: removed enumerations that
+ don't exist
-2011-07-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-02 Simon Josefsson <address@hidden>
- * NEWS: documented changes.
+ * lib/auth/srp.c: Fix typo.
-2011-07-25 Sjoerd Simons <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: writev_emu: stop on the first incomplete
- write Just like standard writev, we should only move on to the next
block
- if all the previous ones have been successfully written out.
- Otherwise there is a potential for data loss and/or confusing push
- functions. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * gl/Makefile.am, gl/hmac-md5.c, gl/hmac.h, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/md5.m4, gl/m4/memxor.m4, gl/md5.c,
+ gl/md5.h, gl/memxor.c, gl/memxor.h, gl/tests/Makefile.am,
+ gl/tests/test-hmac-md5.c, gl/tests/test-md5.c: hmac-md5 gnulib
+ module was removed (it was no longer used)
-2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/fdl.tex: increased size of fdl.
+ * .gitignore: more files to ignore
-2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Added debug message to indicate usage of
- compatibility mode for /etc/gnutls/pkcs11.conf
+ * src/srptool.c: print all groups.
-2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS: removed pgp key from authors file.
+ * lib/auth/srp.c, lib/auth/srp_passwd.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/prime.c,
+ src/srptool.c: Added 3072 and 4096-bit groups from RFC5054.
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: updated changelog.
+ * lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c,
+ src/certtool-common.c, src/certtool.c, src/cli.c,
+ src/crywrap/crywrap.c: read_file() and friends are accessed as
+ gl_read_file().
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-11-01 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, doc/announce.txt, m4/hooks.m4: released 2.99.4
+ * gl/override/lib/read-file.c.diff,
+ gl/override/lib/read-file.h.diff,
+ gl/override/tests/test-read-file.c.diff, gl/read-file.c,
+ gl/read-file.h, gl/tests/test-read-file.c: read_file and friends
+ were renamed to gl_read_file.
-2011-06-29 Petr PÃsaÅ <address@hidden>
+2011-10-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c: Honor uninitialized private key in
- destructor Fixes bug #107730. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * THANKS: added David
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-30 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c: Corrected initialization of key when generating
- request. Reported by Petr Pisar.
+ * NEWS: documented fix
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: updated.
+ * doc/Makefile.am: errcodes printlist and alert-printlist become
+ EXTRA_PROGRAMS so they are not built by default.
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * lib/gnutls_rsa_export.c, lib/x509/privkey.c,
- lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: The crippled status
- of an gnutls_x509_privkey_t was removed.
+ * cfg.mk: Fix bootstrap rule to avoid duplicate gettext files.
-2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * doc/examples/ex-pkcs11-list.c: Example compilation fix.
+ * cfg.mk: Remove old hack.
-2011-07-07 Stef Walter <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * configure.ac, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
- Use p11_kit_pin_xxx() functionality when 'pinfile' is in uris. * This
allows other apps to register a handler for a specific
- pinfile and then that application will be able to provide the PIN
- for those URIs. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * guile/pre-inst-guile.in, guile/src/Makefile.am: Drop guile
+ libgnutls-extra stuff.
-2011-07-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * lib/pkcs11.c: Added compatibility mode with
- /etc/gnutls/pkcs11.conf
+ * doc/gnutls.texi: Avoid line wrapping copyright line.
-2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * doc/cha-tls-app.texi: Updates in upward negotiation section.
+ * build-aux/config.rpath: Update config.rpath from gnulib.
-2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-28 Simon Josefsson <address@hidden>
- * doc/latex/gnutls.bib: Corrected bibliography
+ * doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml: Drop
+ more libgnutls-extra related stuff.
-2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/cha-programs.texi, doc/cha-tls-app.texi: corrected section
- names.
+ * NEWS, configure.ac, m4/hooks.m4: released 3.0.5
-2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-library.texi, doc/cha-support.texi, lib/gnutls_errors.c,
- lib/gnutls_srp.c: Updated information on required libraries.
+ * tests/utils.c: added stdarg.h for vsnprintf.
-2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi, doc/cha-preface.texi:
- Corrected typos.
+ * src/benchmark.c, src/benchmark.h: win32 fixes by David Hoyt.
-2011-06-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/.gitignore, doc/Makefile.am, doc/alert-printlist.c,
- doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi, doc/gnutls.texi,
- doc/latex/Makefile.am, doc/latex/gnutls.tex, doc/latex/macros.tex,
- doc/scripts/gdoc, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
- doc/scripts/split.pl, lib/gnutls_x509.c: updated function listing.
+ * doc/examples/Makefile.am: more builddir fixes.
-2011-06-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map: Added gnutls_alert_get_strname().
+ * build-aux/config.rpath, gl/Makefile.am, gl/connect.c,
+ gl/inet_ntop.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/inet_ntop.m4, gl/recv.c, gl/send.c, gl/tests/Makefile.am,
+ gl/tests/connect.c, gl/tests/test-inet_ntop.c,
+ gl/tests/test-recv.c, gl/tests/test-send.c: Added recv(), send(),
+ connect() and inet_ntop() gnulib modules.
-2011-06-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
- lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
- lib/algorithms/protocols.c, lib/algorithms/publickey.c,
- lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
- lib/auth/psk.c, lib/auth/rsa_export.c, lib/crypto-api.c,
- lib/crypto-backend.c, lib/ext/max_record.c,
- lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
- lib/ext/session_ticket.c, lib/gcrypt/mpi.c, lib/gnutls_alert.c,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
- lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c,
- lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
- lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_priority.c,
- lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
- lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
- lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
- lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
- lib/nettle/ecc_verify_hash.c, lib/opencdk/kbnode.c,
- lib/opencdk/sig-check.c, lib/openpgp/extras.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
- lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c,
- lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
- lib/random.c, lib/x509/common.c, lib/x509/crl.c,
- lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
- lib/x509/extensions.c, lib/x509/output.c, lib/x509/pkcs12.c,
- lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
- lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_write.c: documentation fixes
+ * lib/gnutls_int.h, lib/opencdk/opencdk.h: do not unconditionally
+ include sys/socket.h.
-2011-06-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/COPYING, lib/accelerated/accelerated.c,
- lib/accelerated/cryptodev.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
- lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/dhe.c,
- lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/psk.c,
- lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
- lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
- lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
- lib/debug.c, lib/ext/cert_type.c, lib/ext/ecc.c,
- lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
- lib/ext/server_name.c, lib/ext/session_ticket.c,
- lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_alert.c,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
- lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
- lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
- lib/gnutls_db.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
- lib/gnutls_dtls.c, lib/gnutls_ecc.c, lib/gnutls_errors.c,
- lib/gnutls_extensions.c, lib/gnutls_global.c,
- lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_helper.c,
- lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mem.c,
- lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pcert.c,
- lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
- lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
- lib/gnutls_rsa_export.c, lib/gnutls_session.c,
- lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
- lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
- lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
- lib/hash.c, lib/locks.c, lib/nettle/cipher.c,
- lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
- lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
- lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
- lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
- lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
- lib/opencdk/main.c, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
- lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
- lib/opencdk/seskey.c, lib/opencdk/sig-check.c,
- lib/opencdk/stream.c, lib/opencdk/write-packet.c,
- lib/openpgp/compat.c, lib/openpgp/extras.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
- lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
- lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
- lib/pkcs11_write.c, lib/random.c, lib/system.c,
- lib/system_override.c, lib/x509/common.c, lib/x509/crl.c,
- lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
- lib/x509/extensions.c, lib/x509/key_decode.c,
- lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
- lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
- lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
- lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
- lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_write.c, lib/x509_b64.c: Upgraded to
- LGPLv3.
+ * gl/Makefile.am, gl/close.c, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/close.c: Added
+ gnulib close module.
-2011-06-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/cover.tex.in: updated cover.
+ * lib/nettle/rnd.c: do not use NULL for device_fd in windows.
-2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/fdl.tex: improvements on fdl.
+ * lib/opencdk/main.c: no need to include windows.h here.
-2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS: Added LRN.
+ * .gitignore: more files to ignore
-2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/cha-programs.texi, doc/scripts/mytexi2latex: documentation
- updates.
+ * src/certtool-cfg.c, src/cli.c, src/tls_test.c, src/udp-serv.c:
+ w32socket changes.
-2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_srp.c, lib/gnutls_srp.h: gnutls_srp_verifier()
- returns data allocated with gnutls_malloc() for consistency.
+ * gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/inet_pton.c,
+ gl/m4/ftruncate.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/ioctl.m4, gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/select.m4,
+ gl/m4/signal_h.m4, gl/m4/strerror_r.m4, gl/m4/sys_ioctl_h.m4,
+ gl/m4/sys_select_h.m4, gl/m4/thread.m4, gl/m4/yield.m4,
+ gl/math.in.h, gl/select.c, gl/signal.in.h, gl/strerror-override.c,
+ gl/strerror-override.h, gl/sys_select.in.h, gl/tests/Makefile.am,
+ gl/tests/arpa_inet.in.h, gl/tests/connect.c, gl/tests/ftruncate.c,
+ gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
+ gl/tests/glthread/thread.c, gl/tests/glthread/thread.h,
+ gl/tests/glthread/threadlib.c, gl/tests/glthread/yield.h,
+ gl/tests/inet_pton.c, gl/tests/ioctl.c, gl/tests/perror.c,
+ gl/tests/pipe.c, gl/tests/strerror_r.c, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-connect.c, gl/tests/test-ftruncate.c,
+ gl/tests/test-ftruncate.sh, gl/tests/test-ioctl.c,
+ gl/tests/test-lock.c, gl/tests/test-perror.c,
+ gl/tests/test-perror.sh, gl/tests/test-perror2.c,
+ gl/tests/test-pipe.c, gl/tests/test-select-fd.c,
+ gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
+ gl/tests/test-select-stdin.c, gl/tests/test-select.c,
+ gl/tests/test-select.h, gl/tests/test-signal-h.c,
+ gl/tests/test-strerror_r.c, gl/tests/test-sys_ioctl.c,
+ gl/tests/test-sys_select.c, gl/tests/test-thread_create.c,
+ gl/tests/test-thread_self.c, gl/tests/w32sock.h, gl/w32sock.h,
+ maint.mk: new gnulib + added select + inet_pton.
-2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.c: reduced error message.
+ * src/common.h, src/udp-serv.c: netinet headers were put on an
+ ifndef _WIN32.
-2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: simplified text.
+ * doc/cha-gtls-app.texi: more libextra doc fixes.
-2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/fdl.tex, doc/latex/gnutls.tex: FDL is now included using
- a tiny font.
+ * doc/cha-functions.texi: extra-api is no more
-2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, doc/cha-intro-tls.texi,
- doc/examples/ex-client1.c, doc/scripts/mytexi2latex: Tables were
- also made floating
+ * lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-coff.s: corrected symbols for
+ coff.
-2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Simon Josefsson <address@hidden>
- * doc/cha-cert-auth.texi, doc/cha-internals.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/scripts/mytexi2latex: figures were made floating.
+ * NEWS, lib/minitasn1/decoding.c, lib/minitasn1/element.c,
+ lib/minitasn1/element.h, lib/minitasn1/errors.c,
+ lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
+ lib/minitasn1/structure.h, lib/minitasn1/version.c: Update to
+ libtasn1 2.10.
-2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * doc/latex/cover.tex.in, doc/scripts/mytexi2latex: Added
- high-quality pdf images.
+ * configure.ac: changed mingw32 detection
-2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, doc/latex/.gitignore: more files to ignore
+ * configure.ac, lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/asm-coff/appro-aes-gcm-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/appro-aes-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
+ lib/accelerated/x86/asm-coff/padlock-x86-64-coff.s: added coff files
+ for mingw64
-2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, doc/Makefile.am, doc/cha-auth.texi,
- doc/cha-bib.texi, doc/cha-cert-auth.texi,
- doc/cha-ciphersuites.texi, doc/cha-errors.texi,
- doc/cha-functions.texi, doc/cha-gtls-app.texi,
- doc/cha-internals.texi, doc/cha-intro-tls.texi,
- doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
- doc/cha-support.texi, doc/cha-tls-app.texi, doc/errcodes.c,
- doc/examples/ex-client1.c, doc/examples/ex-pkcs11-list.c,
- doc/examples/ex-serv-anon.c, doc/gnutls.texi,
- doc/latex/Makefile.am, doc/latex/cover.tex.in, doc/latex/fdl.tex,
- doc/latex/gnutls.bib, doc/latex/gnutls.tex, doc/latex/macros.tex,
- doc/printlist.c, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
- doc/signatures.texi: updated documentation to allow latex output.
+ * lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s,
+ lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
+ lib/accelerated/x86/asm-coff/padlock-x86-coff.s,
+ lib/accelerated/x86/coff/appro-aes-x86-coff.s,
+ lib/accelerated/x86/coff/padlock-x86-coff.s: Added coff version of
+ cpuid.
-2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_record.c, lib/x509/crq.c, lib/x509/x509.c,
- lib/x509/x509_write.c: corrected typos
+ * .gitignore: more files to ignore
-2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/examples/Makefile.am,
- doc/examples/ex-cert-select.c, doc/examples/ex-client-udp.c,
- doc/examples/ex-crq.c, doc/examples/ex-pkcs11-list.c,
- doc/examples/ex-session-info.c, doc/examples/ex-verify.c: indented
- code. Corrected PKCS #11 example.
+ * configure.ac, lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/coff/appro-aes-x86-coff.s,
+ lib/accelerated/x86/coff/padlock-x86-coff.s: Added COFF versions of
+ assembly files.
-2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-25 Nikos Mavrogiannopoulos <address@hidden>
- * doc/Makefile.am: added missing file.
+ * THANKS: Added Jan.
-2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-24 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS, NEWS, lib/includes/gnutls/gnutls.h.in, m4/hooks.m4:
- bumped version.
+ * lib/minitasn1/coding.c: use coding.c from libtasn1 git, to avoid
+ issue when compiled with gcc-4.6.
-2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-24 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_errors.c, lib/includes/gnutls/pkcs11.h,
- lib/pkcs11.c, lib/pkcs11_write.c, src/p11tool-gaa.c,
- src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
- src/pkcs11.c: Added new PKCS #11 flags to force an object being
- private or not. Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
- GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE. p11tool supports now the
- --no-private and --private options.
+ * lib/accelerated/x86/aes-padlock.c: Corrected PHE-partial test.
-2011-06-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-24 Nikos Mavrogiannopoulos <address@hidden>
- * src/p11common.c: Limit the number of attempts with the same PIN,
- to avoid attempting again and again with a wrong PIN.
+ * NEWS: documented fixes
-2011-06-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-24 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_write.c: When writing an object with CKA_TRUSTED set
- CKA_PRIVATE explicitly to FALSE, to allow the SO to write it.
- Reported by Rickard Bellgrim.
+ * lib/gnutls_global.c: library mismatch error is no longer used
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-24 Nikos Mavrogiannopoulos <address@hidden>
- * THANKS: updated
+ * lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/aes-padlock.c,
+ lib/accelerated/x86/aes-padlock.h,
+ lib/accelerated/x86/asm/padlock-common.s,
+ lib/accelerated/x86/sha-padlock.h: PHE-partial detection is not
+ being done, instead of checking for VIA nano.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * src/pkcs11.c: removed unneeded test.
+ * lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/aes-padlock.h,
+ lib/accelerated/x86/asm/padlock-common.s: No need to check for
+ padlock nano in 32-bit systems, so simplify things.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Enforce the GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO even if
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN is specified.
+ * lib/gnutls_hash_int.c: initialize only a fully available hash
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * src/Makefile.am, src/p11common.c, src/pkcs11.c: Use common code
- for PKCS #11 callbacks across clients. Require SO login to write a
- trusted object.
+ * lib/accelerated/x86/asm/padlock-common.s: is_padlock_nano is
+ behaving properly and saving registers.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/algorithms/ciphersuites.c, lib/ext/safe_renegotiation.h: bit
- fields changed to unsigned.
+ * lib/gnutls_errors.c: removed libextra error codes.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pubkey.c, lib/x509/privkey.c: Moved null check before
- initialization.
+ * guile/modules/gnutls.scm, guile/src/make-enum-header.scm: removed
+ extra.h header from guile code.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/opencdk/keydb.c: removed unreachable code warning
+ * lib/includes/gnutls/gnutls.h.in: removed libextra errors.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/opencdk/hash.c, lib/opencdk/main.h, lib/opencdk/stream.c,
- lib/opencdk/write-packet.c: eliminated wipemem().
+ * src/serv.c, src/udp-serv.c: added extra headers.
-2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pk.c: corrected uninitialized variable warning.
+ * .gitignore, doc/latex/.gitignore, gl/Makefile.am, gl/accept.c,
+ gl/bind.c, gl/frexp.c, gl/frexpl.c, gl/getpeername.c, gl/gettext.h,
+ gl/isnan.c, gl/listen.c, gl/m4/arpa_inet_h.m4, gl/m4/frexp.m4,
+ gl/m4/frexpl.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/include_next.m4, gl/m4/inet_pton.m4, gl/m4/isnand.m4,
+ gl/m4/isnanl.m4, gl/m4/ldexpl.m4, gl/m4/math_h.m4,
+ gl/m4/printf-frexpl.m4, gl/m4/printf.m4, gl/m4/stdlib_h.m4,
+ gl/m4/vasnprintf.m4, gl/math.in.h, gl/override/lib/gettext.h.diff,
+ gl/printf-frexp.c, gl/printf-frexpl.c, gl/recvfrom.c, gl/sendto.c,
+ gl/setsockopt.c, gl/shutdown.c, gl/socket.c, gl/stdlib.in.h,
+ gl/tests/Makefile.am, gl/tests/arpa_inet.in.h,
+ gl/tests/inet_pton.c, gl/tests/test-accept.c,
+ gl/tests/test-arpa_inet.c, gl/tests/test-bind.c,
+ gl/tests/test-getpeername.c, gl/tests/test-inet_pton.c,
+ gl/tests/test-isnanl.h, gl/tests/test-listen.c,
+ gl/tests/test-recvfrom.c, gl/tests/test-sendto.c,
+ gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
+ gl/vasnprintf.c, maint.mk: added new gnulib and modules.
-2011-06-16 Rickard Bellgrim <address@hidden>
+2011-10-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_write.c: The CKA_SUBJECT must be specified for a
- certificate. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
+ lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
+ lib/auth/Makefile.am, lib/ext/Makefile.am, lib/nettle/Makefile.am,
+ lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, src/Makefile.am:
+ more builddir fixes by David Hoyt.
-2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/pkcs11.c: When
- setting the TRUSTED flag login as security officer.
+ * lib/Makefile.am: Added includes in Makefile.am
-2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_write.c: write label in PKCS #11 privkey.
+ * lib/accelerated/Makefile.am, lib/algorithms/Makefile.am,
+ lib/auth/Makefile.am, lib/ext/Makefile.am,
+ lib/minitasn1/Makefile.am, lib/nettle/Makefile.am,
+ lib/opencdk/Makefile.am, lib/openpgp/Makefile.am: Added
+ -I$(builddir)/../../gl to CFLAGS.
-2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-21 Simon Josefsson <address@hidden>
- * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
- lib/pkcs11_write.c: define ck_bool_t to be compatible with PKCS #11
- bool type.
+ * lib/accelerated/x86/Makefile.am: Add -I to fix building. Reported by
"Hoyt, David" <address@hidden>.
-2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-21 Simon Josefsson <address@hidden>
- * configure.ac: ignore more warnings.
+ * lib/Makefile.am, lib/x509/Makefile.am: Also add -I's for gnulib's
+ build directory, for mingw. Reported by "Hoyt, David" <address@hidden>.
-2011-06-09 Stef Walter <address@hidden>
+2011-10-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/pkcs11_int.h, lib/pkcs11_spec.h: Use pkcs11.h
- specification file from p11-kit. * Remove one included briefly in
gnutls. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, extra/gnutls_extra.c, guile/src/extra.c,
+ lib/auth/srp_passwd.c, lib/gnutls_srp.c: removed more extra.h
+ leftovers.
-2011-06-09 Stef Walter <address@hidden>
+2011-10-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c, src/cli.c, src/p11common.c, src/pkcs11.c,
- tests/suite/mini-eagain2.c: Fix up compiler warnings. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86.s,
+ lib/accelerated/x86/asm/cpuid-x86-64.s,
+ lib/accelerated/x86/asm/cpuid-x86.s,
+ lib/accelerated/x86/asm/padlock-common.s,
+ lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: updated gnustack note.
-2011-06-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_spec.h: Added missing file
+ * src/certtool-common.c, src/pkcs11.c, src/psk.c, src/srptool.c,
+ src/tests.c, src/tls_test.c: extra.h is no more.
-2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-20 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi: document new config file format and path.
+ * Makefile.am, NEWS, README, configure.ac, doc/Makefile.am,
+ doc/cha-internals.texi, doc/examples/Makefile.am,
+ doc/manpages/Makefile.am, doc/reference/Makefile.am,
+ extra/Makefile.am, extra/gnutls-extra.pc.in, extra/gnutls_extra.c,
+ extra/gnutls_openssl.c, extra/includes/Makefile.am,
+ extra/includes/gnutls/openssl.h, extra/libgnutls-extra.map,
+ extra/openssl_compat.c, extra/openssl_compat.h,
+ guile/src/Makefile.am, libextra/Makefile.am,
+ libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
+ libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
+ libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/openssl_compat.c, libextra/openssl_compat.h,
+ src/Makefile.am, tests/Makefile.am, tests/openpgp-keyring.c,
+ tests/suite/Makefile.am: libgnutls-extra is no more.
-2011-06-07 Stef Walter <address@hidden>
+2011-10-20 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, doc/examples/Makefile.am, lib/Makefile.am,
- lib/auth/cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
- lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/pakchois/README,
- lib/pakchois/dlopen.c, lib/pakchois/dlopen.h,
- lib/pakchois/errors.c, lib/pakchois/pakchois.c,
- lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
- lib/pkcs11_write.c, src/Makefile.am, src/certtool-common.c,
- src/certtool.c, src/cli.c, src/p11tool.c, src/serv.c: The attached
- patch ports gnutls to p11-kit. p11-kit is added as a dependency.
- p11-kit itself has no dependencies outside of basic libc stuff. The
- source code for p11-kit is available both in git and tarball form.
- [3] If the gnutls dependency on p11-kit is disabled (via a configure
- option) then the PKCS#11 support is disabled. This is useful in bare
- bones embedded systems or places where very minimal dependencies are
- limited.
+ * lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c: Added Stef to authors of pkcs11.
-2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-19 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am: updated
+ * NEWS, THANKS: documented fix
-2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c, lib/pkcs11_privkey.c: Return error code when an
- object is not found. Only request for token insertion if the
- expected data is not found. Based on patch by Stef Walter.
+ * lib/x509/common.c: Corrected bug in gnutls_x509_data2hex. Report
+ and fix by Vincent Untz.
-2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-15 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: Depend on automake 1.11.
+ * NEWS: updated for register_md5_handler().
-2011-06-06 Stef Walter <address@hidden>
+2011-10-15 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.am: tests: Build eagain-cli with correct
- libraries * Add -ldl -lpthread to linker flags Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * libextra/includes/gnutls/extra.h, libextra/libgnutls-extra.map:
+ completely drop gnutls_register_md5_handler()
-2011-05-30 Stef Walter <address@hidden>
+2011-10-15 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: gnutls-cli: Fix uninitialized variable when PKCS#11
- uris in use. * When PKCS#11 URIs are in use previously tried to free
- uninitialized memory. Initialize to zero. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/x86/asm/padlock-common.s: Added gnu-stack note.
-2011-05-30 Stef Walter <address@hidden>
+2011-10-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: pkcs11: Accept CKR_USER_ALREADY_LOGGED_IN as
- successful result for PAP Login * When doing
CKF_PROTECTED_AUTHENTICATION_PATH login, accept CKR_USER_ALREADY_LOGGED_IN
as a successful result. * Another code path, or another consumer of the same
PKCS#11 module may have already logged in. * This is what the non PAP code
path already does. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, doc/scripts/Makefile.am: released 3.0.4
-2011-06-06 Stef Walter <address@hidden>
+2011-10-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth/srp.c, lib/auth/srp_rsa.c, lib/ext/session_ticket.c,
- lib/gnutls_compress.c, lib/hash.c, lib/nettle/ecc_mulmod.c,
- lib/x509/common.c: Remove unused variables * GCC 4.6.0 prints a
warning, and build failes with -Wunused Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: updated tests for new key ID
-2011-06-06 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/rnd.c: use gnutls_assert_val() in EGD errors.
+ * lib/x509/privkey.c: key id is being calculated the same way in
+ private keys as in public keys.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-13 Nikos Mavrogiannopoulos <address@hidden>
- * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
- tests/scripts/common.sh, tests/suite/testcompat-main,
- tests/suite/testsrn: Corrected fail() shell function. Reported by
- Andreas Metzler.
+ * doc/Makefile.am, doc/cha-intro-tls.texi, doc/cha-tls-app.texi,
+ doc/gnutls.texi, doc/latex/Makefile.am, doc/latex/gnutls.tex,
+ doc/scripts/gdoc, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
+ doc/scripts/split-texi.pl, doc/scripts/split.pl,
+ doc/sec-tls-app.texi, tests/nist-pkits/build-chain: 'How to use TLS
+ in application protocols' section was moved to introduction to TLS.
+ Fixes in perl.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-12 Nikos Mavrogiannopoulos <address@hidden>
- * tests/dsa/testdsa: Corrected typo. Reported by Andreas Metzler.
+ * src/tests.c, src/tests.h, src/tls_test.c: Added a test for servers
+ not accepting small records.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-12 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am: regenerated makefile.
+ * lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: new version of padlock by
+ Andy.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/common.c: documentation fix.
+ * NEWS, configure.ac, m4/hooks.m4: bumped versions
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-12 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/aes-x86.c,
- lib/accelerated/intel/asm/appro-aes-gcm-x86.s: pclmul is not used on
- intel 32-bit systems.
+ * .gitignore: Add and sort.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-x86.c, lib/gnutls_global.h,
- lib/gnutls_priority.c: When AES and GCM acceleration is available
- increase the priority of AES-GCM ciphersuites in performance and
- normal cases.
+ * doc/cha-intro-tls.texi: updated text
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gcrypt/cipher.c, lib/gcrypt/pk.c: prevent compilation of
- gcrypt support since it is incomplete.
+ * m4/hooks.m4: check for nettle 2.4 or later
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * lib/Makefile.am, lib/algorithms/ciphers.c,
- lib/algorithms/ciphersuites.c, lib/gcrypt/cipher.c,
- lib/nettle/cipher.c, m4/hooks.m4: do not use NETTLE_LIBS to include
- hogweed and gmp. removed ENABLE_CAMELLIA and NETTLE_GCM.
+ * src/cli.c: Fix type of keyid (finally!).
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * src/benchmark-tls.c: improved benchmark.
+ * doc/manpages/Makefile.am, lib/includes/gnutls/abstract.h: More doc
+ fixes.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
- doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/cha-programs.texi, doc/examples/ex-session-info.c,
- doc/gnutls-certificate-user-use-case.pdf,
- doc/gnutls-client-server-use-case.pdf,
- doc/gnutls-extensions_st.pdf, doc/gnutls-handshake-sequence.pdf,
- doc/gnutls-handshake-state.pdf, doc/gnutls-internals.pdf,
- doc/gnutls-layers.pdf, doc/gnutls-logo.pdf,
- doc/gnutls-mod_auth_st.pdf, doc/gnutls-objects.pdf,
- doc/gnutls-pgp.pdf, doc/gnutls-x509.pdf, doc/gnutls.texi: Updated
- documentation. Removed all .pdf files. They were not needed.
+ * lib/gnutls_x509.c: GTK-DOC doc fix.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * lib/algorithms.h, lib/algorithms/ciphersuites.c,
- lib/gnutls_handshake.c: Avoid memory allocations when requesting the
- supported ciphersuites.
+ * src/cli.c: Use gnutls_openpgp_keyid_t type for keyid variable.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * lib/accelerated/intel/aes-x86.c: more verbose if the PCLMUL
- instruction is detected.
+ * src/cli.c: Include stdint.h to get uint8_t.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-10 Simon Josefsson <address@hidden>
- * tests/cipher-test.c: Added debugging ability to cipher-test.
+ * src/cli.c: Revert "avoid usage of C99 constructs." This reverts
commit 643ebdf12b415fc3edd3b7bc12654bc92d3aed24.
-2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: more cleanup.
+ * lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: updated Andy's code.
+ padlock_shax_blocks does not require any more, the state to be of
+ 128-byte size.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: Added new TODO items.
+ * src/tests.c: Corrected check for AES-GCM
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: removed completed items from todo list
+ * src/tests.c, src/tests.h, src/tls_test.c: test for camellia
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: reinstated MAC-ALL semantics.
+ * src/cli.c: avoid usage of C99 constructs.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: more files to ignore.
+ * lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/asm/padlock-common.s,
+ lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: is_padlock_nano moved to
+ padlock-common.s to allow easier upgrade to Andy's newer code.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_session_pack.c: store the ECC curve in the session
- resumption parameters.
+ * tests/cipher-test.c: Added more elaborate test of hash functions.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-verify.c,
- lib/gnutls_cert.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
- lib/x509/verify-high.c, tests/Makefile.am, tests/x509cert-tl.c:
- Added gnutls_x509_trust_list_add_named_crt() and
- gnutls_x509_trust_list_verify_named_crt() that allow having a list
- of certificates in the trusted list that will be associated with a
- name (e.g. server name) and will not be used as CAs.
+ * lib/gnutls_int.h, lib/x509/mpi.c: HASH2MAC macro is no more.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-intro-tls.texi,
- lib/accelerated/intel/aes-gcm-x86.c,
- lib/accelerated/intel/aes-x86.c, lib/algorithms/ciphersuites.c,
- lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
- lib/nettle/cipher.c: Added SuiteB ciphersuites. Added SUITEB128 and
- SUITEB192 priority strings. SECURE256 was renamed to SECURE192
- (because TLS ciphersuite's security level was not enough to justify
- 256-bits).
+ * NEWS, lib/gnutls_ui.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crq.c, lib/x509/output.c, lib/x509/x509.c, src/certtool.c:
+ Key ID calculation is now consistent on all structures. It is a SHA1
+ hash of the subjectPublicKeyInfo structures.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
- gnutls_ecc_curve_get() was added.
+ * doc/cha-library.texi: simplified documentation
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_state.c: The PRF is now read from the ciphersuite
- table.
+ * NEWS, doc/cha-intro-tls.texi: documentation update
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-08 Nikos Mavrogiannopoulos <address@hidden>
- * src/common.c: Print information on elliptic curve sessions.
+ * src/tests.c, src/tests.h, src/tls_test.c: Added tests for ECDHE,
+ AES-GCM and SHA256.
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
- lib/gnutls_sig.h, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/common.c,
- lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
- lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Split
- pubkey_verify_sig() to pubkey_verify_hashed_data() and
- pubkey_verify_data(). Added gnutls_pubkey_verify_data2() to allow
- verification of a signature when the signature algorithm cannot be
- determined by the signature and the public key only.
+ * NEWS, lib/gnutls_sig.c: fixes to enable the external signing
+ callback to operate with TLS 1.2
-2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_hash_int.h, lib/gnutls_sig.c: Allow all SHA algorithms
- for DSA signatures.
+ * NEWS, doc/cha-auth.texi, doc/cha-cert-auth.texi, lib/auth/cert.c,
+ lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added new
+ signing callback in gnutls_privkey_t.
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: fixes for
- http://tools.ietf.org/html/draft-mavrogiannopoulos-tls-dss-00
+ * gl/Makefile.am, gl/m4/math_h.m4, gl/math.in.h: updated gnulib.
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_handshake.c:
- simplified _gnutls_selected_cert_supported_kx().
+ * NEWS: documented fix
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pubkey.c, lib/nettle/pk.c, lib/x509/verify.c:
- Truncation of ECDSA and DSA signatures moved to
- _wrap_nettle_pk_sign() and _wrap_nettle_pk_verify().
+ * lib/x509/x509.c: corrected bug in key id extraction. Reported by
+ Erik Jensen.
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/algorithms.h, lib/algorithms/ciphersuites.c,
- lib/algorithms/sign.c, lib/ext/signature.c, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_sig.c, lib/nettle/pk.c: Simplified the handling of
- handshake messages to be hashed. Instead of doing a hash during the
- handshake process we now keep the data until handshake is over and
- hash them on demand. This uses more memory but eliminates issues
- with TLS 1.2 and makes the handling simpler.
+ * lib/accelerated/x86/aes-padlock.c,
+ lib/accelerated/x86/aes-padlock.h,
+ lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s,
+ lib/accelerated/x86/hmac-padlock.c,
+ lib/accelerated/x86/sha-padlock.c, src/benchmark-cipher.c: better
+ detection of padlock PHE.
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext/signature.c, lib/gnutls_pubkey.c, lib/nettle/pk.c,
- lib/x509/common.h, lib/x509/verify.c: Hash algorithms used for DSA
- and ECDSA correspond to draft-mavrogiannopoulos-tls-dss-00.txt.
+ * .gitignore, NEWS, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/aes-padlock.c,
+ lib/accelerated/x86/aes-padlock.h,
+ lib/accelerated/x86/hmac-padlock.c,
+ lib/accelerated/x86/sha-padlock.c,
+ lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
+ lib/nettle/mac.c, tests/cipher-test.c: Updates for padlock hashes in
+ C7 nano. Requires a part of nettle to be included.
-2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext/ecc.c: updated
+ * lib/accelerated/x86/aes-gcm-padlock.c: Always use encryption
+ direction.
-2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-04 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-internals.texi, doc/gnutls.texi: Added refint macro to
- refer to internal -non exported- functions. Used it to reference to
- the gnutls_*_register() functions.
+ * src/Makefile.am, src/serv.c: libextra is not needed for neither
+ gnutls-cli or serv.
-2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/Makefile.am, lib/auth/psk_passwd.c, lib/auth/rsa.c,
- lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-api.c,
- lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.c,
- lib/ext/session_ticket.c, lib/gnutls_cipher.c,
- lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
- lib/gnutls_hash_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
- lib/gnutls_pk.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
- lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/misc.c,
- lib/pkcs11_secret.c, lib/random.h, lib/x509/pkcs12.c,
- lib/x509/privkey_pkcs8.c, libextra/gnutls_openssl.c, src/psk.c,
- src/srptool.c, tests/Makefile.am, tests/crypto_rng.c,
- tests/rng-fork.c: gnutls/crypto.h no longer includes functions to
- register ciphers. Thus the following functions -
gnutls_crypto_bigint_register - gnutls_crypto_cipher_register -
gnutls_crypto_digest_register - gnutls_crypto_mac_register -
gnutls_crypto_pk_register - gnutls_crypto_rnd_register -
gnutls_crypto_single_cipher_register - gnutls_crypto_single_digest_register
- gnutls_crypto_single_mac_register are only available internally
- via crypto-backend.h.
+ * configure.ac: corrected path
-2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-04 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/config.rpath: updated
+ * lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s: updated padlock code.
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-10-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-gcm-x86.s,
+ * lib/gnutls_str_array.h, lib/nettle/rnd.c, lib/system.c: fixes in
+ headers. Suggested by Bjorn Christensen.
+
+2011-10-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/accelerated/Makefile.am, lib/accelerated/intel/.gitignore,
+ lib/accelerated/intel/Makefile.am, lib/accelerated/intel/README,
+ lib/accelerated/intel/aes-gcm-padlock.c,
+ lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-padlock.h,
+ lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
+ lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
lib/accelerated/intel/asm/appro-aes-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86.s: typos and date fix in
- license.
+ lib/accelerated/intel/asm/appro-aes-x86.s,
+ lib/accelerated/intel/asm/cpuid-x86-64.s,
+ lib/accelerated/intel/asm/cpuid-x86.s,
+ lib/accelerated/intel/asm/padlock-x86-64.s,
+ lib/accelerated/intel/asm/padlock-x86.s,
+ lib/accelerated/intel/license.txt,
+ lib/accelerated/intel/sha-padlock.c, lib/accelerated/intel/x86.h,
+ lib/accelerated/x86/.gitignore, lib/accelerated/x86/Makefile.am,
+ lib/accelerated/x86/README, lib/accelerated/x86/aes-gcm-padlock.c,
+ lib/accelerated/x86/aes-gcm-x86.c,
+ lib/accelerated/x86/aes-padlock.c,
+ lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
+ lib/accelerated/x86/aes-x86.h,
+ lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86-64.s,
+ lib/accelerated/x86/asm/appro-aes-x86.s,
+ lib/accelerated/x86/asm/cpuid-x86-64.s,
+ lib/accelerated/x86/asm/cpuid-x86.s,
+ lib/accelerated/x86/asm/padlock-x86-64.s,
+ lib/accelerated/x86/asm/padlock-x86.s,
+ lib/accelerated/x86/license.txt, lib/accelerated/x86/sha-padlock.c,
+ lib/accelerated/x86/x86.h: intel directory renamed to x86.
+
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: updated
- * src/benchmark-tls.c: Added benchmark on GCM ciphersuites and
- arcfour for comparison.
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, gl/Makefile.am, gl/error.c, gl/float.c,
+ gl/float.in.h, gl/fstat.c, gl/itold.c, gl/lseek.c, gl/m4/close.m4,
+ gl/m4/dup2.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fstat.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/msvc-nothrow.m4, gl/m4/pathmax.m4,
+ gl/m4/stdio_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
+ gl/math.in.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
+ gl/msvc-nothrow.h, gl/opendir.c, gl/sockets.c, gl/sockets.h,
+ gl/stdio.in.h, gl/strings.in.h, gl/sys_stat.in.h,
+ gl/tests/Makefile.am, gl/tests/close.c, gl/tests/dup2.c,
+ gl/tests/fdopen.c, gl/tests/msvc-inval.c, gl/tests/msvc-inval.h,
+ gl/tests/test-close.c, gl/tests/test-dup2.c, gl/tests/test-fgetc.c,
+ gl/tests/test-fputc.c, gl/tests/test-fread.c,
+ gl/tests/test-fwrite.c, gl/unistd.in.h, gl/w32sock.h, maint.mk:
+ Added new gnulib.
- * lib/gnutls_int.h: corrected typo.
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_sig.c: added an assert
- * lib/accelerated/intel/aes-gcm-x86.c,
- lib/accelerated/intel/aes-x86.c: indented code
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi: doc fixes
- * src/benchmark.c: properly initialize benchmarks.
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_dtls.c: replaced uint type.
- * configure.ac, m4/hooks.m4: bumped version.
+2011-10-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/nettle/egd.c, lib/nettle/rnd.c: fix compilation in windows
- * lib/accelerated/intel/aes-gcm-x86.c: Corrections in encryption and
- decryption of incomplete blocks.
+2011-10-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-library.texi: updated text.
- * lib/accelerated/intel/aes-gcm-x86.c, lib/gnutls_int.h,
- lib/gnutls_state.c: Use nettle's memxor or gnulib's if it doesn't
- exist.
+2011-10-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-padlock.h,
+ lib/accelerated/intel/sha-padlock.c, lib/gnutls_str.h: Added ability
+ to hash and hmac with VIA padlock.
- * NEWS, lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/aes-gcm-x86.c,
- lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
- lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-gcm-x86.s, lib/gnutls_num.c,
- lib/gnutls_num.h, tests/cipher-test.c: Added AES-GCM optimizations
- using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code.
+2011-10-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: documented updates
- * lib/crypto-api.c: documented usage of gnutls_cipher_add_auth().
+2011-10-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/nettle/mac.c: optimizations in hmac.
- * doc/cha-intro-tls.texi: updates.
+2011-10-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-31 Roman Bogorodskiy <address@hidden>
+ * lib/crypto-backend.h, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_mpi.h,
+ lib/gnutls_pk.h, lib/nettle/cipher.c, lib/nettle/mac.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
+ libextra/Makefile.am, libextra/fipsmd5.c, libextra/gnutls_extra.c:
+ The hash_fast() and hmac_fast() functions can be registered as well
+ to allow backends with optimized (hw) implementations. In the nettle
+ backend the different is one memory allocation less.
- * lib/Makefile.am: Prevent including installed gnutls' headers.
+2011-09-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-31 Roman Bogorodskiy <address@hidden>
+ * lib/gnutls_cipher_int.h, lib/gnutls_hash_int.h, lib/gnutls_mpi.h,
+ lib/gnutls_pk.h, lib/nettle/cipher.c, lib/nettle/mac.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c: operations
+ structures were made constants.
- * src/udp-serv.c: Add missing <netinet/in.h> to get sockaddr_in.
+2011-09-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-31 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
+ simplified usage of resume_true and resume_false.
- * doc/cha-intro-tls.texi: Compatibility text updated.
+2011-09-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_constate.c: simplified assignment of server_write and
+ client_write.
- * lib/accelerated/intel/asm/appro-aes-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86.s: Added new AES code by
- Andy.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/asm/padlock-x86.s: movdqa replaced with movaps
+ (C3 doesn't support SSE2 but only SSE)
- * doc/credentials/x509/ca-key.pem: Added missing file.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-padlock.c: manually keep the IV.
- * .gitignore: more files to ignore
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/asm/padlock-x86.s: re-added ecb
- * lib/nettle/Makefile.am, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
- lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
- lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c: Added FSF
- copyright to public domain files.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/asm/padlock-x86-64.s,
+ lib/accelerated/intel/asm/padlock-x86.s: removed unused modes.
- * configure.ac, lib/accelerated/x86.h: Use cpuid.h if it exists, to
- use the x86 CPUID instruction.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
+ * src/benchmark-cipher.c, src/benchmark.h, src/cli-gaa.c,
+ src/cli-gaa.h, src/cli.gaa: Allow benchmarking the software version
+ of ciphers.
- * THANKS: Added Dash.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, src/p11common.c: fixed compilation without p11-kit
- * lib/gnutls_compress.c, lib/gnutls_compress.h,
- lib/gnutls_handshake.c: simplified
- _gnutls_supported_compression_methods().
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-padlock.c: enabled VIA acceleration.
- * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c: Correctly set
- compression method when resuming sessions. Reported by Dash Shendy.
+2011-09-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * src/benchmark.c: small update
- * lib/gnutls_hash_int.c: digest_length() uses int as input.
+2011-09-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Stef Walter <address@hidden>
+ * THANKS: more people to thank
- * lib/nettle/cipher.c: Fix warnings with GCC 4.5.2
+2011-09-26 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-pkcs11-list.c, src/benchmark.c, src/udp-serv.c:
+ include config.h where needed.
- * doc/credentials/Makefile.am, doc/credentials/x509/Makefile.am:
- Corrected EXTRA_DIST
+2011-09-25 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/testcompat-main: worked around openssl 1.0.0e bug
+ (avoid using -mtu).
- * tests/suite/testcompat-main: updated keys.
+2011-09-25 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * src/udp-serv.c: udp-serv includes config.h.
- * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h: Take into account each and every advertized
- public key algorithm when selecting a certificate. Previously we
- were assuming only RSA or DSA, or ANY.
+2011-09-25 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/opencdk/read-packet.c, lib/opencdk/stream.c: corrections in
+ debugging code.
- * doc/credentials/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h,
- src/serv.c, src/serv.gaa: Added feature to specify ecc private keys
- and certificates.
+2011-09-25 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/x86.h, lib/accelerated/x86.h: Better usage of
+ X86 conditionals to simplify and avoid an undefined warning in
+ x86-32.
- * lib/algorithms.h, lib/gnutls_handshake.c, lib/gnutls_state.c:
- Corrected ECC ciphersuite detection.
+2011-09-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/nettle/egd.c: a hack to allow compilation on systems without
+ AF_LOCAL.
- * doc/credentials/x509-ca-key.pem, doc/credentials/x509-ca.pem,
- doc/credentials/x509-client-key.pem,
- doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
- doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
- doc/credentials/x509-server-dsa.pem,
- doc/credentials/x509-server-key-dsa.pem,
- doc/credentials/x509-server-key.pem,
- doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
- doc/credentials/x509/ca.pem, doc/credentials/x509/cert-dsa.pem,
- doc/credentials/x509/cert-ecc.pem,
- doc/credentials/x509/cert-rsa.pem, doc/credentials/x509/cert.pem,
- doc/credentials/x509/clicert-dsa.pem,
- doc/credentials/x509/clicert.pem, doc/credentials/x509/key-dsa.pem,
- doc/credentials/x509/key-ecc.pem, doc/credentials/x509/key-rsa.pem,
- doc/credentials/x509/key.pem, lib/nettle/pk.c, lib/x509/verify.c:
- Laxed verification checks for DSA to allow SHA256 in place of
- SHA224. Added new certificate sets in doc/credentials/x509/.
+2011-09-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_pcert.c: Disable openpgp code when not requested.
+ Reported by Bjorn Christensen.
- * lib/gnutls_priority.c: ECDHE and ECDSA were added to deafult
- priorities.
+2011-09-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/cve-2009-1416.c, tests/mpi.c, tests/rng-fork.c,
+ tests/x509cert-tl.c, tests/x509cert.c: more silent tests.
- * lib/auth/rsa.c, lib/x509/key_encode.c, lib/x509/privkey_pkcs8.c:
- gnutls_secure_malloc() is no longer used.
+2011-09-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, gl/m4/valgrind-tests.m4,
+ gl/override/m4/valgrind-tests.m4.diff, lib/gnutls_cipher.c,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_int.h, tests/Makefile.am,
+ tests/libgcrypt.supp, tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/suppressions.valgrind,
+ tests/suppressions.valgrind: Further optimizations in the
+ compression code. Re-enabled the test program by suppressing the
+ zlib warning.
- * lib/auth/dhe_psk.c, lib/auth/psk.c: deinitialize PSK key memory.
+2011-09-23 Simon Josefsson <address@hidden>
-2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/utils.c: Redeuce self-test noise.
- * lib/auth/psk.c: explicitly request for client key in server side.
+2011-09-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore: more files to ignore
- * NEWS, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
- lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/dh_common.c,
- lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
- lib/auth/ecdh_common.c, lib/auth/ecdh_common.h, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in: Added ECDHE-PSK ciphersuites for
- TLS (RFC 5489).
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, doc/latex/Makefile.am, doc/latex/cover-epub.tex,
+ doc/latex/cover.tex.in, doc/latex/epub.tex,
+ doc/latex/macros-epub.tex: Added epub version of manual
- * doc/gnutls-guile.texi: Corrections.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/gnutls.bib: corrected typos
- * doc/.gitignore: ignore tex files.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/gnutls.tex, doc/scripts/mytexi2latex: pdf is the image
+ format for latex.
- * doc/cha-copying.texi: Do not list all licenses in the manual of
- gnutls. Just the license of the manual is enough.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/Makefile.am: deflate test moved out
- * doc/Makefile.am, doc/cha-ciphersuites.texi,
- doc/cha-functions.texi, doc/cha-preface.texi,
- doc/gnutls-guile.texi, doc/guile.texi, guile/src/core.c: guile
- bindings added as a separate document.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_compress.c: removed uneeded vars
- * doc/gnutls.texi: reorganization. Removed guile bindings.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_record.c, tests/Makefile.am,
+ tests/eagain-common.h, tests/mini-deflate.c: Simplified and
+ corrected decompression and compression. Added test program.
- * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/gnutls.texi: reorganization and added section on parameter
- generation.
+2011-09-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * src/common.c: print session ID
- * lib/Makefile.am, lib/auth/Makefile.am, lib/ext/Makefile.am,
- lib/nettle/Makefile.am: Added new headers.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, NEWS, lib/includes/gnutls/x509.h, lib/x509/output.c,
+ lib/x509/x509.c, tests/infoaccess.c: libgnutls:
+ gnutls_x509_crt_print supports printing AIA fields. Support
+ caIssuers.
- * NEWS: document elliptic curves addition.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/x509.h: Improve gnutls_info_access_what_t
+ documentation.
- * m4/hooks.m4: libgcrypt support was removed.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, doc/scripts/gdoc, lib/auth/cert.c: Fix syntax-check
+ warnings.
- * NEWS: listed newly added functions.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * gl/Makefile.am, gl/closedir.c, gl/dirent-private.h,
+ gl/dirent.in.h, gl/filename.h, gl/isnan.c, gl/m4/argp.m4,
+ gl/m4/closedir.m4, gl/m4/dirent_h.m4, gl/m4/environ.m4,
+ gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/frexp.m4,
+ gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getpass.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/include_next.m4,
+ gl/m4/ldexpl.m4, gl/m4/lseek.m4, gl/m4/msvc-inval.m4,
+ gl/m4/nocrash.m4, gl/m4/opendir.m4, gl/m4/pathmax.m4,
+ gl/m4/printf-frexpl.m4, gl/m4/printf.m4, gl/m4/readdir.m4,
+ gl/m4/setenv.m4, gl/m4/signbit.m4, gl/m4/sleep.m4,
+ gl/m4/ssize_t.m4, gl/m4/stdint.m4, gl/m4/stdio_h.m4,
+ gl/m4/strings_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
+ gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
+ gl/m4/vasnprintf.m4, gl/math.in.h, gl/opendir.c, gl/readdir.c,
+ gl/stdio.in.h, gl/strings.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
+ gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
+ gl/tests/dup2.c, gl/tests/infinity.h, gl/tests/init.sh,
+ gl/tests/msvc-inval.c, gl/tests/msvc-inval.h, gl/tests/nan.h,
+ gl/tests/pathmax.h, gl/tests/putenv.c, gl/tests/stat.c,
+ gl/tests/test-dup2.c, gl/tests/test-fcntl-h.c,
+ gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
+ gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
+ gl/tests/test-frexpl.c, gl/tests/test-fseeko4.c,
+ gl/tests/test-fseeko4.sh, gl/tests/test-fstat.c,
+ gl/tests/test-ftello4.c, gl/tests/test-ftello4.sh,
+ gl/tests/test-isnand.h, gl/tests/test-isnanf.h,
+ gl/tests/test-isnanl.h, gl/tests/test-pathmax.c,
+ gl/tests/test-printf-posix.h, gl/tests/test-signbit.c,
+ gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
+ gl/tests/test-sys_types.c, gl/tests/test-time.c, gl/unistd.in.h,
+ gl/wchar.in.h, maint.mk: Update gnulib files.
- * lib/nettle/Makefile.am, lib/nettle/ecc.h,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
- lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c,
- lib/nettle/mp_unsigned_bin.c: Use nettle's functions for integer
- import/export.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_dtls.c, lib/pkcs11_privkey.c, lib/x509/x509.c: Fix
+ gtk-doc Since: tags.
- * lib/algorithms/publickey.c, lib/gnutls_sig.c: more updates for
- ECDSA ciphersuites.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/Makefile.am: Generated.
- * lib/ext/ecc.c: reduced debugging.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/x509.c, tests/Makefile.am, tests/infoaccess.c: Added
+ gnutls_x509_crt_get_authority_info_access.
- * lib/gnutls_pubkey.c, lib/gnutls_sig.c: Changes to allow ECDH-DSA
- with client mode certificates.
+2011-09-21 Simon Josefsson <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-padlock.c: Make it build with -Wunused.
- * tests/certs/ca-cert-ecc.pem, tests/certs/ca-ecc.pem,
- tests/certs/cert-ecc.pem, tests/certs/ecc.pem,
- tests/suite/testcompat-main: Added server and client mode tests for
- ECDH-ECDSA.
+2011-09-20 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
+ * src/serv.c: do not trust getaddrinfo if IPv6 is not enabled. Patch
+ by Somchai Smythe.
- * lib/ext/session_ticket.c, lib/gnutls_db.c, lib/gnutls_dtls.c,
- lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
- lib/nettle/rnd.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
- lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
- lib/openpgp/gnutls_openpgp.c, lib/system.c, lib/system.h,
- lib/x509/common.c, lib/x509/verify.c, tests/chainverify.c: Added
- gnutls_global_set_time_function() to allow overriding the default
- system time() function.
+2011-09-20 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-25 Giuseppe Scrivano <address@hidden>
+ * .gitignore, doc/scripts/split-texi.pl: Added missing files
- * doc/cha-programs.texi: Fix example in the documentation.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+2011-09-20 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/gnutls_privkey.c, lib/pkcs11.c, src/cli.c:
+ Compilation fixes when pkcs11 is not enabled.
- * doc/cha-programs.texi: updated documentation on PSK. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
+2011-09-19 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/Makefile.am, doc/gnutls.texi, doc/scripts/gdoc: enumerations
+ are visible in the texinfo output.
- * lib/nettle/ecc_projective_add_point.c: If Q=-P return the point at
- infinity.
+2011-09-18 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: released 3.0.3
- * tests/chainverify.c: Added elliptic curves chain certificate.
+2011-09-18 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/Makefile.am: Added missing file.
- * lib/gnutls_buffers.c: do not try to write to a socket when no
- data.
+2011-09-18 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-24 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/gnutls.texi, doc/latex/Makefile.am: doc fixes
- * tests/openpgpself.c: increased log level
+2011-09-18 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-24 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/accelerated/intel/aes-padlock.c: VIA is disabled by
+ default.
- * lib/gnutls_buffers.h, lib/gnutls_handshake.c:
- _gnutls_handshake_hash_buffer_clear was replaced by
- _gnutls_buffer_clear();
+2011-09-18 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, m4/hooks.m4: bumped version
- * lib/nettle/pk.c: Only warn on invalid security level hashes.
+2011-09-17 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/auth/cert.c: Corrected memory leak in privkey
+ deinitialization. Reported by Dan Winship.
- * src/certtool.c: SHA256 is the default hash algorithm in certtool.
+2011-09-17 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/accelerated.c, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-x86.c,
+ lib/accelerated/intel/asm/cpuid-x86-64.s,
+ lib/accelerated/intel/asm/cpuid-x86.s, lib/accelerated/x86.h:
+ eliminated inline assembly.
- * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
- lib/gnutls_sig.c, lib/x509/verify.c: Several updates to allow
- generation and signing of an ECC certificate.
+2011-09-17 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
+ gnutls_record_get_discarded() to return the number of discarded
+ record packets in a DTLS session.
- * doc/manpages/certtool.1: updated certtool info.
+2011-09-16 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/x86.h: Added better
+ detection of capabilities in 386. If cpuid doesn't exist don't try
+ to execute it.
- * lib/algorithms/ciphersuites.c: corrected bug in ciphersuite name
- searching.
+2011-09-15 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-auth.texi, doc/scripts/mytexi2latex: updates on SRP
+ description
- * doc/cha-auth.texi: Discussed the newly added ciphersuites.
+2011-09-14 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * src/benchmark.c: stress that values are bytes and not bits
- * doc/Makefile.am: Added algorithms/ to function index.
+2011-09-14 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * src/serv-gaa.c: new gaa
- * lib/algorithms/ciphersuites.c: Added ECC ciphersuites from
- rfc5289.
+2011-09-14 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/macros.tex: removed unused macro
- * src/certtool.c: Print the private key after generation. Print ECC
- keys.
+2011-09-10 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-library.texi: corrected name of gnutls_global_set_mutex.
- * lib/algorithms/ecc.c, lib/gnutls_ecc.c,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/x509/privkey.c: Added
- gnutls_x509_privkey_import_ecc_raw() and
- gnutls_x509_privkey_export_ecc_raw().
+2011-09-10 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ Functions for RSA-EXPORT were marked as deprecated.
- * lib/x509/privkey.c: Decode PEM ECC private keys.
+2011-09-10 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi, lib/gnutls_errors.c: documentation update
- * lib/algorithms.h, lib/algorithms/ecc.c, lib/x509/key_encode.c,
- lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa: updates to allow the generation of
- an ECC private key.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-internals.texi: doc updates
- * lib/x509_b64.c: do not crash on null message.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-library.texi, doc/cha-support.texi: Downloading and
+ installing moved to main document
- * .gitignore: updated
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/gnutls.tex: corrected page numbers.
- * lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
- lib/auth/cert.c, lib/auth/dhe.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
- lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/nettle/ecc_sign_hash.c,
- lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
- lib/x509/common.h, lib/x509/verify.c: Added support for verifying
- server certificates with ECDSA.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-padlock.c: Do not prefer GCM in padlock
+ because it is slow.
- * lib/ext/ecc.c: Only reply with ECC Packet format extension if we
- have negotiated ECC.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/TODO: updated
- * tests/pathlen/ca-no-pathlen.pem,
- tests/pathlen/no-ca-or-pathlen.pem, tests/pkcs12_s2k_pem.c: leak fix
- and updates for new formats.
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/scripts/gdoc: functions and enumerations are being added in
+ index.
- * tests/suite/testcompat-main: Added ECDHE-RSA tests.
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
+ doc/gnutls-objects.eps: removed gnutls-objects.
- * lib/algorithms/secparams.c, lib/gnutls_pubkey.c: always put
- leading zero to output keys
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi: updated
- * lib/x509/output.c: print the bits together with the security
- level.
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_buffers.c, lib/gnutls_record.c: clarified format of
+ sequence number in gnutls_record_recv_seq.
- * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: leaks fixes.
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-cert-auth.texi: Added a paragraph on opensc and trousers
+ PKCS #11 modules.
- * lib/pkcs11.c: corrected file descriptor leak.
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/x86.h: added license
- * libextra/gnutls_extra.c: gnutls_algorithms.h -> algorithms.h
+2011-09-13 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, doc/cha-auth.texi, doc/cha-cert-auth.texi,
+ doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/latex/gnutls.tex, doc/latex/macros.tex,
+ doc/scripts/mytexi2latex, lib/includes/gnutls/gnutls.h.in: updated
+ documentation. The function descriptions were converted to floats.
- * lib/x509/key_decode.c, lib/x509/key_encode.c: corrected ECC public
- key encoding/decoding.
+2011-09-12 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/accelerated/intel/aes-padlock.c: disable the 64-bit
+ padlock until it is tested.
- * src/certtool-common.c, src/certtool.c: Corrected bug in public key
- import. print information on ECC public keys.
+2011-09-12 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/x86.h: corrected typo in cpuid for 386.
- * lib/includes/gnutls/crypto.h, lib/nettle/pk.c,
- lib/x509/key_encode.c, lib/x509/x509_int.h: No need to keep Z in
- parameters since the pubkey can always be converted to an affine
- point.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/scripts/mytexi2latex: fix on double arguments
- * lib/algorithms/secparams.c, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/libgnutls.map,
- lib/x509/common.c, lib/x509/key_decode.c, lib/x509/mpi.c,
- lib/x509/output.c: print information on ECC certificates.
+2011-09-11 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, doc/cha-cert-auth.texi, doc/cha-intro-tls.texi,
+ doc/gnutls.texi, doc/latex/Makefile.am, doc/latex/gnutls.tex,
+ doc/latex/macros.tex, doc/scripts/gdoc, doc/scripts/mytexi2latex,
+ doc/scripts/split.pl, lib/includes/gnutls/dtls.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs12.h,
+ lib/includes/gnutls/x509.h: Modified gdoc to be able to handle
+ enumerations. Only valid to latex.
- * lib/abstract_int.h, lib/algorithms.h, lib/algorithms/ecc.c,
- lib/auth/anon.h, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
- lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/ecc.c,
- lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/gnutls_ecc.c,
- lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_int.h,
- lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
- lib/gnutls_pubkey.c, lib/gnutls_rsa_export.c,
- lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/gnutls_state.c, lib/gnutls_state.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, lib/nettle/ecc_test.c, lib/nettle/pk.c,
- lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
- lib/openpgp/privkey.c, lib/x509/Makefile.am, lib/x509/common.c,
- lib/x509/common.h, lib/x509/crq.c, lib/x509/key_decode.c,
- lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
- lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_int.h, lib/x509/x509_write.c: gnutls_pk_params_st is
- used internally to transfer public key parameters. This replaces the
- raw bigint_t arrays.
+2011-09-09 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/auth/ecdh_common.c, lib/nettle/ecc_free.c,
+ lib/nettle/pk.c, lib/x509/verify-high.c, tests/x509cert-tl.c,
+ tests/x509cert.c: Memory leak fixes in ECC ciphersuites and the
+ trust_list.
- * lib/algorithms.h, lib/algorithms/ciphersuites.c,
- lib/algorithms/ecc.c, lib/auth/ecdh_common.c, lib/ext/ecc.c,
- lib/ext/ecc.h: Curve TLS ID is being stored in algorithms/ecc.c.
+2011-09-08 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-gcm-padlock.c,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-padlock.h: simplified ecb encryption.
- * configure.ac, lib/Makefile.am, lib/algorithms.h,
- lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
- lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
- lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
- lib/algorithms/protocols.c, lib/algorithms/publickey.c,
- lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
- lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/ecdh_common.c,
- lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/session_ticket.c,
- lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_auth.c, lib/gnutls_cert.c,
- lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
- lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_ecc.c,
- lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
- lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
- lib/gnutls_v2_compat.c, lib/gnutls_x509.c, lib/nettle/ecc_test.c,
- lib/nettle/mpi.c, lib/opencdk/read-packet.c, lib/x509/common.h,
- lib/x509/privkey_pkcs8.c: gnutls_algorithms.c was split into
- manageable files in algorithms/.
+2011-09-09 Simon Josefsson <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * src/prime.c: Fix build warnings.
- * lib/gnutls_handshake.c: use the _gnutls_session_is_ecc() to check
- for ECDH.
+2011-09-09 Simon Josefsson <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11_write.c: Fix possible infloop and build warning about
+ uninitialied variable.
- * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
- lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c, lib/x509/x509.c:
- Added OIDs and definitions for ECDSA signature algorithm.
+2011-09-09 Simon Josefsson <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-gcm-padlock.c,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-padlock.h, lib/gnutls_sig.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/x509.h, lib/openpgp/gnutls_openpgp.c,
+ lib/pkcs11_privkey.c: Fix build errors.
- * src/benchmark-tls.c: Print purpose of testing.
+2011-09-09 Simon Josefsson <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/Makefile.am: Generated.
- * src/benchmark-tls.c: compare ECDH and DH on the same security
- level.
+2011-09-09 Simon Josefsson <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * gl/m4/getcwd.m4, gl/m4/gnulib-common.m4, gl/m4/largefile.m4,
+ gl/tests/init.sh, gl/tests/lstat.c, gl/tests/open.c,
+ gl/tests/stat.c, gl/tests/test-float.c, gl/unistd.in.h, maint.mk:
+ Update gnulib files.
- * doc/cha-intro-tls.texi, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_priority.c: Added ability to
- specify curves as priority strings.
+2011-09-08 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/nettle/mac.c: converted
+ quick data hashes to _gnutls_hash_fast and the hmac equivalent.
- * lib/nettle/ecc.h: removed ecc_is_valid_idx() prototype
+2011-09-08 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-gcm-padlock.c,
+ lib/accelerated/intel/aes-padlock.c,
+ lib/accelerated/intel/aes-padlock.h,
+ lib/accelerated/intel/aes-x86.h, lib/accelerated/intel/padlock.c:
+ Added padlock support to GCM ciphers.
- * lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
- lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
- lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_test.c,
- lib/nettle/ecc_verify_hash.c, lib/nettle/pk.c: Dropped ltc_ from
- function and type names.
+2011-09-08 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_extensions.c: do not reset length
- * tests/x509cert.c: corrected memory leak.
+2011-09-08 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_extensions.c: Do not send an empty extension
+ structure in server hello. This affects old implementations that do
+ not support extensions. Reported by J. Cameijo Cerdeira.
- * lib/nettle/cipher.c: use new nettle's name for gcm_aes_auth().
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Simon Josefsson <address@hidden>
+ * lib/gnutls_x509.c: Corrected documentation for
+ gnutls_certificate_set_x509_trust. Reported by Stephen Lynch.
- * gl/hmac-md5.c, gl/m4/valgrind-tests.m4, gl/memxor.c, gl/memxor.h,
- gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
- gl/override/lib/memxor.h.diff,
- gl/override/m4/valgrind-tests.m4.diff: Override gnulib code with fix
- for memxor and valgrind.
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-internals.texi: minimized example
- * lib/auth/anon_ecdh.c, lib/auth/dh_common.c, lib/auth/dhe.c,
- lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
- lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
- lib/gnutls_state.h, lib/includes/gnutls/gnutls.h.in: Added support
- for ECDHE-RSA ciphersuites.
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/asm/padlock-x86-64.s,
+ lib/accelerated/intel/asm/padlock-x86.s: Added gnustack flag
- * tests/eagain-common.h: inlined function to avoid gcc warnings
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/padlock.c,
+ lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/includes/gnutls/crypto.h,
+ lib/nettle/cipher.c, lib/x509/privkey_pkcs8.c: Added encryption flag
+ to simplify and optimize key expansion.
- * lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
- lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
- lib/nettle/ecc_projective_add_point.c,
- lib/nettle/ecc_projective_dbl_point.c,
- lib/nettle/ecc_projective_dbl_point_3.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
- lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
- lib/nettle/ltc_ecc_points.c,
- lib/nettle/ltc_ecc_projective_add_point.c,
- lib/nettle/ltc_ecc_projective_dbl_point.c: Added previous code that
- was fixed for y^2 = x^3 - 3x + b, because all secg curves have a
- fixed to -3. Simplified file naming scheme.
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * AUTHORS, lib/accelerated/accelerated.c,
+ lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
+ lib/accelerated/intel/asm/padlock-x86-64.s,
+ lib/accelerated/intel/asm/padlock-x86.s,
+ lib/accelerated/intel/padlock.c: Added support for VIA padlock based
+ on Andy's code (untested).
- * lib/gnutls_algorithms.c, lib/gnutls_int.h: Added SECP224R1.
+2011-09-07 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h:
+ corrected AES-NI code.
- * src/Makefile.am, src/benchmark-cipher.c, src/benchmark-tls.c,
- src/benchmark.c, src/benchmark.h: updates to benchmarks.
+2011-09-06 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_x509.c: simplified
+ gnutls_certificate_set_x509_trust_file. It uses
+ gnutls_certificate_set_x509_trust_mem.
- * lib/gnutls_algorithms.c, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/nettle/ecc_test.c: Added curve SECP512R1.
+2011-09-06 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_x509.c, lib/x509/x509.c: Modified fix of "Allow CA
+ importing of 0 certificates to succeed".
+ gnutls_x509_crt_list_import() is still failing when no certificates
+ are found and only gnutls_certificate_set_x509_trust_mem() returns
+ zero when no certificates are found.
- * src/benchmark-cipher.c, src/benchmark-common.c, src/benchmark.c:
- benchmark ECDH and DH.
+2011-09-06 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Simon Josefsson <address@hidden>
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
+ lib/x509/key_encode.c, lib/x509/privkey.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool.c, src/pkcs11.c, src/prime.c:
+ Added support to read elliptic curve public keys from PKCS #11
+ tokens (untested).
- * build-aux/config.rpath, gl/Makefile.am, gl/alignof.h,
- gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
- gl/hmac-md5.c, gl/intprops.h, gl/m4/gnulib-cache.m4,
- gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4,
- gl/m4/thread.m4, gl/m4/valgrind-tests.m4, gl/m4/yield.m4,
- gl/memxor.c, gl/memxor.h, gl/stdint.in.h, gl/strerror-impl.h,
- gl/strerror.c, gl/strerror_r.c, gl/tests/Makefile.am,
- gl/tests/dummy.c, gl/tests/glthread/thread.c,
- gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
- gl/tests/test-intprops.c, gl/tests/test-lock.c,
- gl/tests/test-strerror.c, gl/tests/test-strerror_r.c: Update gnulib
- files.
+2011-09-05 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, src/certtool-common.c, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool.c, src/certtool.gaa,
+ src/p11common.c, src/p11tool-gaa.c, src/p11tool-gaa.h,
+ src/p11tool.c, src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
+ gnutls_pkcs11_privkey_generate(). p11tool can be used to generate
+ keys in tokens.
- * lib/auth/ecdh_common.c, lib/gnutls_handshake.c, src/common.c:
- client side ECC fixes.
+2011-09-06 Simon Josefsson <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/x509/x509.c, tests/parse_ca.c: libgnutls: Allow CA
+ importing of 0 certificates to succeed. Reported by Jonathan Nieder
<address@hidden> in
+ <http://bugs.debian.org/640639>.
- * src/cli.c: corrected debugging.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * ChangeLog: updated changelog
- * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_global.c,
- lib/includes/gnutls/crypto.h, lib/nettle/ecc.h,
- lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
- lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
- lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
- lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
- lib/nettle/ltc_ecc_points.c,
- lib/nettle/ltc_ecc_projective_add_point.c,
- lib/nettle/ltc_ecc_projective_dbl_point.c, lib/nettle/pk.c,
- lib/x509/x509_int.h: Account 'A' in calculations for point doubling.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * README, README-alpha: simplified README
- * gl/Makefile.am, gl/alignof.h, gl/close-hook.c, gl/close-hook.h,
- gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
- gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
- gl/intprops.h, gl/m4/error.m4, gl/m4/fcntl_h.m4, gl/m4/fseeko.m4,
- gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes.m4,
- gl/m4/manywarnings.m4, gl/m4/memchr.m4, gl/m4/netdb_h.m4,
- gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/strerror.m4,
- gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/sys_uio_h.m4,
- gl/m4/thread.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
- gl/m4/wchar_h.m4, gl/m4/yield.m4, gl/malloc.c, gl/netdb.in.h,
- gl/realloc.c, gl/sockets.c, gl/stdint.in.h, gl/stdio.in.h,
- gl/stdlib.in.h, gl/strerror-impl.h, gl/strerror.c, gl/strerror_r.c,
- gl/string.in.h, gl/sys_socket.in.h, gl/sys_uio.in.h,
- gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/fcntl.in.h,
- gl/tests/glthread/thread.c, gl/tests/glthread/thread.h,
- gl/tests/glthread/yield.h, gl/tests/intprops.h,
- gl/tests/inttypes.in.h, gl/tests/test-fcntl-h.c,
- gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
- gl/tests/test-lock.c, gl/tests/test-strerror.c,
- gl/tests/test-strerror_r.c, gl/tests/test-sys_socket.c,
- gl/tests/test-sys_uio.c, gl/unistd.in.h, gl/verify.h, gl/wchar.in.h:
- Added new gnulib and error.h.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-x86.h: documented extra alignment
- * lib/gnutls_global.c: removed debugging.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_record.c: cleaned-up code
- * cfg.mk: added error.h
+2011-09-04 Andreas Metzler <address@hidden>
-2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: Add p11-kit-1 to gnutls.pc Requires.private. If
building with PKCS#11 support append p11-kit-1 to gnutls.pc
+ Requires.private. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
- * lib/Makefile.am, lib/auth/Makefile.am, lib/auth/anon.h,
- lib/auth/anon_ecdh.c, lib/auth/ecdh_common.c,
- lib/auth/ecdh_common.h, lib/ext/Makefile.am, lib/ext/ecc.c,
- lib/ext/ecc.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/gnutls_dh.c, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
- lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
- lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
- lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
- lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
- lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_test.c,
- lib/nettle/ecc_verify_hash.c, lib/nettle/gnettle.h,
- lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
- lib/nettle/ltc_ecc_points.c,
- lib/nettle/ltc_ecc_projective_add_point.c,
- lib/nettle/ltc_ecc_projective_dbl_point.c,
- lib/nettle/mp_unsigned_bin.c, lib/nettle/mpi.c, lib/nettle/multi.c,
- lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
- lib/x509/x509_int.h: Initial ecc support. Adds support for anonymous
- ECDH ciphersuites.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore: more files to ignore
- * src/benchmark-common.c, src/benchmark.h: more win32 fixes.
+2011-09-04 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi: documentation updates
- * src/benchmark-common.c: corrections in win32 version.
+2011-09-03 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutlsxx.cpp: updated for lowat
- * lib/ext/signature.c, lib/gnutls_extensions.c: Some debugging moved
- to a higher level.
+2011-09-02 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi,
+ doc/cha-functions.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi: documentation updates. @acronym was removed
+ from the cindex.
- * src/Makefile.am, src/benchmark-common.c, src/benchmark-tls.c,
- src/benchmark.c, src/benchmark.h, tests/eagain-common.h: Added
- benchmark utility that tests the encryption time in TLS packets.
+2011-09-02 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/compat.h: set_lowat was removed as a macro.
- * src/p11common.c: corrected message reporting.
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-programs.texi: simplified examples
- * src/p11common.c: Corrected PIN caching.
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-serv-pgp.c, tests/openpgp-certs/testcerts:
+ explicitly enable openpgp certtype in tests.
- * lib/gnutls_record.c: assign value
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: updated
- * lib/nettle/mpi.c: reduce the repetitions for rabin-miller to a
- sensible value.
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-14 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, m4/hooks.m4: bumped version
- * doc/cha-intro-tls.texi: discuss missing algorithms.
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib:
+ more doc on MTU.
- * NEWS: updated
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/openpgpself.c: explicitly enable openpgp certtype in tests.
- * lib/gnutls_str.c, lib/gnutls_str.h, lib/pkcs11.c: Correctly import
- and export pkcs11-urls with ID field set.
+2011-09-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi, lib/system_override.c: Added documentation
+ on asynchronous operation.
- * lib/nettle/egd.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
- lib/opencdk/read-packet.c, lib/pkcs11.c, lib/x509/common.c,
- lib/x509_b64.c, lib/x509_b64.h: eliminated last instances of
- strcpy() and strcat() to keep pendantics happy.
+2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-09 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: do not exit configure if p11-kit is not found.
- * doc/cha-intro-tls.texi: update on compatibility issues text.
+2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-09 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_priority.c: OpenPGP certificate type priority is
+ not enabled by default.
- * lib/pkcs11.c: doc update in gnutls_pkcs11_init()
+2011-08-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, doc/cha-gtls-app.texi, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c: Added %NO_EXTENSIONS
+ priority string.
- * doc/cha-preface.texi: removed references that produced nothing in
- pdf.
+2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/printlist.c: doc fixes
- * doc/cha-intro-tls.texi: Added missing nodes.
+2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/testcompat-main: disabled test
- * doc/cha-intro-tls.texi: Added discussion on compatibility issues.
+2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * libextra/openssl_compat.c, libextra/openssl_compat.h: removed old
+ and unused compatibility functions.
- * libextra/gnutls_openssl.c: undef X509_NAME before including
- openssl.h.
+2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
+ lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/output.c,
+ lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ libextra/gnutls_openssl.c, src/crywrap/crywrap.c: corrected sign
+ type errors for integers.
- * NEWS, doc/cha-gtls-app.texi, lib/accelerated/intel/aes-x86.c,
- lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
- lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_errors.c,
- lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_global.h,
- lib/gnutls_handshake.c, lib/gnutls_record.c,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
- src/serv.c: Added gnutls_global_set_audit_log_function() that allows
- associating TLS session with several important issues.
+2011-08-30 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_record.c: Corrected error checking in
+ _gnutls_send_int().
- * NEWS, lib/x509/crq.c: updates
+2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi: doc updates
- * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
- lib/x509/crq.c, lib/x509/x509_write.c, tests/crq_key_id.c: Added
- gnutls_x509_crq_verify().
+2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, src/certtool-cfg.c, src/common.h: removed unneeded header.
+ Documented updates.
- * doc/manpages/certtool.1, src/Makefile.am, src/certtool-common.c,
- src/certtool-common.h, src/certtool.c, src/common.c,
- src/p11common.c, src/p11common.h, src/pkcs11.c: certtool can now
- load private keys and public keys from PKCS #11 tokens (via URLs).
+2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/nettle/ecc.h, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
+ lib/nettle/ecc_mulmod.c, lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_verify_hash.c: Avoid assert() and do not include
+ needless headers.
- * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_import_url() will
- correctly set algorithm of private key.
+2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/testcompat: skip if datefudge is not available
- * src/Makefile.am, src/certtool.c, src/p11tool.c: No libgnutls-extra
- is required for certtool or p11tool.
+2011-08-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/x86.h: Modified cpuid for 32-bit x86 to avoid a
+ gcc issue (not finding a register).
- * tests/rng-fork.c: Do not use /tmp for temporary file. Just use the
- local (test) directory.
+2011-08-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, src/Makefile.am, src/benchmark-cipher.c,
+ src/benchmark-tls.c, src/benchmark.h, src/cli-gaa.c, src/cli-gaa.h,
+ src/cli.gaa: Benchmark applications were incorporated to gnutls-cli
- * tests/hostname-check.c: Added a check to verify that we don't try
- forever trying to verify too many wildcards.
+2011-08-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/algorithms/ciphersuites.c: Corrected DH-ANON ciphersuite
+ names.
- * THANKS, lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
- lib/x509/rfc2818_hostname.c: _gnutls_hostname_compare() was
- incredibly slow when over ten wildcards were present. Set a limit on
- 6 wildcards to avoid any denial of service attack. Reported by Kalle
- Olavi Niemitalo.
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-cert-auth.texi, doc/gnutls-pgp.eps, doc/gnutls-x509.eps:
+ updated figures.
- * lib/gnutls_str.c, lib/opencdk/misc.c: Use c_toupper to avoid
- converting characters non in the english ASCII set. Reported by
- Kalle Olavi Niemitalo.
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/x509/x509.c: XmppAddr -> UTF8String
- * lib/x509/verify-high.c: use > 0 instead of == 1.
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-03 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c,
+ lib/x509/x509.c: more updates in private key copy.
- * .gitignore, NEWS, lib/gnutls_cert.c,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/x509/verify-high.c, tests/Makefile.am,
- tests/x509cert.c: Added gnutls_certificate_get_issuer() to allow
- getting the issuer a certificate from the certificate credentials
- structure.
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-04-30 Andreas Metzler <address@hidden>
+ * lib/accelerated/intel/aes-x86.h: removed unused variable.
- * doc/manpages/p11tool.1: escape dashes in manpage Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-01 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/privkey.c,
+ lib/x509/x509.c: gnutls_certificate_set_x509_key() and
+ gnutls_certificate_set_openpgp_key() operate as in gnutls 2.10.x and
+ do not require to hold the structures.
- * .gitignore, gl/m4/.gitignore, gl/m4/byteswap.m4,
- gl/m4/codeset.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
- gl/m4/func.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4,
- gl/m4/hmac-md5.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
- gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
- gl/m4/inttypes-pri.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
- gl/m4/ld-version-script.m4, gl/m4/lock.m4, gl/m4/md5.m4,
- gl/m4/memmem.m4, gl/m4/memxor.m4, gl/m4/nls.m4, gl/m4/po.m4,
- gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/strcase.m4,
- gl/m4/strdup.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
- gl/m4/threadlib.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4,
- gl/m4/valgrind-tests.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4,
- gl/m4/vsnprintf.m4, gl/tests/.gitignore, gl/tests/intprops.h,
- gl/tests/test-byteswap.c, gl/tests/test-func.c,
- gl/tests/test-hmac-md5.c, gl/tests/test-md5.c,
- gl/tests/test-strings.c, gl/tests/test-strverscmp.c,
- gl/tests/test-u64.c, gl/tests/test-vasprintf.c,
- gl/tests/test-vsnprintf.c: Added missing m4 gl files.
+2011-08-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-05-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c: removed unused variables.
- * NEWS: documented previous updates.
+2011-08-26 Nikos Mavrogiannopoulos <address@hidden>
-2011-04-30 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_record.c: Allow out-of-order change_cipher_spec in
+ DTLS.
- * tests/suite/testcompat-main: Check for openssl 1.0.x to test DTLS.
+2011-08-24 Nikos Mavrogiannopoulos <address@hidden>
-2011-04-28 Ludovic Courtès <address@hidden>
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi, doc/examples/ex-cert-select-pkcs11.c,
+ lib/gnutls_buffers.c, lib/gnutls_pubkey.c, lib/gnutls_record.c:
+ documentation changes.
- * guile/modules/Makefile.am, guile/modules/gnutls/build/tests.scm,
- guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
- guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
- guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
- guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
- guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm: guile:
- Fix tests to match the `exit' behavior introduced in Guile 2.0.1. This
fix makes tests behave correctly wrt. to the Guile bug fix at
+2011-08-24 Nikos Mavrogiannopoulos <address@hidden>
-
<http://git.sv.gnu.org/cgit/guile.git/commit/?id=e309f3bf9ee910c4772353ca3ff95f6f4ef466b5>.
+ * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
+ gnutls/extra.h is not required for SRP.
-2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls.pc.in: removed pakchois dependency
+ * doc/latex/gnutls.tex: leave an empty page
-2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac: updated for release
+ * doc/cha-auth.texi, doc/cha-bib.texi, doc/cha-cert-auth.texi,
+ doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/latex/gnutls.bib, doc/latex/gnutls.tex: documentation updates
-2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
- * tests/x509dn.c: added missing header.
+ * lib/nettle/rnd.c: unlock rnd mutex on error.
-2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/Makefile.am: pass tag=CC to libtool. It
- seems automake cannot really work with assembler sources.
+ * doc/cha-bib.texi, doc/latex/gnutls.bib: bibliography updated
-2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-22 Andreas Metzler <address@hidden>
- * lib/gnutls_pcert.c, lib/openpgp/gnutls_openpgp.c: documentation
- fixes.
+ * lib/libgnutls.map: Export export_gnutls_openpgp_privkey_sign_hash.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2011-04-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk: start counting from 2009 for ChangeLog.
+ * lib/gnutls_buffers.c, lib/system.c: AIX check moved to system.c.
-2011-04-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
- * tests/hostname-check.c: Removed incorrect test on IPAddresses (was
- relying on IPaddresses encoded as text)
+ * src/crywrap/crywrap.c: Handle memory allocation errors.
-2011-04-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() will
- never compare against IPaddress. (previous comparison was flawed)
+ * doc/manpages/Makefile.am, doc/manpages/crywrap.8: The crywrap
+ manpage was removed due to license reasons.
-2011-04-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-22 Ludovic Courtès <address@hidden>
- * doc/examples/ex-cert-select.c, lib/auth/cert.c, lib/auth/cert.h,
- lib/gnutls_cert.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/certtool.c,
- src/cli.c, tests/x509dn.c: Added
- gnutls_certificate_set_retrieve_function2() to replace
- gnutls_certificate_set_retrieve_function(). The new one is a
- efficient for busy servers because it eliminates the need for the
- server to encode the certificate to DER format.
+ * guile/tests/priorities.scm: guile: Fix `priorities' test to use
+ `run-test'. This is a followup to commit
+ cd7b8102316cd4151356c4b2b7909c7435593890 ("guile: Fix tests to match
+ the `exit' behavior introduced in Guile 2.0.1.").
-2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_alert.c, lib/gnutls_errors.c,
- lib/includes/gnutls/gnutls.h.in: Added GNUTLS_E_USER_ERROR
+ * src/crywrap/Makefile.am: include README to distribution.
-2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth/cert.c, lib/ext/signature.c, lib/ext/signature.h,
- lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
- lib/libgnutls.map: Eliminated the need for sign_algo in
- gnutls_pcert_st. This means that we don't follow RFC5246 by letter,
- but there wasn't any other implementation using the sign_algorithm
- part of the certificate selection, and this helps reduce complexity.
+ * lib/gnutls_ui.c: documentation fixes.
-2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * src/cfg/Makefile.am, src/cfg/README: Added readme for libcfg.
+ * doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/scripts/mytexi2latex: Use texinfo's word break.
-2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: No need to check for -maes and -mpclmul with the
- current AES-NI code.
+ * NEWS, m4/hooks.m4: updated for release
-2011-04-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: updated
+ * src/crywrap/Makefile.am: Added missing file
-2011-04-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/abstract_int.h, lib/auth/cert.c,
- lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
- lib/auth/rsa_export.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
- lib/ext/signature.h, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
- lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_privkey.c,
- lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
- lib/gnutls_x509.h, lib/includes/gnutls/abstract.h,
- lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
- lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
- lib/pkcs11_int.h, lib/x509/common.h, lib/x509/pkcs12_encr.c,
- lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_int.h: Combined external abstract API
- with internal usage of gnutls_cert. This results to a
- gnutls_pcert_st struct exported in abstract.h. This change will allow
a certificate retrieval callback that does
- not require gnutls to decode or encode the provided certificate.
+ * po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
+ po/uk.po.in: Sync with TP.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_priority.c: Restored HMAC-MD5 for compatibility.
- Although considered weak, several sites require it for connection.
- It is enabled for "NORMAL" and "PERFORMANCE" priority strings.
+ * lib/Makefile.am: corrected typo
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-x86.c: Try to detect AES-NI on Intel and
- AMD machines only.
+ * lib/gnutls_buffers.c: Added hack for AIX systems that may not set
+ errno property on EAGAIN.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-20 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/README, lib/accelerated/intel/aes-x86.c,
- lib/accelerated/intel/asm/appro-aes-x86-64.s,
- lib/accelerated/intel/asm/appro-aes-x86.s,
- lib/accelerated/intel/asm/x64_iaesx64.s,
- lib/accelerated/intel/asm/x86_iaesx86.s,
- lib/accelerated/intel/iaes_asm_interface.h,
- lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt:
- Added Andy Polyakov's version of AES-NI optimizations.
+ * doc/examples/ex-cert-select-pkcs11.c: simplified PKCS #11 token
+ example.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: more files to ignore
+ * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ lib/gnutls_record.c, lib/system_override.c: documentation updates
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * src/tests.c: COMP-ZLIB -> COMP-DEFLATE
+ * .gitignore: updated ignored files.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, m4/hooks.m4: Link with pthreads.
+ * tests/resume.c: Corrected session resumption test.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * doc/Makefile.am: read API from new directories as well.
+ * tests/utils.c: Avoid using vfprintf() and use a combination of
+ vsnprintf and fputs instead. My gnulib has issues with them.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/Makefile.am: corrected filename
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4: added vfprintf-posix
+ (needed by tests)
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext/session_ticket.c: removed conditional compilation
+ * configure.ac: depend on p11-kit 0.4+.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext/session_ticket.h: removed conditional compilation.
+ * NEWS, lib/Makefile.am, lib/auth/cert.c, lib/auth/cert.h,
+ lib/gnutls_cert.c, lib/gnutls_str_array.h, lib/gnutls_x509.c,
+ lib/openpgp/gnutls_openpgp.c: Removed the limitation of one name per
+ certificate.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/cryptodev.c: use correct header.
+ * doc/cha-auth.texi: rephrased text on anonymous authentication.
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/README: documented directories.
+ * doc/cha-programs.texi: small update in psktool
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/accelerated/Makefile.am,
- lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
- lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_global.c: Moved
- cryptodev to accelerated/
+ * NEWS: updated crywrap
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_extensions.c, lib/gnutls_handshake.c: Session tickets
- are included unconditionally.
+ * NEWS: documented changes
-2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, lib/Makefile.am, lib/auth/Makefile.am,
- lib/auth/anon.c, lib/auth/anon.h, lib/auth/cert.c, lib/auth/cert.h,
- lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
- lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk.h,
- lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
- lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
- lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
- lib/auth/srp_sb64.c, lib/auth_anon.c, lib/auth_anon.h,
- lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
- lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_dhe_psk.c,
- lib/auth_psk.c, lib/auth_psk.h, lib/auth_psk_passwd.c,
- lib/auth_psk_passwd.h, lib/auth_rsa.c, lib/auth_rsa_export.c,
- lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
- lib/auth_srp_passwd.h, lib/auth_srp_rsa.c, lib/auth_srp_sb64.c,
- lib/ext/Makefile.am, lib/ext/cert_type.c, lib/ext/cert_type.h,
- lib/ext/max_record.c, lib/ext/max_record.h,
- lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
- lib/ext/server_name.c, lib/ext/server_name.h,
- lib/ext/session_ticket.c, lib/ext/session_ticket.h,
- lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
- lib/ext/srp.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
- lib/ext_max_record.c, lib/ext_max_record.h,
- lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
- lib/ext_server_name.c, lib/ext_server_name.h,
- lib/ext_session_ticket.c, lib/ext_session_ticket.h,
- lib/ext_signature.c, lib/ext_signature.h, lib/ext_srp.c,
- lib/ext_srp.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
- lib/gnutls_cert.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
- lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
- lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
- lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.h,
- m4/hooks.m4: The auth_ and ext_ files were moved to respective
- directories.
+ * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/openpgp/gnutls_openpgp.c: gnutls_certificate_set_x509_key_file()
+ and friends support server name indication. If multiple
+ certificates are set using this function the proper one will be
+ selected during a handshake, with the limitation of a single name
+ per certificate.
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Reorganized sections in documentation.
+ * lib/x509/x509.c: Documentation fixes.
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-17 Simon Josefsson <address@hidden>
- * doc/examples/ex-cxx.cpp: removed unneeded comment.
+ * cfg.mk, src/crywrap/crywrap.c: Fix syntax-check nits.
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-15 Nikos Mavrogiannopoulos <address@hidden>
- * tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: Added missing
- headers.
+ * NEWS, lib/algorithms/ciphers.c: Added AES-256-GCM. Reported by
+ Benjamin Hof.
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.am, tests/suite/chain, tests/suite/testbig,
- tests/suite/testbig-main, tests/suite/testcompat,
- tests/suite/testcompat-main, tests/suite/x509paths/.gitignore,
- tests/suite/x509paths/README, tests/x509paths/README,
- tests/x509paths/chain: x509paths tests moved to suite/.
+ * NEWS: documented fix
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * tests/certs/cert-rsa-2432.pem, tests/certs/rsa-2432.pem,
- tests/scripts/common.sh, tests/suite/Makefile.am,
- tests/suite/testbig, tests/suite/testbig-main: Added
- interoperability tests with openssl.
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/p11common.c:
+ Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously
+ given PIN is wrong.
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Corrected SSLv2 header parsing.
+ * NEWS: documented fix
-2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * doc/credentials/x509-server-dsa.pem,
- doc/credentials/x509-server-key-dsa.pem: corrected illegal DSA key.
+ * doc/cha-programs.texi: some discussion on tokens.
-2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.am, tests/suite/testsrn: Enabled the extra
- safe renegotiation tests.
+ * lib/pkcs11.c: Corrected issue when asking multiple times for PIN.
-2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-14 Nikos Mavrogiannopoulos <address@hidden>
- * m4/hooks.m4: removed opaque PRF from m4.
+ * configure.ac: corrected configure test
-2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: removed text about select().
+ * src/crywrap/crywrap.c: dhparams have now the 'r' option.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, lib/Makefile.am: check for libdl that pakchois
- needs.
+ * src/crywrap/crywrap.c: use audit_log
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/pakchois/README: Added readme about pakchois
- and removed checks for pakchois in Makefile.am.
+ * src/crywrap/crywrap.c, src/crywrap/crywrap.h: removed unneeded
+ defintions.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, m4/hooks.m4: Reorganization in configure file.
- Pakchois is not longer checked for being present. The included
- version is always used.
+ * src/cli.c: unload_file was modified to accept a pointer.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * gl/.gitignore, gl/asprintf.c, gl/byteswap.in.h, gl/hmac-md5.c,
- gl/hmac.h, gl/md5.c, gl/md5.h, gl/memmem.c, gl/memxor.c,
- gl/memxor.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strdup.c,
- gl/strings.in.h, gl/strncasecmp.c, gl/strverscmp.c, gl/time_r.c,
- gl/u64.h, gl/unistd.h, gl/vasprintf.c, gl/vsnprintf.c,
- gl/warn-on-use.h, gl/wchar.h: Added missing gnulib files
+ * NEWS, src/crywrap/Makefile.am, src/crywrap/crywrap.c: corrected
+ child process cleanup and added option to specify diffie hellman
+ parameters file.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto-api.c: Added missing const.
+ * .gitignore: more files to ignore
-2011-04-12 Ludovic Courtès <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/certtool-common.c, src/certtool.c, src/p11tool.c,
- tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
- Don't include <gcrypt.h> when it's not needed.
+ * doc/manpages/crywrap.8, src/crywrap/crywrap.c,
+ src/crywrap/crywrap.h: Corrected crywrap's verification procedure.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-internals.texi: fixed and updates in documentation
+ * src/serv.c: use gnutls_sec_param_to_pk_bits() for DH parameter
+ generation.
-2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls-crypto-layers.eps: Updated crypto layers documentation.
+ * .gitignore, configure.ac, doc/manpages/Makefile.am,
+ doc/manpages/crywrap.8, gl/Makefile.am, gl/alphasort.c,
+ gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
+ gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
+ gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
+ gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/basename-lgpl.c,
+ gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h,
+ gl/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseeko.c, gl/fseterr.c,
+ gl/fseterr.h, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c,
+ gl/getopt_int.h, gl/getsubopt.c, gl/isnan.c, gl/isnand-nolibm.h,
+ gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
+ gl/isnanl.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/dirent_h.m4,
+ gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
+ gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/exponentd.m4,
+ gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
+ gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getopt.m4,
+ gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
+ gl/m4/lstat.m4, gl/m4/malloca.m4, gl/m4/math_h.m4,
+ gl/m4/mempcpy.m4, gl/m4/mode_t.m4, gl/m4/nocrash.m4, gl/m4/open.m4,
+ gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/putenv.m4,
+ gl/m4/rawmemchr.m4, gl/m4/scandir.m4, gl/m4/setenv.m4,
+ gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4,
+ gl/m4/strchrnul.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
+ gl/m4/symlink.m4, gl/m4/sysexits.m4, gl/m4/vfprintf-posix.m4,
+ gl/m4/vprintf-posix.m4, gl/math.in.h, gl/mempcpy.c,
+ gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c,
+ gl/printf-frexpl.h, gl/rawmemchr.c, gl/rawmemchr.valgrind,
+ gl/scandir.c, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
+ gl/sleep.c, gl/strchrnul.c, gl/strchrnul.valgrind, gl/stripslash.c,
+ gl/strndup.c, gl/strnlen.c, gl/sysexits.in.h, gl/tests/Makefile.am,
+ gl/tests/dummy.c, gl/tests/dup2.c, gl/tests/fpucw.h,
+ gl/tests/getcwd-lgpl.c, gl/tests/ignore-value.h, gl/tests/lstat.c,
+ gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind,
+ gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
+ gl/tests/putenv.c, gl/tests/same-inode.h, gl/tests/setenv.c,
+ gl/tests/stat.c, gl/tests/symlink.c, gl/tests/test-argp-2.sh,
+ gl/tests/test-argp.c, gl/tests/test-dirent.c, gl/tests/test-dup2.c,
+ gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
+ gl/tests/test-frexp.c, gl/tests/test-frexpl.c,
+ gl/tests/test-fseeko3.c, gl/tests/test-fseeko3.sh,
+ gl/tests/test-fseterr.c, gl/tests/test-getcwd-lgpl.c,
+ gl/tests/test-getopt.c, gl/tests/test-getopt.h,
+ gl/tests/test-getopt_long.h, gl/tests/test-ignore-value.c,
+ gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
+ gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
+ gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
+ gl/tests/test-lstat.c, gl/tests/test-lstat.h,
+ gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
+ gl/tests/test-math.c, gl/tests/test-open.c, gl/tests/test-open.h,
+ gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
+ gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
+ gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
+ gl/tests/test-signbit.c, gl/tests/test-sleep.c,
+ gl/tests/test-stat.c, gl/tests/test-stat.h,
+ gl/tests/test-strchrnul.c, gl/tests/test-strnlen.c,
+ gl/tests/test-symlink.c, gl/tests/test-symlink.h,
+ gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
+ gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
+ gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
+ gl/tests/unsetenv.c, gl/vfprintf.c, gl/vprintf.c, m4/hooks.m4,
+ src/Makefile.am, src/crywrap/Makefile.am, src/crywrap/README,
+ src/crywrap/crywrap.c, src/crywrap/crywrap.h, src/crywrap/primes.h:
+ Added crywrap to the distributed programs.
-2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/aes-x86.c,
- lib/accelerated/intel/asm/x64_do_rdtsc.s,
- lib/accelerated/intel/asm/x86_do_rdtsc.s, tests/cipher-test.c:
- Updates in the AES-NI accelerator.
+ * lib/accelerated/intel/.gitignore: files to ignore
-2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto-api.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map:
- Added gnutls_cipher_set_iv().
+ * doc/cha-internals.texi: doc updates
-2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * tests/Makefile.am, tests/cipher-test.c: Added test vectors for
- AES,SHAxxx and MD5.
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi,
+ doc/cha-ciphersuites.texi, doc/cha-errors.texi,
+ doc/cha-functions.texi, doc/cha-gtls-app.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-support.texi: do not use capitals in
+ index names.
-2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/intel/aes-x86.c, lib/crypto.c,
- lib/includes/gnutls/crypto.h: Increased priority of CPU assisted
- ciphers.
+ * .gitignore, doc/latex/.gitignore: more files to ignore.
-2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: Do not rely on lowat being set.
+ * NEWS, lib/pkcs11.c: If a module is dlopened twice, then
+ deinitialize the second load.
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/accelerated/Makefile.am, lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/README: Added README explaining the usage of
- Intel AES library.
+ * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_record.c:
+ documentation updates
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Corrected parsing error in TLS, when many
- handshake messages were packed in a single record message.
+ * doc/cha-library.texi: memory handling section is no longer
+ applicable
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, configure.ac, lib/accelerated/Makefile.am,
- lib/accelerated/accelerated.c, lib/accelerated/aes-x86.c,
- lib/accelerated/aes-x86.h, lib/accelerated/intel/Makefile.am,
- lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
- lib/accelerated/intel/asm/x64_do_rdtsc.s,
- lib/accelerated/intel/asm/x64_iaesx64.s,
- lib/accelerated/intel/asm/x86_do_rdtsc.s,
- lib/accelerated/intel/asm/x86_iaesx86.s,
- lib/accelerated/intel/iaes_asm_interface.h,
- lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt,
- m4/gcc.m4: fixes in acceleration detection. Added Intel's library
- code for AES-NI acceleration.
+ * doc/cha-gtls-app.texi: Added discussion on DTLS functionality
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * guile/modules/gnutls/build/enums.scm, lib/libgnutls.map,
- libextra/Makefile.am: Purged all references of LZO.
+ * doc/cha-programs.texi, doc/cha-support.texi, doc/cha-tls-app.texi:
+ corrected typos
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: removed duplicate test
+ * doc/cha-gtls-app.texi: updated openssl text
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-cxx.cpp, gl/time.in.h: No need to under restrict
- for C++. Only use config.h.
+ * doc/cha-gtls-app.texi: correct typos
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/gnutls.h.in, lib/system_override.c:
- gnutls_transport_set_global_errno() is no more.
+ * doc/manpages/gnutls-cli.1: do not escape \#
-2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * tests/eagain-common.h, tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
- tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
- tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c:
- Combined the safe renegotiation tests with the again-common lib.
+ * doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: more updates
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, doc/cha-intro-tls.texi, doc/cha-preface.texi,
- doc/cha-programs.texi, lib/gnutls_compress.c, lib/gnutls_errors.c,
- lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, libextra/gnutls_extra.c, m4/hooks.m4: Support for
- liblzo was dropped.
+ * doc/cha-bib.texi, doc/cha-preface.texi, doc/latex/gnutls.bib:
+ Added reference to anderson's book
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac: bumped version
+ * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/gnutls-certificate-user-use-case.eps,
+ doc/gnutls-extensions.eps, doc/gnutls.texi,
+ doc/scripts/mytexi2latex, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c:
+ Internals section updated.
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-12 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, gl/time.h, gl/time.in.h: updated time.h.in
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/examples/ex-crq.c,
+ lib/gnutls_pubkey.c, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/x509.h, lib/pkcs11.c, lib/pkcs11_write.c,
+ lib/x509/crq.c: Documentation updates. gnutls_x509_crq_sign2() and
+ gnutls_x509_crl_sign2() were removed from the deprecate list to ease
+ generation of crl and crq structures.
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c, lib/gnutls_dtls.c, lib/gnutls_mem.c,
- lib/gnutls_psk.c, lib/gnutls_record.c,
- lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c,
- lib/pkcs11_privkey.c, lib/x509/verify-high.c, lib/x509/verify.c:
- Corrected documentation of several API functions.
+ * doc/alert-printlist.c, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-programs.texi, doc/errcodes.c,
+ doc/printlist.c: updates
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi, doc/cha-library.texi: documentation
- updates.
+ * doc/latex/gnutls.tex: changed paper size.
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/scripts/gdoc, doc/scripts/sort2.pl: remove perl warnings from
- scripts.
+ * lib/gnutls_global.c: doc update
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, lib/Makefile.am, lib/accelerated/Makefile.am,
- lib/accelerated/accelerated.c, lib/accelerated/accelerated.h,
- lib/accelerated/aes-x86.c, lib/accelerated/aes-x86.h,
- lib/accelerated/x86.h, lib/gnutls_global.c, m4/gcc.m4: Added support
- for x86 intel AES instruction acceleration if detected.
+ * doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: reduced
+ space taken by descriptions.
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * gl/time.h, gl/unistd.h, gl/warn-on-use.h, gl/wchar.h: Added gl/
- files.
+ * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: more updates.
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk: corrected po directory and build-aux paths.
+ * NEWS: documented fixes
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/Makefile.am: include gnulib files.
+ * lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h:
+ Force alignment for AES-NI to the runtime rather than on the
+ structures. Corrects issue on some systems (reported by Andreas
+ Radke).
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: updated TODO
+ * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, lib/system_override.c: Added session
+ initialization discussion
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgp-certs/testselfsigs: Use --infile in certtool to
- avoid issues with streams in windows. Patch by LRN.
+ * doc/cha-cert-auth.texi: more updates
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/opencdk/armor.c: Changes armor.c to be able to handle both LF
- and CRLF inputs (output is still either LF-only or CRLF-only
- depending on the platform). Patch by LRN. Optimizations in the usage
of strlen().
+ * doc/cha-auth.texi, doc/cha-gtls-app.texi, lib/gnutls_psk.c,
+ lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: updated
+ documentation
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-10 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c, src/psk.c, src/serv.c, src/srptool.c, src/tests.c:
- Define variables within the intended scope (not windows). Based on
- patch by LRN.
+ * lib/pkcs11.c: document flags
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/pkcs11.c:
- Use getpass.h (from gnulib). Patch by LRN.
-
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/pakchois/dlopen.c: Return correct value for dlclose() in
- windows. Patch by LRN.
-
-2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/openpgp-auth.c: Disable openpgp-auth run in windows due to
- lack of socketpair(). Patch by LRN.
-
-2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * Makefile.am: gl before lib or libextra
-
-2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * ChangeLog: generated
-
-2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS: updated
-
-2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
- doc/examples/Makefile.am, doc/examples/ex-client-udp.c,
- doc/examples/udp.c, lib/gnutls_state.c: Added documentation for
- Datagram TLS.
-
-2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * cfg.mk: updated
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/chainverify.c: disable test in windows.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/mini-x509-rehandshake.c, tests/openpgp-auth.c,
- tests/openpgp-auth2.c: corrected leaks in tests.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_cert.c, lib/gnutls_pk.c: corrected memory leak on RSA
- signatures.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/common.c: more leaks fixed in common.c
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_pubkey.c: Corrected leaks in gnutls_pubkey_t
- deinitialization.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/verify-high.c: fix in trusted_list certificate
- deinitialization.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_privkey.c: correction in deinitialization of privkey.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/mini-x509-rehandshake.c, tests/mini-x509.c: combined more
- tests with eagain-common.h.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_dh_common.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
- lib/nettle/pk.c, lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
- lib/pkcs11.c, lib/x509/verify-high.c, tests/mini-x509.c: Corrected
- memory leaks.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * build-aux/arg-nonnull.h, build-aux/c++defs.h,
- build-aux/config.rpath, build-aux/warn-on-use.h, cfg.mk,
- gl/Makefile.am, gl/m4/.gitignore, gl/m4/gnulib-cache.m4,
- gl/m4/gnulib-comp.m4: added valgrind from gnulib.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Do not run the
- test scripts in win32 environment.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * cfg.mk: use the system wide gnulib-tool.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore: updated
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS: updated
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/suite/ecore/src/lib/ecore_exe.c: include priority headers
- unconditionally.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * configure.ac, tests/Makefile.am, tests/suite/Makefile.am,
- tests/suite/Makefile.in: Better way of not including the tests/suite
- directory. Based on discussion with LRN and Vincent Torri.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore, Makefile.am, cfg.mk, configure.ac,
- doc/examples/Makefile.am, doc/gendocs_template, gl/.gitignore,
- gl/Makefile.am, gl/accept.c, gl/alignof.h, gl/alloca.c,
- gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c,
- gl/c-ctype.c, gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h,
- gl/close.c, gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h,
- gl/fclose.c, gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/ftello.c,
- gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
- gl/getpass.c, gl/getpass.h, gl/gettext.h, gl/gettime.c,
- gl/gettimeofday.c, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h,
- gl/listen.c, gl/lseek.c, gl/m4/.gitignore, gl/m4/00gnulib.m4,
- gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/asm-underscore.m4,
- gl/m4/autobuild.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
- gl/m4/errno_h.m4, gl/m4/error.m4, gl/m4/extensions.m4,
- gl/m4/fclose.m4, gl/m4/float_h.m4, gl/m4/fseeko.m4,
- gl/m4/ftello.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
- gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
- gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
- gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
- gl/m4/hostent.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
- gl/m4/inet_pton.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
- gl/m4/ioctl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
- gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
- gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/memchr.m4,
- gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/multiarch.m4,
- gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/perror.m4,
- gl/m4/printf.m4, gl/m4/read-file.m4, gl/m4/readline.m4,
- gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
- gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4,
- gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
- gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
- gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
- gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
- gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
- gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
- gl/m4/timespec.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
- gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/version-etc.m4,
- gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
- gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
- gl/memchr.c, gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
- gl/perror.c, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
- gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/read-file.c,
- gl/read-file.h, gl/readline.c, gl/readline.h, gl/realloc.c,
- gl/recv.c, gl/select.c, gl/send.c, gl/setsockopt.c, gl/shutdown.c,
- gl/size_max.h, gl/snprintf.c, gl/socket.c, gl/sockets.c,
- gl/sockets.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
- gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h,
- gl/stdlib.in.h, gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
- gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
- gl/tests/.gitignore, gl/tests/Makefile.am, gl/tests/binary-io.h,
- gl/tests/dummy.c, gl/tests/fcntl.in.h, gl/tests/getpagesize.c,
- gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/macros.h,
- gl/tests/signature.h, gl/tests/sys_ioctl.in.h,
- gl/tests/test-alignof.c, gl/tests/test-alloca-opt.c,
- gl/tests/test-arpa_inet.c, gl/tests/test-binary-io.c,
- gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
- gl/tests/test-fcntl-h.c, gl/tests/test-fseeko.c,
- gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
- gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
- gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
- gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c,
- gl/tests/test-lseek.c, gl/tests/test-lseek.sh,
- gl/tests/test-memchr.c, gl/tests/test-netdb.c,
- gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
- gl/tests/test-perror.sh, gl/tests/test-read-file.c,
- gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
- gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c,
- gl/tests/test-select.c, gl/tests/test-snprintf.c,
- gl/tests/test-sockets.c, gl/tests/test-stdbool.c,
- gl/tests/test-stddef.c, gl/tests/test-stdint.c,
- gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
- gl/tests/test-strerror.c, gl/tests/test-string.c,
- gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
- gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
- gl/tests/test-sys_time.c, gl/tests/test-sys_wait.h,
- gl/tests/test-time.c, gl/tests/test-unistd.c,
- gl/tests/test-update-copyright.sh, gl/tests/test-vasnprintf.c,
- gl/tests/test-vc-list-files-cvs.sh,
- gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
- gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
- gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
- gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/vasnprintf.c,
- gl/vasnprintf.h, gl/verify.h, gl/version-etc-fsf.c,
- gl/version-etc.c, gl/version-etc.h, gl/w32sock.h, gl/wchar.in.h,
- gl/xsize.h, guile/src/Makefile.am, lib/Makefile.am,
- lib/configure.ac, lib/gcrypt/Makefile.am, lib/gl/Makefile.am,
- lib/gl/alignof.h, lib/gl/alloca.in.h, lib/gl/asnprintf.c,
- lib/gl/asprintf.c, lib/gl/byteswap.in.h, lib/gl/c-ctype.c,
- lib/gl/c-ctype.h, lib/gl/close-hook.c, lib/gl/close-hook.h,
- lib/gl/errno.in.h, lib/gl/float+.h, lib/gl/float.in.h,
- lib/gl/fseeko.c, lib/gl/ftello.c, lib/gl/gettext.h, lib/gl/lseek.c,
- lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
- lib/gl/m4/asm-underscore.m4, lib/gl/m4/byteswap.m4,
- lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
- lib/gl/m4/extensions.m4, lib/gl/m4/fcntl-o.m4,
- lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4, lib/gl/m4/ftello.m4,
- lib/gl/m4/func.m4, lib/gl/m4/getpagesize.m4, lib/gl/m4/gettext.m4,
- lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
- lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-common.m4,
- lib/gl/m4/gnulib-comp.m4, lib/gl/m4/gnulib-tool.m4,
- lib/gl/m4/iconv.m4, lib/gl/m4/include_next.m4,
- lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4, lib/gl/m4/intldir.m4,
- lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
- lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
- lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
- lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
- lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
- lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
- lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
- lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
- lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
- lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
- lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
- lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
- lib/gl/m4/socketlib.m4, lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4,
- lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4,
- lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
- lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
- lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
- lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
- lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
- lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
- lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
- lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
- lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar_h.m4,
- lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4, lib/gl/m4/xsize.m4,
- lib/gl/malloc.c, lib/gl/memchr.c, lib/gl/memchr.valgrind,
- lib/gl/memmem.c, lib/gl/minmax.h, lib/gl/netdb.in.h,
- lib/gl/override/lib/gc-libgcrypt.c.diff,
- lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
- lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
- lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
- lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
- lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
- lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
- lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
- lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
- lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
- lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
- lib/gl/tests/binary-io.h, lib/gl/tests/dummy.c,
- lib/gl/tests/getpagesize.c, lib/gl/tests/init.sh,
- lib/gl/tests/intprops.h, lib/gl/tests/macros.h,
- lib/gl/tests/signature.h, lib/gl/tests/test-alloca-opt.c,
- lib/gl/tests/test-binary-io.c, lib/gl/tests/test-binary-io.sh,
- lib/gl/tests/test-byteswap.c, lib/gl/tests/test-c-ctype.c,
- lib/gl/tests/test-errno.c, lib/gl/tests/test-fseeko.c,
- lib/gl/tests/test-fseeko.sh, lib/gl/tests/test-fseeko2.sh,
- lib/gl/tests/test-ftello.c, lib/gl/tests/test-ftello.sh,
- lib/gl/tests/test-ftello2.sh, lib/gl/tests/test-ftello3.c,
- lib/gl/tests/test-func.c, lib/gl/tests/test-memchr.c,
- lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
- lib/gl/tests/test-snprintf.c, lib/gl/tests/test-sockets.c,
- lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
- lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
- lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
- lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
- lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
- lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-time.c,
- lib/gl/tests/test-unistd.c, lib/gl/tests/test-vasnprintf.c,
- lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
- lib/gl/tests/test-verify.sh, lib/gl/tests/test-vsnprintf.c,
- lib/gl/tests/test-wchar.c, lib/gl/tests/zerosize-ptr.h,
- lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
- lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
- lib/gl/verify.h, lib/gl/vsnprintf.c, lib/gl/w32sock.h,
- lib/gl/wchar.in.h, lib/gl/xsize.h, lib/gnutls_int.h,
- lib/m4/hooks.m4, lib/minitasn1/Makefile.am, lib/nettle/Makefile.am,
- lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, lib/po/LINGUAS,
- lib/po/Makevars, lib/po/POTFILES.in, lib/po/cs.po.in,
- lib/po/de.po.in, lib/po/fr.po.in, lib/po/it.po.in, lib/po/ms.po.in,
- lib/po/nl.po.in, lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in,
- lib/po/zh_CN.po.in, lib/x509/Makefile.am, libextra/Makefile.am,
- libextra/configure.ac, libextra/gl/Makefile.am,
- libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
- libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
- libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
- libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
- libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
- libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
- libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
- libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
- libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
- libextra/gl/override/lib/md5.c.diff, libextra/m4/hooks.m4,
- m4/hooks.m4, po/LINGUAS, po/Makevars, po/POTFILES.in, po/cs.po.in,
- po/de.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
- po/pl.po.in, po/sv.po.in, po/vi.po.in, po/zh_CN.po.in,
- src/Makefile.am, tests/suite/Makefile.in: Use a single configure.ac.
- This speed ups compilation and reduces duplication of code (multiple
- gl/ libraries etc.). This saves about 2mb in distributed size
- (compressed).
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/certtool-cfg.c: Avoid using readline.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c: initialized ret in _gnutls_writev_emu().
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/includes/gnutls/x509.h: doc fix
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/system.c: removed unneeded variable.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_cert.c: Corrected check for an unknown sign algorithm.
- Patch by LRN.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/openpgp/output.c: Do not use %e in strftime. Use %d instead
- which is identically available in windows as well. Based on patch
- by LRN.
-
-2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/output.c, tests/certuniqueid.c: Fixed mismatch in size_t
- size. Patch by LRN.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/system.c, lib/system_override.c: Correctly set errno in win32
- using gnutls_transport_set_global_errno(). Based on patch by LRN.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/eagain-common.h, tests/mini-eagain-dtls.c,
- tests/mini-eagain.c, tests/mini.c: Avoid using
- gnutls_transport_set_global_errno() and use
- gnutls_transport_set_errno() instead.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/system_override.c: win32 fixes for set_global_errno().
- Suggested by LRN.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/benchmark.c: Win32 changes for benchmark. Patch by LRN.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
- tests/pskself.c, tests/resume.c, tests/rng-fork.c, tests/x509dn.c,
- tests/x509self.c: win32 fixes. Patch by LRN.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c: minor modification in write_emu().
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c:
- simplified cdk_trim_string() to make it safer to use.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/privkey_pkcs8.c: correctly reset params.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/crl.c, lib/x509/x509.c: use correct pointer size.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: correctly compare sign algorithm_st.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/Makefile.am, lib/opencdk/context.h,
- lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
- lib/opencdk/verify.c: removed unused code
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/armor.c: null terminate the armored string
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c: properly null terminate string.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/common.c, src/pkcs11.c: check PIN size.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/srptool.c: check salt size.
-
-2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/read-packet.c: more clear bounds checking
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/privkey.c: initialize e and d.
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/pkcs11_write.c: deinitialize pks variable only when needed.
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/openpgp/pgpverify.c: Initialize verify.
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c: initialize session_id_size.
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/misc.c, lib/opencdk/opencdk.h: removed unneeded
- function.
-
-2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/pakchois/pakchois.c: correctly traverse slots
-
-2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * guile/src/core.c: avoid using a freed pointer.
-
-2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/pkcs11.c: Initialize tinfo using the initially available
- information.
-
-2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c: corrected debugging info.
-
-2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/eagain-common.h, tests/mini-eagain-dtls.c,
- tests/mini-eagain.c, tests/mini.c: The mini-* programs were
- combined.
-
-2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: Do not cleanup bufel after it has been
- inserted into buffer.
-
-2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_mbuffers.c: Combined dequeue with remove_front() and
- pop_first().
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/examples/Makefile.am: Compile ex-cert-select-pkcs11 as a
- separate program.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
- lib/gnutls_int.h, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/system.h, tests/Makefile.am,
- tests/eagain-common.h, tests/mini-eagain-dtls.c,
- tests/mini-eagain.c, tests/utils.c: Added support for non-blocking
- DTLS. Added mini-eagain-dtls to test its operation. Improved
- mini-eagain.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/nettle/init.c: gcrypt.h is not really needed. Reported by
- David Reiser.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/srptool.c: corrected header inclusion.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/Makefile.am, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c,
- src/crypt.gaa, src/srptool-gaa.c, src/srptool-gaa.h, src/srptool.c,
- src/srptool.gaa: crypt.* renamed to srptool.*.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_srp.c: Corrected bug in gnutls_srp_verifier() that
- prevented the allocation of a verifier. Reported by Andrew Wiseman.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c, src/crypt.gaa:
- Added debug option to srptool.
-
-2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/cha-cert-auth.texi: Documented p11-kit.
-
-2011-04-02 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/cha-library.texi: corrected typo
-
-2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/scripts/common.sh: Added copyright.
-
-2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
-
- * configure.ac, tests/Makefile.am, tests/dsa/testdsa,
- tests/openpgp-certs/testcerts, tests/scripts/Makefile.am,
- tests/scripts/common.sh: Reorganized scripts that use test servers,
- based on patch by Cedric Arbogast.
-
-2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/certtool-gaa.c, src/certtool.gaa: Create certificate request
- with stricter permissions. Reported by Luca Capello.
-
-2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/openpgp-certs/Makefile.am: enabled testcerts.
-
-2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/openpgp-certs/testcerts: made more silent.
-
-2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Made scripts
- bourne shell compliant and not bash.
-
-2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * THANKS: e-mail addresses are not directly recognizable.
-
-2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/stream.c: Corrected access to freed memory location.
- Reported by Vitaly Kruglikov.
-
-2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * THANKS: added Mark and Vitaly to THANKS.
-
-2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/system.c: Corrected windows system_errno() function. Reported
- and patch by Mark Brand.
-
-2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/includes/gnutls/compat.h: C++ compatibility fix for compat.h.
- Suggested by Mark Brand.
-
-2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/verify.c: Corrected uninitialized var deinitiation.
- Reported by Vitaly Kruglikov.
-
-2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_sig.c: eliminate compiler warning. Reported by Andreas
- Metzler.
-
-2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fix size of
- gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE
- definition. Reported by Andreas Metzler.
-
-2011-03-24 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS: included news of 2.12.0
-
-2011-03-24 Nikos Mavrogiannopoulos <address@hidden>
-
- * guile/tests/Makefile.am: added missing files.
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
- lib/pkcs11.c, lib/x509/crl.c: documentation fixes.
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/dsa/testdsa: Added DSA tests for client certificates as
- well.
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_handshake.c,
- lib/gnutls_sig.c, lib/includes/gnutls/abstract.h, lib/x509/verify.c:
- Simplified signature algorithm selection.
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c: The processed messages go to stdout.
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_privkey.c: updated documentation
-
-2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/gnutls_int.h,
- lib/includes/gnutls/gnutls.h.in: Increased GNUTLS_MAX_ALGORITHM_NUM
- to 32. The gnutls_*_list() functions generate the list of algorithm
- on the spot and no longer require a static duplicate list of
- algorithms. This comes at a cost of not being thread safe (which is
- not significant since those functions are only used for special
- purposes).
-
-2011-03-21 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_privkey.c: corrected parameter.
-
-2011-03-21 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
- lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/x509/privkey.c:
- Documentation fixes and cleanups.
-
-2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c: define variable locally
-
-2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c, src/serv.c: use IP_DONTFRAG if it is defined.
-
-2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
- lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
- lib/gnutls_int.h, lib/gnutls_record.c,
- lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
- src/cli.c, src/common.h, src/serv.c, src/udp-serv.c: Avoided waiting
- for peer's retransmission to ensure receipt of finished messages,
- and used a 'timer'-like to retransmit packets.
-
-2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map:
- added gnutls_dtls_get_data_mtu().
-
-2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/dsa/testdsa: make gnutls-cli more quiet.
-
-2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * configure.ac, tests/Makefile.am, tests/dsa/Makefile.am,
- tests/dsa/cert.dsa.1024.pem, tests/dsa/cert.dsa.2048.pem,
- tests/dsa/cert.dsa.3072.pem, tests/dsa/dsa.1024.pem,
- tests/dsa/dsa.2048.pem, tests/dsa/dsa.3072.pem, tests/dsa/testdsa,
- tests/suite/Makefile.in: Added test to verify connections with DSA
- keys of various sizes.
-
-2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/certtool.c: warn on generation of DSA keys of over 1024 bits.
-
-2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_sig.c,
- lib/includes/gnutls/gnutls.h.in: Return a special error code if DSA
- keys with over 1024 are being used with TLS 1.x, x<2.
-
-2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/nettle/pk.c: truncate hash size when asking to sign or verify
- DSA with a longer hash.
-
-2011-03-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/system.c: Check for rejected connections
- in system_recv_timeout().
-
-2011-03-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/system_override.c: quickly discuss callback format.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c: When sending multiple cookies due to
- verification errors do not increase the handshake sequence number
- only the record sequence.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * AUTHORS: updated Jonathan
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/openpgp-auth.c: Added check for RSA ciphersuite in openpgp
- keys.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/openpgp/privkey.c: read correct algorithm when decrypting data
- and use correct number of private parameters.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * libextra/gnutls_extra.c: added missing ret.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_cert.c: Set type when sending empty openpgp key.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/nettle/rnd.c, tests/Makefile.am, tests/rng-fork.c: Corrected
- nettle's RNG behavior on fork and added a test case.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * guile/tests/openpgp-auth.scm: enabled RSA and removed debugging.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
- tests/openpgp-auth.c, tests/openpgp-auth2.c: gnutls_pubkey_t and
- gnutls_privkey_t can import either an openpgp subkey or a master
- key.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * guile/tests/openpgp-auth.scm, guile/tests/openpgp-elg-pub.asc,
- guile/tests/openpgp-elg-sec.asc, guile/tests/openpgp-keys.scm,
- guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc: split the
- pgp keys to elgamal and dsa.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
- lib/openpgp/pgp.c, lib/openpgp/privkey.c: introduced
- GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: On unknown public key algorithms return
- Unknown name.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_privkey.c: Read the public key algorithm from the
- selected subkey and not the master key when importing to a
- gnutls_privkey.
-
-2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/openpgp/gnutls_openpgp.c, tests/openpgpself.c: Documentation
- fixed. Added fresh keys to test.
-
-2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/openpgpself.c: Test openpgp authentication with DSA-2048 bit
- keys as well.
-
-2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/openpgp/pgp.c: gnutls_openpgp_crt_get_auth_subkey() will no
- longer return an unsupported subkey.
-
-2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/verify.c: Corrected verification of DSA-2048 keys.
- Reported by address@hidden
-
-2011-03-14 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/cha-intro-tls.texi: Added
- gnutls_transport_set_vec_push_function().
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map,
- src/udp-serv.c: updated cookie negotiation to use only a prestate
- structure and avoids setting data to cookie.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_handshake.c: Use DTLS 1.0 instead of SSL 3.0 headers on
- client hello in DTLS.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_errors.c,
- lib/includes/gnutls/dtls.h, lib/libgnutls.map, src/udp-serv.c: Added
- photuris-like resource protection on the server. Added
- gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
- gnutls_dtls_cookie_set() to avoid initializing a session before
- cookie is verified.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/crypto-api.c, lib/ext_session_ticket.c,
- lib/includes/gnutls/gnutls.h.in: added gnutls_key_generate() to API.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_session_ticket.c: Avoid the usage of structures where the
- attribute packed is assumed.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
- lib/gnutls_handshake.c: renamed gnutls_handshake_buffer_* functions
- to gnutls_handshake_hash_buffer_* to separate from new API functions
- and corrected its usage.
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: Added DSA-SHA256, DSA-SHA224 and
- RSA-SHA224 to the supported signature algorithms list. Suggested by
- address@hidden
-
-2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_constate.c, lib/gnutls_constate.h,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c:
- session->internals.compression_method was removed. It was no longer
- required since the new compression algorithm was stored to next
- epoch as well.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
- lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.h:
- _gnutls_is_dtls() is no more. IS_DTLS() is being used instead.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_session_ticket.c: do not print debugging output on
- non-fatal errors.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_session_ticket.c, lib/gnutls_cipher.c,
- lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_record.c:
- Properly reset the SSL 3.0 MAC algorithm.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_errors.h,
- lib/gnutls_handshake.c, lib/x509/verify-high.c: cleanups. Introduced
- gnutls_assert_val_fatal() that only prints debugging messages on
- non-fatal errors.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_alert.c: Added string for GNUTLS_A_SSL3_NO_CERTIFICATE.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h:
- gnutls_version_has_variable_padding is not really needed. A check
- for SSL3.0 is more clear.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
- lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c:
- Corrected SSL2 client hello handling.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: do not set default record version (i.e. SSL
- 3.0) during a re-handshake.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_priority.c: default behavior is to send SSL3.0 client
- hellos.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
- corrected ssl3 record version sending in client hello.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS, doc/cha-intro-tls.texi, lib/gnutls_buffers.c,
- lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map: gnutls_transport_set_lowat() is no more.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_record.c: some cleanups
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
- gnutls_x509_trust_list_verify_crt shortens the provided certificate
- list based on the existing trusted CAs.
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutlsxx.cpp,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/dtls.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
- lib/libgnutls.map, libextra/includes/gnutls/openssl.h, src/cli.c,
- src/serv.c: gnutls_init_dtls() was made redundant. The same for
- gnutls_end_connection_t which was replaced by a flags integer..
-
-2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_psk.c, lib/auth_psk.h, lib/ext_session_ticket.c,
- lib/ext_srp.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
- lib/pkcs11_int.h, lib/system.c, lib/system.h, lib/x509/mpi.c,
- lib/x509/verify.c, src/certtool-common.h, src/certtool.c,
- src/common.c, src/pkcs11.c, src/udp-serv.c: Corrected types.
-
-2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
- src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
- src/udp-serv.c, src/udp-serv.h: Added --mtu option.
-
-2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c: properly re-generate headers of fragmented
- packets.
-
-2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_state.c: increased initial retransmission time to 1
- sec.
-
-2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_handshake.c: In DTLS do not hash messages that
- shouldn't be hashed (i.e. hello verify request).
-
-2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_cipher.c: Corrected size check in block encrypted
- records.
-
-2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_handshake.c: Corrected behavior
- in normal TLS handshake.
-
-2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * libextra/Makefile.am: link libgnutls-extra against libgcrypt if
- required. Based on patch by Andreas Metzler
- <address@hidden>
-
-2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS, lib/m4/hooks.m4, libextra/Makefile.am: increased the so
- version of libgnutls-openssl.
-
-2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_session_ticket.c, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
- lib/gnutls_errors.c, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
- lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c,
- lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_v2_compat.c,
- lib/includes/gnutls/gnutls.h.in: Added intermediate handshake layer
- that will order handshake packets and drop duplicates.
-
-2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: handle non fatal errors when receiving record
- headers.
-
-2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_cipher.c: memcpy -> memmove.
-
-2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_int.h: removed GMAX
-
-2011-03-02 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/certtool.c: Allow providing no password for PKCS #12 structure
- generation. Reported by Daniel Kahn Gillmor.
-
-2011-03-02 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/certtool-cfg.c: consistently print all interactive questions
- to stderr. Reported by Daniel Kahn Gillmor.
-
-2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
- lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
- lib/gnutls_record.c, lib/gnutls_state.c: combined all the record
- buffers in one.
-
-2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
- lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
- lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c:
- internal buffering for record and handshake data changed from
- gnutls_buffers to gnutls_mbuffers.
-
-2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
- lib/gnutls_record.c, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in: Removed last pieces of inner
- application.
-
-2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: some cleanups
-
-2011-03-01 Ludovic Courtès <address@hidden>
-
- * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
- guile/tests/x509-auth.scm: guile: Change tests to use priority
- strings.
-
-2011-03-01 Ludovic Courtès <address@hidden>
-
- * src/Makefile.am: Add `udp-serv.h' to the distribution.
-
-2011-02-28 Andreas Metzler <address@hidden>
-
- * lib/libgnutls.map: fix duplicate symbols in version script These
three symbols are listed both in the GNUTLS_2_8 and the
- GNUTLS_2_10 section. binutils uses the first occurence, drop the
- second one. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2011-02-28 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/cha-intro-tls.texi: updates on -ALL priorities.
-
-2011-02-28 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/ext_signature.c: Restrict the signature algorithms we
- advertize to SHA1 and SHA256.
-
-2011-02-28 Ludovic Courtès <address@hidden>
-
- * lib/includes/Makefile.am: Add `gnutls/dtls.h' to the distribution.
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * guile/modules/system/documentation/c-snarf.scm: guile: Fix
- docstring extraction with CPP 4.5+.
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * doc/Makefile.am: Pass the right CPPFLAGS when building Guile doc.
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * doc/cha-intro-tls.texi, guile/src/core.c: Add nodes for the
- subsections of "The TLS Handshake Protocol".
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * lib/Makefile.am: Add `lib/gnutls_dtls.h' to the distribution.
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
- guile/modules/gnutls/build/priorities.scm, guile/src/core.c,
- guile/src/errors.c, guile/src/errors.h, guile/tests/Makefile.am,
- guile/tests/priorities.scm: guile: Wrap
- `gnutls_priority_set_direct'; deprecate the old method.
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * doc/scripts/gdoc, doc/scripts/sort2.pl: Avoid hard-coded
- /usr/bin/perl (trick taken from Gnulib.)
-
-2011-02-27 Ludovic Courtès <address@hidden>
-
- * libextra/gnutls_extra.c: Fix LZO-enabled builds.
-
-2011-02-24 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/nettle/rnd.c: Detect fork() in the random number generator and
- reseed.
-
-2011-02-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_state.c: use timeouts closer to DTLS
- RFC.
-
-2011-02-23 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, lib/system_override.c: Renamed
- gnutls_transport_set_push_function2() to
- gnutls_transport_set_vec_push_function().
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/compat.h,
- lib/libgnutls.map, lib/x509/crq.c: Remove
- gnutls_x509_crq_get_preferred_hash_algorithm.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/libgnutls.map: Remove dropped functions.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/x509/crl_write.c: Add deprecated docstring.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/x509/crq.c: Fix deprecated docstring.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/x509/privkey.c: Fix docstring.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/gnutls_pubkey.c: Fix docstring of new function.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/gnutls_cert.c: Fix docstring for deprecated functions.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/gnutls_sig.c: Make it build.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/openpgp/privkey.c: Fix docstring of deprecated function.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/gnutls_pubkey.c: Fix docstrinf of new function.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * doc/reference/gnutls-docs.sgml: Fix typo.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * doc/reference/gnutls-docs.sgml: Improve text.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/x509/crl.c: Doc fix of new function.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/x509/privkey.c: Fix
- docstring of deprecated functions.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/crq.c,
- lib/x509/sign.c, tests/x509sign-verify.c: Rename
- gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and
- gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash. These were
added during the 2.11 cycle where we don't promise ABI
- compatibility.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * doc/gnutls-crypto-layers.eps: Add doc/gnutls-crypto-layers.eps.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * doc/Makefile.am: Dist gnutls-crypto-layers.*.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/Makefile.am: Add abstract_int.h.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * .gitignore: Ignore more.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * lib/Makefile.am: Link with -lnettle too.
-
-2011-02-20 Simon Josefsson <address@hidden>
-
- * doc/Makefile.am, doc/cha-programs.texi, lib/gnutls_privkey.c,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/openpgp/pgp.c: Fix syntax-check warnings.
-
-2011-02-22 Ludovic Courtès <address@hidden>
-
- * guile/modules/gnutls/build/enums.scm: guile: Remove
- GNUTLS_A_INNER_APPLICATION_FAILURE and
- GNUTLS_A_INNER_APPLICATION_VERIFICATION.
-
-2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_session_pack.c: store entities as numbers to avoid
- issues in big-little endian machines.
-
-2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: documented the DTLS sequence particularities.
-
-2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_handshake.c,
- lib/gnutls_record.c, lib/gnutls_record.h,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/udp-serv.c:
- Added gnutls_record_recv_seq() that can return the sequence number
- of the record packet, in addition to data.
-
-2011-02-21 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: reorganized and simplified gnutls_recv_int().
- It will discard invalid DTLS packets.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_constate.h, lib/gnutls_record.c: Discard messages that
- contain a different epoch than the current one.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: renamed internal function to reflect
- functionality.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
- lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c:
- Implemented a sliding window-like thing to discard replayed packets.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c: gnutls-cli shouldn't print errors on EAGAIN and
- INTERRUPTED.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_num.c: corrected uint48pp.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_constate.c, lib/gnutls_mbuffers.c, lib/gnutls_state.c:
- Epoch garbage collector is being run when handshake is being cleaned
- up.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
- lib/gnutls_state.c: skip replays in handshake packets.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_record.c: Forbid SSL v.2 client hello in DTLS.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_int.h: removed unneeded
- variables.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mbuffers.c:
- Cleanups in combination of DTLS and TLS buffers.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
- lib/auth_srp.c, lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
- lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_sig.c,
- lib/opencdk/main.h, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
- lib/openpgp/privkey.c, lib/x509/common.c, lib/x509/dn.c,
- lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c,
- lib/x509/verify.c, lib/x509/x509_write.c, lib/x509_b64.c:
- gnutls_x509_log replaced with gnutls_audit_log.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
- lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Return a
- more precise mtu unit to applications.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/udp-serv.c: restart handshake on signals.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c:
- reference counting in epochs is being done using functions.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_dtls.c,
- lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
- lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
- gnutls_dtls_g/set_mtu() to allow setting and getting the DTLS mtu
- from application.
-
-2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
- lib/gnutls_int.h, lib/gnutls_state.c: Combined DTLS buffers and
- normal TLS buffers.
-
-2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/Makefile.am, lib/ext_session_ticket.c, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
- lib/system.h, lib/system_override.c, src/Makefile.am,
- src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
- src/udp-serv.c, src/udp-serv.h: Changes to allow DTLS server side to
- operate. Added a simple UDP server on gnutls-serv. Server other
- cleanups.
-
-2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_errors.c, lib/gnutls_int.h,
- lib/gnutls_state.c, lib/includes/gnutls/dtls.h,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Allow
- setting the DTLS timeouts explicitly.
-
-2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/TODO: updated.
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_cert.c, lib/debug.c, lib/gnutls_algorithms.c,
- lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
- lib/gnutls_cipher.h, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
- lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_mbuffers.h, lib/gnutls_num.c, lib/gnutls_num.h,
- lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
- src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Several
- updates for DTLS (client side only) to work.
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/opencdk/main.h: Increased level of opencdk debug messages.
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_sig.c: DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1
- as hash. That is we reverted to previous gnutls behavior. That
- violates DSS but all implementations handle it like that.
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
- lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_int.h: use
- similar API when caching messages in DTLS or TLS.
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: corrected is_version_supported().
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c:
- Simplified _gnutls_recv_handshake().
-
-2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/gnutls_dtls.c, lib/gnutls_handshake.c: ciphersuites have a bit
- that indicates whether they are usable with DTLS or not.
-
-2011-02-17 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_dhe.c, lib/gnutls_algorithms.c, lib/gnutls_cipher.c: fix
- for dtls.
-
-2010-10-02 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_num.c,
- lib/gnutls_num.h: dtls: Add uint48 handling functions. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-
-2010-10-02 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_record.c: dtls: Bring epoch choice on receive closer to
- the first usage. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2010-09-24 Jonathan Bastien-Filiatrault <address@hidden>
-
- * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Add DTLS
- support to command-line client. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2010-09-17 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_constate.c: dtls: Write epoch to sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2010-09-06 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c: dtls: Send consistent a client_random. This
is necessary when challenged by HelloVerifiyRequest as we MUST
- send the same client parameters. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Limit the number
- of HelloVerifyRequest round trips. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_handshake.c: dtls: TEMP: Sprinkle
- transmits. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Do
- HANDSHAKE_HELLO_VERIFY_REQUEST processing. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c: dtls: Add
- _gnutls_recv_hello_verify_request. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_record.c: Decrypt using the proper sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_cipher.c, lib/gnutls_cipher.h: dtls: Use proper record
- sequence for DTLS decrypt. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2011-02-17 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_handshake.c: corrected extdatalen
-
-2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_buffers.c: dtls: Read whole datagrams. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c: dtls: Queue outgoing handshake messages in
- the retransmission layer. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add outgoing flight buffer
- handling code. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_errors.h: Define _gnutls_dtls_log for DTLS.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_int.h, lib/gnutls_state.c: Add structures for the
- buffered outgoing flight. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_int.h, lib/gnutls_state.c: Add state for handshake mtu.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c: dtls: Fixup outgoing ClientHello hashing.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c, lib/gnutls_int.h: Add proper handshake
- outgoing sequence number. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/Makefile.am, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add
- gnutls_dtls.{c,h}. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-08-02 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_handshake.c: dtls: Remove unsuitable ciphers.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/debug.c, lib/gnutls_handshake.c,
- lib/includes/gnutls/gnutls.h.in: dtls: Add hanshake fragment headers
- when sending handshake. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: dtls:
- Add epoch and sequence number to DTLS packets. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_record.c: Use increment functions for sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2009-07-27 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_num.h,
- lib/gnutls_record.c: dtls: Add types and operations required for the
- DTLS epoch and sequence. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-07-29 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/gnutls_priority.c: Make version
- lookup transport dependent. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_state.h: dtls: Add _gnutls_is_dtls to check if a
- session uses DTLS. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-07-25 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_int.h, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add
- gnutls_init_dtls function. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2009-07-25 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_int.h: Add DTLS state. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2009-07-15 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Add
- DTLS1.0 protocol entry. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-
-2010-09-17 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
- lib/gnutls_kx.c, lib/gnutls_mbuffers.h: Allocate session buffers of
- size, depending on type of session. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-25 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_constate.c: Harmonize "d" argument between constate.c
- and compress.c. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-
-2010-09-24 Jonathan Bastien-Filiatrault <address@hidden>
-
- * src/cli-gaa.c, src/cli.gaa: Fix typo. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-
-2010-09-21 Jonathan Bastien-Filiatrault <address@hidden>
-
- * lib/gnutls_num.h: Parenthesize UINT64DATA again. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-
-2011-02-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * doc/cha-intro-tls.texi: reorganization of ciphersuite discussion.
-
-2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_priority.c: Allow using the minus "-" in the -ALL
- priority strings.
-
-2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: Added fixme note on TLS 1.2 PRF per
- ciphersuite.
-
-2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: The safe renegotiation ciphersuite is not
- required to be registered.
-
-2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_dhe_psk.c: Corrected bug in DHE-PSK in freeing
- username/key.
-
-2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c: Added ciphersuites (from RFC5487):
- TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_NULL_SHA256 TLS_DHE_PSK_WITH_NULL_SHA256
-
-2011-02-12 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS, lib/gnutls_extensions.c, lib/gnutls_sig.c: Corrected
- signature generation and verification in the Certificate Verify
- message when in TLS 1.2. Reported by Todd A. Ouska.
-
-2011-02-11 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_state.c: removed duplicate assignments.
-
-2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/nettle/cipher.c: upgraded to nettle's new GCM API.
-
-2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/m4/hooks.m4: increased the C++ library current version.
-
-2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * NEWS, lib/gnutlsxx.cpp: The C++ interface returns exception on
- every error and not only on fatal ones. This allows easier handling
- of errors.
-
-2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: removed the old
- set_priority functions.
-
-2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
-
- * src/cli.c, src/serv.c: removed more deprecated stuff.
-
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-09 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/gnutls_openssl.c, libextra/includes/gnutls/openssl.h:
- updated openssl layer to new priority functions (untested).
+ * NEWS: corrected typo
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_sig.c: removed unused variable.
+ * lib/README: removed reference to pakchois
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_sig.c: Allow DSA2 even in protocols before TLS
- 1.2.
+ * lib/pkcs11.c: Prevent from loading twice the same module.
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: set the psk callback only if username/key were not
- supplied at command line.
+ * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86.s: Added note.GNU-stack to
+ prevent marking the library as using an executable stack. Reported
+ by Andreas Metzler.
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_pk.c,
- lib/gnutls_sig.c: In TLS 1.2 under DSS use the hash algorithm
- required by DSS.
+ * configure.ac: bumped version
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-08 Nikos Mavrogiannopoulos <address@hidden>
- * tests/Makefile.am, tests/openpgp-auth.c, tests/openpgp-auth2.c:
- Added new test openpgp-auth2.c that tests openpgp under TLS1.2 and
- DSS as well.
+ * lib/accelerated/intel/asm/appro-aes-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86.s: Included appro's updates
+ to AES-NI.
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-05 Nikos Mavrogiannopoulos <address@hidden>
- * tests/anonself.c, tests/dhepskself.c, tests/mini-eagain.c,
- tests/mini.c, tests/openpgp-auth.c, tests/pskself.c, tests/resume.c:
- Modernized the test applications that now use the
- gnutls_priority_set_direct().
+ * lib/auth/cert.c: better placement of ifdefs.
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
- deprecated gnutls_*_set_priority().
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
+ doc/gnutls-extensions.eps, doc/gnutls-extensions_st.eps,
+ doc/gnutls-mod_auth_st.eps, doc/gnutls-modauth.eps,
+ doc/latex/Makefile.am, doc/latex/gnutls.tex,
+ doc/scripts/mytexi2latex: Added discussion of the provided
+ cryptographic functions. Internals is now included in the latex
+ document (needs rewrite though)
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-08-03 Simon Josefsson <address@hidden>
- * lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_max_record.c,
- lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
- lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_srp.c,
+ * lib/Makefile.am, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/cryptodev.c,
+ lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c, lib/algorithms.h,
+ lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
+ lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
+ lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
+ lib/algorithms/protocols.c, lib/algorithms/publickey.c,
+ lib/algorithms/secparams.c, lib/algorithms/sign.c,
+ lib/auth/Makefile.am, lib/auth/anon.c, lib/auth/anon.h,
+ lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h,
+ lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
+ lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
+ lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c,
+ lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c,
+ lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c,
+ lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
+ lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h,
+ lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
+ lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
+ lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
+ lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
+ lib/ext/server_name.c, lib/ext/server_name.h,
+ lib/ext/session_ticket.c, lib/ext/session_ticket.h,
+ lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
+ lib/ext/srp.h, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
+ lib/gcrypt/init.c, lib/gcrypt/mac.c, lib/gcrypt/mpi.c,
+ lib/gcrypt/pk.c, lib/gcrypt/rnd.c, lib/gnutls_alert.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
+ lib/gnutls_ecc.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
- lib/gnutls_sig.c, lib/gnutls_state.c,
- lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c: The extensions
- code is now using the gnutls_buffer_st.
-
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_algorithms.c, lib/x509/x509_int.h: Added sha224 to the
- list of MACs.
-
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/gnutls_priority.c: The PSK and SRP key exchange algorithms are
- not included in the preset priority strings.
-
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe_psk.c,
- lib/auth_psk.c, lib/auth_psk.h: Callback function is being called in
- both PSK-DHE and PSK. Using the callback function will not
- overwrite the credentials, which were wrongly being overwritten
- using the retrieved username/key. The credentials structure is now
- accessed for reading only, as it should have been.
-
-2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
-
- * configure.ac: bumped version.
-
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c,
+ lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c,
+ lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/hash.c, lib/includes/Makefile.am,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/libgnutlsxx.map, lib/locks.c,
+ lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
+ lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
+ lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
+ lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/opencdk/Makefile.am, lib/opencdk/armor.c,
+ lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
+ lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
+ lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/stream.h, lib/opencdk/types.h,
+ lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
+ lib/openpgp/compat.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c, lib/random.c, lib/random.h, lib/system.c,
+ lib/system_override.c, lib/x509/Makefile.am, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
+ lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
+ lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
+ lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c,
+ lib/x509_b64.h: Clarify license and copyright.
- * doc/cha-programs.texi: Added documentation on p11tool.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ * README: Clarify licensing.
- * doc/cha-intro-tls.texi, doc/cha-library.texi,
- doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
- lib/gnutls_priority.c, src/common.c: Moved documentation of priority
- strings to manual and removed information from manpages and function
- pages that now reference the manual section.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/AUTHORS, lib/ChangeLog, lib/NEWS, lib/autogen.sh,
+ lib/build-aux/arg-nonnull.h, lib/build-aux/c++defs.h,
+ lib/build-aux/config.rpath, lib/build-aux/warn-on-use.h,
+ libextra/AUTHORS, libextra/COPYING, libextra/ChangeLog,
+ libextra/NEWS, libextra/README, libextra/build-aux/config.rpath:
+ Remove unused files.
- * lib/auth_anon.c, lib/auth_cert.c, lib/auth_cert.h,
- lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
- lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
- lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
- lib/auth_srp_rsa.c, lib/gnutls_auth.h, lib/gnutls_kx.c,
- lib/gnutls_str.c, lib/gnutls_str.h: Simplified code in
- authentication methods by using gnutls_buffer_st instead of
- malloc/realloc.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ * libextra/includes/gnutls/extra.h: Finish removal of inner
+ application extension support.
- * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Combined
- same functions.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/abstract.h, lib/includes/gnutls/dtls.h: More
+ GTK-DOC fixes.
- * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
- lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Several updates in
- signature algorithms parsing and sending to avoid sending invalid
- signature algorithms.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
+ * .x-sc_GPL_version, .x-sc_avoid_if_before_free,
+ .x-sc_bindtextdomain, .x-sc_cast_of_alloca_return_value,
+ .x-sc_cast_of_argument_to_free, .x-sc_file_system,
+ .x-sc_m4_quote_check, .x-sc_makefile_check, .x-sc_program_name,
+ .x-sc_prohibit_HAVE_MBRTOWC, .x-sc_prohibit_S_IS_definition,
+ .x-sc_prohibit_empty_lines_at_EOF,
+ .x-sc_prohibit_strings_without_use, .x-sc_space_tab, .x-sc_the_the,
+ .x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens,
+ GNUmakefile, THANKS, build-aux/arg-nonnull.h, build-aux/c++defs.h,
+ build-aux/config.rpath, build-aux/snippet/_Noreturn.h,
+ build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
+ build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
+ build-aux/vc-list-files, build-aux/warn-on-use.h, cfg.mk,
+ configure.ac, doc/Makefile.am, gl/Makefile.am, gl/alignof.h,
+ gl/alloca.c, gl/errno.in.h, gl/error.c, gl/float.c, gl/float.in.h,
+ gl/fseek.c, gl/fseeko.c, gl/ftell.c, gl/intprops.h,
+ gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
+ gl/m4/extensions.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
+ gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
+ gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4,
+ gl/m4/getpass.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/include_next.m4,
+ gl/m4/largefile.m4, gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/md5.m4,
+ gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/memxor.m4,
+ gl/m4/mmap-anon.m4, gl/m4/po.m4, gl/m4/printf.m4,
+ gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/snprintf.m4,
+ gl/m4/strcase.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
+ gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
+ gl/m4/time_r.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
+ gl/m4/warnings.m4, gl/netdb.in.h, gl/netinet_in.in.h,
+ gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h,
+ gl/stdlib.in.h, gl/strerror-override.c, gl/strerror-override.h,
+ gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/sys_socket.in.h,
+ gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_uio.in.h,
+ gl/tests/Makefile.am, gl/tests/fcntl.in.h, gl/tests/fpucw.h,
+ gl/tests/init.sh, gl/tests/macros.h, gl/tests/test-float.c,
+ gl/tests/test-fseek.c, gl/tests/test-fseek.sh,
+ gl/tests/test-fseek2.sh, gl/tests/test-ftell.c,
+ gl/tests/test-ftell.sh, gl/tests/test-ftell2.sh,
+ gl/tests/test-ftell3.c, gl/tests/test-intprops.c,
+ gl/tests/test-snprintf.c, gl/tests/test-strerror.c,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/tests/test-vsnprintf.c, gl/time.in.h, gl/timespec.h,
+ gl/unistd.in.h, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
+ lib/hash.c, lib/pkcs11_privkey.c, maint.mk, src/benchmark-cipher.c,
+ src/certtool.c, src/cli.c, src/serv.c, tests/Makefile.am,
+ tests/scripts/common.sh: Update gnulib files. Fix syntax-check
+ usage.
- * lib/gnutls_algorithms.c: Removed unused debugging code.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, README: Add NEWS entries. Use copyright ranges (now
+ permitted).
- * lib/nettle/cipher.c: Removed unneeded initialization.
+2011-08-03 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * po/LINGUAS, po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in,
+ po/sv.po.in, po/uk.po.in: Sync with TP.
- * NEWS, doc/cha-auth.texi, doc/cha-programs.texi, lib/Makefile.am,
- lib/gnutls_psk_netconf.c, lib/includes/gnutls/compat.h: Removed
- gnutls_psk_netconf_derive_key.
+2011-08-02 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/Makefile.am, doc/reference/Makefile.am,
+ doc/reference/gnutls-docs.sgml, lib/algorithms/secparams.c,
+ lib/crypto-api.c, lib/gnutls_cert.c, lib/gnutls_db.c,
+ lib/gnutls_global.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/locks.c, lib/openpgp/privkey.c,
+ lib/pkcs11.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
+ lib/random.c, lib/system_override.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: More GTK-DOC
+ improvements.
- * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/compat.h: Removed
- gnutls_certificate_verify_peers.
+2011-08-02 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/reference/Makefile.am: Simplify GTK-DOC makefile
+ IGNORE_HFILES.
- * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed
- gnutls_session_set_finished_function().
+2011-08-02 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/gnutls.h.in: updated
- * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in: Removed
- remaining TLS/IA stuff.
+2011-08-02 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/algorithms/sign.c, lib/gnutls_dtls.c, lib/gnutls_pubkey.c,
+ lib/gnutls_record.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
+ lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
+ lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_verify_hash.c, lib/pkcs11.c: Fix GTK-DOC manual.
- * src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
- src/serv-gaa.h, src/serv.gaa: Removed more leftovers from opaque PRF
- output.
+2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_record.c: detect premature termination of connection
- * lib/gnutls_record.c: Corrected return message from
- check_recv_type().
+2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: the
+ deprecated_config_file from 2.12.x was incorporated.
- * lib/nettle/mac.c: Removed upper limit on MAC algorithm key.
+2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11.c: documentation update
- * lib/gnutls_errors.c: improved premature_termination error message
+2011-08-02 Simon Josefsson <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml,
+ lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
+ lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
+ lib/gnutls_pcert.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/system_override.c, lib/x509/crl.c,
+ lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: Add
+ GTK-DOC Since: tags for 3.0.0 additions.
- * doc/reference/Makefile.am, lib/libgnutls.map: Removed leftovers
- from OPRFI extension.
+2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11_privkey.c: added asserts.
- * NEWS, lib/gnutls_errors.c, lib/gnutls_record.c,
- lib/includes/gnutls/gnutls.h.in: gnutls_recv() returns
- GNUTLS_E_PREMATURE_TERMINATION on EOF.
+2011-08-01 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * README, README-alpha: Refer to nettle alone and p11-kit.
- * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
- src/common.c, src/common.h, src/serv-gaa.c, src/serv-gaa.h,
- src/serv.c, src/serv.gaa: Removed deprecated option such as
- --protocols, ciphers etc.
+2011-08-01 Stef Walter <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11.c: Don't try to do PKCS#11 login if session is already
+ logged in. * It is possible for new PKCS#11 sessions to be logged in
if another logged in session already exists. * In these cases, don't log
in, but detect the condition and return success. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
- * NEWS: not untested.
+2011-08-01 Stef Walter <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11_privkey.c: When finding private keys fail, return error
+ code. * Previously this would result in an endless loop.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
- * src/benchmark.c: Set correct iv in GCM.
+2011-08-01 Stef Walter <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Mark the config
+ argument of gnutls_pkcs11_init() as unused * Since its no longer used.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_cipher.c, lib/gnutls_int.h: Cleanups and moved
- definitions to gnutls_int.h. AEAD modes now use the record packet
- counter as nonce.
+2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_str.h, lib/gnutls_x509.c,
+ lib/includes/gnutls/x509.h, lib/x509/x509.c, tests/x509cert.c: Added
+ GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+ gnutls_x509_crt_list_import. It checks whether the list to be
+ imported is properly sorted.
- * lib/nettle/cipher.c: Reset GCM mode when setting IV.
+2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_errors.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/gnutls.h.in: Added
+ GNUTLS_E_CERTIFICATE_LIST_UNSORTED. If a certificate list is loaded
+ then verify that it is sorted with order to starts with the subject
+ and finished with the trusted root. That way we make sure we don't
+ send data that violate the TLS protocol.
- * lib/gnutls_algorithms.c: Added more GCM ciphersuites (DHE-* and
- anonymous).
+2011-07-31 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-cert-auth.texi, doc/latex/macros.tex: documentation
+ updates.
- * lib/gnutls_priority.c: updated priorities. Removed ARCFOUR from
- the secure ciphersuites and moved GCM to bottom of the ciphers in
- performance.
+2011-07-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * ChangeLog: updated changelog
- * NEWS, lib/crypto-api.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
- lib/libgnutls.map, src/benchmark.c: Added gnutls_cipher_add_auth()
- gnutls_cipher_tag() to export the GCM interface. Updated the
- benchmark.
+2011-07-29 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: released 3.0.0
- * lib/gnutls_cert.c: removed
- gnutls_certificate_get_openpgp_keyring().
+2011-07-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: updated version
- * lib/gnutls_hash_int.c: minor optimizations.
+2011-07-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * src/certtool-gaa.c, src/certtool.gaa: Corrected typo.
- * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: inlined several small
- functions.
+2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: documented updates.
- * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_sig.c:
- Better error checking on SSL3.
+2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
+ * THANKS: Added Petr.
- * lib/gnutls_cipher.c: calculation for c_length occurs in a single
- place.
+2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_pcert.c, lib/gnutls_privkey.c,
+ lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
+ gnutls_pcert_list_import_x509_raw() and few doc fixes.
- * NEWS: unstable -> untested.
+2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls.pc.in: corrected for libnettle.
- * lib/nettle/mac.c: Increase the maximum HMAC key to account for
- anonymous ciphersuites.
+2011-06-24 Andreas Metzler <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: fix zlib handling in gnutls.pc Only add zlib to
gnutls.pc's Requies.private if zlib ships a
+ pkg-config file. Ancient (<< 1.2.3.1) versions don't. Otherwise add
+ -lz to Libs.private. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
- * lib/gnutls_hash_int.c: check the error of hash set_key.
+2011-07-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c:
+ gnutls_global_init_extra() is not needed for SRP.
- * lib/gnutls_kx.c: do not use strlen for fixed string.
+2011-07-25 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: documented changes.
- * NEWS: updated NEWS on GCM mode.
+2011-07-25 Sjoerd Simons <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_buffers.c: writev_emu: stop on the first incomplete
+ write Just like standard writev, we should only move on to the next
block
+ if all the previous ones have been successfully written out.
+ Otherwise there is a potential for data loss and/or confusing push
+ functions. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/cipher.c: Use nettle's new API for GCM.
+2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/fdl.tex: increased size of fdl.
- * src/cli.c: removed old comment
+2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11.c: Added debug message to indicate usage of
+ compatibility mode for /etc/gnutls/pkcs11.conf
- * NEWS, doc/Makefile.am, doc/cha-functions.texi,
- doc/cha-gtls-app.texi, doc/examples/Makefile.am,
- doc/examples/ex-client-tlsia.c, lib/gnutls_kx.c,
- libextra/Makefile.am, libextra/ext_inner_application.c,
- libextra/ext_inner_application.h, libextra/gnutls_extra.c,
- libextra/gnutls_ia.c, libextra/libgnutls-extra.map,
- tests/Makefile.am, tests/tlsia.c: Removed inner application
- extension.
+2011-07-24 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
+ * AUTHORS: removed pgp key from authors file.
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
- gnutls_certificate_verify_peers is deprecated.
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-04 Nikos Mavrogiannopoulos <address@hidden>
+ * ChangeLog: updated changelog.
- * lib/gcrypt/mac.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
- lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_constate.c, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c: Added
- support for GCM ciphersuites (not tested with other implementation).
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac, doc/announce.txt, m4/hooks.m4: released 2.99.4
- * lib/gnutls_int.h: Added missing definitions (GNUTLS_MASTER_SIZE
- etc).
+2011-06-29 Petr PÃsaÅ <address@hidden>
-2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_privkey.c: Honor uninitialized private key in
+ destructor Fixes bug #107730. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
- * NEWS, lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed:
- gnutls_session_get_server_random, gnutls_session_get_client_random,
- gnutls_session_get_master_secret
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
+ * src/certtool.c: Corrected initialization of key when generating
+ request. Reported by Petr Pisar.
- * lib/build-aux/config.rpath, tests/suite/Makefile.in: updated.
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: updated.
- * lib/Makefile.am, lib/gnutls.pc.in, lib/m4/hooks.m4: Add the nettle
- libs into gnutls.pc.
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_rsa_export.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: The crippled status
+ of an gnutls_x509_privkey_t was removed.
- * NEWS, lib/gnutls_cert.c, lib/gnutls_extensions.c,
- lib/includes/gnutls/compat.h, lib/m4/hooks.m4: Removed functions:
- gnutls_ext_register, gnutls_certificate_get_x509_crls,
- gnutls_certificate_get_x509_cas and bumped library version number.
+2011-07-23 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-05 Andreas Metzler <address@hidden>
+ * doc/examples/ex-pkcs11-list.c: Example compilation fix.
- * lib/configure.ac, lib/gnutls.pc.in, lib/m4/hooks.m4: [PATCH 1/4]
- adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to
- AC_LIB_HAVE_LINKFLAGS [PATCH 2/4] pkg-config: Move libtasn1 from
- Libs.private to Requires.private since libtasn1 provides a .pc file.
- [PATCH 3/4] pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private.
- This library only contains gnutls itself nowadays, which is in Libs
- already. [PATCH 4/4] pkg-config: If gnutls is built with zlib
- support list zlib in Requires.private.
+2011-07-07 Stef Walter <address@hidden>
-2011-02-04 Simon Josefsson <address@hidden>
+ * configure.ac, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
+ Use p11_kit_pin_xxx() functionality when 'pinfile' is in uris. * This
allows other apps to register a handler for a specific
+ pinfile and then that application will be able to provide the PIN
+ for those URIs. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
- * doc/cha-ciphersuites.texi, doc/signatures.texi: Fix MD2
- documentation. Suggested by "brian m. carlson" <address@hidden> in
- debian bug #464625.
+2011-07-22 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11.c: Added compatibility mode with
+ /etc/gnutls/pkcs11.conf
- * doc/README.CODING_STYLE: updated coding style.
+2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-tls-app.texi: Updates in upward negotiation section.
- * NEWS: documented gnutls_session_get_* deprecated functions.
+2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/latex/gnutls.bib: Corrected bibliography
- * tests/x509paths/README: updated README on certificate
- verifications that fail.
+2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/cha-programs.texi, doc/cha-tls-app.texi: corrected section
+ names.
- * NEWS, src/certtool-common.h, src/certtool-gaa.c,
- src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added new
- functionality to certtool, and can verify certificates against a
- list of CAs using the --verify option.
+2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-library.texi, doc/cha-support.texi, lib/gnutls_errors.c,
+ lib/gnutls_srp.c: Updated information on required libraries.
- * lib/x509/verify.c, tests/chainverify.c: Time checks were moved to
- _gnutls_verify_certificate2(). This allows for straightforward
- chain verification, and thus better printing of the chain output,
- although some checks might be performed in duplicate. As a
- side-effect better errors are returned (or precisely more
- combinations of verification errors), thus chainverify test was
- affected.
+2011-07-21 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi, doc/cha-preface.texi:
+ Corrected typos.
- * lib/x509/verify-high.c: Set memory to zero on allocation.
+2011-06-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/.gitignore, doc/Makefile.am, doc/alert-printlist.c,
+ doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi, doc/gnutls.texi,
+ doc/latex/Makefile.am, doc/latex/gnutls.tex, doc/latex/macros.tex,
+ doc/scripts/gdoc, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
+ doc/scripts/split.pl, lib/gnutls_x509.c: updated function listing.
- * doc/cha-gtls-app.texi: fix in contents.
+2011-06-28 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map: Added gnutls_alert_get_strname().
- * doc/examples/examples.h: prototype fix.
+2011-06-27 Nikos Mavrogiannopoulos <address@hidden>
-2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
+ lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
+ lib/algorithms/protocols.c, lib/algorithms/publickey.c,
+ lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
+ lib/auth/psk.c, lib/auth/rsa_export.c, lib/crypto-api.c,
+ lib/crypto-backend.c, lib/ext/max_record.c,
+ lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
+ lib/ext/session_ticket.c, lib/gcrypt/mpi.c, lib/gnutls_alert.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
+ lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
+ lib/nettle/ecc_verify_hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/sig-check.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
+ lib/random.c, lib/x509/common.c, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/output.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
+ lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_write.c: documentation fixes
- * doc/examples/ex-verify.c, lib/gnutls_cert.c,
- lib/includes/gnutls/x509.h, lib/x509/verify-high.c, src/certtool.c:
- gnutls_x509_trust_list_init() has an extra argument that allows
- fine-tuning of the used memory.
+2011-06-23 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/COPYING, lib/accelerated/accelerated.c,
+ lib/accelerated/cryptodev.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
+ lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/dhe.c,
+ lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/psk.c,
+ lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
+ lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
+ lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
+ lib/debug.c, lib/ext/cert_type.c, lib/ext/ecc.c,
+ lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
+ lib/ext/server_name.c, lib/ext/session_ticket.c,
+ lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_alert.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
+ lib/gnutls_db.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_dtls.c, lib/gnutls_ecc.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_helper.c,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mem.c,
+ lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pcert.c,
+ lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
+ lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/hash.c, lib/locks.c, lib/nettle/cipher.c,
+ lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
+ lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
+ lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
+ lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
+ lib/opencdk/main.c, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
+ lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
+ lib/opencdk/seskey.c, lib/opencdk/sig-check.c,
+ lib/opencdk/stream.c, lib/opencdk/write-packet.c,
+ lib/openpgp/compat.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c, lib/random.c, lib/system.c,
+ lib/system_override.c, lib/x509/common.c, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/key_decode.c,
+ lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
+ lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
+ lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_write.c, lib/x509_b64.c: Upgraded to
+ LGPLv3.
-2011-02-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-23 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-bib.texi: Updated references of rfc5081 to rfc6091.
+ * doc/latex/cover.tex.in: updated cover.
-2011-02-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
- doc/examples/ex-verify.c: Documented the new verification functions.
+ * doc/latex/fdl.tex: improvements on fdl.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c, tests/sha2/sha2: Modified output to not confuse
- earlier scripts.
+ * AUTHORS: Added LRN.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: Better output when removing certificates from
- list.
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/cha-programs.texi, doc/scripts/mytexi2latex: documentation
+ updates.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs1-padding/pkcs1-pad: Modified to work on new certtool -e
- output.
+ * NEWS, lib/gnutls_srp.c, lib/gnutls_srp.h: gnutls_srp_verifier()
+ returns data allocated with gnutls_malloc() for consistency.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-21 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/examples/ex-verify.c, lib/auth_cert.h,
- lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/x509/crl.c, lib/x509/x509.c, src/certtool.c,
- tests/certificate_set_x509_crl.c: The internal subsystem uses the
- new certificate verification functions. This has the side effect of
- deprecating gnutls_certificate_get_x509_crls() and
- gnutls_certificate_get_x509_cas() that can no longer operation since
- they relied on internal structures.
+ * lib/gnutls_errors.c: reduced error message.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-gtls-app.texi, doc/examples/ex-verify.c,
- lib/Makefile.am, lib/hash.c, lib/hash.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map,
- lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/verify-high.c,
- lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
- src/certtool.c: Added a new API to verify certificates. It is more
- efficient and can be used to get details about the verification
- procedure.
+ * doc/cha-intro-tls.texi: simplified text.
-2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
- * tests/x509paths/chain: better output in chain output.
+ * doc/latex/fdl.tex, doc/latex/gnutls.tex: FDL is now included using
+ a tiny font.
-2011-01-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/x509.h, lib/x509/crl.c,
- lib/x509/verify.c, lib/x509/x509.c: exported
- gnutls_x509_crl_get_raw_issuer_dn()
+ * doc/cha-auth.texi, doc/cha-intro-tls.texi,
+ doc/examples/ex-client1.c, doc/scripts/mytexi2latex: Tables were
+ also made floating
-2011-01-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/x509.c: corrected typos
+ * doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/scripts/mytexi2latex: figures were made floating.
-2011-01-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois.c: CKR_CRYPTOKI_ALREADY_INITIALIZED is not
- treated as an error, and Finalize is not called in that case.
+ * doc/latex/cover.tex.in, doc/scripts/mytexi2latex: Added
+ high-quality pdf images.
-2011-01-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
- lib/openpgp/privkey.c: Reverted removal of
- gnutls_openpgp_privkey_sign_hash() to retain compatibility with
- 2.10.x. That function is now deprecated instead.
+ * .gitignore, doc/latex/.gitignore: more files to ignore
-2011-01-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c: Added checks before importing keys and
- updated documentation.
+ * configure.ac, doc/Makefile.am, doc/cha-auth.texi,
+ doc/cha-bib.texi, doc/cha-cert-auth.texi,
+ doc/cha-ciphersuites.texi, doc/cha-errors.texi,
+ doc/cha-functions.texi, doc/cha-gtls-app.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
+ doc/cha-support.texi, doc/cha-tls-app.texi, doc/errcodes.c,
+ doc/examples/ex-client1.c, doc/examples/ex-pkcs11-list.c,
+ doc/examples/ex-serv-anon.c, doc/gnutls.texi,
+ doc/latex/Makefile.am, doc/latex/cover.tex.in, doc/latex/fdl.tex,
+ doc/latex/gnutls.bib, doc/latex/gnutls.tex, doc/latex/macros.tex,
+ doc/printlist.c, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
+ doc/signatures.texi: updated documentation to allow latex output.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.in: updated Makefile.in
+ * lib/gnutls_record.c, lib/x509/crq.c, lib/x509/x509.c,
+ lib/x509/x509_write.c: corrected typos
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-19 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-crq.c, lib/configure.ac,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/x509.h, src/certtool.c, tests/crq_key_id.c:
- fixes in internal build with the new deprecated functions. We allow
- them to be used since they are inter-dependent.
+ * doc/cha-cert-auth.texi, doc/examples/Makefile.am,
+ doc/examples/ex-cert-select.c, doc/examples/ex-client-udp.c,
+ doc/examples/ex-crq.c, doc/examples/ex-pkcs11-list.c,
+ doc/examples/ex-session-info.c, doc/examples/ex-verify.c: indented
+ code. Corrected PKCS #11 example.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/x509_int.h: replaced old gnutls_pk_algorithm.
+ * doc/Makefile.am: added missing file.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h: depends on gnutls/x509.h to compile.
+ * AUTHORS, NEWS, lib/includes/gnutls/gnutls.h.in, m4/hooks.m4:
+ bumped version.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-18 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/x509/crl_write.c: deprecated gnutls_x509_crl_sign(),
- gnutls_x509_crl_sign2() and
- gnutls_x509_crq_get_preferred_hash_algorithm().
+ * NEWS, lib/gnutls_errors.c, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, lib/pkcs11_write.c, src/p11tool-gaa.c,
+ src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
+ src/pkcs11.c: Added new PKCS #11 flags to force an object being
+ private or not. Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE. p11tool supports now the
+ --no-private and --private options.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-17 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/x509/crq.c: Deprecated gnutls_x509_crq_sign2() and
- gnutls_x509_crq_sign() in favor for gnutls_x509_crq_privkey_sign().
+ * src/p11common.c: Limit the number of attempts with the same PIN,
+ to avoid attempting again and again with a wrong PIN.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-17 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/libgnutls.map: minor fixes.
+ * lib/pkcs11_write.c: When writing an object with CKA_TRUSTED set
+ CKA_PRIVATE explicitly to FALSE, to allow the SO to write it.
+ Reported by Rickard Bellgrim.
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/x509/privkey.c, lib/x509/x509.c,
- src/certtool.c, tests/cve-2009-1415.c, tests/x509sign-verify.c:
- gnutls_x509_crt_verify_hash: DEPRECATED gnutls_x509_crt_verify_data:
- DEPRECATED gnutls_x509_crt_get_verify_algorithm: DEPRECATED
- gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED Removed the
- new gnutls_x509_privkey_sign_data2() and
- gnutls_x509_privkey_sign_hash2(). That functionality will be only in
the abstract.h pubkey and privkey
- structures, to avoid duplication for every certificate type.
+ * THANKS: updated
-2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * src/serv.c: Simplified macro to snprintf() in order to prevent
- issues caused when snprintf() is a macro itself. Reported and
- initial patch by Camillo Lugaresi.
+ * src/pkcs11.c: removed unneeded test.
-2011-01-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.in: Revert "Remove, it is generated." This
reverts commit de3a601e502b24f047412a161085f7fbd898b3f3 because
- this file is not automatically generated (not included in top
- Makefile.am).
+ * lib/pkcs11.c: Enforce the GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO even if
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN is specified.
-2011-01-02 Simon Josefsson <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4: Specify minimum libgcrypt version.
+ * src/Makefile.am, src/p11common.c, src/pkcs11.c: Use common code
+ for PKCS #11 callbacks across clients. Require SO login to write a
+ trusted object.
-2010-12-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-internals.texi: Added discussion on crypto backend for
- crypto libraries and /dev/crypto.
+ * lib/algorithms/ciphersuites.c, lib/ext/safe_renegotiation.h: bit
+ fields changed to unsigned.
-2010-12-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/x509/crq.c, lib/x509/privkey.c, lib/x509/sign.c: Renamed
- gnutls_privkey_sign_data() to gnutls_privkey_sign_data2() to match
- the similar function gnutls_x509_privkey_sign_data2().
- gnutls_x509_privkey_sign_data() was deprecated.
+ * lib/gnutls_pubkey.c, lib/x509/privkey.c: Moved null check before
+ initialization.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_str.c: Extra sanity check.
+ * lib/opencdk/keydb.c: removed unreachable code warning
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_srp_passwd.c: Use snprintf() to print an integer.
+ * lib/opencdk/hash.c, lib/opencdk/main.h, lib/opencdk/stream.c,
+ lib/opencdk/write-packet.c: eliminated wipemem().
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/output.c: Use snprintf() to print IPs. There was a check
- just before that, but be safe, just in case.
+ * lib/gnutls_pk.c: corrected uninitialized variable warning.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-16 Rickard Bellgrim <address@hidden>
- * doc/cha-auth.texi: Use SRP for password authentication.
+ * lib/pkcs11_write.c: The CKA_SUBJECT must be specified for a
+ certificate. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, lib/gnutls_cert.c, lib/gnutls_extensions.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_state.c,
- lib/includes/gnutls/compat.h, lib/x509/privkey.c: Do not include
- deprecated functions to library documentation.
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/pkcs11.c: When
+ setting the TRUSTED flag login as security officer.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
- lib/x509/privkey.c: gnutls_x509_privkey_verify_data() was
- deprecated.
+ * lib/pkcs11_write.c: write label in PKCS #11 privkey.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pubkey.c: Documented key usage of pubkey.
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c: define ck_bool_t to be compatible with PKCS #11
+ bool type.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pubkey.c: Set public key bits on all import functions.
- Issue reported by Murray Kucheawy.
+ * configure.ac: ignore more warnings.
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-09 Stef Walter <address@hidden>
- * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c:
- gnutls_pkcs11_privkey_sign_data(),
- gnutls_pkcs11_privkey_sign_hash2() and
- gnutls_pkcs11_privkey_decrypt_data() were removed. The abstract.h
- functions should be used instead.
+ * lib/Makefile.am, lib/pkcs11_int.h, lib/pkcs11_spec.h: Use pkcs11.h
+ specification file from p11-kit. * Remove one included briefly in
gnutls. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-09 Stef Walter <address@hidden>
- * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/openpgp.h,
- lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
- lib/openpgp/privkey.c: Removed the newly added functions:
- gnutls_openpgp_privkey_sign_hash2(),
- gnutls_openpgp_privkey_sign_data2(),
- gnutls_openpgp_crt_verify_hash() That way the operations in
- abstract.h should be used to get the same functionality, and API
- will be kept simple and easier to maintain. The corresponding
- gnutls_x509_* are kept for backwards compatibility.
+ * lib/pkcs11.c, src/cli.c, src/p11common.c, src/pkcs11.c,
+ tests/suite/mini-eagain2.c: Fix up compiler warnings. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_sig.c: Do not be strict on RSA hash algorithm selection
- for signatures.
+ * lib/pkcs11_spec.h: Added missing file
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_cert.h, lib/gnutls_sig.c, lib/gnutls_x509.c: Removed
- unneeded definitions, and more careful deinitializations in
- parse_der_cert_mem().
+ * doc/cha-cert-auth.texi: document new config file format and path.
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-07 Stef Walter <address@hidden>
- * tests/pathlen/ca-no-pathlen.pem,
- tests/pathlen/no-ca-or-pathlen.pem: updated certificates to account
- for extra null byte added in negative numbers.
+ * configure.ac, doc/examples/Makefile.am, lib/Makefile.am,
+ lib/auth/cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/pakchois/README,
+ lib/pakchois/dlopen.c, lib/pakchois/dlopen.h,
+ lib/pakchois/errors.c, lib/pakchois/pakchois.c,
+ lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c, src/Makefile.am, src/certtool-common.c,
+ src/certtool.c, src/cli.c, src/p11tool.c, src/serv.c: The attached
+ patch ports gnutls to p11-kit. p11-kit is added as a dependency.
+ p11-kit itself has no dependencies outside of basic libc stuff. The
+ source code for p11-kit is available both in git and tarball form.
+ [3] If the gnutls dependency on p11-kit is disabled (via a configure
+ option) then the PKCS#11 support is disabled. This is useful in bare
+ bones embedded systems or places where very minimal dependencies are
+ limited.
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/cve-2009-1415.c: Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.
+ * doc/manpages/Makefile.am: updated
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c: Corrected bug in gnutls_privkey_sign_data().
+ * lib/pkcs11.c, lib/pkcs11_privkey.c: Return error code when an
+ object is not found. Only request for token insertion if the
+ expected data is not found. Based on patch by Stef Walter.
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_sig.c: some fixes in pk_prepare_hash().
+ * configure.ac: Depend on automake 1.11.
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-06 Stef Walter <address@hidden>
- * NEWS, lib/gnutls_pubkey.c, lib/openpgp/pgp.c, lib/x509/privkey.c,
- lib/x509/verify.c, lib/x509/x509.c, tests/x509sign-verify.c: The
- verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on
- signature verification error.
+ * tests/suite/Makefile.am: tests: Build eagain-cli with correct
+ libraries * Add -ldl -lpthread to linker flags Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-30 Stef Walter <address@hidden>
- * src/p11tool-gaa.c, src/p11tool.gaa: The default input format for
- p11tool is PEM.
+ * src/cli.c: gnutls-cli: Fix uninitialized variable when PKCS#11
+ uris in use. * When PKCS#11 URIs are in use previously tried to free
+ uninitialized memory. Initialize to zero. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-30 Stef Walter <address@hidden>
- * lib/gnutls_pubkey.c: importing a pubkey from raw params will set
- the bits field correctly.
+ * lib/pkcs11.c: pkcs11: Accept CKR_USER_ALREADY_LOGGED_IN as
+ successful result for PAP Login * When doing
CKF_PROTECTED_AUTHENTICATION_PATH login, accept CKR_USER_ALREADY_LOGGED_IN
as a successful result. * Another code path, or another consumer of the same
PKCS#11 module may have already logged in. * This is what the non PAP code
path already does. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-06 Stef Walter <address@hidden>
- * NEWS: Documented the addtion of gnutls_pubkey_import_privkey() and
- gnutls_pubkey_verify_data()
+ * lib/auth/srp.c, lib/auth/srp_rsa.c, lib/ext/session_ticket.c,
+ lib/gnutls_compress.c, lib/hash.c, lib/nettle/ecc_mulmod.c,
+ lib/x509/common.c: Remove unused variables * GCC 4.6.0 prints a
warning, and build failes with -Wunused Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
- lib/libgnutls.map, lib/x509/verify.c, tests/x509sign-verify.c: Added
- gnutls_pubkey_verify_data and test vectors.
+ * lib/nettle/rnd.c: use gnutls_assert_val() in EGD errors.
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * doc/errcodes.c, doc/examples/ex-alert.c,
- doc/examples/ex-cert-select-pkcs11.c,
- doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
- doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
- doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
- doc/examples/ex-client2.c, doc/examples/ex-crq.c,
- doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
- doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
- doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
- doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
- doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
- doc/examples/examples.h, doc/examples/tcp.c, doc/printlist.c,
- guile/src/core.c, guile/src/extra.c, guile/src/utils.h,
- lib/abstract_int.h, lib/auth_anon.c, lib/auth_cert.c,
- lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
- lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c,
- lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
- lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
- lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
- lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
- lib/cryptodev.c, lib/debug.c, lib/ext_cert_type.c,
- lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/gcrypt/cipher.c, lib/gcrypt/init.c,
- lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
- lib/gnutls_alert.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
- lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
- lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
- lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
- lib/gnutls_compress.h, lib/gnutls_constate.c,
- lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
- lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
- lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
- lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_global.c, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
- lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
- lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
- lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
- lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
- lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
- lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
- lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
- lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
- lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
- lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
- lib/includes/gnutls/x509.h, lib/locks.c, lib/nettle/cipher.c,
- lib/nettle/egd.c, lib/nettle/mpi.c, lib/nettle/pk.c,
- lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h,
- lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
- lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
- lib/opencdk/misc.c, lib/opencdk/new-packet.c,
- lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
- lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
- lib/opencdk/sig-check.c, lib/opencdk/stream.c,
- lib/opencdk/stream.h, lib/opencdk/verify.c,
- lib/opencdk/write-packet.c, lib/openpgp/compat.c,
- lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
- lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
- lib/openpgp/privkey.c, lib/pakchois/pakchois.c,
- lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
- lib/pkcs11_write.c, lib/random.c, lib/system.c, lib/system.h,
- lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
- lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
- lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
- lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
- lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
- lib/x509_b64.c, lib/x509_b64.h, libextra/ext_inner_application.c,
- libextra/ext_inner_application.h, libextra/gnutls_extra.c,
- libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
- libextra/includes/gnutls/extra.h,
- libextra/includes/gnutls/openssl.h, libextra/openssl_compat.c,
- libextra/openssl_compat.h, maint.mk, src/benchmark.c,
- src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c,
- src/certtool-common.h, src/certtool.c, src/cli.c, src/common.c,
- src/common.h, src/crypt.c, src/p11tool.c, src/p11tool.h,
- src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
- src/tests.h, src/tls_test.c, tests/anonself.c,
- tests/certificate_set_x509_crl.c, tests/chainverify.c,
- tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
- tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/gc.c,
- tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
- tests/mini-x509.c, tests/mini.c, tests/mpi.c,
- tests/nul-in-x509-names.c, tests/openpgp-auth.c,
- tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c,
- tests/openssl.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
- tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
- tests/resume.c, tests/safe-renegotiation/srn0.c,
- tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
- tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
- tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
- tests/simple.c, tests/tlsia.c, tests/utils.c, tests/utils.h,
- tests/x509_altname.c, tests/x509_test.c, tests/x509dn.c,
- tests/x509self.c, tests/x509sign-verify.c: Indented code. Use same
- indentation but with -nut to avoid usage of tabs. In several editors
- tabs can be configured not to be 8 spaces and this produces
- artifacts with the current indentation that is a mixture of tabs and
- spaces.
+ * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
+ tests/scripts/common.sh, tests/suite/testcompat-main,
+ tests/suite/testsrn: Corrected fail() shell function. Reported by
+ Andreas Metzler.
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c: _gnutls_privkey_get_public_mpis() handles
- openpgp keys.
+ * tests/dsa/testdsa: Corrected typo. Reported by Andreas Metzler.
-2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
- gnutls_pubkey_import_privkey(), that will copy the public key from a
- gnutls_privkey_t structure.
+ * doc/manpages/Makefile.am: regenerated makefile.
-2010-12-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/libgnutls.map: Do not export the non-existant symbols
- gnutls_pkcs11_privkey_sign_hash and gnutls_privkey_sign_hash.
+ * lib/x509/common.c: documentation fix.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented new functions
+ * lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-x86.c,
+ lib/accelerated/intel/asm/appro-aes-gcm-x86.s: pclmul is not used on
+ intel 32-bit systems.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Added new functions.
+ * lib/accelerated/intel/aes-x86.c, lib/gnutls_global.h,
+ lib/gnutls_priority.c: When AES and GCM acceleration is available
+ increase the priority of AES-GCM ciphersuites in performance and
+ normal cases.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/libgnutls.map: Added new functions.
+ * lib/gcrypt/cipher.c, lib/gcrypt/pk.c: prevent compilation of
+ gcrypt support since it is incomplete.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
- de-deprecated gnutls_x509_crt_verify_hash()
+ * lib/Makefile.am, lib/algorithms/ciphers.c,
+ lib/algorithms/ciphersuites.c, lib/gcrypt/cipher.c,
+ lib/nettle/cipher.c, m4/hooks.m4: do not use NETTLE_LIBS to include
+ hogweed and gmp. removed ENABLE_CAMELLIA and NETTLE_GCM.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
- lib/openpgp/pgp.c, tests/x509sign-verify.c: Added
- gnutls_openpgp_crt_verify_hash().
+ * src/benchmark-tls.c: improved benchmark.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: added
- gnutls_privkey_sign_hash2()
+ * doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/cha-programs.texi, doc/examples/ex-session-info.c,
+ doc/gnutls-certificate-user-use-case.pdf,
+ doc/gnutls-client-server-use-case.pdf,
+ doc/gnutls-extensions_st.pdf, doc/gnutls-handshake-sequence.pdf,
+ doc/gnutls-handshake-state.pdf, doc/gnutls-internals.pdf,
+ doc/gnutls-layers.pdf, doc/gnutls-logo.pdf,
+ doc/gnutls-mod_auth_st.pdf, doc/gnutls-objects.pdf,
+ doc/gnutls-pgp.pdf, doc/gnutls-x509.pdf, doc/gnutls.texi: Updated
+ documentation. Removed all .pdf files. They were not needed.
-2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c:
- Simplified preparation of signing code.
+ * lib/algorithms.h, lib/algorithms/ciphersuites.c,
+ lib/gnutls_handshake.c: Avoid memory allocations when requesting the
+ supported ciphersuites.
-2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
- lib/gnutls_sig.h, lib/openpgp/gnutls_openpgp.h,
- lib/openpgp/privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
- lib/x509/Makefile.am, lib/x509/privkey.c, lib/x509/sign.c,
- lib/x509/sign.h: deprecated x509/sign.h and moved functionality of
- it in gnutls_sig.h.
+ * lib/accelerated/intel/aes-x86.c: more verbose if the PCLMUL
+ instruction is detected.
-2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/sign.c: pk_hash_data() will fail unless DSA or RSA are
- specified.
+ * tests/cipher-test.c: Added debugging ability to cipher-test.
-2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/privkey.c: better comments
+ * doc/TODO: more cleanup.
-2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c:
- reorganization of the privkey_ functions().
+ * doc/TODO: Added new TODO items.
-2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map,
- lib/openpgp/gnutls_openpgp.c, lib/x509/privkey.c: Introduced
- gnutls_*_privkey_sign_hash2() that is a high level function to
- produce signatures.
+ * doc/TODO: removed completed items from todo list
-2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
- lib/x509/sign.c, lib/x509/sign.h: Separated the sign_data functions
- to a hashing phase, a preparing phase, and the actual signing.
+ * lib/gnutls_priority.c: reinstated MAC-ALL semantics.
-2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented deprecated functions.
+ * .gitignore: more files to ignore.
-2010-12-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs11.h: All the sign hash functions were
- deprecated.
+ * lib/gnutls_session_pack.c: store the ECC curve in the session
+ resumption parameters.
-2010-12-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
- gnutls_x509_privkey_sign_hash() is dangerous and was deprecated.
- Added some text explaining why some functions were deprecated.
+ * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-verify.c,
+ lib/gnutls_cert.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/x509/verify-high.c, tests/Makefile.am, tests/x509cert-tl.c:
+ Added gnutls_x509_trust_list_add_named_crt() and
+ gnutls_x509_trust_list_verify_named_crt() that allow having a list
+ of certificates in the trusted list that will be associated with a
+ name (e.g. server name) and will not be used as CAs.
-2010-12-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented previous update.
+ * NEWS, doc/cha-intro-tls.texi,
+ lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c, lib/algorithms/ciphersuites.c,
+ lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
+ lib/nettle/cipher.c: Added SuiteB ciphersuites. Added SUITEB128 and
+ SUITEB192 priority strings. SECURE256 was renamed to SECURE192
+ (because TLS ciphersuite's security level was not enough to justify
+ 256-bits).
-2010-12-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/privkey.c, lib/x509/x509.c: export_raw() functions now
- add leading zero in mpis.
+ * NEWS, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
+ gnutls_ecc_curve_get() was added.
+
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_state.c: The PRF is now read from the ciphersuite
+ table.
+
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/common.c: Print information on elliptic curve sessions.
+
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Split
+ pubkey_verify_sig() to pubkey_verify_hashed_data() and
+ pubkey_verify_data(). Added gnutls_pubkey_verify_data2() to allow
+ verification of a signature when the signature algorithm cannot be
+ determined by the signature and the public key only.
+
+2011-06-04 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_hash_int.h, lib/gnutls_sig.c: Allow all SHA algorithms
+ for DSA signatures.
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/verify.c: fixes for
+ http://tools.ietf.org/html/draft-mavrogiannopoulos-tls-dss-00
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_handshake.c:
+ simplified _gnutls_selected_cert_supported_kx().
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_pubkey.c, lib/nettle/pk.c, lib/x509/verify.c:
+ Truncation of ECDSA and DSA signatures moved to
+ _wrap_nettle_pk_sign() and _wrap_nettle_pk_verify().
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/algorithms.h, lib/algorithms/ciphersuites.c,
+ lib/algorithms/sign.c, lib/ext/signature.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_sig.c, lib/nettle/pk.c: Simplified the handling of
+ handshake messages to be hashed. Instead of doing a hash during the
+ handshake process we now keep the data until handshake is over and
+ hash them on demand. This uses more memory but eliminates issues
+ with TLS 1.2 and makes the handling simpler.
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext/signature.c, lib/gnutls_pubkey.c, lib/nettle/pk.c,
+ lib/x509/common.h, lib/x509/verify.c: Hash algorithms used for DSA
+ and ECDSA correspond to draft-mavrogiannopoulos-tls-dss-00.txt.
+
+2011-06-03 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/ext/ecc.c: updated
+
+2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * doc/cha-internals.texi, doc/gnutls.texi: Added refint macro to
+ refer to internal -non exported- functions. Used it to reference to
+ the gnutls_*_register() functions.
+
+2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * NEWS, lib/Makefile.am, lib/auth/psk_passwd.c, lib/auth/rsa.c,
+ lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-api.c,
+ lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.c,
+ lib/ext/session_ticket.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_pk.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/misc.c,
+ lib/pkcs11_secret.c, lib/random.h, lib/x509/pkcs12.c,
+ lib/x509/privkey_pkcs8.c, libextra/gnutls_openssl.c, src/psk.c,
+ src/srptool.c, tests/Makefile.am, tests/crypto_rng.c,
+ tests/rng-fork.c: gnutls/crypto.h no longer includes functions to
+ register ciphers. Thus the following functions -
gnutls_crypto_bigint_register - gnutls_crypto_cipher_register -
gnutls_crypto_digest_register - gnutls_crypto_mac_register -
gnutls_crypto_pk_register - gnutls_crypto_rnd_register -
gnutls_crypto_single_cipher_register - gnutls_crypto_single_digest_register
- gnutls_crypto_single_mac_register are only available internally
+ via crypto-backend.h.
+
+2011-06-02 Nikos Mavrogiannopoulos <address@hidden>
+
+ * build-aux/config.rpath: updated
+
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-gcm-x86.s,
+ lib/accelerated/intel/asm/appro-aes-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86.s: typos and date fix in
+ license.
+
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
+
+ * src/benchmark-tls.c: Added benchmark on GCM ciphersuites and
+ arcfour for comparison.
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/gnutls_int.h: corrected typo.
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/crypto.h: C++ fixes, tiny patch from "Brendan
- Doherty" <address@hidden>.
+ * lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c: indented code
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/memchr.m4,
- gl/m4/printf.m4, gl/m4/stdint.m4, lib/gl/m4/fcntl-o.m4,
- lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/memchr.m4,
- lib/gl/m4/memmem.m4, lib/gl/m4/printf.m4, lib/gl/m4/stdint.m4:
- Update gnulib files.
+ * src/benchmark.c: properly initialize benchmarks.
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+ * configure.ac, m4/hooks.m4: bumped version.
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: Generated.
+ * lib/accelerated/intel/aes-gcm-x86.c: Corrections in encryption and
+ decryption of incomplete blocks.
-2010-12-07 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+ * lib/accelerated/intel/aes-gcm-x86.c, lib/gnutls_int.h,
+ lib/gnutls_state.c: Use nettle's memxor or gnulib's if it doesn't
+ exist.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: Generated.
+ * NEWS, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-gcm-x86.c,
+ lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
+ lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-gcm-x86.s, lib/gnutls_num.c,
+ lib/gnutls_num.h, tests/cipher-test.c: Added AES-GCM optimizations
+ using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * tests/Makefile.am: Don't fail on 'make distcheck'.
+ * lib/crypto-api.c: documented usage of gnutls_cipher_add_auth().
-2010-12-06 Simon Josefsson <address@hidden>
+2011-06-01 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Version 2.11.6.
+ * doc/cha-intro-tls.texi: updates.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-31 Roman Bogorodskiy <address@hidden>
- * lib/gnutls_str.c: Indent.
+ * lib/Makefile.am: Prevent including installed gnutls' headers.
-2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-31 Roman Bogorodskiy <address@hidden>
- * NEWS: documented SSL 3.0 record version change.
+ * src/udp-serv.c: Add missing <netinet/in.h> to get sockaddr_in.
-2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
- SSL3_RECORD_VERSION priority option is now the default. That is in
- order to not confuse non TLS 1.2 compliant implementations that
- don't like a TLS 1.2 record.
+ * doc/cha-intro-tls.texi: Compatibility text updated.
-2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_str.c: simplified escape and unescape.
+ * lib/accelerated/intel/asm/appro-aes-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86.s: Added new AES code by
+ Andy.
-2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * THANKS: Added Michael.
+ * doc/credentials/x509/ca-key.pem: Added missing file.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
- lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
- src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
- src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
- tests/openpgp-auth.c: Indent code.
+ * .gitignore: more files to ignore
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * maint.mk: Update gnulib files.
+ * lib/nettle/Makefile.am, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
+ lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
+ lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c: Added FSF
+ copyright to public domain files.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * gl/override/top/maint.mk.diff: Remove.
+ * configure.ac, lib/accelerated/x86.h: Use cpuid.h if it exists, to
+ use the x86 CPUID instruction.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-29 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Update.
+ * THANKS: Added Dash.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
- src/p11tool.gaa: Fix syntax-check nits.
+ * lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_handshake.c: simplified
+ _gnutls_supported_compression_methods().
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * .x-sc_bindtextdomain: Ignore more.
+ * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c: Correctly set
+ compression method when resuming sessions. Reported by Dash Shendy.
-2010-12-06 Simon Josefsson <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
- build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
- gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
- gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
- gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
- gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
- gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
- gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
- gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
- gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
- gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
- gl/tests/Makefile.am, gl/tests/init.sh,
- gl/tests/test-select-stdin.c, gl/tests/test-select.c,
- gl/tests/test-update-copyright.sh, gl/tests/verify.h, gl/time.in.h,
- gl/unistd.in.h, gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h,
- lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
- lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
- lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
- lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
- lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
- lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
- lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
- lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
- lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
- lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
- lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
- lib/gl/tests/verify.h, lib/gl/time.in.h, lib/gl/unistd.in.h,
- lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h,
- libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.
+ * lib/gnutls_hash_int.c: digest_length() uses int as input.
-2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Stef Walter <address@hidden>
- * tests/Makefile.am: Temporarily remove gendh test. It takes
- extremely long time under valgrind.
+ * lib/nettle/cipher.c: Fix warnings with GCC 4.5.2
-2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
- lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
- when writing parameters for RSA signatures. This makes us comply
- with RFC3279. Reported by Michael Rommel.
+ * doc/credentials/Makefile.am, doc/credentials/x509/Makefile.am:
+ Corrected EXTRA_DIST
-2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
- Tomas Mraz. The gnutls-serv uses fixed allocated buffer for the
response which
- can be pretty long if a client certificate is presented to it and
- the http header is large. This causes buffer overflow and heap
- corruption which then leads to random segfaults or aborts. It was
reported originally here:
- https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch
changes sprintf calls in peer_print_info() to
- snprintf so the buffer is never overflowed.
+ * tests/suite/testcompat-main: updated keys.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4: increased revision
+ * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h: Take into account each and every advertized
+ public key algorithm when selecting a certificate. Previously we
+ were assuming only RSA or DSA, or ANY.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * src/Makefile.am: Added p11tool.h
+ * doc/credentials/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h,
+ src/serv.c, src/serv.gaa: Added feature to specify ecc private keys
+ and certificates.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: released 2.11.5
+ * lib/algorithms.h, lib/gnutls_handshake.c, lib/gnutls_state.c:
+ Corrected ECC ciphersuite detection.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-internals.texi: escaped chars.
+ * doc/credentials/x509-ca-key.pem, doc/credentials/x509-ca.pem,
+ doc/credentials/x509-client-key.pem,
+ doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
+ doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
+ doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem,
+ doc/credentials/x509-server-key.pem,
+ doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
+ doc/credentials/x509/ca.pem, doc/credentials/x509/cert-dsa.pem,
+ doc/credentials/x509/cert-ecc.pem,
+ doc/credentials/x509/cert-rsa.pem, doc/credentials/x509/cert.pem,
+ doc/credentials/x509/clicert-dsa.pem,
+ doc/credentials/x509/clicert.pem, doc/credentials/x509/key-dsa.pem,
+ doc/credentials/x509/key-ecc.pem, doc/credentials/x509/key-rsa.pem,
+ doc/credentials/x509/key.pem, lib/nettle/pk.c, lib/x509/verify.c:
+ Laxed verification checks for DSA to allow SHA256 in place of
+ SHA224. Added new certificate sets in doc/credentials/x509/.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-internals.texi: Updated extension writing code. Still not
- clear enough.
+ * lib/gnutls_priority.c: ECDHE and ECDSA were added to deafult
+ priorities.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi: PKCS #11 fixes
+ * lib/auth/rsa.c, lib/x509/key_encode.c, lib/x509/privkey_pkcs8.c:
+ gnutls_secure_malloc() is no longer used.
-2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
- URLs
+ * lib/auth/dhe_psk.c, lib/auth/psk.c: deinitialize PSK key memory.
-2010-11-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-28 Nikos Mavrogiannopoulos <address@hidden>
- * src/pkcs11.c: Prefix mechanism number with 0x.
+ * lib/auth/psk.c: explicitly request for client key in server side.
-2010-11-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
- SHA224.
+ * NEWS, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
+ lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/dh_common.c,
+ lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
+ lib/auth/ecdh_common.c, lib/auth/ecdh_common.h, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in: Added ECDHE-PSK ciphersuites for
+ TLS (RFC 5489).
-2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
- present. Moved check to correct config and included resource.h
- header.
+ * doc/gnutls-guile.texi: Corrections.
-2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/rnd.c: More details on the text
+ * doc/.gitignore: ignore tex files.
-2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Corrected copyright statement
+ * doc/cha-copying.texi: Do not list all licenses in the manual of
+ gnutls. Just the license of the manual is enough.
-2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/rnd.c: Corrected copyright header. Added Niels.
+ * doc/Makefile.am, doc/cha-ciphersuites.texi,
+ doc/cha-functions.texi, doc/cha-preface.texi,
+ doc/gnutls-guile.texi, doc/guile.texi, guile/src/core.c: guile
+ bindings added as a separate document.
-2010-11-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
- lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c:
- Reverted default behavior for verification and introduced
- GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1
- trusted CAs are allowed, unless the new flag is specified.
+ * doc/gnutls.texi: reorganization. Removed guile bindings.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-27 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Typo.
+ * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/gnutls.texi: reorganization and added section on parameter
+ generation.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * tests/suite/Makefile.in: Remove, it is generated.
+ * lib/Makefile.am, lib/auth/Makefile.am, lib/ext/Makefile.am,
+ lib/nettle/Makefile.am: Added new headers.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * README: No space at eol.
+ * NEWS: document elliptic curves addition.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.
+ * m4/hooks.m4: libgcrypt support was removed.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk: Ignore tests/suite for syntax-checks, not our code.
+ * NEWS: listed newly added functions.
-2010-11-25 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * README: Recommend git format-patch rather than git diff.
+ * lib/nettle/Makefile.am, lib/nettle/ecc.h,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
+ lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c,
+ lib/nettle/mp_unsigned_bin.c: Use nettle's functions for integer
+ import/export.
-2010-11-24 Jeffrey Walton <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * README: Attached is a proposed modification to the README file,
- including recent comments by Simon.
+ * lib/algorithms/publickey.c, lib/gnutls_sig.c: more updates for
+ ECDSA ciphersuites.
-2010-11-23 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * guile/src/Makefile.am: Fix dependencies, fixes parallel builds. Tiny
patch from Graham Gower <address@hidden>.
+ * lib/ext/ecc.c: reduced debugging.
-2010-11-19 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/Makefile.am: Remove file.
+ * lib/gnutls_pubkey.c, lib/gnutls_sig.c: Changes to allow ECDH-DSA
+ with client mode certificates.
-2010-11-19 Simon Josefsson <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am: Generated.
+ * tests/certs/ca-cert-ecc.pem, tests/certs/ca-ecc.pem,
+ tests/certs/cert-ecc.pem, tests/certs/ecc.pem,
+ tests/suite/testcompat-main: Added server and client mode tests for
+ ECDH-ECDSA.
-2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-26 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, tests/suite/Makefile.in: Create Makefile in
- tests/suite/
+ * lib/ext/session_ticket.c, lib/gnutls_db.c, lib/gnutls_dtls.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ lib/nettle/rnd.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
+ lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
+ lib/openpgp/gnutls_openpgp.c, lib/system.c, lib/system.h,
+ lib/x509/common.c, lib/x509/verify.c, tests/chainverify.c: Added
+ gnutls_global_set_time_function() to allow overriding the default
+ system time() function.
-2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-25 Giuseppe Scrivano <address@hidden>
- * src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
- tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
- password and use a key only.
+ * doc/cha-programs.texi: Fix example in the documentation.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
- * doc/credentials/gnutls-http-serv: correctly set psk params.
+ * doc/cha-programs.texi: updated documentation on PSK. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: added info
+ * lib/nettle/ecc_projective_add_point.c: If Q=-P return the point at
+ infinity.
-2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
- (add leading zero). Reported by Jeffrey Walton.
+ * tests/chainverify.c: Added elliptic curves chain certificate.
-2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-25 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/mpi.c: cleanups
+ * lib/gnutls_buffers.c: do not try to write to a socket when no
+ data.
-2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-24 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
- method from netconf. The published RFC does not include this method
- and it is not known whether it has been used at all in practice. No
- need to support it.
+ * tests/openpgpself.c: increased log level
-2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-24 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
- and VERS-TLS-ALL priority strings.
+ * lib/gnutls_buffers.h, lib/gnutls_handshake.c:
+ _gnutls_handshake_hash_buffer_clear was replaced by
+ _gnutls_buffer_clear();
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_x509.c: Removed redundant error check. Reported by
- Nicolas Kaiser.
+ * lib/nettle/pk.c: Only warn on invalid security level hashes.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
- src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
- src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
- --list-mechanisms option to p11tool. Lists all mechanisms supported
- by a token.
+ * src/certtool.c: SHA256 is the default hash algorithm in certtool.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
- for p11tool.
+ * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.c, lib/x509/verify.c: Several updates to allow
+ generation and signing of an ECC certificate.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
- doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
- name.
+ * doc/manpages/certtool.1: updated certtool info.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-23 Nikos Mavrogiannopoulos <address@hidden>
- * src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
- to --export.
+ * lib/algorithms/ciphersuites.c: corrected bug in ciphersuite name
+ searching.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
- src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
- --help of p11tool.
+ * doc/cha-auth.texi: Discussed the newly added ciphersuites.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to
internal representation. * When generating secret keys include a generic key
type and a
- random ID.
+ * doc/Makefile.am: Added algorithms/ to function index.
-2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: Added
- option --no-detailed-url to p11tool. More detailed url is the
- default now.
+ * lib/algorithms/ciphersuites.c: Added ECC ciphersuites from
+ rfc5289.
-2010-11-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
- lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_secret.c, lib/pkcs11_write.c, src/pkcs11.c: Added
- gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to
- enable manipulating tokens purely from PKCS #11.
+ * src/certtool.c: Print the private key after generation. Print ECC
+ keys.
-2010-11-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * doc/README.gaa: Removed README.gaa.
+ * lib/algorithms/ecc.c, lib/gnutls_ecc.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/privkey.c: Added
+ gnutls_x509_privkey_import_ecc_raw() and
+ gnutls_x509_privkey_export_ecc_raw().
-2010-11-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, src/Makefile.am, src/certtool-common.c,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa, src/p11tool-gaa.c,
- src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
- src/pkcs11.c: Introduced p11tool to separate PKCS #11 functionality
- from certtool.
+ * lib/x509/privkey.c: Decode PEM ECC private keys.
-2010-11-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * tests/Makefile.am, tests/finished.c: Removed check on deprecated
- feature (finished).
+ * lib/algorithms.h, lib/algorithms/ecc.c, lib/x509/key_encode.c,
+ lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: updates to allow the generation of
+ an ECC private key.
-2010-11-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
- Deprecated old functions.
+ * lib/x509_b64.c: do not crash on null message.
-2010-11-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: use @code for SAFE_RENEGOTIATION string.
+ * .gitignore: updated
-2010-06-07 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: Doc fix.
+ * lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
+ lib/auth/cert.c, lib/auth/dhe.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
+ lib/x509/common.h, lib/x509/verify.c: Added support for verifying
+ server certificates with ECDSA.
-2010-10-16 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Add.
+ * lib/ext/ecc.c: Only reply with ECC Packet format extension if we
+ have negotiated ECC.
-2010-10-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/params.dh,
- tests/safe-renegotiation/testsrn, tests/suite/Makefile.am,
- tests/suite/README, tests/suite/eagain,
- tests/suite/ecore/eina_config.h,
- tests/suite/ecore/src/include/Eina.h,
- tests/suite/ecore/src/include/eina_accessor.h,
- tests/suite/ecore/src/include/eina_array.h,
- tests/suite/ecore/src/include/eina_benchmark.h,
- tests/suite/ecore/src/include/eina_binshare.h,
- tests/suite/ecore/src/include/eina_config.h,
- tests/suite/ecore/src/include/eina_convert.h,
- tests/suite/ecore/src/include/eina_counter.h,
- tests/suite/ecore/src/include/eina_cpu.h,
- tests/suite/ecore/src/include/eina_error.h,
- tests/suite/ecore/src/include/eina_file.h,
- tests/suite/ecore/src/include/eina_fp.h,
- tests/suite/ecore/src/include/eina_hamster.h,
- tests/suite/ecore/src/include/eina_hash.h,
- tests/suite/ecore/src/include/eina_inline_array.x,
- tests/suite/ecore/src/include/eina_inline_f16p16.x,
- tests/suite/ecore/src/include/eina_inline_f32p32.x,
- tests/suite/ecore/src/include/eina_inline_f8p24.x,
- tests/suite/ecore/src/include/eina_inline_fp.x,
- tests/suite/ecore/src/include/eina_inline_hash.x,
- tests/suite/ecore/src/include/eina_inline_list.x,
- tests/suite/ecore/src/include/eina_inline_log.x,
- tests/suite/ecore/src/include/eina_inline_mempool.x,
- tests/suite/ecore/src/include/eina_inline_rbtree.x,
- tests/suite/ecore/src/include/eina_inline_rectangle.x,
- tests/suite/ecore/src/include/eina_inline_str.x,
- tests/suite/ecore/src/include/eina_inline_stringshare.x,
- tests/suite/ecore/src/include/eina_inline_tiler.x,
- tests/suite/ecore/src/include/eina_inline_trash.x,
- tests/suite/ecore/src/include/eina_inline_ustringshare.x,
- tests/suite/ecore/src/include/eina_inlist.h,
- tests/suite/ecore/src/include/eina_iterator.h,
- tests/suite/ecore/src/include/eina_lalloc.h,
- tests/suite/ecore/src/include/eina_list.h,
- tests/suite/ecore/src/include/eina_log.h,
- tests/suite/ecore/src/include/eina_magic.h,
- tests/suite/ecore/src/include/eina_main.h,
- tests/suite/ecore/src/include/eina_matrixsparse.h,
- tests/suite/ecore/src/include/eina_mempool.h,
- tests/suite/ecore/src/include/eina_module.h,
- tests/suite/ecore/src/include/eina_quadtree.h,
- tests/suite/ecore/src/include/eina_rbtree.h,
- tests/suite/ecore/src/include/eina_rectangle.h,
- tests/suite/ecore/src/include/eina_safety_checks.h,
- tests/suite/ecore/src/include/eina_sched.h,
- tests/suite/ecore/src/include/eina_str.h,
- tests/suite/ecore/src/include/eina_strbuf.h,
- tests/suite/ecore/src/include/eina_stringshare.h,
- tests/suite/ecore/src/include/eina_tiler.h,
- tests/suite/ecore/src/include/eina_trash.h,
- tests/suite/ecore/src/include/eina_types.h,
- tests/suite/ecore/src/include/eina_unicode.h,
- tests/suite/ecore/src/include/eina_ustrbuf.h,
- tests/suite/ecore/src/include/eina_ustringshare.h,
- tests/suite/ecore/src/lib/Ecore.h,
- tests/suite/ecore/src/lib/Ecore_Getopt.h,
- tests/suite/ecore/src/lib/ecore.c,
- tests/suite/ecore/src/lib/ecore_anim.c,
- tests/suite/ecore/src/lib/ecore_app.c,
- tests/suite/ecore/src/lib/ecore_events.c,
- tests/suite/ecore/src/lib/ecore_exe.c,
- tests/suite/ecore/src/lib/ecore_getopt.c,
- tests/suite/ecore/src/lib/ecore_glib.c,
- tests/suite/ecore/src/lib/ecore_idle_enterer.c,
- tests/suite/ecore/src/lib/ecore_idle_exiter.c,
- tests/suite/ecore/src/lib/ecore_idler.c,
- tests/suite/ecore/src/lib/ecore_job.c,
- tests/suite/ecore/src/lib/ecore_main.c,
- tests/suite/ecore/src/lib/ecore_pipe.c,
- tests/suite/ecore/src/lib/ecore_poll.c,
- tests/suite/ecore/src/lib/ecore_private.h,
- tests/suite/ecore/src/lib/ecore_signal.c,
- tests/suite/ecore/src/lib/ecore_thread.c,
- tests/suite/ecore/src/lib/ecore_time.c,
- tests/suite/ecore/src/lib/ecore_timer.c,
- tests/suite/ecore/src/lib/eina_accessor.c,
- tests/suite/ecore/src/lib/eina_array.c,
- tests/suite/ecore/src/lib/eina_benchmark.c,
- tests/suite/ecore/src/lib/eina_binshare.c,
- tests/suite/ecore/src/lib/eina_chained_mempool.c,
- tests/suite/ecore/src/lib/eina_convert.c,
- tests/suite/ecore/src/lib/eina_counter.c,
- tests/suite/ecore/src/lib/eina_cpu.c,
- tests/suite/ecore/src/lib/eina_error.c,
- tests/suite/ecore/src/lib/eina_file.c,
- tests/suite/ecore/src/lib/eina_fp.c,
- tests/suite/ecore/src/lib/eina_hamster.c,
- tests/suite/ecore/src/lib/eina_hash.c,
- tests/suite/ecore/src/lib/eina_inlist.c,
- tests/suite/ecore/src/lib/eina_iterator.c,
- tests/suite/ecore/src/lib/eina_lalloc.c,
- tests/suite/ecore/src/lib/eina_list.c,
- tests/suite/ecore/src/lib/eina_log.c,
- tests/suite/ecore/src/lib/eina_magic.c,
- tests/suite/ecore/src/lib/eina_main.c,
- tests/suite/ecore/src/lib/eina_matrixsparse.c,
- tests/suite/ecore/src/lib/eina_mempool.c,
- tests/suite/ecore/src/lib/eina_module.c,
- tests/suite/ecore/src/lib/eina_private.h,
- tests/suite/ecore/src/lib/eina_quadtree.c,
- tests/suite/ecore/src/lib/eina_rbtree.c,
- tests/suite/ecore/src/lib/eina_rectangle.c,
- tests/suite/ecore/src/lib/eina_safety_checks.c,
- tests/suite/ecore/src/lib/eina_sched.c,
- tests/suite/ecore/src/lib/eina_share_common.c,
- tests/suite/ecore/src/lib/eina_share_common.h,
- tests/suite/ecore/src/lib/eina_str.c,
- tests/suite/ecore/src/lib/eina_strbuf.c,
- tests/suite/ecore/src/lib/eina_strbuf_common.c,
- tests/suite/ecore/src/lib/eina_strbuf_common.h,
- tests/suite/ecore/src/lib/eina_strbuf_template_c.x,
- tests/suite/ecore/src/lib/eina_stringshare.c,
- tests/suite/ecore/src/lib/eina_tiler.c,
- tests/suite/ecore/src/lib/eina_unicode.c,
- tests/suite/ecore/src/lib/eina_ustrbuf.c,
- tests/suite/ecore/src/lib/eina_ustringshare.c,
- tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
- tests/suite/params.dh, tests/suite/testsrn: Added tests/suite which
- contains tests to be executed during development time and will not
- be distributed (not included in make dist). Added "ecore" and a new
- mini-eagain to test EAGAIN behavior.
-
-2010-10-16 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore: updated .gitignore.
-
-2010-10-16 Simon Josefsson <address@hidden>
-
- * NEWS, src/common.c: gnutls-cli: Print channel binding only in
- verbose mode. Before it printed it after the 'Compression:' output,
thus breaking
- Emacs starttls.el string searches.
-
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem, tests/pkcs12_s2k_pem.c: leak fix
+ and updates for new formats.
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: Generated.
+ * tests/suite/testcompat-main: Added ECDHE-RSA tests.
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Version 2.11.4.
+ * lib/algorithms/secparams.c, lib/gnutls_pubkey.c: always put
+ leading zero to output keys
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/libgnutls.map: Rename new symbol prefix after next stable
- branch instead of development branch.
+ * lib/x509/output.c: print the bits together with the security
+ level.
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: leaks fixes.
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-bib.texi, doc/cha-gtls-app.texi: Document channel
- binding API.
+ * lib/pkcs11.c: corrected file descriptor leak.
-2010-10-15 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
- src/common.c: Implement RFC 5929 tls-unique channel binding.
+ * libextra/gnutls_extra.c: gnutls_algorithms.h -> algorithms.h
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/manpages/Makefile.am, lib/gnutls_errors.c,
- lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map: Add gnutls_session_channel_binding API.
+ * lib/x509/key_decode.c, lib/x509/key_encode.c: corrected ECC public
+ key encoding/decoding.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am: Generated.
+ * src/certtool-common.c, src/certtool.c: Corrected bug in public key
+ import. print information on ECC public keys.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/includes/gnutls/crypto.h, lib/nettle/pk.c,
+ lib/x509/key_encode.c, lib/x509/x509_int.h: No need to keep Z in
+ parameters since the pubkey can always be converted to an affine
+ point.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * tests/Makefile.am, tests/gendh.c: Add self test gendh to check DH
- generation.
+ * lib/algorithms/secparams.c, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/libgnutls.map,
+ lib/x509/common.c, lib/x509/key_decode.c, lib/x509/mpi.c,
+ lib/x509/output.c: print information on ECC certificates.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-22 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgp-auth.c: Fix compiler warnings.
+ * lib/abstract_int.h, lib/algorithms.h, lib/algorithms/ecc.c,
+ lib/auth/anon.h, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
+ lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/ecc.c,
+ lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/gnutls_ecc.c,
+ lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_int.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, lib/nettle/ecc_test.c, lib/nettle/pk.c,
+ lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/x509/Makefile.am, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crq.c, lib/x509/key_decode.c,
+ lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, lib/x509/x509_write.c: gnutls_pk_params_st is
+ used internally to transfer public key parameters. This replaces the
+ raw bigint_t arrays.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
- * guile/tests/Makefile.am, guile/tests/anonymous-auth.scm,
- guile/tests/dh-parameters.pem, guile/tests/openpgp-auth.scm,
- guile/tests/pkcs-import-export.scm,
- guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
- Don't generate DH primes in Guile self checks (for speed).
+ * lib/algorithms.h, lib/algorithms/ciphersuites.c,
+ lib/algorithms/ecc.c, lib/auth/ecdh_common.c, lib/ext/ecc.c,
+ lib/ext/ecc.h: Curve TLS ID is being stored in algorithms/ecc.c.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
- * tests/userid/userid: Cleanup, fixing distcheck.
+ * configure.ac, lib/Makefile.am, lib/algorithms.h,
+ lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
+ lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
+ lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
+ lib/algorithms/protocols.c, lib/algorithms/publickey.c,
+ lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
+ lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/ecdh_common.c,
+ lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/session_ticket.c,
+ lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.c, lib/gnutls_cert.c,
+ lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_ecc.c,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
+ lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_x509.c, lib/nettle/ecc_test.c,
+ lib/nettle/mpi.c, lib/opencdk/read-packet.c, lib/x509/common.h,
+ lib/x509/privkey_pkcs8.c: gnutls_algorithms.c was split into
+ manageable files in algorithms/.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgp-auth.c: Make it work with srcdir != objdir.
+ * lib/gnutls_handshake.c: use the _gnutls_session_is_ecc() to check
+ for ECDH.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/gnutls-docs.sgml: Improve GTK-DOC manual.
+ * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c, lib/x509/x509.c:
+ Added OIDs and definitions for ECDSA signature algorithm.
-2010-10-14 Simon Josefsson <address@hidden>
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * src/benchmark-tls.c: Print purpose of testing.
-2010-10-14 Simon Josefsson <address@hidden>
-
- * .x-sc_two_space_separator_in_usage, lib/cryptodev.c,
- lib/m4/hooks.m4, lib/pakchois/pakchois11.h: Fix syntax-check
- warning.
-
-2010-10-14 Simon Josefsson <address@hidden>
-
- * build-aux/gendocs.sh, build-aux/pmccabe2html, doc/fdl-1.3.texi,
- gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/float.in.h,
- gl/ftello.c, gl/getaddrinfo.c, gl/m4/errno_h.m4, gl/m4/error.m4,
- gl/m4/float_h.m4, gl/m4/ftello.m4, gl/m4/getpagesize.m4,
- gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
- gl/m4/include_next.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
- gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lseek.m4,
- gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/printf.m4,
- gl/m4/realloc.m4, gl/m4/servent.m4, gl/m4/size_max.m4,
- gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
- gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
- gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdlib_h.m4,
- gl/m4/time_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/malloc.c,
- gl/netdb.in.h, gl/netinet_in.in.h, gl/read-file.c, gl/realloc.c,
- gl/select.c, gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h,
- gl/stdio.in.h, gl/stdlib.in.h, gl/strerror.c, gl/string.in.h,
- gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
- gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
- gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/sys_ioctl.in.h,
- gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
- gl/tests/test-ftello.c, gl/tests/test-ftello.sh,
- gl/tests/test-ftello2.sh, gl/tests/test-ftello3.c,
- gl/tests/test-getaddrinfo.c, gl/tests/test-memchr.c,
- gl/tests/test-netdb.c, gl/tests/test-read-file.c,
- gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
- gl/tests/test-stdlib.c, gl/tests/test-sys_socket.c,
- gl/tests/test-sys_wait.h, gl/tests/test-update-copyright.sh,
- gl/tests/test-vc-list-files-cvs.sh,
- gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
- gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/wchar.in.h,
- lib/build-aux/config.rpath, lib/gl/Makefile.am, lib/gl/errno.in.h,
- lib/gl/float.in.h, lib/gl/ftello.c, lib/gl/m4/codeset.m4,
- lib/gl/m4/errno_h.m4, lib/gl/m4/fcntl-o.m4, lib/gl/m4/float_h.m4,
- lib/gl/m4/ftello.m4, lib/gl/m4/getpagesize.m4,
- lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-cache.m4,
- lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4,
- lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
- lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
- lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
- lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
- lib/gl/m4/ld-version-script.m4, lib/gl/m4/lib-ld.m4,
- lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4, lib/gl/m4/lseek.m4,
- lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4,
- lib/gl/m4/minmax.m4, lib/gl/m4/printf-posix.m4,
- lib/gl/m4/printf.m4, lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4,
- lib/gl/m4/size_max.m4, lib/gl/m4/socketlib.m4,
- lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
- lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4,
- lib/gl/m4/stdlib_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
- lib/gl/m4/visibility.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
- lib/gl/malloc.c, lib/gl/netdb.in.h, lib/gl/read-file.c,
- lib/gl/realloc.c, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
- lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
- lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/sys_socket.in.h,
- lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
- lib/gl/tests/binary-io.h, lib/gl/tests/getpagesize.c,
- lib/gl/tests/init.sh, lib/gl/tests/test-binary-io.c,
- lib/gl/tests/test-binary-io.sh, lib/gl/tests/test-ftello.c,
- lib/gl/tests/test-ftello.sh, lib/gl/tests/test-ftello2.sh,
- lib/gl/tests/test-ftello3.c, lib/gl/tests/test-memchr.c,
- lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
- lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
- lib/gl/tests/test-stdlib.c, lib/gl/tests/test-sys_socket.c,
- lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-verify.c,
- lib/gl/time.in.h, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
- libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
- libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/ld-version-script.m4,
- libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4, maint.mk:
- Update gnulib files.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * src/benchmark-tls.c: compare ECDH and DH on the same security
+ level.
- * cfg.mk: Don't assume chmod +x on gendocs.sh.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * doc/cha-intro-tls.texi, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_priority.c: Added ability to
+ specify curves as priority strings.
- * cfg.mk: Use gnulib --add-import.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * lib/nettle/ecc.h: removed ecc_is_valid_idx() prototype
- * .gitignore: Sort and update.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
+ lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
+ lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_test.c,
+ lib/nettle/ecc_verify_hash.c, lib/nettle/pk.c: Dropped ltc_ from
+ function and type names.
- * lib/po/nl.po.in: Sync with TP.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * tests/x509cert.c: corrected memory leak.
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * lib/nettle/cipher.c: use new nettle's name for gcm_aes_auth().
- * ChangeLog: Generated.
+2011-05-21 Simon Josefsson <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * gl/hmac-md5.c, gl/m4/valgrind-tests.m4, gl/memxor.c, gl/memxor.h,
+ gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
+ gl/override/lib/memxor.h.diff,
+ gl/override/m4/valgrind-tests.m4.diff: Override gnulib code with fix
+ for memxor and valgrind.
- * NEWS: Version 2.11.3.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * lib/auth/anon_ecdh.c, lib/auth/dh_common.c, lib/auth/dhe.c,
+ lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/includes/gnutls/gnutls.h.in: Added support
+ for ECDHE-RSA ciphersuites.
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-14 Simon Josefsson <address@hidden>
+ * tests/eagain-common.h: inlined function to avoid gcc warnings
- * doc/errcodes.c, doc/examples/ex-alert.c,
- doc/examples/ex-cert-select-pkcs11.c,
- doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
- doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
- doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
- doc/examples/ex-client2.c, doc/examples/ex-crq.c,
- doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
- doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
- doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
- doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
- doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
- doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
- guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
- guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
- lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
- lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
- lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
- lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
- lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_server_name.h, lib/ext_session_ticket.c,
- lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
- lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
- lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
- lib/gnutls_compress.h, lib/gnutls_constate.c,
- lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
- lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
- lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
- lib/gnutls_handshake.c, lib/gnutls_handshake.h,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
- lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
- lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
- lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
- lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
- lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
- lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
- lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
- lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
- lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
- lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
- lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
- lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
- lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
- lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
- lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
- lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
- lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
- lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
- lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
- lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
- lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
- lib/pakchois/dlopen.h, lib/pakchois/errors.c,
- lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
- lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
- lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
- lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
- lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
- lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
- lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
- lib/x509/x509_write.c, lib/x509_b64.c,
- libextra/ext_inner_application.c, libextra/ext_inner_application.h,
- libextra/gnutls_extra.c, libextra/gnutls_ia.c,
- libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
- src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
- src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
- src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
- tests/anonself.c, tests/certder.c,
- tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
- tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
- tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
- tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
- tests/finished.c, tests/gc.c, tests/hostname-check.c,
- tests/init_roundtrip.c, tests/mini-eagain.c,
- tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
- tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
- tests/nul-in-x509-names.c, tests/openpgp-auth.c,
- tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
- tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
- tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
- tests/resume.c, tests/safe-renegotiation/srn0.c,
- tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
- tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
- tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
- tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
- tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
- tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
- 2.2.11).
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
+ lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
+ lib/nettle/ecc_projective_add_point.c,
+ lib/nettle/ecc_projective_dbl_point.c,
+ lib/nettle/ecc_projective_dbl_point_3.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
+ lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
+ lib/nettle/ltc_ecc_points.c,
+ lib/nettle/ltc_ecc_projective_add_point.c,
+ lib/nettle/ltc_ecc_projective_dbl_point.c: Added previous code that
+ was fixed for y^2 = x^3 - 3x + b, because all secg curves have a
+ fixed to -3. Simplified file naming scheme.
- * NEWS, configure.ac, lib/m4/hooks.m4: bumped version
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_algorithms.c, lib/gnutls_int.h: Added SECP224R1.
- * src/certtool.c: Revert "Applied last patch of Micah Anderson on
- IKE status." This reverts commit
a6b2f5ce7316b4774649ee9b421da2ee7fef461f.
+2011-05-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+ * src/Makefile.am, src/benchmark-cipher.c, src/benchmark-tls.c,
+ src/benchmark.c, src/benchmark.h: updates to benchmarks.
- * libextra/fipsmd5.c: removed unneeded code.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_algorithms.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/nettle/ecc_test.c: Added curve SECP512R1.
- * src/certtool.c: Applied last patch of Micah Anderson on IKE
- status.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-02 Nikos Mavrogiannopoulos <address@hidden>
+ * src/benchmark-cipher.c, src/benchmark-common.c, src/benchmark.c:
+ benchmark ECDH and DH.
- * src/certtool.c: Applied patch on IKE extension by Micah Anderson
+2011-05-20 Simon Josefsson <address@hidden>
-2010-10-02 Nikos Mavrogiannopoulos <address@hidden>
+ * build-aux/config.rpath, gl/Makefile.am, gl/alignof.h,
+ gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
+ gl/hmac-md5.c, gl/intprops.h, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4,
+ gl/m4/thread.m4, gl/m4/valgrind-tests.m4, gl/m4/yield.m4,
+ gl/memxor.c, gl/memxor.h, gl/stdint.in.h, gl/strerror-impl.h,
+ gl/strerror.c, gl/strerror_r.c, gl/tests/Makefile.am,
+ gl/tests/dummy.c, gl/tests/glthread/thread.c,
+ gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
+ gl/tests/test-intprops.c, gl/tests/test-lock.c,
+ gl/tests/test-strerror.c, gl/tests/test-strerror_r.c: Update gnulib
+ files.
- * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
- lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
- code to support the linux cryptodev extensions. Removed the clone()
- capability from HMAC. It was never used and having it prevents using
- it with hardware accelerators that might not have this capability.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/auth/ecdh_common.c, lib/gnutls_handshake.c, src/common.c:
+ client side ECC fixes.
- * THANKS: Added Micah
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-01 Simon Josefsson <address@hidden>
+ * src/cli.c: corrected debugging.
- * doc/cha-cert-auth.texi, doc/cha-internals.texi,
- doc/cha-library.texi, lib/ext_safe_renegotiation.c,
- lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
- lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
- lib/system.c, lib/system.h, libextra/ext_inner_application.c,
- src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
- syntax-check errors.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-01 Simon Josefsson <address@hidden>
+ * lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_global.c,
+ lib/includes/gnutls/crypto.h, lib/nettle/ecc.h,
+ lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
+ lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
+ lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
+ lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
+ lib/nettle/ltc_ecc_points.c,
+ lib/nettle/ltc_ecc_projective_add_point.c,
+ lib/nettle/ltc_ecc_projective_dbl_point.c, lib/nettle/pk.c,
+ lib/x509/x509_int.h: Account 'A' in calculations for point doubling.
- * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/pkcs11.h: Fix compiler warnings.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-10-01 Simon Josefsson <address@hidden>
+ * gl/Makefile.am, gl/alignof.h, gl/close-hook.c, gl/close-hook.h,
+ gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
+ gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
+ gl/intprops.h, gl/m4/error.m4, gl/m4/fcntl_h.m4, gl/m4/fseeko.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes.m4,
+ gl/m4/manywarnings.m4, gl/m4/memchr.m4, gl/m4/netdb_h.m4,
+ gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/strerror.m4,
+ gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/sys_uio_h.m4,
+ gl/m4/thread.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
+ gl/m4/wchar_h.m4, gl/m4/yield.m4, gl/malloc.c, gl/netdb.in.h,
+ gl/realloc.c, gl/sockets.c, gl/stdint.in.h, gl/stdio.in.h,
+ gl/stdlib.in.h, gl/strerror-impl.h, gl/strerror.c, gl/strerror_r.c,
+ gl/string.in.h, gl/sys_socket.in.h, gl/sys_uio.in.h,
+ gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/fcntl.in.h,
+ gl/tests/glthread/thread.c, gl/tests/glthread/thread.h,
+ gl/tests/glthread/yield.h, gl/tests/intprops.h,
+ gl/tests/inttypes.in.h, gl/tests/test-fcntl-h.c,
+ gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
+ gl/tests/test-lock.c, gl/tests/test-strerror.c,
+ gl/tests/test-strerror_r.c, gl/tests/test-sys_socket.c,
+ gl/tests/test-sys_uio.c, gl/unistd.in.h, gl/verify.h, gl/wchar.in.h:
+ Added new gnulib and error.h.
- * NEWS, doc/manpages/Makefile.am: Mention new APIs.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-30 Simon Josefsson <address@hidden>
+ * lib/gnutls_global.c: removed debugging.
- * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by
address@hidden in
- <http://savannah.gnu.org/support/?107449>.
+2011-05-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-30 Simon Josefsson <address@hidden>
+ * cfg.mk: added error.h
- * lib/crypto-api.c: Don't return from void functions. Reported by
Dagobert Michelsen <address@hidden> in
+2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
-
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
+ * lib/Makefile.am, lib/auth/Makefile.am, lib/auth/anon.h,
+ lib/auth/anon_ecdh.c, lib/auth/ecdh_common.c,
+ lib/auth/ecdh_common.h, lib/ext/Makefile.am, lib/ext/ecc.c,
+ lib/ext/ecc.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_dh.c, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
+ lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
+ lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
+ lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_test.c,
+ lib/nettle/ecc_verify_hash.c, lib/nettle/gnettle.h,
+ lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
+ lib/nettle/ltc_ecc_points.c,
+ lib/nettle/ltc_ecc_projective_add_point.c,
+ lib/nettle/ltc_ecc_projective_dbl_point.c,
+ lib/nettle/mp_unsigned_bin.c, lib/nettle/mpi.c, lib/nettle/multi.c,
+ lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
+ lib/x509/x509_int.h: Initial ecc support. Adds support for anonymous
+ ECDH ciphersuites.
-2010-09-30 Simon Josefsson <address@hidden>
+2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.
+ * src/benchmark-common.c, src/benchmark.h: more win32 fixes.
-2010-09-30 Simon Josefsson <address@hidden>
+2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/x509.h: Remove spurious comma.
+ * src/benchmark-common.c: corrections in win32 version.
-2010-09-30 Simon Josefsson <address@hidden>
+2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
- pkcs8-decode test work on Windows.
+ * lib/ext/signature.c, lib/gnutls_extensions.c: Some debugging moved
+ to a higher level.
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: updated
+ * src/Makefile.am, src/benchmark-common.c, src/benchmark-tls.c,
+ src/benchmark.c, src/benchmark.h, tests/eagain-common.h: Added
+ benchmark utility that tests the encryption time in TLS packets.
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-17 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c: treat absence of parameters the same as
- having them disabled.
+ * src/p11common.c: corrected message reporting.
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
- * tests/resume.c: Corrected behavior on failure (don't crash).
+ * src/p11common.c: Corrected PIN caching.
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
- when restoring extensions during session resumtion.
+ * lib/gnutls_record.c: assign value
-2010-09-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_extensions.c: Use more informative logging for
- extensions.
+ * lib/nettle/mpi.c: reduce the repetitions for rabin-miller to a
+ sensible value.
-2010-09-29 Micah Anderson <address@hidden>
+2011-05-14 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
- lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
- src/certtool-cfg.h, src/certtool.c: Add new extended key usage
- ipsecIKE According to RFC 4945 § 5.1.3.12 section title
- "ExtendedKeyUsage"[0] the following extended key usage has been
- added: ... this document defines an ExtendedKeyUsage keyPurposeID that
MAY
- be used to limit a certificate's use: id-kp-ipsecIKE OBJECT
IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a
certificate is
- intended to be used with both IKE and other applications, and one
- of the other applications requires use of an EKU value, then such
- certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or
anyExtendedKeyUsage [5], as well as the keyPurposeID values associated
with the other applications. Similarly, if a CA
- issues multiple otherwise-similar certificates for multiple
- applications including IKE, and it is intended that the IKE
- certificate NOT be used with another application, the IKE
- certificate MAY contain an EKU extension listing a keyPurposeID of
- id-kp-ipsecIKE to discourage its use with the other application.
- Recall, however, that EKU extensions in certificates meant for use
- in IKE are NOT RECOMMENDED. Conforming IKE implementations are not
required to support EKU.
- If a critical EKU extension appears in a certificate and EKU is
- not supported by the implementation, then RFC 3280 requires that the
certificate be rejected. Implementations that do support EKU
- MUST support the following logic for certificate validation: o
If no EKU extension, continue. o If EKU present AND contains either
id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject
cert. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-intro-tls.texi: discuss missing algorithms.
-2010-09-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
- was renamed to --p11-*.
+ * NEWS: updated
-2010-09-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c: Added some comments and removed unused
- code.
+ * lib/gnutls_str.c, lib/gnutls_str.h, lib/pkcs11.c: Correctly import
+ and export pkcs11-urls with ID field set.
-2010-09-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
- session tickets.
+ * lib/nettle/egd.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
+ lib/opencdk/read-packet.c, lib/pkcs11.c, lib/x509/common.c,
+ lib/x509_b64.c, lib/x509_b64.h: eliminated last instances of
+ strcpy() and strcat() to keep pendantics happy.
-2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: cleanup of TODO list. Removed very old entries, entries
- already fixed and added new ones.
+ * doc/cha-intro-tls.texi: update on compatibility issues text.
-2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.
+ * lib/pkcs11.c: doc update in gnutls_pkcs11_init()
-2010-09-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
- lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
- priorities moved to crypto.c
+ * doc/cha-preface.texi: removed references that produced nothing in
+ pdf.
-2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.c: changed the fatality level of some errors.
+ * doc/cha-intro-tls.texi: Added missing nodes.
-2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
- Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
- handshake. If the check_fatal flag is set then
- GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
+ * doc/cha-intro-tls.texi: Added discussion on compatibility issues.
-2010-09-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: fflush stdout and stderr before the call to setbuf.
- This fixes issue in solaris where lines dissappeared from output.
- Reported and suggested fix by Knut Anders Hatlen.
+ * libextra/gnutls_openssl.c: undef X509_NAME before including
+ openssl.h.
-2010-09-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented change
+ * NEWS, doc/cha-gtls-app.texi, lib/accelerated/intel/aes-x86.c,
+ lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
+ lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_record.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
+ src/serv.c: Added gnutls_global_set_audit_log_function() that allows
+ associating TLS session with several important issues.
-2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
- importing DSA keys are RSA ones.
+ * NEWS, lib/x509/crq.c: updates
-2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code
+ * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/x509/crq.c, lib/x509/x509_write.c, tests/crq_key_id.c: Added
+ gnutls_x509_crq_verify().
-2010-09-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4: updated revision
+ * doc/manpages/certtool.1, src/Makefile.am, src/certtool-common.c,
+ src/certtool-common.h, src/certtool.c, src/common.c,
+ src/p11common.c, src/p11common.h, src/pkcs11.c: certtool can now
+ load private keys and public keys from PKCS #11 tokens (via URLs).
-2010-09-18 Ludovic Courtès <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
- OpenPGP authentication unit test. * tests/Makefile.am
(ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add
`srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_import_url() will
+ correctly set algorithm of private key.
-2010-09-16 Jonathan Bastien-Filiatrault <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c, lib/gnutls_alert.c,
- lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
- lib/gnutls_compress.c, lib/gnutls_compress.h,
- lib/gnutls_constate.c, lib/gnutls_constate.h,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
- lib/gnutls_record.c, lib/gnutls_record.h,
- lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c:
- Explicit symmetric cipher state versionning. This introduces the
concept of a "cipher epoch". The epoch number is
- the number of successful handshakes and is incremented by one each
- time. This concept is native to DTLS and this patch makes the
- symmetric cipher state explicit for TLS in preparation for DTLS.
- This concept was implicit in plain TLS and ChangeCipherSpec messages
- triggered a "pending state copy". Now, we the current epoch number
- is simply incremented to the parameters negotiated by the handshake.
The main side effects of this patch is a slightly more abstract
- internal API and, in some cases, simpler code. The session blob
- format is also changed a bit since this patch avoids storing
- information that is now redundant. If this breaks library users'
- expectations, this side effect can be negated. The cipher_specs
structure has been removed. The conn_state has
- become record_state_st. Only symmetric cipher information is
- versioned. Things such as key exchange algorithm and the master
- secret are not versioned and their handling is unchanged. I have
tested this patch as much as I could. It introduces no test
- suite regressions on my x64 Debian GNU/Linux system. Do not hesitate
to point out shortcomings or suggest changes. Since
- this is a big diff, I am expecting this to be an iterative process.
Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * src/Makefile.am, src/certtool.c, src/p11tool.c: No libgnutls-extra
+ is required for certtool or p11tool.
-2010-09-16 Jonathan Bastien-Filiatrault <address@hidden>
+2011-05-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants
being made in an inline function or macro since it is used throughout the
code. This converts 4 line repetitive blocks
- into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * tests/rng-fork.c: Do not use /tmp for temporary file. Just use the
+ local (test) directory.
-2010-09-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS, NEWS, configure.ac: updated for 2.11.1
+ * tests/hostname-check.c: Added a check to verify that we don't try
+ forever trying to verify too many wildcards.
-2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
- #11 URLs. 1st level: Token level. Object is unique up to token.
- 2nd level: Object is unique up to token and module used to access
- it. 3rd level: Object is unique up to token and module and version
- of module used to access it.
+ * THANKS, lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
+ lib/x509/rfc2818_hostname.c: _gnutls_hostname_compare() was
+ incredibly slow when over ten wildcards were present. Set a limit on
+ 6 wildcards to avoid any denial of service attack. Reported by Kalle
+ Olavi Niemitalo.
-2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Documented changes.
+ * lib/gnutls_str.c, lib/opencdk/misc.c: Use c_toupper to avoid
+ converting characters non in the english ASCII set. Reported by
+ Kalle Olavi Niemitalo.
-2010-09-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-05-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
- tabs are being skipped.
+ * lib/x509/verify-high.c: use > 0 instead of == 1.
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-05-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
- _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, NEWS, lib/gnutls_cert.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/verify-high.c, tests/Makefile.am,
+ tests/x509cert.c: Added gnutls_certificate_get_issuer() to allow
+ getting the issuer a certificate from the certificate credentials
+ structure.
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-04-30 Andreas Metzler <address@hidden>
- * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation.
Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/p11tool.1: escape dashes in manpage Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-05-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
- lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
- _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS
code to make sure reads are stored
- in segments that correspond to datagram boundaries. Signed-off-by:
Jonathan Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, gl/m4/.gitignore, gl/m4/byteswap.m4,
+ gl/m4/codeset.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
+ gl/m4/func.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4,
+ gl/m4/hmac-md5.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
+ gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
+ gl/m4/inttypes-pri.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
+ gl/m4/ld-version-script.m4, gl/m4/lock.m4, gl/m4/md5.m4,
+ gl/m4/memmem.m4, gl/m4/memxor.m4, gl/m4/nls.m4, gl/m4/po.m4,
+ gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/strcase.m4,
+ gl/m4/strdup.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
+ gl/m4/threadlib.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4,
+ gl/m4/valgrind-tests.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4,
+ gl/m4/vsnprintf.m4, gl/tests/.gitignore, gl/tests/intprops.h,
+ gl/tests/test-byteswap.c, gl/tests/test-func.c,
+ gl/tests/test-hmac-md5.c, gl/tests/test-md5.c,
+ gl/tests/test-strings.c, gl/tests/test-strverscmp.c,
+ gl/tests/test-u64.c, gl/tests/test-vasprintf.c,
+ gl/tests/test-vsnprintf.c: Added missing m4 gl files.
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-05-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_int.h: Parenthesize size calculations. This is standard
practice and the DTLS code got bit by this. Signed-off-by: Jonathan
Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: documented previous updates.
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-04-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
- mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/testcompat-main: Check for openssl 1.0.x to test DTLS.
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+2011-04-28 Ludovic Courtès <address@hidden>
- * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation.
maximum_size is the maximum size of the payload, not including
- overhead. Signed-off-by: Jonathan Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+ * guile/modules/Makefile.am, guile/modules/gnutls/build/tests.scm,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm: guile:
+ Fix tests to match the `exit' behavior introduced in Guile 2.0.1. This
fix makes tests behave correctly wrt. to the Guile bug fix at
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+
<http://git.sv.gnu.org/cgit/guile.git/commit/?id=e309f3bf9ee910c4772353ca3ff95f6f4ef466b5>.
- * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
- a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault
<address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-08 Jonathan Bastien-Filiatrault <address@hidden>
+ * lib/gnutls.pc.in: removed pakchois dependency
- * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
- API. After a year of not hacking GnuTLS, I needed to look at the code
to
- know how mbuffers work. This will make it much easier for anybody
- not familiar with this code. Signed-off-by: Jonathan
Bastien-Filiatrault <address@hidden>
- Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-08 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac: updated for release
- * NEWS: updated NEWS.
+2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-08 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/x509dn.c: added missing header.
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
- src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
- src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
- conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11
- provider library (module) can be specified thus restricting objects
- within a single provider.
+2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
-2010-09-01 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/Makefile.am: pass tag=CC to libtool. It
+ seems automake cannot really work with assembler sources.
- * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/gnutls_record.c: When the %COMPAT flag is specified, larger
- records that would otherwise violate the TLS spec, are accepted.
+2011-04-23 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-28 Brad Hards <address@hidden>
+ * lib/gnutls_pcert.c, lib/openpgp/gnutls_openpgp.c: documentation
+ fixes.
- * src/certtool.c, src/pkcs11.c: Show which option is the default for
- command line tools. We use "y/N" is most places - this just adapts two
places that use
- "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+2011-04-22 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-20 Nikos Mavrogiannopoulos <address@hidden>
+ * cfg.mk: start counting from 2009 for ChangeLog.
- * lib/x509/x509.c: prevent a memory leak in the unique_id functions.
+2011-04-22 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-20 Brad Hards <address@hidden>
+ * tests/hostname-check.c: Removed incorrect test on IPAddresses (was
+ relying on IPaddresses encoded as text)
- * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
- lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
- identified in a previous mail, I've added support for accessing /
- displaying the subjectUniqueID and issuerUniqueID fields within an
- X.509 certificate. This is provided (along with a test case) in the
- attached patch. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
+2011-04-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-20 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() will
+ never compare against IPaddress. (previous comparison was flawed)
- * NEWS, lib/gnutls_int.h: By default lowat is set to zero.
+2011-04-21 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-19 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-cert-select.c, lib/auth/cert.c, lib/auth/cert.h,
+ lib/gnutls_cert.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/certtool.c,
+ src/cli.c, tests/x509dn.c: Added
+ gnutls_certificate_set_retrieve_function2() to replace
+ gnutls_certificate_set_retrieve_function(). The new one is a
+ efficient for busy servers because it eliminates the need for the
+ server to encode the certificate to DER format.
- * lib/pkcs11.c: Revert "When scanning for terminator character for
- PKCS #11 URLs ignore escaped \;." This reverts commit
583fad076506421c9007a3349784496e2927dcd1.
+2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_alert.c, lib/gnutls_errors.c,
+ lib/includes/gnutls/gnutls.h.in: Added GNUTLS_E_USER_ERROR
- * THANKS: Added Sjoerd.
+2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/auth/cert.c, lib/ext/signature.c, lib/ext/signature.h,
+ lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map: Eliminated the need for sign_algo in
+ gnutls_pcert_st. This means that we don't follow RFC5246 by letter,
+ but there wasn't any other implementation using the sign_algorithm
+ part of the certificate selection, and this helps reduce complexity.
- * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.
+2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-18 Nikos Mavrogiannopoulos <address@hidden>
+ * src/cfg/Makefile.am, src/cfg/README: Added readme for libcfg.
- * lib/gnutls_handshake.c: oldstate var removed.
+2011-04-20 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-17 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: No need to check for -maes and -mpclmul with the
+ current AES-NI code.
- * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
- every two attempts. That is to remove probabilities.
+2011-04-17 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-11 Sjoerd Simons <address@hidden>
+ * .gitignore: updated
- * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
- data we're sending out Partially reverts
3ef62950845f551ebc629e50d5ddf75f71b84294.
- gnutls_record_send needs to return the amount of user-data we sent,
- so we need to keep this information somewhere to return it when we
- succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+2011-04-17 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-11 Sjoerd Simons <address@hidden>
+ * lib/Makefile.am, lib/abstract_int.h, lib/auth/cert.c,
+ lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
+ lib/auth/rsa_export.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
+ lib/ext/signature.h, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/includes/gnutls/abstract.h,
+ lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/pkcs11_int.h, lib/x509/common.h, lib/x509/pkcs12_encr.c,
+ lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h: Combined external abstract API
+ with internal usage of gnutls_cert. This results to a
+ gnutls_pcert_st struct exported in abstract.h. This change will allow
a certificate retrieval callback that does
+ not require gnutls to decode or encode the provided certificate.
- * lib/gnutls_handshake.c: Check whether the error is fatal in more
- cases When stressing the async API of gnutls a lot of internal errors
are
- hit as IMED_RET clears the handshake hash buffers as a result of
- -EAGAIN even though it would never be re-initialized at that point,
- but is still needed in later stages. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-11 Sjoerd Simons <address@hidden>
+ * NEWS, lib/gnutls_priority.c: Restored HMAC-MD5 for compatibility.
+ Although considered weak, several sites require it for connection.
+ It is enabled for "NORMAL" and "PERFORMANCE" priority strings.
- * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
- the handshake buffer A seperate state is needed between flushing the
handshake buffers
- and sending the chipher spec change otherwise it's impossible to
- determine whether _gnutls_send_change_cipher_spec is called for the
- first time or again. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-08-01 Simon Josefsson <address@hidden>
+ * lib/accelerated/intel/aes-x86.c: Try to detect AES-NI on Intel and
+ AMD machines only.
- * lib/nettle/mpi.c: Fix warning.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-29 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/README, lib/accelerated/intel/aes-x86.c,
+ lib/accelerated/intel/asm/appro-aes-x86-64.s,
+ lib/accelerated/intel/asm/appro-aes-x86.s,
+ lib/accelerated/intel/asm/x64_iaesx64.s,
+ lib/accelerated/intel/asm/x86_iaesx86.s,
+ lib/accelerated/intel/iaes_asm_interface.h,
+ lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt:
+ Added Andy Polyakov's version of AES-NI optimizations.
- * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
- no longer marked as unsupported.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-29 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore: more files to ignore
- * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
- lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
- lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
- SHA-224/384/512 and support for DSA2 when using nettle.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-28 Nikos Mavrogiannopoulos <address@hidden>
+ * src/tests.c: COMP-ZLIB -> COMP-DEFLATE
- * lib/pkcs11.c: When scanning for terminator character for PKCS #11
- URLs ignore escaped \;.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/Makefile.am, m4/hooks.m4: Link with pthreads.
- * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/Makefile.am: read API from new directories as well.
- * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
- ciphersuites.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/Makefile.am: corrected filename
- * lib/ext_signature.c: When signature algorithms extension is not
- received allow SHA1 and SHA256.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-26 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/ext/session_ticket.c: removed conditional compilation
- * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-25 Simon Josefsson <address@hidden>
+ * lib/ext/session_ticket.h: removed conditional compilation.
- * src/common.c: Avoid fixed size buffers (now handles the big >100
- SAN cert).
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-25 Simon Josefsson <address@hidden>
+ * lib/accelerated/cryptodev.c: use correct header.
- * doc/manpages/Makefile.am: Generated.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-25 Simon Josefsson <address@hidden>
+ * lib/README: documented directories.
- * NEWS: Re-add old NEWS entries.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-25 Simon Josefsson <address@hidden>
+ * lib/Makefile.am, lib/accelerated/Makefile.am,
+ lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
+ lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_global.c: Moved
+ cryptodev to accelerated/
- * lib/gnutls_buffers.c: Doc fix.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_extensions.c, lib/gnutls_handshake.c: Session tickets
+ are included unconditionally.
- * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
- success.
+2011-04-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/Makefile.am, lib/auth/Makefile.am,
+ lib/auth/anon.c, lib/auth/anon.h, lib/auth/cert.c, lib/auth/cert.h,
+ lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
+ lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk.h,
+ lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
+ lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
+ lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
+ lib/auth/srp_sb64.c, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
+ lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_dhe_psk.c,
+ lib/auth_psk.c, lib/auth_psk.h, lib/auth_psk_passwd.c,
+ lib/auth_psk_passwd.h, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h, lib/auth_srp_rsa.c, lib/auth_srp_sb64.c,
+ lib/ext/Makefile.am, lib/ext/cert_type.c, lib/ext/cert_type.h,
+ lib/ext/max_record.c, lib/ext/max_record.h,
+ lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
+ lib/ext/server_name.c, lib/ext/server_name.h,
+ lib/ext/session_ticket.c, lib/ext/session_ticket.h,
+ lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
+ lib/ext/srp.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h,
+ lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
+ lib/ext_server_name.c, lib/ext_server_name.h,
+ lib/ext_session_ticket.c, lib/ext_session_ticket.h,
+ lib/ext_signature.c, lib/ext_signature.h, lib/ext_srp.c,
+ lib/ext_srp.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.h,
+ m4/hooks.m4: The auth_ and ext_ files were moved to respective
+ directories.
- * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c:
- gnutls_x509_privkey_import() will fallback to
- gnutls_x509_privkey_import_pkcs8() without a password, if it is
- unable to decode the key.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-intro-tls.texi: Reorganized sections in documentation.
- * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c:
- Added GNUTLS_PK_DH to differentiate in the generation of parameters
- with PK_DSA that requires special treatment.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-cxx.cpp: removed unneeded comment.
- * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
- levels.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: Added missing
+ headers.
- * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
- certificates.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-24 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/Makefile.am, tests/suite/chain, tests/suite/testbig,
+ tests/suite/testbig-main, tests/suite/testcompat,
+ tests/suite/testcompat-main, tests/suite/x509paths/.gitignore,
+ tests/suite/x509paths/README, tests/x509paths/README,
+ tests/x509paths/chain: x509paths tests moved to suite/.
- * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
- normal and reporting them as low.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/certs/cert-rsa-2432.pem, tests/certs/rsa-2432.pem,
+ tests/scripts/common.sh, tests/suite/Makefile.am,
+ tests/suite/testbig, tests/suite/testbig-main: Added
+ interoperability tests with openssl.
- * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
- lib/x509/privkey.c, src/certtool.c,
- tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
- parameters to key sizes matching (via a single table). Added
- functions to return the security parameter of a private key.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_buffers.c: Corrected SSLv2 header parsing.
- * doc/cha-intro-tls.texi: Simplified documentation.
+2011-04-15 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem: corrected illegal DSA key.
- * lib/nettle/mpi.c: Follow ECRYPT II recommendations.
+2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/Makefile.am, tests/suite/testsrn: Enabled the extra
+ safe renegotiation tests.
- * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
- lib/gnutls_algorithms.c: Updated documentation and
- gnutls_pk_params_t mappings to ECRYPT II recommendations.
+2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * m4/hooks.m4: removed opaque PRF from m4.
- * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
- yearly report (2009-2010) recommendations.
+2011-04-14 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-23 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_buffers.c: removed text about select().
- * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/Makefile.am: check for libdl that pakchois
+ needs.
- * gtk-doc.make: ignore html errors otherwise make dist doesn't work.
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/Makefile.am, lib/pakchois/README: Added readme about pakchois
+ and removed checks for pakchois in Makefile.am.
- * NEWS: updated NEWS
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-22 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, m4/hooks.m4: Reorganization in configure file.
+ Pakchois is not longer checked for being present. The included
+ version is always used.
- * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa: Added option for certtool to print
- certificate public key.
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-21 Nikos Mavrogiannopoulos <address@hidden>
+ * gl/.gitignore, gl/asprintf.c, gl/byteswap.in.h, gl/hmac-md5.c,
+ gl/hmac.h, gl/md5.c, gl/md5.h, gl/memmem.c, gl/memxor.c,
+ gl/memxor.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strdup.c,
+ gl/strings.in.h, gl/strncasecmp.c, gl/strverscmp.c, gl/time_r.c,
+ gl/u64.h, gl/unistd.h, gl/vasprintf.c, gl/vsnprintf.c,
+ gl/warn-on-use.h, gl/wchar.h: Added missing gnulib files
- * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
- RSA. Some microsoft products were using it. Reported by Mads
- Kiilerich.
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-19 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/crypto-api.c: Added missing const.
- * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.
+2011-04-12 Ludovic Courtès <address@hidden>
-2010-07-17 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, src/certtool-common.c, src/certtool.c, src/p11tool.c,
+ tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
+ Don't include <gcrypt.h> when it's not needed.
- * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
- Will stay there until it is moved to nettle itself.
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-internals.texi: fixed and updates in documentation
- * lib/system.h: fixed
+2011-04-13 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/gnutls-crypto-layers.eps: Updated crypto layers documentation.
- * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
- lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
- is used if /dev/urandom is not present.
+2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-x86.c,
+ lib/accelerated/intel/asm/x64_do_rdtsc.s,
+ lib/accelerated/intel/asm/x86_do_rdtsc.s, tests/cipher-test.c:
+ Updates in the AES-NI accelerator.
- * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
- lowat behavior. Documented that it will be deprecated in later
- versions.
+2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-11 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/crypto-api.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map:
+ Added gnutls_cipher_set_iv().
- * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
- instead print LF only.
+2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-10 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/Makefile.am, tests/cipher-test.c: Added test vectors for
+ AES,SHAxxx and MD5.
- * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
- lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
- lib/system.h: system specific functions were moved to system.c
+2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-10 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/intel/aes-x86.c, lib/crypto.c,
+ lib/includes/gnutls/crypto.h: Increased priority of CPU assisted
+ ciphers.
- * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
- lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
- using writev(). This takes advantage of the new buffering layer and
- allows queuing of packets and flushing them. This is currently used
- for handshake messages only. Performance-wise the difference of
- packing several TLS records in a single write doesn't seem to offer
- anything over ethernet (that my tests were on). Probably on links
- with higher latency there would be a benefit.
+2011-04-12 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+ * src/cli.c: Do not rely on lowat being set.
- * doc/cha-gtls-app.texi: Removed old reference.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/accelerated/Makefile.am, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/README: Added README explaining the usage of
+ Intel AES library.
- * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
- doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
- demonstrating the verification procedure.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_buffers.c: Corrected parsing error in TLS, when many
+ handshake messages were packed in a single record message.
- * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
- doc/examples/ex-serv-export.c: Example with export ciphersuites was
- removed.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-08 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, configure.ac, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/aes-x86.c,
+ lib/accelerated/aes-x86.h, lib/accelerated/intel/Makefile.am,
+ lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
+ lib/accelerated/intel/asm/x64_do_rdtsc.s,
+ lib/accelerated/intel/asm/x64_iaesx64.s,
+ lib/accelerated/intel/asm/x86_do_rdtsc.s,
+ lib/accelerated/intel/asm/x86_iaesx86.s,
+ lib/accelerated/intel/iaes_asm_interface.h,
+ lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt,
+ m4/gcc.m4: fixes in acceleration detection. Added Intel's library
+ code for AES-NI acceleration.
- * lib/gnutls_pubkey.c: corrected typo
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-07 Nikos Mavrogiannopoulos <address@hidden>
+ * guile/modules/gnutls/build/enums.scm, lib/libgnutls.map,
+ libextra/Makefile.am: Purged all references of LZO.
- * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
- fastest choice.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-05 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac: removed duplicate test
- * src/certtool-cfg.c: Do not crash if input is redirected from
- /dev/null.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-05 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-cxx.cpp, gl/time.in.h: No need to under restrict
+ for C++. Only use config.h.
- * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa:
- Changed the default pkcs-cipher to AES-128. Allowed specifying the
- 3des-pkcs12 cipher with the --pkcs-cipher option.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/includes/gnutls/gnutls.h.in, lib/system_override.c:
+ gnutls_transport_set_global_errno() is no more.
- * src/benchmark.c: Use double to count bytes.
+2011-04-11 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/eagain-common.h, tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
+ tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c:
+ Combined the safe renegotiation tests with the again-common lib.
- * lib/nettle/rnd.c: Added a windows version of the RNG.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-04 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac, doc/cha-intro-tls.texi, doc/cha-preface.texi,
+ doc/cha-programs.texi, lib/gnutls_compress.c, lib/gnutls_errors.c,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, libextra/gnutls_extra.c, m4/hooks.m4: Support for
+ liblzo was dropped.
- * lib/nettle/rnd.c: Corrected locking usage in nettle's random
- subsystem.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac: bumped version
- * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
- lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h:
- Fixed to compile under mingw32.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, gl/time.h, gl/time.in.h: updated time.h.in
- * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_algorithms.c, lib/gnutls_dtls.c, lib/gnutls_mem.c,
+ lib/gnutls_psk.c, lib/gnutls_record.c,
+ lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/x509/verify-high.c, lib/x509/verify.c:
+ Corrected documentation of several API functions.
- * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
- lib/pakchois/pakchois.c: Locks were converted to be in align with
- posix locks to easier wrap around them.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/cha-gtls-app.texi, doc/cha-library.texi: documentation
+ updates.
- * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
- lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
- pakchois will use gnutls locks and will use a portable dlopen() to
- allow compilation in win32 (untested).
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/scripts/gdoc, doc/scripts/sort2.pl: remove perl warnings from
+ scripts.
- * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, lib/Makefile.am, lib/accelerated/Makefile.am,
+ lib/accelerated/accelerated.c, lib/accelerated/accelerated.h,
+ lib/accelerated/aes-x86.c, lib/accelerated/aes-x86.h,
+ lib/accelerated/x86.h, lib/gnutls_global.c, m4/gcc.m4: Added support
+ for x86 intel AES instruction acceleration if detected.
- * lib/Makefile.am, lib/x509/Makefile.am: Added missing files
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * gl/time.h, gl/unistd.h, gl/warn-on-use.h, gl/wchar.h: Added gl/
+ files.
- * lib/crypto-api.c, lib/gnutls_cipher_int.c,
- lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
- lib/libgnutls.map: Allow encryption and decryption that are not
- in-place only.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-03 Nikos Mavrogiannopoulos <address@hidden>
+ * cfg.mk: corrected po directory and build-aux paths.
- * src/benchmark.c: Print values in a human-readable format and do
- the calculations in fixed time to prevent stalling in slow systems.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/Makefile.am: include gnulib files.
- * lib/m4/hooks.m4: corrected library version
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/TODO: updated TODO
- * doc/examples/ex-cert-select-pkcs11.c,
- lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
- callback function in common.c will cache PIN if requested for second
- time.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/openpgp-certs/testselfsigs: Use --infile in certtool to
+ avoid issues with streams in windows. Patch by LRN.
- * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
- lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
- lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
- PIN callback. The new approach will be to provide enough information
- for the callback to save the PIN itself.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/opencdk/armor.c: Changes armor.c to be able to handle both LF
+ and CRLF inputs (output is still either LF-only or CRLF-only
+ depending on the platform). Patch by LRN. Optimizations in the usage
of strlen().
- * lib/gcrypt/init.c: removed unneeded function.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * src/cli.c, src/psk.c, src/serv.c, src/srptool.c, src/tests.c:
+ Define variables within the intended scope (not windows). Based on
+ patch by LRN.
- * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/pkcs11.c:
+ Use getpass.h (from gnulib). Patch by LRN.
- * lib/locks.c: Do not allow setting NULL lock functions
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pakchois/dlopen.c: Return correct value for dlclose() in
+ windows. Patch by LRN.
- * lib/nettle/rnd.c: corrected lock usage.
+2011-04-10 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-02 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/openpgp-auth.c: Disable openpgp-auth run in windows due to
+ lack of socketpair(). Patch by LRN.
- * lib/m4/hooks.m4: bumped library version
+2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-07-01 Nikos Mavrogiannopoulos <address@hidden>
+ * Makefile.am: gl before lib or libextra
- * lib/includes/Makefile.am: Include abstract.h in releases.
+2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-30 Nikos Mavrogiannopoulos <address@hidden>
+ * ChangeLog: generated
- * lib/crypto-api.c: Correctly deinitialize crypto API handles.
+2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: updated
- * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
- HANDSHAKE_MAC_TYPE_12.
+2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+ doc/examples/Makefile.am, doc/examples/ex-client-udp.c,
+ doc/examples/udp.c, lib/gnutls_state.c: Added documentation for
+ Datagram TLS.
- * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
- code. Locking functions always exist but are dummies if no locks
- have been set.
+2011-04-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+ * cfg.mk: updated
- * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
- lib/gnutls_global.c, lib/gnutls_global.h,
- lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
- lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c:
- Initialization of crypto libraries moved outside main gnutls code.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/chainverify.c: disable test in windows.
- * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
- lib/locks.c, lib/locks.h: Moved locking code to special file.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Simon Josefsson <address@hidden>
+ * tests/mini-x509-rehandshake.c, tests/openpgp-auth.c,
+ tests/openpgp-auth2.c: corrected leaks in tests.
- * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-29 Simon Josefsson <address@hidden>
+ * lib/auth_cert.c, lib/gnutls_pk.c: corrected memory leak on RSA
+ signatures.
- * doc/manpages/Makefile.am: Generated.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/x509/common.c: more leaks fixed in common.c
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c:
- When copying a private key the sensitive flag can be set or not.
- This allows copying private keys that can be exported.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_pubkey.c: Corrected leaks in gnutls_pubkey_t
+ deinitialization.
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
- src/pkcs11.c: Combined object flags. No implicit login any more.
- Login has to be specified with a flag on every call that could use
- it.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/x509/verify-high.c: fix in trusted_list certificate
+ deinitialization.
- * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
- code.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-28 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_privkey.c: correction in deinitialization of privkey.
- * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
- lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
- flags when importing objects from PKCS11 URLs. The only flag
- supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
- before accessing object on a token. The reason is that some tokens
- do not allow access of any data without login.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/mini-x509-rehandshake.c, tests/mini-x509.c: combined more
+ tests with eagain-common.h.
- * src/tests.c: Added AES-128 to block ciphers.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/auth_dh_common.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
+ lib/nettle/pk.c, lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
+ lib/pkcs11.c, lib/x509/verify-high.c, tests/mini-x509.c: Corrected
+ memory leaks.
- * lib/gnutls_session_pack.c: Corrected writing and reading order of
- security parameters.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * build-aux/arg-nonnull.h, build-aux/c++defs.h,
+ build-aux/config.rpath, build-aux/warn-on-use.h, cfg.mk,
+ gl/Makefile.am, gl/m4/.gitignore, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4: added valgrind from gnulib.
- * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Do not run the
+ test scripts in win32 environment.
- * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
- lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
- lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
- allow setting alternative locking procedures. By default the system
- available locking is used. In *NIX pthreads are used and in windows
- the critical section API. As a side effect this change avoids any API
dependance on libgcrypt
- even if threads are used.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * cfg.mk: use the system wide gnulib-tool.
- * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
- was checking whether verification using a trusted insecurely signed
- self signed certificate will fail against a chain that has this as
- intermediate. However this test should have succeeded since the
- insecure certificate is trusted. This isn't the purpose of this test
however. It should have checked
- whether using the same certificate as trusted and to be verified and
- the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-27 Nikos Mavrogiannopoulos <address@hidden>
+ * .gitignore: updated
- * tests/chainverify.c: Fail on error.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-26 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: updated
- * src/certtool.c: When generating private key allow usage of
- --pkcs-cipher flag.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/ecore/src/lib/ecore_exe.c: include priority headers
+ unconditionally.
- * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
- lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h:
- MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-24 Simon Josefsson <address@hidden>
+ * configure.ac, tests/Makefile.am, tests/suite/Makefile.am,
+ tests/suite/Makefile.in: Better way of not including the tests/suite
+ directory. Based on discussion with LRN and Vincent Torri.
- * README-alpha: We also require GNU make.
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-2010-06-24 Simon Josefsson <address@hidden>
+ * .gitignore, Makefile.am, cfg.mk, configure.ac,
+ doc/examples/Makefile.am, doc/gendocs_template, gl/.gitignore,
+ gl/Makefile.am, gl/accept.c, gl/alignof.h, gl/alloca.c,
+ gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c,
+ gl/c-ctype.c, gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h,
+ gl/close.c, gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h,
+ gl/fclose.c, gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/ftello.c,
+ gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
+ gl/getpass.c, gl/getpass.h, gl/gettext.h, gl/gettime.c,
+ gl/gettimeofday.c, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h,
+ gl/listen.c, gl/lseek.c, gl/m4/.gitignore, gl/m4/00gnulib.m4,
+ gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/asm-underscore.m4,
+ gl/m4/autobuild.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
+ gl/m4/errno_h.m4, gl/m4/error.m4, gl/m4/extensions.m4,
+ gl/m4/fclose.m4, gl/m4/float_h.m4, gl/m4/fseeko.m4,
+ gl/m4/ftello.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
+ gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
+ gl/m4/hostent.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
+ gl/m4/inet_pton.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
+ gl/m4/ioctl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
+ gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
+ gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/memchr.m4,
+ gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/multiarch.m4,
+ gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/perror.m4,
+ gl/m4/printf.m4, gl/m4/read-file.m4, gl/m4/readline.m4,
+ gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
+ gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4,
+ gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
+ gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
+ gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
+ gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
+ gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
+ gl/m4/timespec.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
+ gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/version-etc.m4,
+ gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
+ gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
+ gl/memchr.c, gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
+ gl/perror.c, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/read-file.c,
+ gl/read-file.h, gl/readline.c, gl/readline.h, gl/realloc.c,
+ gl/recv.c, gl/select.c, gl/send.c, gl/setsockopt.c, gl/shutdown.c,
+ gl/size_max.h, gl/snprintf.c, gl/socket.c, gl/sockets.c,
+ gl/sockets.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
+ gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h,
+ gl/stdlib.in.h, gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
+ gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
+ gl/tests/.gitignore, gl/tests/Makefile.am, gl/tests/binary-io.h,
+ gl/tests/dummy.c, gl/tests/fcntl.in.h, gl/tests/getpagesize.c,
+ gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/macros.h,
+ gl/tests/signature.h, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-alignof.c, gl/tests/test-alloca-opt.c,
+ gl/tests/test-arpa_inet.c, gl/tests/test-binary-io.c,
+ gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
+ gl/tests/test-fcntl-h.c, gl/tests/test-fseeko.c,
+ gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
+ gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
+ gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
+ gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c,
+ gl/tests/test-lseek.c, gl/tests/test-lseek.sh,
+ gl/tests/test-memchr.c, gl/tests/test-netdb.c,
+ gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
+ gl/tests/test-perror.sh, gl/tests/test-read-file.c,
+ gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
+ gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c,
+ gl/tests/test-select.c, gl/tests/test-snprintf.c,
+ gl/tests/test-sockets.c, gl/tests/test-stdbool.c,
+ gl/tests/test-stddef.c, gl/tests/test-stdint.c,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-strerror.c, gl/tests/test-string.c,
+ gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
+ gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
+ gl/tests/test-sys_time.c, gl/tests/test-sys_wait.h,
+ gl/tests/test-time.c, gl/tests/test-unistd.c,
+ gl/tests/test-update-copyright.sh, gl/tests/test-vasnprintf.c,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
+ gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
+ gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/vasnprintf.c,
+ gl/vasnprintf.h, gl/verify.h, gl/version-etc-fsf.c,
+ gl/version-etc.c, gl/version-etc.h, gl/w32sock.h, gl/wchar.in.h,
+ gl/xsize.h, guile/src/Makefile.am, lib/Makefile.am,
+ lib/configure.ac, lib/gcrypt/Makefile.am, lib/gl/Makefile.am,
+ lib/gl/alignof.h, lib/gl/alloca.in.h, lib/gl/asnprintf.c,
+ lib/gl/asprintf.c, lib/gl/byteswap.in.h, lib/gl/c-ctype.c,
+ lib/gl/c-ctype.h, lib/gl/close-hook.c, lib/gl/close-hook.h,
+ lib/gl/errno.in.h, lib/gl/float+.h, lib/gl/float.in.h,
+ lib/gl/fseeko.c, lib/gl/ftello.c, lib/gl/gettext.h, lib/gl/lseek.c,
+ lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
+ lib/gl/m4/asm-underscore.m4, lib/gl/m4/byteswap.m4,
+ lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
+ lib/gl/m4/extensions.m4, lib/gl/m4/fcntl-o.m4,
+ lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4, lib/gl/m4/ftello.m4,
+ lib/gl/m4/func.m4, lib/gl/m4/getpagesize.m4, lib/gl/m4/gettext.m4,
+ lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
+ lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/gnulib-tool.m4,
+ lib/gl/m4/iconv.m4, lib/gl/m4/include_next.m4,
+ lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4, lib/gl/m4/intldir.m4,
+ lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
+ lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
+ lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
+ lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
+ lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
+ lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
+ lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
+ lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
+ lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
+ lib/gl/m4/socketlib.m4, lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4,
+ lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4,
+ lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
+ lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
+ lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
+ lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
+ lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
+ lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar_h.m4,
+ lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4, lib/gl/m4/xsize.m4,
+ lib/gl/malloc.c, lib/gl/memchr.c, lib/gl/memchr.valgrind,
+ lib/gl/memmem.c, lib/gl/minmax.h, lib/gl/netdb.in.h,
+ lib/gl/override/lib/gc-libgcrypt.c.diff,
+ lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
+ lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
+ lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
+ lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
+ lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
+ lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
+ lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
+ lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
+ lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
+ lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/binary-io.h, lib/gl/tests/dummy.c,
+ lib/gl/tests/getpagesize.c, lib/gl/tests/init.sh,
+ lib/gl/tests/intprops.h, lib/gl/tests/macros.h,
+ lib/gl/tests/signature.h, lib/gl/tests/test-alloca-opt.c,
+ lib/gl/tests/test-binary-io.c, lib/gl/tests/test-binary-io.sh,
+ lib/gl/tests/test-byteswap.c, lib/gl/tests/test-c-ctype.c,
+ lib/gl/tests/test-errno.c, lib/gl/tests/test-fseeko.c,
+ lib/gl/tests/test-fseeko.sh, lib/gl/tests/test-fseeko2.sh,
+ lib/gl/tests/test-ftello.c, lib/gl/tests/test-ftello.sh,
+ lib/gl/tests/test-ftello2.sh, lib/gl/tests/test-ftello3.c,
+ lib/gl/tests/test-func.c, lib/gl/tests/test-memchr.c,
+ lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
+ lib/gl/tests/test-snprintf.c, lib/gl/tests/test-sockets.c,
+ lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
+ lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
+ lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
+ lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
+ lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
+ lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-time.c,
+ lib/gl/tests/test-unistd.c, lib/gl/tests/test-vasnprintf.c,
+ lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
+ lib/gl/tests/test-verify.sh, lib/gl/tests/test-vsnprintf.c,
+ lib/gl/tests/test-wchar.c, lib/gl/tests/zerosize-ptr.h,
+ lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
+ lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
+ lib/gl/verify.h, lib/gl/vsnprintf.c, lib/gl/w32sock.h,
+ lib/gl/wchar.in.h, lib/gl/xsize.h, lib/gnutls_int.h,
+ lib/m4/hooks.m4, lib/minitasn1/Makefile.am, lib/nettle/Makefile.am,
+ lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, lib/po/LINGUAS,
+ lib/po/Makevars, lib/po/POTFILES.in, lib/po/cs.po.in,
+ lib/po/de.po.in, lib/po/fr.po.in, lib/po/it.po.in, lib/po/ms.po.in,
+ lib/po/nl.po.in, lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in,
+ lib/po/zh_CN.po.in, lib/x509/Makefile.am, libextra/Makefile.am,
+ libextra/configure.ac, libextra/gl/Makefile.am,
+ libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
+ libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
+ libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
+ libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
+ libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
+ libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
+ libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
+ libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
+ libextra/gl/override/lib/md5.c.diff, libextra/m4/hooks.m4,
+ m4/hooks.m4, po/LINGUAS, po/Makevars, po/POTFILES.in, po/cs.po.in,
+ po/de.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
+ po/pl.po.in, po/sv.po.in, po/vi.po.in, po/zh_CN.po.in,
+ src/Makefile.am, tests/suite/Makefile.in: Use a single configure.ac.
+ This speed ups compilation and reduces duplication of code (multiple
+ gl/ libraries etc.). This saves about 2mb in distributed size
+ (compressed).
- * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
- silent build rules. Suggested by Vincent Torri <address@hidden> in
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
-
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
+ * src/certtool-cfg.c: Avoid using readline.
-2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
- functions.
+ * lib/gnutls_buffers.c: initialized ret in _gnutls_writev_emu().
-2010-06-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am: removed OPRFI from makefile.
+ * lib/includes/gnutls/x509.h: doc fix
-2010-06-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: When verifying certificates use the same
- algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
- we were shortening certificate list if the flag was not set by the
- size of the first certificate found in the trusted list, and keep
- the list intact otherwise. Now we shorten the list in the latter
- case as well, except for the first certificate.
+ * lib/system.c: removed unneeded variable.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Added news entry for EV-certificates.
+ * lib/auth_cert.c: Corrected check for an unknown sign algorithm.
+ Patch by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
- Added test to check whether the %COMPAT option is required for this
- server.
+ * lib/openpgp/output.c: Do not use %e in strftime. Use %d instead
+ which is identically available in windows as well. Based on patch
+ by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
- the new session packing code. Saving absolute positions in buffers
- is no longer done. Now we store only and offset to allow
- reallocating the buffer and still do the correct reference.
+ * lib/x509/output.c, tests/certuniqueid.c: Fixed mismatch in size_t
+ size. Patch by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
- lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
- code that relate to SSL 3.0.
+ * lib/system.c, lib/system_override.c: Correctly set errno in win32
+ using gnutls_transport_set_global_errno(). Based on patch by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: version is 2.11.0
+ * tests/eagain-common.h, tests/mini-eagain-dtls.c,
+ tests/mini-eagain.c, tests/mini.c: Avoid using
+ gnutls_transport_set_global_errno() and use
+ gnutls_transport_set_errno() instead.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.
+ * lib/system_override.c: win32 fixes for set_global_errno().
+ Suggested by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Some updates on renegotiation text
+ * src/benchmark.c: Win32 changes for benchmark. Patch by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
- topic. I don't think they should be in the documentation.
+ * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
+ tests/pskself.c, tests/resume.c, tests/rng-fork.c, tests/x509dn.c,
+ tests/x509self.c: win32 fixes. Patch by LRN.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Corrected example with %COMPAT.
+ * lib/gnutls_buffers.c: minor modification in write_emu().
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
- discussion.
+ * lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c:
+ simplified cdk_trim_string() to make it safer to use.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: corrected text on AES
+ * lib/x509/privkey_pkcs8.c: correctly reset params.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Only save PIN if login was successful.
+ * lib/x509/crl.c, lib/x509/x509.c: use correct pointer size.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
- Metzler
+ * lib/gnutls_algorithms.c: correctly compare sign algorithm_st.
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * src/benchmark.c: Allow setting debug level via cmd.
+ * lib/opencdk/Makefile.am, lib/opencdk/context.h,
+ lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
+ lib/opencdk/verify.c: removed unused code
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/cryptodev.c: Explicitely terminate cryptodev sessions.
+ * lib/opencdk/armor.c: null terminate the armored string
-2010-06-19 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
- longer needed "active" variable.
+ * src/cli.c: properly null terminate string.
-2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: documented some of the changes
+ * src/common.c, src/pkcs11.c: check PIN size.
-2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
- internal hash/hmac and cipher functions.
+ * src/srptool.c: check salt size.
-2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
- Certtool has now the --pkcs11-list-privkeya option.
+ * lib/opencdk/read-packet.c: more clear bounds checking
-2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_privkey.c: Send correct token name to callback.
+ * lib/x509/privkey.c: initialize e and d.
-2010-06-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
- lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
- lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
- actual errors.
+ * lib/pkcs11_write.c: deinitialize pks variable only when needed.
-2010-06-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c:
- Added option to the PKCS11 PIN callback to save PIN if the token is
- being used with a single pkcs11_privkey structure.
+ * lib/openpgp/pgpverify.c: Initialize verify.
-2010-06-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_privkey.c: For Private key operations new sessions are
- opened when are needed. This makes the usage of the PKCS11 API
- thread safe. The only drawback is the requirement to enter PIN on
- every operation.
+ * src/cli.c: initialize session_id_size.
-2010-06-15 Simon Josefsson <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: gnutls-cli: Make --starttls work again. Problem
introduced in patch to use read() instead of fgets()
- committed on 2010-01-27.
+ * lib/opencdk/misc.c, lib/opencdk/opencdk.h: removed unneeded
+ function.
-2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c, tests/sha2/key-ca-dsa.pem,
- tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa:
- Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
- for DSA.
+ * lib/pakchois/pakchois.c: correctly traverse slots
-2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c: Do not warn multiple times for the deprecation of
- --bits.
+ * guile/src/core.c: avoid using a freed pointer.
-2010-06-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
- lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
- mbuffers is now cheaper by avoiding realloc, at the cost of
- requiring to specify a maximum mbuffer size at creation.
+ * lib/pkcs11.c: Initialize tinfo using the initially available
+ information.
-2010-06-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_safe_renegotiation.c: Removed unused functions.
+ * lib/gnutls_dtls.c: corrected debugging info.
-2010-06-13 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
- length with the maximum extension data length.
+ * tests/eagain-common.h, tests/mini-eagain-dtls.c,
+ tests/mini-eagain.c, tests/mini.c: The mini-* programs were
+ combined.
-2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
- lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
- lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_server_name.h, lib/ext_session_ticket.c,
- lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
- lib/gnutls_constate.c, lib/gnutls_extensions.c,
- lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
- lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
- lib/x509/dn.c, libextra/ext_inner_application.c,
- libextra/ext_inner_application.h, libextra/gnutls_extra.c,
- libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
- tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
- packing of data for session storage. Extensions use the internal API
- to store/retrieve during resumption. Removed OPRFI since it was never
standardized and was never actually
- included in gnutls since it was in inactive ifdef. This was instead
- of rewriting it to use the new API.
+ * lib/gnutls_record.c: Do not cleanup bufel after it has been
+ inserted into buffer.
-2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
- lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
- lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
- simplified and integrated with the buffer to avoid having two named
- for the same thing.
+ * lib/gnutls_mbuffers.c: Combined dequeue with remove_front() and
+ pop_first().
-2010-06-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois.c: Properly handle fork() case.
+ * doc/examples/Makefile.am: Compile ex-cert-select-pkcs11 as a
+ separate program.
-2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
- fips mode once gnutls_global_init_extra() is called.
+ * .gitignore, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
+ lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/system.h, tests/Makefile.am,
+ tests/eagain-common.h, tests/mini-eagain-dtls.c,
+ tests/mini-eagain.c, tests/utils.c: Added support for non-blocking
+ DTLS. Added mini-eagain-dtls to test its operation. Improved
+ mini-eagain.
-2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * src/tests.c: corrected tests.
+ * lib/nettle/init.c: gcrypt.h is not really needed. Reported by
+ David Reiser.
-2010-06-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c:
- Added new calls to pakchois to open an absolute filename.
+ * src/srptool.c: corrected header inclusion.
-2010-06-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h: Removed several comments that
- pointed to Alon's implementation comments. We use inline C comments
- to generate documentation (not doxygen).
+ * src/Makefile.am, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c,
+ src/crypt.gaa, src/srptool-gaa.c, src/srptool-gaa.h, src/srptool.c,
+ src/srptool.gaa: crypt.* renamed to srptool.*.
-2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/ext_session_ticket.c,
- lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
- lib/gnutls_buffers.h, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
- lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
- fixes for the rebase.
+ * lib/gnutls_srp.c: Corrected bug in gnutls_srp_verifier() that
+ prevented the allocation of a verifier. Reported by Andrew Wiseman.
-2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS: Added Jonathan.
+ * src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c, src/crypt.gaa:
+ Added debug option to srptool.
-2010-06-04 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-03 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois.c: Provider unref must be done after all
- sessions have been closed.
+ * doc/cha-cert-auth.texi: Documented p11-kit.
-2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-04-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am: Several fixes for the broken rebase.
+ * doc/cha-library.texi: corrected typo
-2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-intro-tls.texi: Merged with master.
+ * tests/scripts/common.sh: Added copyright.
-2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
- lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
- (a bit more) agnostic on their internal structure.
+ * configure.ac, tests/Makefile.am, tests/dsa/testdsa,
+ tests/openpgp-certs/testcerts, tests/scripts/Makefile.am,
+ tests/scripts/common.sh: Reorganized scripts that use test servers,
+ based on patch by Cedric Arbogast.
-2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: Corrected prefered hash algorithm return value
- on RSA.
+ * src/certtool-gaa.c, src/certtool.gaa: Create certificate request
+ with stricter permissions. Reported by Luca Capello.
-2010-06-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
- libgcrypt.
+ * tests/openpgp-certs/Makefile.am: enabled testcerts.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Ignore more files.
+ * tests/openpgp-certs/testcerts: made more silent.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-28 Nikos Mavrogiannopoulos <address@hidden>
- * tests/sha2/sha2-dsa: Remove the correct file
+ * tests/dsa/testdsa, tests/openpgp-certs/testcerts: Made scripts
+ bourne shell compliant and not bash.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
- * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
- files.
+ * THANKS: e-mail addresses are not directly recognizable.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
- lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
- get_preferred_hash_algorithm() functions have now an extra argument
- to indicate whether it is mandatory to use this algorithm.
+ * lib/opencdk/stream.c: Corrected access to freed memory location.
+ Reported by Vitaly Kruglikov.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/x509/crq.c: Added
- gnutls_x509_crq_get_preferred_hash_algorithm().
+ * THANKS: added Mark and Vitaly to THANKS.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
- lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
- gnutls_pubkey_get_preferred_hash_algorithm() and
- gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
- the hash algorithm to use during signing. This is needed in the case
- of DSA that uses specific versions of SHA depending on the size of
- the parameters.
+ * lib/system.c: Corrected windows system_errno() function. Reported
+ and patch by Mark Brand.
-2010-05-31 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
- lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
- lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
- lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c:
- Several fixes after big rebase.
+ * lib/includes/gnutls/compat.h: C++ compatibility fix for compat.h.
+ Suggested by Mark Brand.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
- * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
- SHA256 as well.
+ * lib/opencdk/verify.c: Corrected uninitialized var deinitiation.
+ Reported by Vitaly Kruglikov.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/mpi.c: Print debugging information on error.
+ * lib/gnutls_sig.c: eliminate compiler warning. Reported by Andreas
+ Metzler.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-25 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
- lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
- lib/opencdk/sig-check.c, lib/opencdk/verify.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
- lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
- lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
- Except for SHA-224/384/512 nettle seems to be fully working now.
+ * lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fix size of
+ gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE
+ definition. Reported by Andreas Metzler.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-24 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c: use --sec-param to generate privkey.
+ * NEWS: included news of 2.12.0
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-24 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgpself.c: reduced log level to a sane one
+ * guile/tests/Makefile.am: added missing files.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pathlen/ca-no-pathlen.pem,
- tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
- --print-certificate-info
+ * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
+ lib/pkcs11.c, lib/x509/crl.c: documentation fixes.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * tests/sha2/sha2: Print information on failure.
+ * tests/dsa/testdsa: Added DSA tests for client certificates as
+ well.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
- available.
+ * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_handshake.c,
+ lib/gnutls_sig.c, lib/includes/gnutls/abstract.h, lib/x509/verify.c:
+ Simplified signature algorithm selection.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
- tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
- something fails
+ * src/cli.c: The processed messages go to stdout.
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.
+ * lib/gnutls_privkey.c: updated documentation
-2010-05-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_global.c: Fixup to compile with nettle
+ * lib/gnutls_algorithms.c, lib/gnutls_int.h,
+ lib/includes/gnutls/gnutls.h.in: Increased GNUTLS_MAX_ALGORITHM_NUM
+ to 32. The gnutls_*_list() functions generate the list of algorithm
+ on the spot and no longer require a static duplicate list of
+ algorithms. This comes at a cost of not being thread safe (which is
+ not significant since those functions are only used for special
+ purposes).
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.
+ * lib/gnutls_privkey.c: corrected parameter.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
- in debugging.
+ * lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/x509/privkey.c:
+ Documentation fixes and cleanups.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs12_encode.c: Added debugging
+ * src/cli.c: define variable locally
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
- TLS.
+ * src/cli.c, src/serv.c: use IP_DONTFRAG if it is defined.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkix_asn1_tab.c: removed more stuff.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
+ lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
+ src/cli.c, src/common.h, src/serv.c, src/udp-serv.c: Avoided waiting
+ for peer's retransmission to ensure receipt of finished messages,
+ and used a 'timer'-like to retransmit packets.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
- incorporated.
+ * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map:
+ added gnutls_dtls_get_data_mtu().
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
- more.
+ * tests/dsa/testdsa: make gnutls-cli more quiet.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
- * tests/dn2.c: Corrected to support new EV_ values.
+ * configure.ac, tests/Makefile.am, tests/dsa/Makefile.am,
+ tests/dsa/cert.dsa.1024.pem, tests/dsa/cert.dsa.2048.pem,
+ tests/dsa/cert.dsa.3072.pem, tests/dsa/dsa.1024.pem,
+ tests/dsa/dsa.2048.pem, tests/dsa/dsa.3072.pem, tests/dsa/testdsa,
+ tests/suite/Makefile.in: Added test to verify connections with DSA
+ keys of various sizes.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
- * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
- avoid calling gcrypt directly.
+ * src/certtool.c: warn on generation of DSA keys of over 1024 bits.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
- lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
- tests/mini-eagain.c: exported gnutls_rnd().
+ * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_sig.c,
+ lib/includes/gnutls/gnutls.h.in: Return a special error code if DSA
+ keys with over 1024 are being used with TLS 1.x, x<2.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
- recognition of DN elements is now self contained. It does not need
- entries in pkix.asn.
+ * lib/nettle/pk.c: truncate hash size when asking to sign or verify
+ DSA with a longer hash.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
- support for EV certificate attributes.
+ * lib/gnutls_buffers.c, lib/system.c: Check for rejected connections
+ in system_recv_timeout().
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
- AES.
+ * lib/system_override.c: quickly discuss callback format.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_dh_primes.c: documentation updates
+ * lib/gnutls_dtls.c: When sending multiple cookies due to
+ verification errors do not increase the handshake sequence number
+ only the record sequence.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
- dh-params also used --sec-param.
+ * AUTHORS: updated Jonathan
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/mpi.c: Document that the generator is the generator of
- the subgroup and not the group.
+ * tests/openpgp-auth.c: Added check for RSA ciphersuite in openpgp
+ keys.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: Corrected certificate callback.
+ * lib/openpgp/privkey.c: read correct algorithm when decrypting data
+ and use correct number of private parameters.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
- lib/nettle/cipher.c: More AES stuff (still doesn't work).
+ * libextra/gnutls_extra.c: added missing ret.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/pk.c: Correction in RSA encryption.
+ * lib/auth_cert.c: Set type when sending empty openpgp key.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/cipher.c: Fixed issue with AES.
+ * lib/nettle/rnd.c, tests/Makefile.am, tests/rng-fork.c: Corrected
+ nettle's RNG behavior on fork and added a test case.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
- lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa: Added
- gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
- private keys using a human understandable scale.
+ * guile/tests/openpgp-auth.scm: enabled RSA and removed debugging.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
- lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
+ tests/openpgp-auth.c, tests/openpgp-auth2.c: gnutls_pubkey_t and
+ gnutls_privkey_t can import either an openpgp subkey or a master
+ key.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * lib/m4/hooks.m4: Always use included pakchois.
+ * guile/tests/openpgp-auth.scm, guile/tests/openpgp-elg-pub.asc,
+ guile/tests/openpgp-elg-sec.asc, guile/tests/openpgp-keys.scm,
+ guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc: split the
+ pgp keys to elgamal and dsa.
-2010-05-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
- page.
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/openpgp/pgp.c, lib/openpgp/privkey.c: introduced
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
-2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi: make example more compact by removing
- error checking.
+ * lib/gnutls_algorithms.c: On unknown public key algorithms return
+ Unknown name.
-2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
- reference to PKCS #11.
+ * lib/gnutls_privkey.c: Read the public key algorithm from the
+ selected subkey and not the master key when importing to a
+ gnutls_privkey.
-2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.
+ * lib/openpgp/gnutls_openpgp.c, tests/openpgpself.c: Documentation
+ fixed. Added fresh keys to test.
-2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/credentials/x509-server-dsa.pem,
- doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key
+ * tests/openpgpself.c: Test openpgp authentication with DSA-2048 bit
+ keys as well.
-2010-05-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
- lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
- level of several messages.
+ * lib/openpgp/pgp.c: gnutls_openpgp_crt_get_auth_subkey() will no
+ longer return an unsupported subkey.
-2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
- values in key.
+ * lib/x509/verify.c: Corrected verification of DSA-2048 keys.
+ Reported by address@hidden
-2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-14 Nikos Mavrogiannopoulos <address@hidden>
- * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
- keys on import. Nettle uses more values than gcrypt does from RSA
- decryption and it seemed that some values in our stored private keys
- were messy (generated by very old gnutls).
+ * doc/cha-intro-tls.texi: Added
+ gnutls_transport_set_vec_push_function().
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
- lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
- internal API. The only question that remains now is how to handle
- the gnutls_pkcs11_privkey_t. Currently it opens a session and
- maintains a handle to the object. This will require locks to be
- added on operations. Alternatively new sessions may be opened for
- each operation performed. This is guarranteed by PKCS #11 to be
- thread safe but will of course require to ask for the PIN again.
+ * lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map,
+ src/udp-serv.c: updated cookie negotiation to use only a prestate
+ structure and avoids setting data to cookie.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pakchois/pakchois.c: Removed debugging print.
+ * lib/gnutls_handshake.c: Use DTLS 1.0 instead of SSL 3.0 headers on
+ client hello in DTLS.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
- lib/pakchois/errors.c, lib/pakchois/pakchois.c,
- lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
- pakchois library (to open arbitrary pkcs11 modules). Current gnutls
- works only with this one.
+ * lib/gnutls_dtls.c, lib/gnutls_errors.c,
+ lib/includes/gnutls/dtls.h, lib/libgnutls.map, src/udp-serv.c: Added
+ photuris-like resource protection on the server. Added
+ gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
+ gnutls_dtls_cookie_set() to avoid initializing a session before
+ cookie is verified.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/cha-gtls-app.texi: Added missing file.
+ * lib/crypto-api.c, lib/ext_session_ticket.c,
+ lib/includes/gnutls/gnutls.h.in: added gnutls_key_generate() to API.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/TODO: Removed finished items.
+ * lib/ext_session_ticket.c: Avoid the usage of structures where the
+ attribute packed is assumed.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11_write.c: Noted that there things to be done.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: renamed gnutls_handshake_buffer_* functions
+ to gnutls_handshake_hash_buffer_* to separate from new API functions
+ and corrected its usage.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
- abstract types.
+ * lib/gnutls_algorithms.c: Added DSA-SHA256, DSA-SHA224 and
+ RSA-SHA224 to the supported signature algorithms list. Suggested by
+ address@hidden
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-13 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
- lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c:
- Common code for calculation of RSA exp1 and exp2. Also update the
- openpgp code to calculate those values.
+ * lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c:
+ session->internals.compression_method was removed. It was no longer
+ required since the new compression algorithm was stored to next
+ epoch as well.
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c:
- More fixes.
+ * lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.h:
+ _gnutls_is_dtls() is no more. IS_DTLS() is being used instead.
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c:
- Corrected nicely hidden bug that caused accesses to uninitialized
- variables if the gcry_mpi_print() functions were pessimists and
- returned more size than actually needed for the print.
+ * lib/ext_session_ticket.c: do not print debugging output on
+ non-fatal errors.
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gcrypt/pk.c: Added some sanity checks.
+ * lib/ext_session_ticket.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_record.c:
+ Properly reset the SSL 3.0 MAC algorithm.
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
- doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
- doc/cha-copying.texi, doc/cha-functions.texi,
- doc/cha-internals.texi, doc/cha-intro-tls.texi,
- doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
- doc/cha-tls-app.texi, doc/gnutls.texi,
- lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
- Documentation updates. Separated big gnutls.texi to chapter to allow
- easier maintainance.
+ * lib/gnutls_buffers.c, lib/gnutls_errors.h,
+ lib/gnutls_handshake.c, lib/x509/verify-high.c: cleanups. Introduced
+ gnutls_assert_val_fatal() that only prints debugging messages on
+ non-fatal errors.
-2010-05-23 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
- lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
- lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c:
- Added support to copy certificates and private keys to tokens. New
- functions: gnutls_pkcs11_copy_x509_crt()
- gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool
was updated to allow copying certificates and private keys
- to tokens. Deleting an object has issues (segfault) but it seems to
- be related with libopensc and its pkcs11 API.
+ * lib/gnutls_alert.c: Added string for GNUTLS_A_SSL3_NO_CERTIFICATE.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
- gnutls_pubkey_get_verify_algorithm().
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h:
+ gnutls_version_has_variable_padding is not really needed. A check
+ for SSL3.0 is more clear.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
- gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
- gnutls_pkcs11_obj_export().
+ * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c:
+ Corrected SSL2 client hello handling.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Tried to document recent changes.
+ * lib/gnutls_record.c: do not set default record version (i.e. SSL
+ 3.0) during a re-handshake.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
- src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
- gnutls_pubkey_t abstract type to handle public keys. It can
- currently import/export public keys from existing certificate types
- as well as from PKCS #11 URL. This allows generating a certificate
- or certificate request from a given public key (currently one could
- only generate them from a given private key). PKCS#11 API augmented to
allow reading arbitrary objects instead of
- just certificates. Certtool updated to list those objects.
+ * lib/gnutls_priority.c: default behavior is to send SSL3.0 client
+ hellos.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
- between hardware and soft tokens.
+ * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
+ corrected ssl3 record version sending in client hello.
-2010-05-21 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am: Added support for libnettle backend. This uses
- gmp for big number operations. It is not currently completed. It
- lacks RSA blinding as well as optimizations.
+ * NEWS, doc/cha-intro-tls.texi, lib/gnutls_buffers.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map: gnutls_transport_set_lowat() is no more.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/sign.c: Corrected bug in DSA signature generation.
+ * lib/gnutls_buffers.c, lib/gnutls_record.c: some cleanups
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
- and requests with an abstract key and thus with a PKCS #11 key as
- well.
+ * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
+ gnutls_x509_trust_list_verify_crt shortens the provided certificate
+ list based on the existing trusted CAs.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h
+ * lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutlsxx.cpp,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/dtls.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
+ lib/libgnutls.map, libextra/includes/gnutls/openssl.h, src/cli.c,
+ src/serv.c: gnutls_init_dtls() was made redundant. The same for
+ gnutls_end_connection_t which was replaced by a flags integer..
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
- #11 URL. It can read gnome-keyring's certificates and use them in
- the trusted list.
+ * lib/auth_psk.c, lib/auth_psk.h, lib/ext_session_ticket.c,
+ lib/ext_srp.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
+ lib/pkcs11_int.h, lib/system.c, lib/system.h, lib/x509/mpi.c,
+ lib/x509/verify.c, src/certtool-common.h, src/certtool.c,
+ src/common.c, src/pkcs11.c, src/udp-serv.c: Corrected types.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_x509.c: Corrections in openpgp private key usage.
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
+ src/udp-serv.c, src/udp-serv.h: Added --mtu option.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
- * tests/x509self.c: Updated self tests and examples to avoid using
- deprecated functions such as
- gnutls_certificate_server_set_retrieve_function and the sign
- callback.
+ * lib/gnutls_buffers.c: properly re-generate headers of fragmented
+ packets.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
- documentation for most of the new functions.
+ * lib/gnutls_state.c: increased initial retransmission time to 1
+ sec.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Documented that it was initially based on neon
- pkcs11 and got ideas from pkcs11-helper library.
+ * lib/gnutls_handshake.c: In DTLS do not hash messages that
+ shouldn't be hashed (i.e. hello verify request).
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-11 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c: Corrections to properly handle token removal and
- insert.
+ * lib/gnutls_cipher.c: Corrected size check in block encrypted
+ records.
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
- lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
- gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
- abstract private key type that can be used to sign/encrypt any
- private key of pkcs11,x509 or openpgp types. Added support for
- PKCS11 in gnutls-cli/gnutls-serv.
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c: Corrected behavior
+ in normal TLS handshake.
-2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c, src/pkcs11.c: Added several helper functions, to
- allow printing of tokens.
+ * libextra/Makefile.am: link libgnutls-extra against libgcrypt if
+ required. Based on patch by Andreas Metzler
+ <address@hidden>
-2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
- src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
- from PKCS #11 tokens. Added ability to list trusted certificates,
- or only certificates with a corresponding private key or just all.
+ * NEWS, lib/m4/hooks.m4, libextra/Makefile.am: increased the so
+ version of libgnutls-openssl.
-2010-05-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
- lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
- Certtool can now print lists of certificates available in system.
+ * lib/ext_session_ticket.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
+ lib/gnutls_errors.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_v2_compat.c,
+ lib/includes/gnutls/gnutls.h.in: Added intermediate handshake layer
+ that will order handshake packets and drop duplicates.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
- lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_int.h: Added
- gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
+ * lib/gnutls_record.c: handle non fatal errors when receiving record
+ headers.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/gnutls_pubkey.c,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
- lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
- src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
- gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
- gnutls_pkcs11_obj_export().
+ * lib/gnutls_cipher.c: memcpy -> memmove.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-05 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Ignore files that should be ignored.
+ * lib/gnutls_buffers.c, lib/gnutls_int.h: removed GMAX
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-02 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
- recent changes.
+ * src/certtool.c: Allow providing no password for PKCS #12 structure
+ generation. Reported by Daniel Kahn Gillmor.
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
- lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
- lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
- gnutls_pubkey_t abstract type to handle public keys. It can
- currently import/export public keys from existing certificate types
- as well as from PKCS #11 URL. This allows generating a certificate
- or certificate request from a given public key (currently one could
- only generate them from a given private key). PKCS#11 API augmented to
allow reading arbitrary objects instead of
- just certificates. Certtool updated to list those objects.
-
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
- gnutls_pkcs11_token_get_flags() to distinguish between hardware and
- soft tokens.
-
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
-
- * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
- symbols from C++ library. This library doesn't contain any internal
- symbols anyway and there is no reason to mess with the C++ ABI that
- hasn't got the problems of C.
-
-2010-05-21 Nikos Mavrogiannopoulos <address@hidden>
-
- * configure.ac, doc/examples/ex-serv-export.c,
- doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
- lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
- lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
- lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
- lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
- lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
- lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
- lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
- lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
- src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
- support for libnettle backend. This uses gmp for big number
- operations. It is not currently completed. It lacks RSA blinding as
- well as optimizations.
+ * src/certtool-cfg.c: consistently print all interactive questions
+ to stderr. Reported by Daniel Kahn Gillmor.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
- src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
- gnutls-cli and gnutls-serv can accept a PKCS #11 URL.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
+ lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: combined all the record
+ buffers in one.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/sign.c: Corrected bug in DSA signature generation.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
+ lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c:
+ internal buffering for record and handshake data changed from
+ gnutls_buffers to gnutls_mbuffers.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
- lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
- lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
- lib/x509/x509_write.c: Added operations to sign CRLs, certificates
- and requests with an abstract key and thus with a PKCS #11 key as
- well.
+ * lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in: Removed last pieces of inner
+ application.
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-26 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
- lib/gnutls_sig.h, lib/gnutls_x509.h,
- lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
- lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h
+ * lib/gnutls_record.c: some cleanups
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-01 Ludovic Courtès <address@hidden>
- * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c:
- The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
- gnome-keyring's certificates and use them in the trusted list.
+ * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
+ guile/tests/x509-auth.scm: guile: Change tests to use priority
+ strings.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-03-01 Ludovic Courtès <address@hidden>
- * lib/pkcs11.c: Documented that gnutls_global_init calls
- gnutls_pkcs11_init.
+ * src/Makefile.am: Add `udp-serv.h' to the distribution.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-28 Andreas Metzler <address@hidden>
- * src/cli.c: Only send termination request to avoid stalling on
- servers that do not reply.
+ * lib/libgnutls.map: fix duplicate symbols in version script These
three symbols are listed both in the GNUTLS_2_8 and the
+ GNUTLS_2_10 section. binutils uses the first occurence, drop the
+ second one. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-28 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h:
- Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
- works even when resuming a session.
+ * doc/cha-intro-tls.texi: updates on -ALL priorities.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-28 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
- doc/gnutls.texi: Added initial example.
+ * lib/ext_signature.c: Restrict the signature algorithms we
+ advertize to SHA1 and SHA256.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-28 Ludovic Courtès <address@hidden>
- * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c:
- Corrections in openpgp private key usage.
+ * lib/includes/Makefile.am: Add `gnutls/dtls.h' to the distribution.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * doc/examples/ex-cert-select.c, tests/Makefile.am,
- tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
- self tests and examples to avoid using deprecated functions such as
- gnutls_certificate_server_set_retrieve_function and the sign
- callback.
+ * guile/modules/system/documentation/c-snarf.scm: guile: Fix
+ docstring extraction with CPP 4.5+.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
- the new callback function.
+ * doc/Makefile.am: Pass the right CPPFLAGS when building Guile doc.
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
- lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
- documentation for most of the new functions.
+ * doc/cha-intro-tls.texi, guile/src/core.c: Add nodes for the
+ subsections of "The TLS Handshake Protocol".
-2010-05-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * lib/pkcs11.c: Documented that it was initially based on neon
- pkcs11 and got ideas from pkcs11-helper library.
+ * lib/Makefile.am: Add `lib/gnutls_dtls.h' to the distribution.
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
- lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
- properly handle token removal and insert.
+ * guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm, guile/src/core.c,
+ guile/src/errors.c, guile/src/errors.h, guile/tests/Makefile.am,
+ guile/tests/priorities.scm: guile: Wrap
+ `gnutls_priority_set_direct'; deprecate the old method.
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
- Deprecated the sign callback.
+ * doc/scripts/gdoc, doc/scripts/sort2.pl: Avoid hard-coded
+ /usr/bin/perl (trick taken from Gnulib.)
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-27 Ludovic Courtès <address@hidden>
- * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
- lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
- lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
- lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
- lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
- lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
- lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
- lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
- lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
- src/common.h, src/pkcs11.c, src/serv.c: Added
- gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
- abstract private key type that can be used to sign/encrypt any
- private key of pkcs11,x509 or openpgp types. Added support for
- PKCS11 in gnutls-cli/gnutls-serv.
+ * libextra/gnutls_extra.c: Fix LZO-enabled builds.
-2010-05-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-24 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: ignore unrelated to gnutls files.
+ * lib/nettle/rnd.c: Detect fork() in the random number generator and
+ reseed.
-2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
- src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
- src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
- functions, to allow printing of tokens.
+ * lib/gnutls_dtls.c, lib/gnutls_state.c: use timeouts closer to DTLS
+ RFC.
-2010-05-10 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-23 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_errors.c, lib/gnutls_str.c,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
- lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
- src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c:
- Added ability to export certificates from PKCS #11 tokens. Added
- ability to list trusted certificates, or only certificates with a
- corresponding private key or just all.
+ * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, lib/system_override.c: Renamed
+ gnutls_transport_set_push_function2() to
+ gnutls_transport_set_vec_push_function().
-2010-05-09 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
- lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
- lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
- lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
- lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
- lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
- src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
- src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
- Certtool can now print lists of certificates available in system.
+ * NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/compat.h,
+ lib/libgnutls.map, lib/x509/crq.c: Remove
+ gnutls_x509_crq_get_preferred_hash_algorithm.
-2010-03-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/x509/verify.c: Optimized the check_if_same().
+ * lib/libgnutls.map: Remove dropped functions.
-2010-02-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h:
- Added a forgoten by god OID for RSA. Warn using the actual OID on
- unknown public key algorithms.
+ * lib/x509/crl_write.c: Add deprecated docstring.
-2009-12-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
- API.
+ * lib/x509/crq.c: Fix deprecated docstring.
-2009-08-16 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
- lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
- handshake synthesis.
+ * lib/x509/privkey.c: Fix docstring.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
- lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
- mbuffer_st.
+ * lib/gnutls_pubkey.c: Fix docstring of new function.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
- Simplify handshake send buffer logic.
+ * lib/gnutls_cert.c: Fix docstring for deprecated functions.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: Fix interrupted write braino.
+ * lib/gnutls_sig.c: Make it build.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_mbuffers.c: Avoid pointer warning.
+ * lib/openpgp/privkey.c: Fix docstring of deprecated function.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h: Remove now useless
- _gnutls_mbuffer_enqueue{,copy} functions.
+ * lib/gnutls_pubkey.c: Fix docstrinf of new function.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
- lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
- with mbuffer_st structure as suggested by Nikos.
+ * doc/reference/gnutls-docs.sgml: Fix typo.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
- allocation by the caller.
+ * doc/reference/gnutls-docs.sgml: Improve text.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: GNUify some missed GNUification.
+ * lib/x509/crl.c: Doc fix of new function.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: Harmonize read and write function names.
+ * lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/x509/privkey.c: Fix
+ docstring of deprecated functions.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
- less lines.
+ * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/crq.c,
+ lib/x509/sign.c, tests/x509sign-verify.c: Rename
+ gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and
+ gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash. These were
added during the 2.11 cycle where we don't promise ABI
+ compatibility.
-2009-08-15 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once
again, I got bit by this pretty hard.
+ * doc/gnutls-crypto-layers.eps: Add doc/gnutls-crypto-layers.eps.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_record.c: Use a datum for ciphered data in
- _gnutls_send_int.
+ * doc/Makefile.am: Dist gnutls-crypto-layers.*.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.h: Remove the prototype for the non-existant
- function _gnutls_io_write_buffered2.
+ * lib/Makefile.am: Add abstract_int.h.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
- internals.record_send_buffer mess.
+ * .gitignore: Ignore more.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: Remove yet another address@hidden instance of
- redundant hexadecimal dumping.
+ * lib/Makefile.am: Link with -lnettle too.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
- Modify slightly the contract of _gnutls_io_write_buffered as
- suggested by Nikos Mavrogiannopoulos.
+ * doc/Makefile.am, doc/cha-programs.texi, lib/gnutls_privkey.c,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/openpgp/pgp.c: Fix syntax-check warnings.
-2009-08-09 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-22 Ludovic Courtès <address@hidden>
- * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
- by value.
+ * guile/modules/gnutls/build/enums.scm: guile: Remove
+ GNUTLS_A_INNER_APPLICATION_FAILURE and
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION.
-2009-08-08 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
- handshake data were received during a session. It now stores them
- for future use by a gnutls_handshake(). Reported by Peter
- Hendrickson <address@hidden>.
+ * lib/gnutls_session_pack.c: store entities as numbers to avoid
+ issues in big-little endian machines.
-2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
- _gnutls_io_write_flush with mbuffers.
+ * lib/gnutls_record.c: documented the DTLS sequence particularities.
-2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-22 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
- internals.record_send_buffer to a mbuffer.
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c,
+ lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/udp-serv.c:
+ Added gnutls_record_recv_seq() that can return the sequence number
+ of the record packet, in addition to data.
-2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Extract a simple_write function from
- _gnutls_io_write_buffered.
+ * lib/gnutls_record.c: reorganized and simplified gnutls_recv_int().
+ It will discard invalid DTLS packets.
-2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_buffers.c: Add dump_bytes function.
+ * lib/gnutls_constate.h, lib/gnutls_record.c: Discard messages that
+ contain a different epoch than the current one.
-2009-08-06 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
- lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
- mbuffer operations.
+ * lib/gnutls_record.c: renamed internal function to reflect
+ functionality.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c: Do not rely on version ordering; use
- switch..case instead.
+ * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c:
+ Implemented a sliding window-like thing to discard replayed packets.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.
+ * src/cli.c: gnutls-cli shouldn't print errors on EAGAIN and
+ INTERRUPTED.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_state.c: Remove hardcoded version check in
- gnutls_state.c.
+ * lib/gnutls_num.c: corrected uint48pp.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_cipher.c: Remove hardcoded version checks in
- gnutls_cipher.c.
+ * lib/gnutls_constate.c, lib/gnutls_mbuffers.c, lib/gnutls_state.c:
+ Epoch garbage collector is being run when handshake is being cleaned
+ up.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
+ lib/gnutls_state.c: skip replays in handshake packets.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c: Remove hardcoded version checks in
- gnutls_handshake.c.
+ * lib/gnutls_record.c: Forbid SSL v.2 client hello in DTLS.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c: Add version check function for selectable
- signature/hash certificate algorithms.
+ * lib/gnutls_buffers.c, lib/gnutls_int.h: removed unneeded
+ variables.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c: Add version check functions for
- non-minimal padding.
+ * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mbuffers.c:
+ Cleanups in combination of DTLS and TLS buffers.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
- check function for explicit IV.
+ * lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_sig.c,
+ lib/opencdk/main.h, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, lib/x509/common.c, lib/x509/dn.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/verify.c, lib/x509/x509_write.c, lib/x509_b64.c:
+ gnutls_x509_log replaced with gnutls_audit_log.
-2009-08-01 Jonathan Bastien-Filiatrault <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.h: Add version check functions for
- selectable PRF and extension handling.
+ * lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Return a
+ more precise mtu unit to applications.
-2010-06-01 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
- doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
- lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
- tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn:
- Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will
enable safe renegotiation. This is the
- most secure and recommended option for clients. However this will
- prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION:
Prevents renegotiation with clients and
- servers not supporting the safe renegotiation extension. (this is
- the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe
ones.
+ * src/udp-serv.c: restart handshake on signals.
-2010-05-31 Simon Josefsson <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi: Minor fix.
+ * lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c:
+ reference counting in epochs is being done using functions.
-2010-05-31 Simon Josefsson <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * GNUmakefile, maint.mk: Update gnulib files.
+ * lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_dtls.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
+ lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
+ gnutls_dtls_g/set_mtu() to allow setting and getting the DTLS mtu
+ from application.
-2010-05-29 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-20 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi: Documented the defaults.
+ * lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
+ lib/gnutls_int.h, lib/gnutls_state.c: Combined DTLS buffers and
+ normal TLS buffers.
-2010-05-28 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
- updates.
+ * lib/Makefile.am, lib/ext_session_ticket.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
+ lib/system.h, lib/system_override.c, src/Makefile.am,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
+ src/udp-serv.c, src/udp-serv.h: Changes to allow DTLS server side to
+ operate. Added a simple UDP server on gnutls-serv. Server other
+ cleanups.
-2010-05-28 Simon Josefsson <address@hidden>
+2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi: Update.
+ * lib/gnutls_dtls.c, lib/gnutls_errors.c, lib/gnutls_int.h,
+ lib/gnutls_state.c, lib/includes/gnutls/dtls.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Allow
+ setting the DTLS timeouts explicitly.
-2010-05-28 Simon Josefsson <address@hidden>
+2011-02-19 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/README: Add.
+ * doc/TODO: updated.
-2010-05-28 Simon Josefsson <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
- build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
- configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
- gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
- gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
- gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
- gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
- gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
- gl/tests/test-vc-list-files-cvs.sh,
- gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
- gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
- gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
- lib/build-aux/c++defs.h, lib/gl/Makefile.am,
- lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
- lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
- lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
- lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
- lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
- lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
- lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
- lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
- lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
- libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
- gnulib files, use valgrind-tests module, fix syntax-check problems.
+ * lib/auth_cert.c, lib/debug.c, lib/gnutls_algorithms.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_mbuffers.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
+ src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Several
+ updates for DTLS (client side only) to work.
-2010-05-28 Simon Josefsson <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * doc/announce.txt: Doc fix.
+ * lib/opencdk/main.h: Increased level of opencdk debug messages.
-2010-05-25 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
- lib/x509/verify.c: Use correct hashing algorithms for DSA with q
- over 160 bits.
+ * lib/gnutls_sig.c: DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1
+ as hash. That is we reverted to previous gnutls behavior. That
+ violates DSS but all implementations handle it like that.
-2010-05-24 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c: Better checks in loops.
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
+ lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_int.h: use
+ similar API when caching messages in DTLS or TLS.
-2010-05-22 Simon Josefsson <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/crl.c: Doc fix.
+ * lib/gnutls_algorithms.c: corrected is_version_supported().
-2010-05-22 Simon Josefsson <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c:
+ Simplified _gnutls_recv_handshake().
-2010-05-22 Simon Josefsson <address@hidden>
+2011-02-18 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_dtls.c, lib/gnutls_handshake.c: ciphersuites have a bit
+ that indicates whether they are usable with DTLS or not.
-2010-05-22 Simon Josefsson <address@hidden>
+2011-02-17 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
- GTK-DOC PDF file.
+ * lib/auth_dhe.c, lib/gnutls_algorithms.c, lib/gnutls_cipher.c: fix
+ for dtls.
-2010-05-22 Simon Josefsson <address@hidden>
+2010-10-02 Jonathan Bastien-Filiatrault <address@hidden>
- * cfg.mk: Also build PDF manual.
+ * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_num.c,
+ lib/gnutls_num.h: dtls: Add uint48 handling functions. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-10-02 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/gnutls.texi: Fix node/section usage.
+ * lib/gnutls_record.c: dtls: Bring epoch choice on receive closer to
+ the first usage. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-24 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/srn5.c: Fix self test.
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Add DTLS
+ support to command-line client. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-17 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_handshake.c: Readd lost fix from Nikos.
+ * lib/gnutls_constate.c: dtls: Write epoch to sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-06 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.
+ * lib/gnutls_handshake.c: dtls: Send consistent a client_random. This
is necessary when challenged by HelloVerifiyRequest as we MUST
+ send the same client parameters. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * NEWS: Add.
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Limit the number
+ of HelloVerifyRequest round trips. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
- libextra/openssl_compat.c: Doc fixes.
+ * lib/gnutls_dtls.c, lib/gnutls_handshake.c: dtls: TEMP: Sprinkle
+ transmits. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/x509/x509.c: Doc fix.
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Do
+ HANDSHAKE_HELLO_VERIFY_REQUEST processing. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
- doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
- doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
- doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
- doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
- doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
- doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
- guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
- guile/modules/gnutls/build/priorities.scm,
- guile/modules/gnutls/build/smobs.scm,
- guile/modules/gnutls/build/utils.scm,
- guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
- guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
- guile/src/extra.c, guile/src/make-enum-header.scm,
- guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
- guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
- guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
- guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
- guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
- guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
- guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
- guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
- lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
- lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
- lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
- lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
- lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
- lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
- lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
- lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
- lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
- lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
- lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_server_name.h, lib/ext_session_ticket.c,
- lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
- lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
- lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
- lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
- lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_compress.c, lib/gnutls_compress.h,
- lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
- lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
- lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
- lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
- lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
- lib/gnutls_handshake.c, lib/gnutls_handshake.h,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
- lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
- lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
- lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
- lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
- lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
- lib/gnutls_record.h, lib/gnutls_rsa_export.c,
- lib/gnutls_rsa_export.h, lib/gnutls_session.c,
- lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
- lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
- lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
- lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
- lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
- lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
- lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
- lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
- lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
- lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
- lib/openpgp/Makefile.am, lib/openpgp/compat.c,
- lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
- lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
- lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
- lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
- lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
- lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
- lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
- lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
- lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
- libextra/configure.ac, libextra/ext_inner_application.c,
- libextra/ext_inner_application.h, libextra/fipsmd5.c,
- libextra/gl/Makefile.am, libextra/gnutls_extra.c,
- libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
- libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
- libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
- libextra/m4/hooks.m4, libextra/openssl_compat.c,
- libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
- src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
- src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
- src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
- tests/certder.c, tests/certificate_set_x509_crl.c,
- tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
- tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
- tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
- tests/finished.c, tests/gc.c, tests/hostname-check.c,
- tests/init_roundtrip.c, tests/key-id/Makefile.am,
- tests/key-id/key-id, tests/mini-eagain.c,
- tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
- tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
- tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
- tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
- tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
- tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
- tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
- tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
- tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
- tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
- tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
- tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
- tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
- tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
- tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
- tests/rsa-md5-collision/Makefile.am,
- tests/rsa-md5-collision/rsa-md5-collision,
- tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
- tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
- tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
- tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
- tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
- tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
- tests/userid/userid, tests/utils.c, tests/utils.h,
- tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
- tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
- Change GNUTLS into GnuTLS.
-
-2010-05-22 Simon Josefsson <address@hidden>
-
- * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
- doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
- doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
- doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
- lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
- src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
- src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.
+ * lib/gnutls_handshake.c: dtls: Add
+ _gnutls_recv_hello_verify_request. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-05-22 Nikos Mavrogiannopoulos <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
- parsing of ciphersuite or extensions when safe renegotiation is
- disabled.
+ * lib/gnutls_record.c: Decrypt using the proper sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn5.c: Add test of self renegotiation
- APIs.
+ * lib/gnutls_cipher.c, lib/gnutls_cipher.h: dtls: Use proper record
+ sequence for DTLS decrypt. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-22 Simon Josefsson <address@hidden>
+2011-02-17 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c:
- Add more rengotiation self tests.
+ * lib/gnutls_handshake.c: corrected extdatalen
-2010-05-22 Simon Josefsson <address@hidden>
+2010-09-05 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c:
- Add more safe renegotiation self test.
+ * lib/gnutls_buffers.c: dtls: Read whole datagrams. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-2010-05-21 Simon Josefsson <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * NEWS, doc/announce.txt, doc/gnutls.texi,
- doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
- lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
- tests/safe-renegotiation/srn2.c: Remove
- gnutls_safe_negotiation_set_initial and
- gnutls_safe_renegotiation_set.
+ * lib/gnutls_handshake.c: dtls: Queue outgoing handshake messages in
+ the retransmission layer. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_priority.c: Documented behavioral change.
+ * lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add outgoing flight buffer
+ handling code. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
- differentiate the behavior of server and client with regards to safe
- renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
- UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
- This (as well as the safe_renegotiation_set flag) has to be removed
- once safe renegotiation is default in both server and client side.
+ * lib/gnutls_errors.h: Define _gnutls_dtls_log for DTLS.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-18 Nikos Mavrogiannopoulos <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
- renegotiation if the priority_* functions are not called.
+ * lib/gnutls_int.h, lib/gnutls_state.c: Add structures for the
+ buffered outgoing flight. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-11 Nikos Mavrogiannopoulos <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
- Adams.
+ * lib/gnutls_int.h, lib/gnutls_state.c: Add state for handshake mtu.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c:
- tests: Add srn3 to test inverse of what srn1 is testing.
+ * lib/gnutls_handshake.c: dtls: Fixup outgoing ClientHello hashing.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn2.c: tests: Add another safe
- renegotiation self tests.
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Add proper handshake
+ outgoing sequence number. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/srn1.c: Also test
- gnutls_safe_renegotiation_status API.
+ * lib/Makefile.am, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add
+ gnutls_dtls.{c,h}. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-08-02 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
- renegotiation extension.
+ * lib/gnutls_handshake.c: dtls: Remove unsuitable ciphers.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
- X.509 rehandshake test.
+ * lib/debug.c, lib/gnutls_handshake.c,
+ lib/includes/gnutls/gnutls.h.in: dtls: Add hanshake fragment headers
+ when sending handshake. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/mini-x509.c: Protect against infloops.
+ * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: dtls:
+ Add epoch and sequence number to DTLS packets. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-05-03 Simon Josefsson <address@hidden>
+2009-07-28 Jonathan Bastien-Filiatrault <address@hidden>
- * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
- self-test.
+ * lib/gnutls_record.c: Use increment functions for sequence number.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-04-30 Simon Josefsson <address@hidden>
+2009-07-27 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/gnutls.texi: Improve text, based on suggestions from Tomas
- Hoger <address@hidden>.
+ * lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_record.c: dtls: Add types and operations required for the
+ DTLS epoch and sequence. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2009-07-29 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_handshake.c: Fix typo.
+ * lib/gnutls_algorithms.c, lib/gnutls_priority.c: Make version
+ lookup transport dependent. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2009-08-03 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_handshake.c: Improve renegotiation debug messages.
+ * lib/gnutls_state.h: dtls: Add _gnutls_is_dtls to check if a
+ session uses DTLS. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2009-07-25 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/announce.txt: Add.
+ * lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add
+ gnutls_init_dtls function. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2009-07-25 Jonathan Bastien-Filiatrault <address@hidden>
- * .gitignore: Add.
+ * lib/gnutls_int.h: Add DTLS state. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2009-07-15 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/gnutls.texi: Add section on safe renegotiation.
+ * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Add
+ DTLS1.0 protocol entry. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
-2010-04-29 Simon Josefsson <address@hidden>
+2010-09-17 Jonathan Bastien-Filiatrault <address@hidden>
- * lib/gnutls_record.c: Remove debug code.
+ * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.h: Allocate session buffers of
+ size, depending on type of session. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-04-25 Simon Josefsson <address@hidden>
+2010-09-25 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/gnutls.texi: Mention shared library map file and GTK-DOC
- guidelines.
+ * lib/gnutls_constate.c: Harmonize "d" argument between constate.c
+ and compress.c. Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-2010-04-22 Simon Josefsson <address@hidden>
+2010-09-24 Jonathan Bastien-Filiatrault <address@hidden>
- * doc/announce.txt: Update URL.
+ * src/cli-gaa.c, src/cli.gaa: Fix typo. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
-2010-04-22 Simon Josefsson <address@hidden>
+2010-09-21 Jonathan Bastien-Filiatrault <address@hidden>
- * AUTHORS: Update my OpenPGP key.
+ * lib/gnutls_num.h: Parenthesize UINT64DATA again. Signed-off-by:
Nikos Mavrogiannopoulos <address@hidden>
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/announce.txt: Update my key.
+ * doc/cha-intro-tls.texi: reorganization of ciphersuite discussion.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/announcement-template.txt: Remove.
+ * lib/gnutls_priority.c: Allow using the minus "-" in the -ALL
+ priority strings.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.
+ * lib/gnutls_algorithms.c: Added fixme note on TLS 1.2 PRF per
+ ciphersuite.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add 2.8.x NEWS entries.
+ * lib/gnutls_algorithms.c: The safe renegotiation ciphersuite is not
+ required to be registered.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/configure.ac: Also bump libgnutls-extra version.
+ * lib/auth_dhe_psk.c: Corrected bug in DHE-PSK in freeing
+ username/key.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-15 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
- versions.
+ * lib/gnutls_algorithms.c: Added ciphersuites (from RFC5487):
+ TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ TLS_PSK_WITH_NULL_SHA256 TLS_DHE_PSK_WITH_NULL_SHA256
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-12 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/gendocs.sh: Chmod +x.
+ * NEWS, lib/gnutls_extensions.c, lib/gnutls_sig.c: Corrected
+ signature generation and verification in the Certificate Verify
+ message when in TLS 1.2. Reported by Todd A. Ouska.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-11 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: Generated.
+ * lib/gnutls_state.c: removed duplicate assignments.
-2010-04-22 Simon Josefsson <address@hidden>
+2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Version 2.9.10.
+ * lib/nettle/cipher.c: upgraded to nettle's new GCM API.
-2010-04-21 Simon Josefsson <address@hidden>
+2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
- lib/minitasn1/decoding.c, lib/minitasn1/element.h,
- lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h,
- lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
- lib/minitasn1/structure.h, lib/minitasn1/version.c: Upgrade to
- libtasn1 version 2.6.
+ * lib/m4/hooks.m4: increased the C++ library current version.
-2010-04-21 Simon Josefsson <address@hidden>
+2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
- * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
- gl/m4/netdb_h.m4, gl/stdbool.in.h, gl/tests/test-lseek.sh,
- gl/tests/test-select-in.sh, gl/tests/test-stdbool.c,
- gl/tests/test-stdint.c, lib/gl/Makefile.am, lib/gl/m4/netdb_h.m4,
- lib/gl/m4/visibility.m4, lib/gl/stdbool.in.h,
- lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stdint.c,
- lib/gl/tests/test-vasprintf.c, maint.mk: Update gnulib files.
+ * NEWS, lib/gnutlsxx.cpp: The C++ interface returns exception on
+ every error and not only on fatal ones. This allows easier handling
+ of errors.
-2010-04-21 Simon Josefsson <address@hidden>
+2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: Structure fork check together.
+ * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: removed the old
+ set_priority functions.
-2010-04-15 Simon Josefsson <address@hidden>
+2011-02-10 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: Fix compiler warning.
+ * src/cli.c, src/serv.c: removed more deprecated stuff.
-2010-04-15 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * gl/override/top/maint.mk.diff, libextra/gl/hmac-md5.c,
- libextra/gl/md5.c, maint.mk: Update gnulib files.
+ * libextra/gnutls_openssl.c, libextra/includes/gnutls/openssl.h:
+ updated openssl layer to new priority functions (untested).
-2010-04-15 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto-api.c, lib/gnutls_priority.c: Indent code.
+ * lib/gnutls_sig.c: removed unused variable.
-2010-04-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto-api.c, lib/includes/gnutls/crypto.h: Use size_t instead
- of int for input variables that represent sizes.
+ * NEWS, lib/gnutls_sig.c: Allow DSA2 even in protocols before TLS
+ 1.2.
-2010-04-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: Free the priority structure on error.
- Reported by Paul Aurich.
+ * src/cli.c: set the psk callback only if username/key were not
+ supplied at command line.
-2010-04-02 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: The string is colon separated. Reported by
- Paul Aurich.
+ * lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_pk.c,
+ lib/gnutls_sig.c: In TLS 1.2 under DSS use the hash algorithm
+ required by DSS.
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Fix indent bug.
+ * tests/Makefile.am, tests/openpgp-auth.c, tests/openpgp-auth2.c:
+ Added new test openpgp-auth2.c that tests openpgp under TLS1.2 and
+ DSS as well.
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * cfg.mk, doc/examples/examples.h, guile/src/errors.h,
- guile/src/utils.h, lib/auth_cert.h, lib/auth_dh_common.h,
- lib/crypto.h, lib/ext_oprfi.h, lib/ext_safe_renegotiation.h,
- lib/ext_session_ticket.h, lib/ext_signature.h,
- lib/gnutls_algorithms.h, lib/gnutls_cipher_int.h,
- lib/gnutls_compress.h, lib/gnutls_cryptodev.h, lib/gnutls_errors.h,
- lib/gnutls_extensions.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
- lib/gnutls_mpi.h, lib/gnutls_pk.h, lib/gnutls_sig.h,
- lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
- lib/gnutls_supplemental.h, lib/includes/gnutls/crypto.h,
- lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
- lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
- lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/keydb.h,
- lib/opencdk/main.h, lib/opencdk/opencdk.h, lib/opencdk/packet.h,
- lib/opencdk/stream.h, lib/opencdk/types.h,
- lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
- lib/x509/pbkdf2-sha1.h, lib/x509/x509_int.h,
- libextra/includes/gnutls/extra.h,
- libextra/includes/gnutls/openssl.h, src/certtool-cfg.h,
- src/certtool-common.h, src/common.h: More indentation.
+ * tests/anonself.c, tests/dhepskself.c, tests/mini-eagain.c,
+ tests/mini.c, tests/openpgp-auth.c, tests/pskself.c, tests/resume.c:
+ Modernized the test applications that now use the
+ gnutls_priority_set_direct().
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ deprecated gnutls_*_set_priority().
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_max_record.c,
+ lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
+ lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_srp.c,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
+ lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c: The extensions
+ code is now using the gnutls_buffer_st.
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * lib/gnutls_algorithms.c, lib/x509/x509_int.h: Added sha224 to the
+ list of MACs.
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/Makefile.am: Generated.
+ * lib/gnutls_priority.c: The PSK and SRP key exchange algorithms are
+ not included in the preset priority strings.
-2010-04-14 Simon Josefsson <address@hidden>
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-client-tlsia.c, doc/examples/ex-verify.c,
- doc/examples/ex-x509-info.c, lib/auth_cert.c, lib/auth_rsa.c,
- lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_oprfi.c,
- lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
- lib/ext_session_ticket.c, lib/ext_signature.c,
- lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
- lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
- lib/gnutls_constate.c, lib/gnutls_extensions.c,
- lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
- lib/gnutls_priority.c, lib/gnutls_record.c,
- lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
- lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
- lib/minitasn1/decoding.c, lib/opencdk/read-packet.c,
- lib/opencdk/sig-check.c, lib/x509/pkcs12.c, lib/x509/verify.c,
- libextra/gl/hmac-md5.c, libextra/gl/md5.c, src/benchmark.c,
- src/certtool.c, src/cli.c, src/serv.c, src/tests.c, src/tls_test.c,
- tests/anonself.c, tests/certder.c, tests/chainverify.c,
- tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
- tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/finished.c,
- tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
- tests/mini-eagain.c, tests/mini.c, tests/netconf-psk.c,
- tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
- tests/openpgpself.c, tests/parse_ca.c, tests/pkcs12_encode.c,
- tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
- tests/resume.c, tests/set_pkcs12_cred.c, tests/simple.c,
- tests/tlsia.c, tests/utils.c, tests/x509_altname.c, tests/x509dn.c,
- tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
- Indent code.
-
-2010-04-14 Simon Josefsson <address@hidden>
-
- * NEWS, lib/crypto-api.c, lib/ext_safe_renegotiation.c,
- lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/libgnutls.map,
- lib/x509/x509.c: Export new ABIs. Doc fixes for new APIs.
-
-2010-04-14 Simon Josefsson <address@hidden>
-
- * tests/safe-renegotiation/Makefile.am: Disable self-test
- temporarily until we make it work cross-platform.
-
-2010-04-13 Simon Josefsson <address@hidden>
-
- * NEWS, lib/ext_safe_renegotiation.c, lib/gnutls_algorithms.c,
- lib/includes/gnutls/gnutls.h.in: Doc fixes.
-
-2010-04-13 Simon Josefsson <address@hidden>
-
- * doc/manpages/Makefile.am, src/certtool-gaa.c: Generated.
-
-2010-04-13 Simon Josefsson <address@hidden>
-
- * doc/reference/Makefile.am: Ignore c++defs.h.
-
-2010-04-13 Simon Josefsson <address@hidden>
-
- * .x-sc_prohibit_empty_lines_at_EOF, GNUmakefile,
- build-aux/c++defs.h, build-aux/warn-on-use.h, doc/certtool.cfg,
- doc/credentials/gnutls-http-serv, doc/credentials/params.pem,
- doc/credentials/x509/Makefile.am, doc/credentials/x509/cert.pem,
- doc/credentials/x509/clicert-dsa.pem, gl/Makefile.am, gl/fseeko.c,
- gl/m4/fseeko.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
- gl/m4/lib-link.m4, gl/m4/memchr.m4, gl/m4/stdio_h.m4,
- gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/time_h.m4,
- gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/stdio-impl.h,
- gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
- gl/sys_stat.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
- gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
- gl/tests/test-vasnprintf.c, gl/time.in.h, gl/unistd.in.h,
- gl/vasnprintf.c, gl/wchar.in.h, guile/modules/gnutls/extra.scm,
- guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
- lib/build-aux/c++defs.h, lib/build-aux/warn-on-use.h,
- lib/ext_cert_type.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
- lib/gl/m4/fseeko.m4, lib/gl/m4/gnulib-common.m4,
- lib/gl/m4/gnulib-comp.m4, lib/gl/m4/lib-link.m4,
- lib/gl/m4/memchr.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
- lib/gl/m4/string_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
- lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
- lib/gl/m4/vasnprintf.m4, lib/gl/stdio-impl.h, lib/gl/stdio.in.h,
- lib/gl/stdlib.in.h, lib/gl/string.in.h, lib/gl/sys_socket.in.h,
- lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
- lib/gl/tests/test-vasnprintf.c, lib/gl/time.in.h, lib/gl/time_r.c,
- lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
- lib/minitasn1/Makefile.am, lib/minitasn1/README,
- lib/opencdk/keydb.h, lib/opencdk/packet.h,
- libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
- libextra/gl/m4/lib-link.m4, maint.mk, src/certtool.gaa,
- src/cfg/Makefile.am, src/crypt.gaa, src/tls_test.gaa,
- tests/key-id/ca-gnutls-keyid.pem, tests/key-id/ca-no-keyid.pem,
- tests/key-id/ca-weird-keyid.pem,
- tests/pkcs1-padding/pkcs1-pad-broken.pem,
- tests/pkcs1-padding/pkcs1-pad-broken2.pem,
- tests/pkcs1-padding/pkcs1-pad-broken3.pem,
- tests/pkcs1-padding/pkcs1-pad-ok.pem,
- tests/pkcs1-padding/pkcs1-pad-ok2.pem,
- tests/safe-renegotiation/Makefile.am, tests/test25.pem: Update
- gnulib files, fix syntax-check warnings.
-
-2010-03-31 Simon Josefsson <address@hidden>
-
- * .gitignore, gl/m4/wchar_h.m4, lib/gl/m4/wchar_h.m4: Add forgotten
- gnulib files, and fix .gitignore.
-
-2010-03-31 Simon Josefsson <address@hidden>
+ * lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe_psk.c,
+ lib/auth_psk.c, lib/auth_psk.h: Callback function is being called in
+ both PSK-DHE and PSK. Using the callback function will not
+ overwrite the credentials, which were wrongly being overwritten
+ using the retrieved username/key. The credentials structure is now
+ accessed for reading only, as it should have been.
- * NEWS: Add.
+2011-02-09 Nikos Mavrogiannopoulos <address@hidden>
-2010-03-31 Simon Josefsson <address@hidden>
-
- * lib/po/LINGUAS, lib/po/it.po.in, lib/po/nl.po.in: Sync with TP.
-
-2010-03-31 Simon Josefsson <address@hidden>
-
- * .x-sc_program_name, .x-sc_the_the, cfg.mk,
- lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
- lib/m4/hooks.m4, lib/opencdk/sig-check.c, src/certtool.c,
- src/serv.c, tests/dn.c, tests/mini.c: Update gnulib files. Fix
- syntax-check warnings.
-
-2010-03-31 Simon Josefsson <address@hidden>
-
- * build-aux/c++defs.h, build-aux/vc-list-files,
- build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c,
- gl/arpa_inet.in.h, gl/bind.c, gl/connect.c, gl/getaddrinfo.c,
- gl/gettext.h, gl/gettimeofday.c, gl/m4/arpa_inet_h.m4,
- gl/m4/getaddrinfo.m4, gl/m4/gettimeofday.m4,
- gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
- gl/m4/inet_pton.m4, gl/m4/lseek.m4, gl/m4/netdb_h.m4,
- gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
- gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
- gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
- gl/m4/time_h.m4, gl/m4/unistd_h.m4, gl/m4/warn-on-use.m4,
- gl/m4/wchar.m4, gl/netdb.in.h, gl/netinet_in.in.h, gl/recv.c,
- gl/select.c, gl/send.c, gl/stdint.in.h, gl/stdio.in.h,
- gl/stdlib.in.h, gl/string.in.h, gl/sys_select.in.h,
- gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
- gl/tests/Makefile.am, gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
- gl/tests/test-vc-list-files-git.sh, gl/time.in.h, gl/unistd.in.h,
- gl/wchar.in.h, lib/build-aux/c++defs.h,
- lib/build-aux/warn-on-use.h, lib/gl/Makefile.am, lib/gl/gettext.h,
- lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
- lib/gl/m4/intldir.m4, lib/gl/m4/lseek.m4, lib/gl/m4/netdb_h.m4,
- lib/gl/m4/printf-posix.m4, lib/gl/m4/stddef_h.m4,
- lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/string_h.m4,
- lib/gl/m4/strings_h.m4, lib/gl/m4/sys_socket_h.m4,
- lib/gl/m4/sys_stat_h.m4, lib/gl/m4/time_h.m4,
- lib/gl/m4/unistd_h.m4, lib/gl/m4/visibility.m4,
- lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar.m4, lib/gl/netdb.in.h,
- lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
- lib/gl/string.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
- lib/gl/tests/Makefile.am, lib/gl/time.in.h, lib/gl/unistd.in.h,
- lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
- libextra/gl/m4/gnulib-comp.m4, maint.mk: Update gnulib files.
+ * configure.ac: bumped version.
-2010-03-30 Simon Josefsson <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * m4/valgrind.m4: Check for what we use. Bump serial.
+ * doc/cha-programs.texi: Added documentation on p11tool.
-2010-03-30 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * m4/valgrind.m4, tests/Makefile.am: Valgrind -q is now set by the
- valgrind detection script to avoid issue when running tests without
- valgrind.
+ * doc/cha-intro-tls.texi, doc/cha-library.texi,
+ doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ lib/gnutls_priority.c, src/common.c: Moved documentation of priority
+ strings to manual and removed information from manpages and function
+ pages that now reference the manual section.
-2010-03-27 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_cert.c: increased small value for certificates. Typical
- certificates are much longer than that.
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_rsa.c, lib/gnutls_auth.h, lib/gnutls_kx.c,
+ lib/gnutls_str.c, lib/gnutls_str.h: Simplified code in
+ authentication methods by using gnutls_buffer_st instead of
+ malloc/realloc.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac, tests/Makefile.am, tests/anonself.c,
- tests/certder.c, tests/chainverify.c, tests/crq_apis.c,
- tests/crq_key_id.c, tests/cve-2009-1415.c, tests/dhepskself.c,
- tests/dn.c, tests/dn2.c, tests/finished.c, tests/gc.c,
- tests/hostname-check.c, tests/init_roundtrip.c,
- tests/mini-eagain.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
- tests/netconf-psk.c, tests/nul-in-x509-names.c,
- tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
- tests/parse_ca.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
- tests/pskself.c, tests/resume.c, tests/set_pkcs12_cred.c,
- tests/sha2/sha2, tests/simple.c, tests/tlsia.c,
- tests/x509_altname.c, tests/x509dn.c, tests/x509self.c,
- tests/x509sign-verify.c, tests/x509signself.c: Reduced several
- unneeded messages during the make check procedure. Verbose messages
- can be obtained with --verbose.
+ * lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Combined
+ same functions.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * doc/Makefile.am: use mv -f to avoid interactiveness.
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Several updates in
+ signature algorithms parsing and sending to avoid sending invalid
+ signature algorithms.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-08 Nikos Mavrogiannopoulos <address@hidden>
- * tests/dn2.c: Modified to account for postalcode.
+ * lib/gnutls_algorithms.c: Removed unused debugging code.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: added news entry for postalcode.
+ * lib/nettle/cipher.c: Removed unneeded initialization.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
- lib/x509/common.c: Display postalCode and Name X.509 DN attributes
- correctly. Based on patch by Pavan Konjarla.
+ * NEWS, doc/cha-auth.texi, doc/cha-programs.texi, lib/Makefile.am,
+ lib/gnutls_psk_netconf.c, lib/includes/gnutls/compat.h: Removed
+ gnutls_psk_netconf_derive_key.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/includes/gnutls/gnutls.h.in, src/serv-gaa.c, src/serv.gaa: Each
- ciphersuite is now tight with a minimum TLS version and a maximum
- one. It is valid if it is between (and including) those. This was
- added to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not
- available with TLS 1.1. Reported by Adrian F. Dimcev.
+ * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/compat.h: Removed
+ gnutls_certificate_verify_peers.
-2010-03-20 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Ignore more files.
+ * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed
+ gnutls_session_set_finished_function().
-2010-03-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_alert.c,
- lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, src/cli.c: Added
- gnutls_certificate_set_verify_function() to allow checking
- (verifying) certificate before the handshake is completed.
+ * lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in: Removed
+ remaining TLS/IA stuff.
-2010-03-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-rfc2818.c, doc/examples/ex-verify.c: Use the flags
- for expiration instead of getting the time of each certificate.
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
+ src/serv-gaa.h, src/serv.gaa: Removed more leftovers from opaque PRF
+ output.
-2010-03-17 Simon Josefsson <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * README-alpha: Mention datefudge.
+ * lib/gnutls_record.c: Corrected return message from
+ check_recv_type().
-2010-03-17 Simon Josefsson <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs1-padding/pkcs1-pad: Skip test if datefudge is not
- available.
+ * lib/nettle/mac.c: Removed upper limit on MAC algorithm key.
-2010-03-17 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_priority.c: INITIAL_SAFE_RENEGOTIATION implies
- SAFE_RENEGOTIATION.
+ * lib/gnutls_errors.c: improved premature_termination error message
-2010-03-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Added missing prototype.
+ * doc/reference/Makefile.am, lib/libgnutls.map: Removed leftovers
+ from OPRFI extension.
-2010-03-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/testsrn: made SAFE_RENEGOTIATION flags
- explicit.
+ * NEWS, lib/gnutls_errors.c, lib/gnutls_record.c,
+ lib/includes/gnutls/gnutls.h.in: gnutls_recv() returns
+ GNUTLS_E_PREMATURE_TERMINATION on EOF.
-2010-03-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c, src/certtool.c: gnutls_x509_crt_verify() and
- gnutls_x509_crt_list_verify() behave identically. That means that
- gnutls_x509_crt_verify() will now check dates as well. Certool
--verify-chain will use the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
- flag to gnutls_x509_crt_verify() to force verification even if
- certificates are the same. The only exception is at the final
- certificate (self-checking) where the extra flag
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is specified to allow for v1 CA
- certificates.
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/common.c, src/common.h, src/serv-gaa.c, src/serv-gaa.h,
+ src/serv.c, src/serv.gaa: Removed deprecated option such as
+ --protocols, ciphers etc.
-2010-03-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/common.c: Handle dates before 1-1-1970 (handle as being
- equal to 1-1-1970).
+ * NEWS: not untested.
-2010-03-16 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/pkcs1-padding/pkcs1-pad: Fail if required programs are not
- found.
+ * src/benchmark.c: Set correct iv in GCM.
-2010-03-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
- lib/ext_safe_renegotiation.c, lib/gnutls_priority.c,
- lib/gnutls_record.c: Safe renegotiation is not enabled by default in
- client side.
+ * lib/gnutls_cipher.c, lib/gnutls_int.h: Cleanups and moved
+ definitions to gnutls_int.h. AEAD modes now use the record packet
+ counter as nonce.
-2010-03-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/gnutls-cli.1, lib/gnutls_priority.c: better
- documentation for %INITIAL_SAFE_RENEGOTIATION
+ * lib/nettle/cipher.c: Reset GCM mode when setting IV.
-2010-03-15 Simon Josefsson <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Fix.
+ * lib/gnutls_algorithms.c: Added more GCM ciphersuites (DHE-* and
+ anonymous).
-2010-03-15 Simon Josefsson <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
- Rewrite tests/openpgp-certs/testselfsigs portably for Solaris. Fix
- EXTRA_DIST.
+ * lib/gnutls_priority.c: updated priorities. Removed ARCFOUR from
+ the secure ciphersuites and moved GCM to bottom of the ciphers in
+ performance.
-2010-03-15 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/testsrn: localhost -> 127.0.0.1 to work
- in places where localhost does not resolve.
+ * NEWS, lib/crypto-api.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
+ lib/libgnutls.map, src/benchmark.c: Added gnutls_cipher_add_auth()
+ gnutls_cipher_tag() to export the GCM interface. Updated the
+ benchmark.
-2010-03-14 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: Extended time
- verification to trusted certificate list as well. Introduced the
- flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the
- trusted certificate list verification.
+ * lib/gnutls_cert.c: removed
+ gnutls_certificate_get_openpgp_keyring().
-2010-03-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * src/tests.c, src/tests.h, src/tls_test.c: Added tests for safe
- renegotiation. Removed old tests for obsolete features (lzo) and
- tests that were not actually working (srp).
+ * lib/gnutls_hash_int.c: minor optimizations.
-2010-03-11 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in,
- tests/safe-renegotiation/testsrn: Extension generation in SSL 3.0
- (as a reply to SCSV) is not using common code with normal extension
- generation. Solve issue reported by Tomas Mraz that caused SSL 3.0
- renegotiation fail.
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: inlined several small
+ functions.
-2010-03-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/verify.c: Removed artificial constrained that prevented
- end-user certificates, being added to the trusted list, treated as
- trusted. Suggestion and patch by Tomas Mraz.
+ * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_sig.c:
+ Better error checking on SSL3.
-2010-03-07 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-07 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/gnutls-cli.1: Documented that
- initial_safe_renegotiation is the default.
+ * lib/gnutls_cipher.c: calculation for c_length occurs in a single
+ place.
-2010-03-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/serv.c: gnutls-serv will terminate connection on rehandshake
- errors.
+ * NEWS: unstable -> untested.
-2010-03-03 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
- lib/includes/gnutls/gnutls.h.in: Avoid sending alerts during
- handshake. Alerts might be interrupted and return a non-fatal error
- which will propagate and in many cases it shouldn't. Avoid sending no
renegotiation alert when a client connects to an
- unsafe server. Thanks to Tomas Hoger for the report.
+ * lib/nettle/mac.c: Increase the maximum HMAC key to account for
+ anonymous ciphersuites.
-2010-02-26 Nikos Mavrogiannopoulos <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: On handshake error send appropriate alert and terminate
- stream.
+ * lib/gnutls_hash_int.c: check the error of hash set_key.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/gnutls-docs.sgml: Add id's to chapters.
+ * lib/gnutls_kx.c: do not use strlen for fixed string.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Update.
+ * NEWS: updated NEWS on GCM mode.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/po/zh_CN.po: Remove.
+ * lib/nettle/cipher.c: Use nettle's new API for GCM.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/Makefile.am: Fix -lrt usage.
+ * src/cli.c: removed old comment
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * src/benchmark.c: Use gnulib gettime module. Indent.
+ * NEWS, doc/Makefile.am, doc/cha-functions.texi,
+ doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-client-tlsia.c, lib/gnutls_kx.c,
+ libextra/Makefile.am, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/libgnutls-extra.map,
+ tests/Makefile.am, tests/tlsia.c: Removed inner application
+ extension.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/po/zh_CN.po: Add.
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ gnutls_certificate_verify_peers is deprecated.
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-04 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gl/netdb.in.h: Update gnulib files.
+ * lib/gcrypt/mac.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c: Added
+ support for GCM ciphersuites (not tested with other implementation).
-2010-02-18 Simon Josefsson <address@hidden>
+2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
- * gl/Makefile.am, gl/gettime.c, gl/gettimeofday.c,
- gl/m4/clock_time.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
- gl/m4/gnulib-comp.m4, gl/m4/timespec.m4, gl/netdb.in.h,
- gl/tests/Makefile.am, gl/tests/gettimeofday.c, gl/timespec.h: Update
- gnulib files.
+ * lib/gnutls_int.h: Added missing definitions (GNUTLS_MASTER_SIZE
+ etc).
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/cryptodev.c: Indent. Don't include fcntl.h and sys/ioctl.h on
- (for example) Windows.
+ * NEWS, lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed:
+ gnutls_session_get_server_random, gnutls_session_get_client_random,
+ gnutls_session_get_master_secret
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/testsrn: Fix objdir != srcdir.
+ * lib/build-aux/config.rpath, tests/suite/Makefile.in: updated.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/testsrn: Drop bashism. Make it work on
- Windows.
+ * lib/Makefile.am, lib/gnutls.pc.in, lib/m4/hooks.m4: Add the nettle
+ libs into gnutls.pc.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Fix.
+ * NEWS, lib/gnutls_cert.c, lib/gnutls_extensions.c,
+ lib/includes/gnutls/compat.h, lib/m4/hooks.m4: Removed functions:
+ gnutls_ext_register, gnutls_certificate_get_x509_crls,
+ gnutls_certificate_get_x509_cas and bumped library version number.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-05 Andreas Metzler <address@hidden>
- * NEWS: Add.
+ * lib/configure.ac, lib/gnutls.pc.in, lib/m4/hooks.m4: [PATCH 1/4]
+ adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to
+ AC_LIB_HAVE_LINKFLAGS [PATCH 2/4] pkg-config: Move libtasn1 from
+ Libs.private to Requires.private since libtasn1 provides a .pc file.
+ [PATCH 3/4] pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private.
+ This library only contains gnutls itself nowadays, which is in Libs
+ already. [PATCH 4/4] pkg-config: If gnutls is built with zlib
+ support list zlib in Requires.private.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-04 Simon Josefsson <address@hidden>
- * doc/manpages/Makefile.am: Generated.
+ * doc/cha-ciphersuites.texi, doc/signatures.texi: Fix MD2
+ documentation. Suggested by "brian m. carlson" <address@hidden> in
+ debian bug #464625.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml,
- lib/ext_safe_renegotiation.c, lib/ext_signature.c,
- lib/gnutls_supplemental.c: More GTK-DOC fixes.
+ * doc/README.CODING_STYLE: updated coding style.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_db.c: Doc fix.
+ * NEWS: documented gnutls_session_get_* deprecated functions.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/openpgp/gnutls_openpgp.c: Doc fix.
+ * tests/x509paths/README: updated README on certificate
+ verifications that fail.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Doc fix.
+ * NEWS, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added new
+ functionality to certtool, and can verify certificates against a
+ list of CAs using the --verify option.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Fix enum doc.
+ * lib/x509/verify.c, tests/chainverify.c: Time checks were moved to
+ _gnutls_verify_certificate2(). This allows for straightforward
+ chain verification, and thus better printing of the chain output,
+ although some checks might be performed in duplicate. As a
+ side-effect better errors are returned (or precisely more
+ combinations of verification errors), thus chainverify test was
+ affected.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: More enum docs.
+ * lib/x509/verify-high.c: Set memory to zero on allocation.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/crypto.h: More enum documentation.
+ * doc/cha-gtls-app.texi: fix in contents.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/gnutls_ia.c: Doc fix.
+ * doc/examples/examples.h: prototype fix.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-02 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/x509.h: More enum documentation.
+ * doc/examples/ex-verify.c, lib/gnutls_cert.c,
+ lib/includes/gnutls/x509.h, lib/x509/verify-high.c, src/certtool.c:
+ gnutls_x509_trust_list_init() has an extra argument that allows
+ fine-tuning of the used memory.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-01 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/includes/gnutls/extra.h: Document more.
+ * doc/cha-bib.texi: Updated references of rfc5081 to rfc6091.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-02-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/openpgp.h: Document more.
+ * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+ doc/examples/ex-verify.c: Documented the new verification functions.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/pkcs12.h: Document enum.
+ * src/certtool.c, tests/sha2/sha2: Modified output to not confuse
+ earlier scripts.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: More enum.
+ * lib/x509/verify.c: Better output when removing certificates from
+ list.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Fix typo.
+ * tests/pkcs1-padding/pkcs1-pad: Modified to work on new certtool -e
+ output.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: More GTK-DOC documentation.
+ * NEWS, doc/examples/ex-verify.c, lib/auth_cert.h,
+ lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/crl.c, lib/x509/x509.c, src/certtool.c,
+ tests/certificate_set_x509_crl.c: The internal subsystem uses the
+ new certificate verification functions. This has the side effect of
+ deprecating gnutls_certificate_get_x509_crls() and
+ gnutls_certificate_get_x509_cas() that can no longer operation since
+ they relied on internal structures.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/gnutls.h.in: Improve GTK-DOC coverage.
+ * NEWS, doc/cha-gtls-app.texi, doc/examples/ex-verify.c,
+ lib/Makefile.am, lib/hash.c, lib/hash.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/verify-high.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ src/certtool.c: Added a new API to verify certificates. It is more
+ efficient and can be used to get details about the verification
+ procedure.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-31 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/crypto.h: Fix comments, for GTK-DOC.
+ * tests/x509paths/chain: better output in chain output.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-30 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Ignore more headers.
+ * NEWS, lib/includes/gnutls/x509.h, lib/x509/crl.c,
+ lib/x509/verify.c, lib/x509/x509.c: exported
+ gnutls_x509_crl_get_raw_issuer_dn()
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/crl.c: Doc fix.
+ * lib/x509/x509.c: corrected typos
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/crypto.h: Fix for GTK-DOC parse breakage.
+ * lib/pakchois/pakchois.c: CKR_CRYPTOKI_ALREADY_INITIALIZED is not
+ treated as an error, and Finalize is not called in that case.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Ignore gnutlsxx.h too, GTK-DOC doesn't
- handle C++.
+ * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
+ lib/openpgp/privkey.c: Reverted removal of
+ gnutls_openpgp_privkey_sign_hash() to retain compatibility with
+ 2.10.x. That function is now deprecated instead.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-16 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Need crypto.h too.
+ * lib/gnutls_privkey.c: Added checks before importing keys and
+ updated documentation.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Improve header ignores.
+ * tests/suite/Makefile.in: updated Makefile.in
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
- lib/minitasn1/element.c, lib/minitasn1/errors.c,
- lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
- lib/minitasn1/structure.c: Upgrade to libtasn1 2.5 snapshot, for
- GTK-DOC comments.
+ * doc/examples/ex-crq.c, lib/configure.ac,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/x509.h, src/certtool.c, tests/crq_key_id.c:
+ fixes in internal build with the new deprecated functions. We allow
+ them to be used since they are inter-dependent.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/includes/gnutls/openpgp.h: Another GTK-DOC fix.
+ * lib/x509/x509_int.h: replaced old gnutls_pk_algorithm.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c,
- lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
- lib/ext_signature.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
- lib/gnutls_cert.c, lib/gnutls_compress.c, lib/gnutls_db.c,
- lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
- lib/gnutls_extensions.c, lib/gnutls_global.c,
- lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_priority.c,
- lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
- lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_srp.c,
- lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
- lib/gnutls_x509.c, lib/includes/gnutls/crypto.h,
- lib/opencdk/stream.c, lib/openpgp/compat.c, lib/openpgp/extras.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
- lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
- lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
- lib/x509/crq.c, lib/x509/dn.c, lib/x509/output.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_write.c, lib/x509_b64.c, libextra/gnutls_extra.c,
- libextra/gnutls_ia.c, libextra/openssl_compat.c: Fix GTK-DOC syntax.
- Unfortunately this looses some information.
+ * lib/includes/gnutls/compat.h: depends on gnutls/x509.h to compile.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/auth_srp_sb64.c, lib/crypto-api.c,
- lib/ext_safe_renegotiation.c, lib/gnutls_anon_cred.c,
- lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_db.c,
- lib/gnutls_dh.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
- lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
- lib/gnutls_session.c, lib/gnutls_srp.c, lib/gnutls_state.c,
- lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
- lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
- libextra/openssl_compat.c: Align indentation of GTK-DOC comments.
+ * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/x509/crl_write.c: deprecated gnutls_x509_crl_sign(),
+ gnutls_x509_crl_sign2() and
+ gnutls_x509_crq_get_preferred_hash_algorithm().
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/po/vi.po.in: Sync with TP.
+ * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c: Deprecated gnutls_x509_crq_sign2() and
+ gnutls_x509_crq_sign() in favor for gnutls_x509_crq_privkey_sign().
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/Makefile.am: Silence gnulib warning about fseek.
+ * NEWS, lib/libgnutls.map: minor fixes.
-2010-02-17 Simon Josefsson <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/gendocs.sh, build-aux/gnupload, gl/Makefile.am,
- gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gettimeofday.m4,
- gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/sys_time_h.m4,
- gl/netdb.in.h, gl/stdio.in.h, gl/sys_time.in.h,
- gl/tests/test-getdelim.c, gl/tests/test-getline.c,
- gl/tests/test-gettimeofday.c, lib/gl/Makefile.am,
- lib/gl/m4/stdio_h.m4, lib/gl/netdb.in.h, lib/gl/stdio.in.h,
- maint.mk: Update gnulib files.
+ * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/privkey.c, lib/x509/x509.c,
+ src/certtool.c, tests/cve-2009-1415.c, tests/x509sign-verify.c:
+ gnutls_x509_crt_verify_hash: DEPRECATED gnutls_x509_crt_verify_data:
+ DEPRECATED gnutls_x509_crt_get_verify_algorithm: DEPRECATED
+ gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED Removed the
+ new gnutls_x509_privkey_sign_data2() and
+ gnutls_x509_privkey_sign_hash2(). That functionality will be only in
the abstract.h pubkey and privkey
+ structures, to avoid duplication for every certificate type.
-2010-02-05 Nikos Mavrogiannopoulos <address@hidden>
+2011-01-15 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_session_pack.c: Corrected calculation of session data
- for PSK ciphersuites. Solves issue #107256 reported by Wolfgang
- Glas.
+ * src/serv.c: Simplified macro to snprintf() in order to prevent
+ issues caused when snprintf() is a macro itself. Reported and
+ initial patch by Camillo Lugaresi.
-2010-02-03 Simon Josefsson <address@hidden>
+2011-01-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/ANNOUNCE: Add announcement message.
+ * tests/suite/Makefile.in: Revert "Remove, it is generated." This
reverts commit de3a601e502b24f047412a161085f7fbd898b3f3 because
+ this file is not automatically generated (not included in top
+ Makefile.am).
-2010-01-27 Simon Josefsson <address@hidden>
+2011-01-02 Simon Josefsson <address@hidden>
- * NEWS: Fix.
+ * lib/m4/hooks.m4: Specify minimum libgcrypt version.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-23 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * doc/cha-internals.texi: Added discussion on crypto backend for
+ crypto libraries and /dev/crypto.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-21 Nikos Mavrogiannopoulos <address@hidden>
- * lib/po/LINGUAS, lib/po/cs.po.in, lib/po/de.po.in,
- lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
- lib/po/sv.po.in, lib/po/zh_CN.po.in: Sync with TP.
+ * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c, lib/x509/privkey.c, lib/x509/sign.c: Renamed
+ gnutls_privkey_sign_data() to gnutls_privkey_sign_data2() to match
+ the similar function gnutls_x509_privkey_sign_data2().
+ gnutls_x509_privkey_sign_data() was deprecated.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/gnupload, doc/gendocs_template,
- gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
- gl/tests/test-read-file.c, gl/tests/test-sockets.c,
- lib/gl/tests/test-memchr.c, lib/gl/tests/test-read-file.c,
- lib/gl/tests/test-sockets.c: Update gnulib files.
+ * lib/gnutls_str.c: Extra sanity check.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS: Add.
+ * lib/auth_srp_passwd.c: Use snprintf() to print an integer.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
- lib/minitasn1/element.c, lib/minitasn1/errors.c,
- lib/minitasn1/gstr.c, lib/minitasn1/int.h,
- lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
- lib/minitasn1/structure.c: Use libtasn1 v2.4.
+ * lib/x509/output.c: Use snprintf() to print IPs. There was a check
+ just before that, but be safe, just in case.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls.pc.in: Fix license.
+ * doc/cha-auth.texi: Use SRP for password authentication.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * .clcopying: Fix license.
+ * doc/cha-auth.texi, lib/gnutls_cert.c, lib/gnutls_extensions.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_state.c,
+ lib/includes/gnutls/compat.h, lib/x509/privkey.c: Do not include
+ deprecated functions to library documentation.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * AUTHORS: Fix license.
+ * NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+ lib/x509/privkey.c: gnutls_x509_privkey_verify_data() was
+ deprecated.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * tests/key-id/README, tests/libgcrypt.supp,
- tests/rsa-md5-collision/Makefile.am,
- tests/rsa-md5-collision/README, tests/rsa-md5-collision/mbox,
- tests/userid/userid.pem: License fix.
+ * lib/gnutls_pubkey.c: Documented key usage of pubkey.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog, cfg.mk, configure.ac, doc/Makefile.am,
- doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
- doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
- doc/gendocs_template, doc/manpages/Makefile.am, doc/printlist.c,
- gl/gnulib.mk, gl/m4/onceonly_2_57.m4, gl/tests/gnulib.mk,
- guile/Makefile.am, guile/modules/Makefile.am,
- guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
- guile/modules/gnutls/build/priorities.scm,
- guile/modules/gnutls/build/smobs.scm,
- guile/modules/gnutls/build/utils.scm,
- guile/modules/gnutls/extra.scm,
- guile/modules/system/documentation/c-snarf.scm,
- guile/modules/system/documentation/output.scm,
- guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
- guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
- guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
- guile/src/make-session-priorities.scm,
- guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
- guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
- guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
- guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
- guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
- guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
- guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
- lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
- lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
- lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
- lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
- lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
- lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
- lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
- lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
- lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
- lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
- lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_server_name.h, lib/ext_session_ticket.c,
- lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
- lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
- lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
- lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
- lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
- lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
- lib/gnutls_compress.h, lib/gnutls_constate.c,
- lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
- lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
- lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
- lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
- lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
- lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
- lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
- lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
- lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
- lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
- lib/gnutls_session.c, lib/gnutls_session_pack.c,
- lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
- lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
- lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
- lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
- lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
- lib/m4/hooks.m4, lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
- lib/minitasn1/gstr.c, lib/minitasn1/int.h,
- lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
- lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
- lib/opencdk/Makefile.am, lib/opencdk/armor.c,
- lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
- lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
- lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
- lib/opencdk/packet.h, lib/opencdk/pubkey.c,
- lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
- lib/opencdk/sig-check.c, lib/opencdk/stream.c,
- lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
- lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
- lib/openpgp/compat.c, lib/openpgp/extras.c,
- lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
- lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
- lib/pk-libgcrypt.c, lib/po/cs.po.in, lib/po/de.po.in,
- lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
- lib/po/sv.po.in, lib/random.c, lib/random.h, lib/rnd-libgcrypt.c,
- lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
- lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
- lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
- lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
- lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
- lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
- lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
- lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
- lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
- libextra/configure.ac, libextra/ext_inner_application.c,
- libextra/ext_inner_application.h, libextra/fipsmd5.c,
- libextra/gl/Makefile.am, libextra/gnutls-extra.pc.in,
- libextra/gnutls_extra.c, libextra/gnutls_ia.c,
- libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
- libextra/includes/gnutls/extra.h,
- libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
- libextra/m4/hooks.m4, libextra/openssl_compat.c,
- libextra/openssl_compat.h, m4/guile.m4, m4/valgrind.m4,
- src/Makefile.am, src/common.c, src/serv.c, tests/Makefile.am,
- tests/anonself.c, tests/certder.c,
- tests/certificate_set_x509_crl.c, tests/chainverify.c,
- tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
- tests/cve-2008-4989.c, tests/cve-2009-1415.c,
- tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
- tests/finished.c, tests/gc.c, tests/hostname-check.c,
- tests/init_roundtrip.c, tests/key-id/Makefile.am,
- tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
- tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
- tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
- tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
- tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
- tests/openpgp-certs/Makefile.am, tests/openpgp-keyring.c,
- tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
- tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
- tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
- tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
- tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
- tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
- tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
- tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
- tests/rsa-md5-collision/Makefile.am,
- tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
- tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
- tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
- tests/userid/userid, tests/utils.c, tests/utils.h,
- tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
- tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
- Update copyright years.
+ * lib/gnutls_pubkey.c: Set public key bits on all import functions.
+ Issue reported by Murray Kucheawy.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * Makefile.am: Fix license.
+ * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c:
+ gnutls_pkcs11_privkey_sign_data(),
+ gnutls_pkcs11_privkey_sign_hash2() and
+ gnutls_pkcs11_privkey_decrypt_data() were removed. The abstract.h
+ functions should be used instead.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-19 Nikos Mavrogiannopoulos <address@hidden>
- * README: Fix license.
+ * NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/openpgp.h,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c: Removed the newly added functions:
+ gnutls_openpgp_privkey_sign_hash2(),
+ gnutls_openpgp_privkey_sign_data2(),
+ gnutls_openpgp_crt_verify_hash() That way the operations in
+ abstract.h should be used to get the same functionality, and API
+ will be kept simple and easier to maintain. The corresponding
+ gnutls_x509_* are kept for backwards compatibility.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * README-alpha: Fix license.
+ * lib/gnutls_sig.c: Do not be strict on RSA hash algorithm selection
+ for signatures.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/cli.c: Fix license.
+ * lib/gnutls_cert.h, lib/gnutls_sig.c, lib/gnutls_x509.c: Removed
+ unneeded definitions, and more careful deinitializations in
+ parse_der_cert_mem().
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/crypt.c: Fix license.
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: updated certificates to account
+ for extra null byte added in negative numbers.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/tls_test.c: Fix license.
+ * tests/cve-2009-1415.c: Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/tests.c: Fix license.
+ * lib/gnutls_privkey.c: Corrected bug in gnutls_privkey_sign_data().
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/psk.c: Fix license.
+ * lib/gnutls_sig.c: some fixes in pk_prepare_hash().
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/prime.c: Fix license.
+ * NEWS, lib/gnutls_pubkey.c, lib/openpgp/pgp.c, lib/x509/privkey.c,
+ lib/x509/verify.c, lib/x509/x509.c, tests/x509sign-verify.c: The
+ verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on
+ signature verification error.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-18 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c: Fix license.
+ * src/p11tool-gaa.c, src/p11tool.gaa: The default input format for
+ p11tool is PEM.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool-cfg.c: Fix copyright/license.
+ * lib/gnutls_pubkey.c: importing a pubkey from raw params will set
+ the bits field correctly.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
- * src/benchmark.c: Indent and fix copyright notices.
+ * NEWS: Documented the addtion of gnutls_pubkey_import_privkey() and
+ gnutls_pubkey_verify_data()
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/gnupload, gl/tests/test-gettimeofday.c,
- gl/tests/test-memchr.c, gl/tests/test-read-file.c,
- gl/tests/test-sockets.c, lib/gl/tests/test-memchr.c,
- lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c: Update
- gnulib files.
+ * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/verify.c, tests/x509sign-verify.c: Added
+ gnutls_pubkey_verify_data and test vectors.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog, ChangeLog.1, THANKS, build-aux/gnupload, cfg.mk,
- doc/Makefile.am, doc/credentials/Makefile.am,
- doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
- doc/extract-guile-c-doc.scm, doc/manpages/Makefile.am,
- doc/printlist.c, gl/tests/test-gettimeofday.c,
- gl/tests/test-memchr.c, gl/tests/test-read-file.c,
- gl/tests/test-sockets.c, guile/Makefile.am,
- guile/modules/Makefile.am, guile/modules/gnutls.scm,
- guile/modules/gnutls/build/enums.scm,
- guile/modules/gnutls/build/priorities.scm,
- guile/modules/gnutls/build/smobs.scm,
- guile/modules/gnutls/build/utils.scm,
- guile/modules/gnutls/extra.scm,
- guile/modules/system/documentation/c-snarf.scm,
- guile/modules/system/documentation/output.scm,
- guile/pre-inst-guile.in, guile/src/errors.h,
- guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
- guile/src/make-session-priorities.scm,
- guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
- guile/src/utils.h, guile/tests/anonymous-auth.scm,
- guile/tests/errors.scm, guile/tests/openpgp-auth.scm,
- guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
- guile/tests/pkcs-import-export.scm,
- guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
- guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
- lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ * doc/errcodes.c, doc/examples/ex-alert.c,
+ doc/examples/ex-cert-select-pkcs11.c,
+ doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/examples.h, doc/examples/tcp.c, doc/printlist.c,
+ guile/src/core.c, guile/src/extra.c, guile/src/utils.h,
+ lib/abstract_int.h, lib/auth_anon.c, lib/auth_cert.c,
lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
- lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c,
lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
- lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/crypto-api.c,
- lib/crypto.c, lib/crypto.h, lib/cryptodev.c, lib/debug.c,
- lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
- lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
- lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
+ lib/cryptodev.c, lib/debug.c, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
- lib/ext_server_name.h, lib/ext_session_ticket.c,
- lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
- lib/ext_srp.c, lib/ext_srp.h, lib/gl/tests/test-memchr.c,
- lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c,
+ lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/gcrypt/cipher.c, lib/gcrypt/init.c,
+ lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
lib/gnutls_alert.c, lib/gnutls_algorithms.c,
lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
@@ -9804,779 +8836,543 @@
lib/gnutls_compress.h, lib/gnutls_constate.c,
lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
- lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
lib/gnutls_extensions.c, lib/gnutls_extensions.h,
- lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c,
lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
- lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
- lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
- lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
- lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
- lib/gnutls_session.c, lib/gnutls_session_pack.c,
- lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
- lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
- lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
- lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
- lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
- lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
+ lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
- lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
- lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
- lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
- lib/minitasn1/element.c, lib/minitasn1/gstr.c,
- lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
- lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
- lib/opencdk/Makefile.am, lib/opencdk/hash.c,
- lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
+ lib/includes/gnutls/x509.h, lib/locks.c, lib/nettle/cipher.c,
+ lib/nettle/egd.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h,
+ lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
+ lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c,
+ lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/stream.h, lib/opencdk/verify.c,
+ lib/opencdk/write-packet.c, lib/openpgp/compat.c,
lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
- lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
- lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
+ lib/openpgp/privkey.c, lib/pakchois/pakchois.c,
+ lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
+ lib/pkcs11_write.c, lib/random.c, lib/system.c, lib/system.h,
lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
- lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
- libextra/ext_inner_application.c, libextra/ext_inner_application.h,
- libextra/fipsmd5.c, libextra/gl/Makefile.am,
- libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c,
libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
- libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
- libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
- libextra/openssl_compat.c, libextra/openssl_compat.h,
- src/Makefile.am, src/benchmark.c, src/certtool-cfg.c,
- src/certtool.c, src/common.c, src/crypt.c, src/prime.c, src/psk.c,
- src/serv.c, src/tests.c, src/tls_test.c, tests/Makefile.am,
- tests/anonself.c, tests/certder.c, tests/chainverify.c,
- tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
- tests/cve-2008-4989.c, tests/cve-2009-1415.c,
- tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
- tests/finished.c, tests/gc.c, tests/hostname-check.c,
- tests/init_roundtrip.c, tests/key-id/Makefile.am,
- tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
- tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
- tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
- tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
- tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
- tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
- tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
- tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
- tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
- tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
- tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
- tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
- tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
- tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
- tests/rsa-md5-collision/Makefile.am,
- tests/rsa-md5-collision/rsa-md5-collision,
- tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
- tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
- tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
- tests/userid/userid, tests/utils.c, tests/utils.h,
- tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
- tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: Fix
- FSF copyright notices.
+ libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, maint.mk, src/benchmark.c,
+ src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c,
+ src/certtool-common.h, src/certtool.c, src/cli.c, src/common.c,
+ src/common.h, src/crypt.c, src/p11tool.c, src/p11tool.h,
+ src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
+ src/tests.h, src/tls_test.c, tests/anonself.c,
+ tests/certificate_set_x509_crl.c, tests/chainverify.c,
+ tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
+ tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/gc.c,
+ tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
+ tests/mini-x509.c, tests/mini.c, tests/mpi.c,
+ tests/nul-in-x509-names.c, tests/openpgp-auth.c,
+ tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c,
+ tests/openssl.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/safe-renegotiation/srn0.c,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
+ tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
+ tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
+ tests/simple.c, tests/tlsia.c, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509_test.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509sign-verify.c: Indented code. Use same
+ indentation but with -nut to avoid usage of tabs. In several editors
+ tabs can be configured not to be 8 spaces and this produces
+ artifacts with the current indentation that is a mixture of tabs and
+ spaces.
-2010-01-27 Simon Josefsson <address@hidden>
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
- * THANKS, doc/gnutls.texi: doc: Fix pkg-config recommendation.
Reported by Claudio Saavedra <address@hidden> in
+ * lib/gnutls_privkey.c: _gnutls_privkey_get_public_mpis() handles
+ openpgp keys.
- <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4095>.
+2010-12-16 Nikos Mavrogiannopoulos <address@hidden>
-2010-01-27 Simon Josefsson <address@hidden>
+ * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
+ gnutls_pubkey_import_privkey(), that will copy the public key from a
+ gnutls_privkey_t structure.
- * NEWS, THANKS, src/cli.c: gnutls-cli: Handle reading binary data
- from server. Reported by and tiny patch from Vitaly Mayatskikh
- <address@hidden> in
+2010-12-15 Nikos Mavrogiannopoulos <address@hidden>
- <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
+ * NEWS, lib/libgnutls.map: Do not export the non-existant symbols
+ gnutls_pkcs11_privkey_sign_hash and gnutls_privkey_sign_hash.
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/update-copyright, gl/Makefile.am,
- gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
- gl/tests/test-update-copyright.sh: Update gnulib files.
+ * NEWS: documented new functions
-2010-01-26 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
- tests/safe-renegotiation/testsrn: Added copyright notices!
+ * NEWS: Added new functions.
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, doc/manpages/Makefile.am: Generated.
+ * lib/libgnutls.map: Added new functions.
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Improve.
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
+ de-deprecated gnutls_x509_crt_verify_hash()
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * doc/reference/Makefile.am: Ignore more.
+ * lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
+ lib/openpgp/pgp.c, tests/x509sign-verify.c: Added
+ gnutls_openpgp_crt_verify_hash().
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore, lib/gl/m4/warn-on-use.m4: Update gnulib files.
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: added
+ gnutls_privkey_sign_hash2()
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-13 Nikos Mavrogiannopoulos <address@hidden>
- * gl/m4/warn-on-use.m4, lib/build-aux/arg-nonnull.h,
- lib/build-aux/warn-on-use.h: Update gnulib files.
+ * lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c:
+ Simplified preparation of signing code.
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * .gitignore: Fix.
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/openpgp/gnutls_openpgp.h,
+ lib/openpgp/privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/x509/Makefile.am, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h: deprecated x509/sign.h and moved functionality of
+ it in gnutls_sig.h.
-2010-01-26 Simon Josefsson <address@hidden>
+2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gl/tests/macros.h, lib/gl/tests/signature.h: Update gnulib
- files.
+ * lib/x509/sign.c: pk_hash_data() will fail unless DSA or RSA are
+ specified.
-2010-01-26 Simon Josefsson <address@hidden>
-
- * .gitignore: Fix
-
-2010-01-26 Simon Josefsson <address@hidden>
-
- * gl/tests/macros.h, gl/tests/signature.h,
- gl/tests/test-sys_ioctl.c: Update gnulib files.
-
-2010-01-26 Simon Josefsson <address@hidden>
-
- * GNUmakefile, build-aux/arg-nonnull.h, build-aux/config.rpath,
- build-aux/gendocs.sh, build-aux/gnupload, build-aux/link-warning.h,
- build-aux/pmccabe2html, build-aux/useless-if-before-free,
- build-aux/vc-list-files, build-aux/warn-on-use.h, gl/Makefile.am,
- gl/accept.c, gl/alignof.h, gl/alloca.c, gl/alloca.in.h,
- gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c, gl/c-ctype.c,
- gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h, gl/close.c,
- gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fclose.c,
- gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/gai_strerror.c,
- gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c,
- gl/getpass.h, gl/gettext.h, gl/inet_ntop.c, gl/inet_pton.c,
- gl/intprops.h, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
- gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/autobuild.m4,
- gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
- gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/float_h.m4,
- gl/m4/fseeko.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
- gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gettimeofday.m4,
- gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
- gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
- gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
- gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4,
- gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
- gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
- gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
- gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
- gl/m4/perror.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
- gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
- gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
- gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
- gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
- gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
- gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
- gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
- gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
- gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
- gl/m4/version-etc.m4, gl/m4/warnings.m4, gl/m4/wchar.m4,
- gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/memchr.c,
- gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
- gl/override/lib/gettext.h.diff, gl/perror.c, gl/printf-args.c,
- gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
- gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
- gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
- gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
- gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
- gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
- gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
- gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
- gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
- gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/gettimeofday.c,
- gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h, gl/tests/test-alignof.c,
- gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
- gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
- gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
- gl/tests/test-getdelim.c, gl/tests/test-getline.c,
- gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
- gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
- gl/tests/test-memchr.c, gl/tests/test-netdb.c,
- gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
- gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
- gl/tests/test-select-stdin.c, gl/tests/test-select.c,
- gl/tests/test-snprintf.c, gl/tests/test-stdbool.c,
- gl/tests/test-stddef.c, gl/tests/test-stdint.c,
- gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
- gl/tests/test-strerror.c, gl/tests/test-string.c,
- gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
- gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
- gl/tests/test-time.c, gl/tests/test-unistd.c,
- gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
- gl/tests/test-vc-list-files-git.sh, gl/tests/test-version-etc.c,
- gl/tests/test-version-etc.sh, gl/tests/test-wchar.c,
- gl/tests/verify.h, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
- gl/time.in.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h,
- gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
- gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
- lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
- lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
- lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
- lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
- lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
- lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
- lib/gl/lseek.c, lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
- lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
- lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
- lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
- lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
- lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
- lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
- lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
- lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
- lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
- lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
- lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
- lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
- lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
- lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
- lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
- lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
- lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
- lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
- lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
- lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
- lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
- lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
- lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
- lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
- lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
- lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
- lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
- lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
- lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
- lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
- lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memmem.c,
- lib/gl/minmax.h, lib/gl/netdb.in.h,
- lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
- lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
- lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
- lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
- lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
- lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
- lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
- lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
- lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
- lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
- lib/gl/tests/dummy.c, lib/gl/tests/intprops.h,
- lib/gl/tests/test-alloca-opt.c, lib/gl/tests/test-byteswap.c,
- lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
- lib/gl/tests/test-fseeko.c, lib/gl/tests/test-func.c,
- lib/gl/tests/test-memchr.c, lib/gl/tests/test-netdb.c,
- lib/gl/tests/test-read-file.c, lib/gl/tests/test-snprintf.c,
- lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
- lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
- lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
- lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
- lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
- lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
- lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
- lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
- lib/gl/tests/verify.h, lib/gl/tests/zerosize-ptr.h,
- lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
- lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
- lib/gl/vsnprintf.c, lib/gl/w32sock.h, lib/gl/wchar.in.h,
- lib/gl/xsize.h, libextra/build-aux/config.rpath,
- libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
- libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
- libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
- libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
- libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
- libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
- libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
- libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
- libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
- maint.mk: Update gnulib files.
+2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/x509/privkey.c: better comments
+
+2010-12-12 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c:
+ reorganization of the privkey_ functions().
+
+2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/x509/privkey.c: Introduced
+ gnutls_*_privkey_sign_hash2() that is a high level function to
+ produce signatures.
+
+2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
+
+ * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
+ lib/x509/sign.c, lib/x509/sign.h: Separated the sign_data functions
+ to a hashing phase, a preparing phase, and the actual signing.
-2010-01-22 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-11 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Documented addition of new priority strings.
+ * NEWS: documented deprecated functions.
-2010-01-22 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Documented Steve Dispensa's patch addition.
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h: All the sign hash functions were
+ deprecated.
-2010-01-22 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-09 Nikos Mavrogiannopoulos <address@hidden>
- * tests/safe-renegotiation/testsrn: Added tests for new behaviour of
- client.
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h:
+ gnutls_x509_privkey_sign_hash() is dangerous and was deprecated.
+ Added some text explaining why some functions were deprecated.
-2010-01-22 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_handshake.c: Revert "Always allow initial negotiation.
- Disable subsequent unsafe renegotiations." This reverts commit
- 1e4981cfbec360a19cfb7470ce96093aaa95b32e. Ah, this was to twart the
attack (description by Daniel Kahn
- Gilmor): The problem, as i understand it, is that the client is
- incapable of telling whether the plaintext prefix injection attack
- has already happened. I don't think disabling renegotiation for the
- session resolves the problem. For a server which does not announce and
enforce safe renegotiation,
- what the client sees as an initial connection may unknowingly
- actually be renegotiating an existing session that was started by an
- attacker. The concern isn't that the (legitimate) client will have
their
- session re-negotiated by an attacker; it's that the MITM attacker
- can trick the server into viewing the client's initial
- authentication as a re-negotiation of a TLS session already
- underway. for servers which do odd things like apply the credentials
of the
- post-renegotiation client to the traffic that happened before the
- renegotiation (e.g. HTTPS, with client-side certificates required
- only for certain subdirectories), a safe-renegotiation-aware client
- *should* refuse to connect to servers which do not announce safe
- renegotiation if they want to resist this attack.
+ * NEWS: documented previous update.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-08 Nikos Mavrogiannopoulos <address@hidden>
- * configure.ac: Added safe-renegotiation subdir.
+ * lib/x509/privkey.c, lib/x509/x509.c: export_raw() functions now
+ add leading zero in mpis.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
- lib/gnutls_int.h, lib/gnutls_priority.c, tests/Makefile.am,
- tests/safe-renegotiation/Makefile.am,
- tests/safe-renegotiation/params.dh,
- tests/safe-renegotiation/testsrn: Added safe renegotiation test
- cases. Added priority string option to completely disable
- renegotiation to assist in testing more cases.
+ * NEWS: Add.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
- --rehandshake option to gnutls-cli to allow connection and immediate
- rehandshake.
+ * lib/includes/gnutls/crypto.h: C++ fixes, tiny patch from "Brendan
+ Doherty" <address@hidden>.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * lib/ext_safe_renegotiation.c: More carefull copying of data. Check
- for the malicious case where a server does initial unsafe
- negotiation and proceeds with a safe renegotiation.
+ * gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/memchr.m4,
+ gl/m4/printf.m4, gl/m4/stdint.m4, lib/gl/m4/fcntl-o.m4,
+ lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/memchr.m4,
+ lib/gl/m4/memmem.m4, lib/gl/m4/printf.m4, lib/gl/m4/stdint.m4:
+ Update gnulib files.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c: Always allow initial negotiation. Disable
- subsequent unsafe renegotiations. Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
- lib/gnutls_int.h, lib/gnutls_state.c: Safe renegotiation variable
- cleanup. No longer clear variables that should stay across
- rehandshakes.
+ * ChangeLog: Generated.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-07 Simon Josefsson <address@hidden>
- * lib/crypto-api.c, lib/gnutls_cipher_int.c: Documented the
- crypto-api functions and made the API tolerant to NULL IV.
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c: Added documentation of rehandshake usage
- in gnutls if full-duplex capability is required.
+ * ChangeLog: Generated.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_buffers.c: Reduced asserts to reduce unneeded
- printings.
+ * tests/Makefile.am: Don't fail on 'make distcheck'.
-2010-01-21 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * src/cli.c, src/serv.c: Removed rehandshake initiation capability
- from client and transferred it to the echo server. Once the server
- receives a string **REHANDSHAKE** will request a rehandshake.
+ * NEWS: Version 2.11.6.
-2010-01-19 Steve Dispensa <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c: Here is another patch that fixes an
- interoperability problem with safe renegotiation and resumption. In
- copying forward the safe renegotiation state across resumptions, I
- got a little carried away and copied too much data (new connections
- should start with empty RI data). Signed-off-by: Nikos
Mavrogiannopoulos <address@hidden>
+ * lib/gnutls_str.c: Indent.
-2010-01-15 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_oprfi.c, lib/ext_session_ticket.c, lib/gnutls_constate.c,
- lib/gnutls_handshake.c, lib/gnutls_int.h: Modified extensions
- (session ticket, oprfi) to store internal data in gnutls internal
- structure and input data only in the security_parameters extension
- structure. Session ticket extension will call the user supplied hello
function
- on resumption. (the current API to handle that is inexistant. To be
revised)
+ * NEWS: documented SSL 3.0 record version change.
-2010-01-14 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_session_ticket.c, lib/gnutls_constate.c,
- lib/gnutls_int.h, lib/gnutls_session_pack.c: Further cleanup the
- extension internal structure. Now if values are not saved and
- restored when resumming they will be initialized to zero.
+ * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
+ SSL3_RECORD_VERSION priority option is now the default. That is in
+ order to not confuse non TLS 1.2 compliant implementations that
+ don't like a TLS 1.2 record.
-2010-01-13 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Nikos Mavrogiannopoulos <address@hidden>
- * tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
- tests/cve-2008-4989.c, tests/dn2.c, tests/finished.c, tests/mini.c,
- tests/pkcs12_s2k_pem.c, tests/tlsia.c, tests/x509sign-verify.c:
- Tests compile with --enable-gcc-warnings.
+ * lib/gnutls_str.c: simplified escape and unescape.
-2010-01-13 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_safe_renegotiation.h, lib/gnutls_constate.c,
- lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_state.c, tests/resume.c, tests/simple.c: Specify in
- detail what to be copied when resuming. It seems there are
- extensions (like safe renegotiation) that do not need to read the
- stored values. Moreover this might overcome any bugs by the
- extensions that used to store pointers in the extension structure.
+ * THANKS: Added Michael.
-2010-01-13 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/ext_safe_renegotiation.c: Initialize the default value to 0.
- It seemed to have default value of 0 when non resuming :)
+ * cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
+ lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
+ src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
+ src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
+ tests/openpgp-auth.c: Indent code.
-2010-01-13 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * doc/examples/ex-client-tlsia.c, tests/utils.c: Removed warnings.
+ * maint.mk: Update gnulib files.
-2010-01-13 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * configure.ac: Added -Wno-int-to-pointer-cast to enable compilation
- when enable-gcc-warnings is given.
+ * gl/override/top/maint.mk.diff: Remove.
-2010-01-13 Steve Dispensa <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c: Here are two more patches. The first adds
- support for renegotiation of resumption. Also, I found a bug in my
initial implementation - I was incorrectly
- sending the SCSV on all connections, not only those using SSLv3, as
- should have been the case. Signed-off-by: Nikos Mavrogiannopoulos
<address@hidden>
+ * .gitignore: Update.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1:
- Documentation updates.
+ * lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
+ src/p11tool.gaa: Fix syntax-check nits.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_handshake.c: When denying an initial negotiation due to
- missing safe renegotiation extension reply with NO_RENEGOTIATION
- alert.
+ * .x-sc_bindtextdomain: Ignore more.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-06 Simon Josefsson <address@hidden>
- * lib/gnutls_extensions.c, lib/gnutls_handshake.c,
- lib/includes/gnutls/gnutls.h.in, tests/resume.c: When resuming no
- extensions were parsed thus the safe renegotiation extension was
- ignored as well causing a false detection of unsafe session.
- Corrected by making a special class of extensions called RESUMED.
- Those are parsed even when resuming (normally we don't do it to
- prevent clients overwriting capabilities and credentials).
+ * GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
+ build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
+ gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
+ gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
+ gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
+ gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
+ gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
+ gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
+ gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
+ gl/tests/Makefile.am, gl/tests/init.sh,
+ gl/tests/test-select-stdin.c, gl/tests/test-select.c,
+ gl/tests/test-update-copyright.sh, gl/tests/verify.h, gl/time.in.h,
+ gl/unistd.in.h, gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h,
+ lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
+ lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
+ lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
+ lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
+ lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
+ lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
+ lib/gl/tests/verify.h, lib/gl/time.in.h, lib/gl/unistd.in.h,
+ lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h,
+ libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
- * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
- lib/gnutls_alert.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_extensions.c,
- lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in: Added Steve
- Dispensa's patch for safe renegotiation (with artistic changes).
- Effectively reverted my previous patch
- 1a338cbaaeec11d958de8da4d1ae036979fccf3e.
+ * tests/Makefile.am: Temporarily remove gendh test. It takes
+ extremely long time under valgrind.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
- * THANKS: Updated thanks file.
+ * NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
+ when writing parameters for RSA signatures. This makes us comply
+ with RFC3279. Reported by Michael Rommel.
-2010-01-12 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-05 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/opencdk/sig-check.c, src/certtool.c,
- tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
- When checking self signature also check the signatures of all
- subkeys. Ilari Liusvaara noticed and reported the issue and
- provided test vectors as well. certtool --pgp-certificate-info will
check self signatures. Added self tests for self-sigs.
+ * NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
+ Tomas Mraz. The gnutls-serv uses fixed allocated buffer for the
response which
+ can be pretty long if a client certificate is presented to it and
+ the http header is large. This causes buffer overflow and heap
+ corruption which then leads to random segfaults or aborts. It was
reported originally here:
+ https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch
changes sprintf calls in peer_print_info() to
+ snprintf so the buffer is never overflowed.
-2010-01-11 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * tests/gc.c: hash_fast -> hmac_fast
+ * lib/m4/hooks.m4: increased revision
-2010-01-10 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
- lib/Makefile.am, lib/ext_safe_renegotiation.c,
- lib/ext_safe_renegotiation.h, lib/gnutls_errors.c,
- lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
- lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, src/cli.c,
- src/serv.c: Added safe renegotiation patch from Steve Dispensa,
- modified to suit gnutls code style and error checking. Modified to
- conform to draft-ietf-tls-renegotiation-03.txt. gnutls-cli will search
input for **RENEGOTIATION** to perform a
- renegotiation and gnutls-serv will perform one if requested.
+ * src/Makefile.am: Added p11tool.h
-2010-01-10 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/x509/mpi.c: Corrections for --disable-extra-pki configure flag
- to work. Patch by Bill Randle.
+ * NEWS: released 2.11.5
-2010-01-04 Andreas Metzler <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog, doc/certtool.cfg, doc/gnutls.texi, lib/gnutls_auth.c,
- lib/gnutls_priority.c, lib/gnutls_session.c, lib/openpgp/pgp.c,
- lib/openpgp/privkey.c: Typo fixes: successful, precedence, preferred
+ * doc/cha-internals.texi: escaped chars.
-2009-12-18 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * lib/cryptodev.c: define EALG_MAX_BLOCK_LEN if not there.
+ * doc/cha-internals.texi: Updated extension writing code. Still not
+ clear enough.
-2009-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * libextra/fipsmd5.c: use C99 initializations
+ * doc/cha-cert-auth.texi: PKCS #11 fixes
-2009-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2010-12-01 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, lib/Makefile.am, lib/compat.c, lib/crypto-api.c,
- lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
- lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, libextra/fipsmd5.c, src/benchmark.c: Reverted all
- previous changes to combine hashes with MAC algorithms. It is now
- permissible to register a hash algorithm separately from a MAC.
+ * doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
+ URLs
-2009-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2010-11-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
- lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
- lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_constate.c, lib/gnutls_constate.h,
- lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
- lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
- lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
- lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
- lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
- lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
- lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
- Revert "Merged the two internal hash API functions, to simplify and
- reduce code." This reverts commit
bc3e43d5f121e404aa32212dcfcc5027de807056. Conflicts: lib/crypto.c
lib/gnutls_cipher.c lib/gnutls_hash_int.c lib/gnutls_hash_int.h
lib/includes/gnutls/crypto.h lib/mac-libgcrypt.c
+ * src/pkcs11.c: Prefix mechanism number with 0x.
-2009-12-05 Nikos Mavrogiannopoulos <address@hidden>
+2010-11-30 Nikos Mavrogiannopoulos <address@hidden>
- * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
- lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Revert
- "Added plain MD5 hash check and corrected gnutls_hash_fast() usage
- in openssl.c" This reverts commit
54486afbfcf3398846d5c20d3094bdb7d0a43ff2.
+ * lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
+ SHA224.
-2009-12-04 Simon Josefsson <address@hidden>
+2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/examples/ex-x509-info.c: Improve example of printing cert
- info.
+ * configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
+ present. Moved check to correct config and included resource.h
+ header.
-2009-12-04 Simon Josefsson <address@hidden>
+2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
- * doc/gnutls.texi: Typo fix. Reported by Laurence <address@hidden> in
+ * lib/nettle/rnd.c: More details on the text
- <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4036>.
+2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
-2009-12-04 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/pkcs11.c: Corrected copyright statement
- * lib/compat.c, lib/gnutls_algorithms.h: fixes for compilation.
+2010-11-27 Nikos Mavrogiannopoulos <address@hidden>
-2009-12-03 Simon Josefsson <address@hidden>
+ * lib/nettle/rnd.c: Corrected copyright header. Added Niels.
- * lib/gnutls_cert.c: Check return value from
- gnutls_x509_crt_get_key_usage.
+2010-11-26 Nikos Mavrogiannopoulos <address@hidden>
-2009-12-02 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
+ lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c:
+ Reverted default behavior for verification and introduced
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1
+ trusted CAs are allowed, unless the new flag is specified.
- * NEWS, tests/pathlen/ca-no-pathlen.pem,
- tests/pathlen/no-ca-or-pathlen.pem: This is a follow-up to commit
- 3d8da5765133c6ced37bf29b5a07f950b8c26cd7, that fixes some issues
- with DSA and RSA certificate encoding. Due to that the shown public
- key IDs are different than the ones in previous gnutls versions.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-12-02 Nikos Mavrogiannopoulos <address@hidden>
+ * NEWS: Typo.
- * lib/gnutls_cipher.c: reduced calls to gnutls_hash on
- encryption/decryption. Only initialize MAC when needed.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-12-02 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/suite/Makefile.in: Remove, it is generated.
- * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
- lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Added
- plain MD5 hash check and corrected gnutls_hash_fast() usage in
- openssl.c Corrected new hash API bug that prevented usage of plain
- hash functions.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-12-02 Nikos Mavrogiannopoulos <address@hidden>
+ * README: No space at eol.
- * NEWS, doc/gnutls.texi, lib/Makefile.am, lib/compat.c,
- lib/crypto.c, lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
- lib/includes/gnutls/crypto.h, lib/libgnutls.map,
- lib/opencdk/read-packet.c, lib/x509/privkey_pkcs8.c,
- src/benchmark.c, tests/gc.c: Exported gnutls_cipher_get_block_size()
- and all hash functions added to libgnutls.map. Expanded benchmark
- with 3DES and ARCFOUR. Corrected test that used non-existing symbol.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-12-02 Nikos Mavrogiannopoulos <address@hidden>
+ * tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.
- * lib/m4/hooks.m4: Corrected check for cryptodev. Only enable it if
- --enable-cryptodev is specified.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-12-01 Nikos Mavrogiannopoulos <address@hidden>
+ * cfg.mk: Ignore tests/suite for syntax-checks, not our code.
- * lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/mac-libgcrypt.c, lib/x509/mpi.c:
- Corrected compilation issues.
+2010-11-25 Simon Josefsson <address@hidden>
-2009-11-30 Nikos Mavrogiannopoulos <address@hidden>
+ * README: Recommend git format-patch rather than git diff.
- * configure.ac, lib/m4/hooks.m4: Moved cryptodev check to
- lib/m4/hooks.m4 and now --enable-cryptodev actually works.
+2010-11-24 Jeffrey Walton <address@hidden>
-2009-11-30 Simon Josefsson <address@hidden>
+ * README: Attached is a proposed modification to the README file,
+ including recent comments by Simon.
- * lib/gnutls_x509.c: Doc fix.
+2010-11-23 Simon Josefsson <address@hidden>
-2009-11-30 Nikos Mavrogiannopoulos <address@hidden>
+ * guile/src/Makefile.am: Fix dependencies, fixes parallel builds. Tiny
patch from Graham Gower <address@hidden>.
- * lib/cryptodev.c: corrected old type.
+2010-11-19 Simon Josefsson <address@hidden>
-2009-11-30 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/Makefile.am: Remove file.
- * lib/cryptodev.c: Only include cryptodev.h if cryptodev is there.
+2010-11-19 Simon Josefsson <address@hidden>
-2009-11-29 Nikos Mavrogiannopoulos <address@hidden>
+ * doc/manpages/Makefile.am: Generated.
- * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
- lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
- lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
- lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
- lib/gnutls_constate.c, lib/gnutls_constate.h,
- lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
- lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
- lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
- lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
- lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
- lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
- lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
- lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
- lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
- lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
- lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
- lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
- Merged the two internal hash API functions, to simplify and reduce
- code. gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.
-
-2009-11-29 Nikos Mavrogiannopoulos <address@hidden>
-
- * .gitignore, configure.ac, lib/Makefile.am, lib/crypto-api.c,
- lib/crypto.c, lib/cryptodev.c, lib/gnutls_cipher_int.c,
- lib/gnutls_cryptodev.h, lib/gnutls_errors.c, lib/gnutls_global.c,
- lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
- lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
- lib/libgnutls.map, src/Makefile.am, src/benchmark.c: Added cryptodev
- support (/dev/crypto). Tested with
- http://www.logix.cz/michal/devel/cryptodev/. Added benchmark
- utility for AES. Exported API to access encryption algorithms.
+2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-28 Nikos Mavrogiannopoulos <address@hidden>
+ * configure.ac, tests/suite/Makefile.in: Create Makefile in
+ tests/suite/
- * NEWS: Documented certtool's certificate request generation fix.
+2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-28 Nikos Mavrogiannopoulos <address@hidden>
+ * src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
+ tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
+ password and use a key only.
- * lib/x509/mpi.c: Corrected two issues that affected certificate
- request generation. 1. Null padding is added on integers (found thanks
to Wilankar
- Trupti <address@hidden>) 2. In optional SignatureAlgorithm parameters
field for DSA keys the
- DSA parameters were added. Those were rejected by verisign. Gnutls
- no longer adds those parameters there since other implementations
- don't do either and having them does not seem to offer anything
- (anyway you need the signer's certificate to verify thus public key
- will be available).
+2010-11-19 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-27 Simon Josefsson <address@hidden>
+ * doc/credentials/gnutls-http-serv: correctly set psk params.
- * doc/manpages/Makefile.am, tests/key-id/key-id,
- tests/nist-pkits/gnutls_test_entry, tests/x509paths/chain: More
- fixes of grep -q problem.
+2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-27 Simon Josefsson <address@hidden>
+ * NEWS: added info
- * NEWS: Add.
+2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-24 Nikos Mavrogiannopoulos <address@hidden>
+ * lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
+ (add leading zero). Reported by Jeffrey Walton.
- * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
- src/certtool.gaa: Allow exporting of Certificate requests to DER
- format. Added option --no-crq-extensions to avoid adding extensions
- to a request.
+2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
-2009-11-23 Simon Josefsson <address@hidden>
+ * lib/x509/mpi.c: cleanups
- * tests/rfc2253-escape-test: Don't use 'grep -q', to fix portability
- to OpenSolaris. Reported by "Dr. David Kirkby" <address@hidden> in
+2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
-
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3993>.
+ * doc/cha-auth.texi, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
+ method from netconf. The published RFC does not include this method
+ and it is not known whether it has been used at all in practice. No
+ need to support it.
-2009-11-16 Simon Josefsson <address@hidden>
+2010-11-16 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
- libextra/configure.ac: Bump versions.
+ * NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
+ and VERS-TLS-ALL priority strings.
-2009-11-15 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * doc/guile.texi: Doc fix.
+ * lib/gnutls_x509.c: Removed redundant error check. Reported by
+ Nicolas Kaiser.
-2009-11-15 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * gl/Makefile.am, gl/intprops.h, gl/m4/sys_stat_h.m4,
- gl/m4/unistd_h.m4, gl/sys_stat.in.h, gl/unistd.in.h,
- gl/version-etc.c, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
- lib/gl/m4/unistd_h.m4, lib/gl/sys_stat.in.h,
- lib/gl/tests/intprops.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
- files.
+ * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+ src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
+ src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
+ --list-mechanisms option to p11tool. Lists all mechanisms supported
+ by a token.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * ChangeLog: Generated.
+ * doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
+ for p11tool.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Version 2.9.9.
+ * doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
+ name.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * build-aux/pmccabe2html, gl/Makefile.am, gl/getpagesize.c,
- gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4, gl/tests/test-fseeko.c,
- lib/gl/Makefile.am, lib/gl/getpagesize.c, lib/gl/m4/getpagesize.m4,
- lib/gl/m4/gnulib-comp.m4, lib/gl/tests/test-fseeko.c: Update gnulib
- files.
+ * src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
+ to --export.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * NEWS: Add.
+ * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
+ src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
+ --help of p11tool.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * src/certtool.c: Cleanup header inclusion.
+ * lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to
internal representation. * When generating secret keys include a generic key
type and a
+ random ID.
-2009-11-09 Simon Josefsson <address@hidden>
+2010-11-11 Nikos Mavrogiannopoulos <address@hidden>
- * Fix.
+ * Added option --no-detailed-url to p11tool. More detailed url is the
+ default now.
-----
diff --git a/Makefile.am b/Makefile.am
index 14c2642..16861a2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,3 +30,8 @@ endif
ACLOCAL_AMFLAGS = -I m4 -I gl/m4
EXTRA_DIST = cfg.mk maint.mk .clcopying
+
+dist-hook:
+ rm -f ChangeLog
+ make ChangeLog
+ make -C doc/manpages doit
diff --git a/cfg.mk b/cfg.mk
index 76ab669..ee607dd 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -95,7 +95,7 @@ upload-web-coverage:
# Release
ChangeLog:
- git log --pretty --numstat --summary --since="2009 November 07" -- |
git2cl > ChangeLog
+ git log --pretty --numstat --summary --since="2010 November 07" -- |
git2cl > ChangeLog
cat .clcopying >> ChangeLog
tag = $(PACKAGE)_`echo $(VERSION) | sed 's/\./_/g'`
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-1-ga2c6a10,
Nikos Mavrogiannopoulos <=