[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-21-g12e1a91
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-21-g12e1a91 |
Date: |
Fri, 24 Aug 2012 16:57:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=12e1a91a6b1e743bee721c887c620d9e8421cb27
The branch, master has been updated
via 12e1a91a6b1e743bee721c887c620d9e8421cb27 (commit)
via 74412d222920232312d8ceda7a2a6bf91f3058f3 (commit)
via 8725145e1535b2cbf92c6499bdf3891f6a2e1205 (commit)
from cf5828497b58488907bfe900eb760e8701ce9d20 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 12e1a91a6b1e743bee721c887c620d9e8421cb27
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Aug 22 19:08:11 2012 +0200
added new items
commit 74412d222920232312d8ceda7a2a6bf91f3058f3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Aug 21 00:01:10 2012 +0200
updated
commit 8725145e1535b2cbf92c6499bdf3891f6a2e1205
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 19 14:07:58 2012 +0200
heartbeat support is no longer in the todo
-----------------------------------------------------------------------
Summary of changes:
doc/TODO | 28 +++++++++++++---------------
1 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/doc/TODO b/doc/TODO
index ce185e2..13764a8 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,11 +3,23 @@ anything), contact the developer's mailing list
(address@hidden),
in order to avoid having people working on the same thing.
Current list:
-* Added heartbeat support
(http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04)
* When importing a PKCS #11 certificate, check for its issuers to generate a
chain (e.g. use the DN to retrieve possible signers).
+* Improve AES assembly. AES in nettle can be improved in x86, arm and
+ x86-64.
+* Add support for RSA-PSS. This signature algorithm is seen in some
+ passport CAs. Should be added in nettle and then in gnutls.
+* Move ECC code to nettle.
- Add DTLS 1.2 support (RFC6347)
- Add certificate image support (see RFC3709, RFC6170)
+- RFC 3280 compliant certificate path validation.
+ - Check path length constraints.
+ - Check keyCertSign key usages.
+ - Reject extensions in v1 certificates.
+- Certificate chain validation improvements:
+ - Implement "correct" DN comparison (instead of memcmp).
+ - Support critical key usage KeyCertSign and cRLSign.
+ - Support path length constraints.
- Perform signature calculation in PKCS #11 using not plain
RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc.
That will allow the usage of more secure tokens that do not
@@ -17,7 +29,6 @@ Current list:
- Add support for generating empty CRLs
- Document the format for the supported DN attributes.
- Audit the code
-- Implement TLS-PSK with PKCS #11.
- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
against, similarly to NSS way.
- Support replacing individual algorithms via a PKCS #11 module -
@@ -29,25 +40,12 @@ Current list:
firstElement, bit_mask, ...) for platforms that libtool's
-export-symbols-regex doesn't work.
- Add Kerberos ciphersuites
-- Certificate chain validation improvements:
- - Implement "correct" DN comparison (instead of memcmp).
- - Support critical key usage KeyCertSign and cRLSign.
- - Support path length constraints.
-- RFC 3280 compliant certificate path validation.
-- Add progress handler gnutls_{dh,rsa}_params_generate2, to allow
- application to give progress feedback to user.
-- Chain verifications.
- - Check path length constraints.
- - Check keyCertSign key usages.
- - Reject extensions in v1 certificates.
- Exhaustive test suite, using NIST's PKI Test vectors,
see http://csrc.nist.gov/pki/testing/x509paths_old.html
and http://csrc.nist.gov/pki/testing/x509paths.html
- Make gnutls-cli-debug exit with better error messages if the
handshake fails, rather than saying that the server doesn't support
TLS.
-- Make gnutls_certificate_get_ours return a zero-terminated array (or
- add a new API that return the size of the array).
(+) Means high priority
(*) Means medium priority
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-21-g12e1a91,
Nikos Mavrogiannopoulos <=